feat(deploy): add k01 business cluster manifests for k3s with cnpg, strimzi, redis and mongodb operators
This commit is contained in:
zetaloop
Executable
+89
@@ -0,0 +1,89 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
K01_DIR="$(cd "$(dirname "$0")" && pwd)"
|
||||
cd "$K01_DIR"
|
||||
|
||||
if [ ! -f .env ]; then
|
||||
echo ".env not found, copy from .env.example and fill in" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
set -a
|
||||
. ./.env
|
||||
set +a
|
||||
|
||||
mkdir -p secrets
|
||||
chmod 700 secrets
|
||||
|
||||
write_secret() {
|
||||
local name="$1" value="$2"
|
||||
printf '%s\n' "$value" > "secrets/$name"
|
||||
chmod 600 "secrets/$name"
|
||||
}
|
||||
|
||||
JWT_SECRET_KEY="${JWT_SECRET_KEY:-$(openssl rand -hex 32)}"
|
||||
ADMIN_PASSWORD="${ADMIN_PASSWORD:-$(openssl rand -hex 16)}"
|
||||
write_secret jwt-secret "$JWT_SECRET_KEY"
|
||||
write_secret admin-password "$ADMIN_PASSWORD"
|
||||
|
||||
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
|
||||
|
||||
kubectl -n juwan create secret docker-registry registry-creds \
|
||||
--docker-server="${REGISTRY_HOST}" \
|
||||
--docker-username="${REGISTRY_USERNAME}" \
|
||||
--docker-password="${REGISTRY_PASSWORD}" \
|
||||
--dry-run=client -o yaml | kubectl apply -f -
|
||||
|
||||
kubectl -n juwan create secret generic jwt-secret \
|
||||
--from-literal=secret-key="$JWT_SECRET_KEY" \
|
||||
--dry-run=client -o yaml | kubectl apply -f -
|
||||
|
||||
kubectl -n juwan create secret generic admin-bootstrap \
|
||||
--from-literal=username="${ADMIN_USERNAME}" \
|
||||
--from-literal=password="$ADMIN_PASSWORD" \
|
||||
--from-literal=email="${ADMIN_EMAIL}" \
|
||||
--dry-run=client -o yaml | kubectl apply -f -
|
||||
|
||||
kubectl -n juwan create secret generic email-smtp \
|
||||
--from-literal=host="${EMAIL_SMTP_HOST}" \
|
||||
--from-literal=port="${EMAIL_SMTP_PORT}" \
|
||||
--from-literal=username="${EMAIL_SMTP_USERNAME}" \
|
||||
--from-literal=password="${EMAIL_SMTP_PASSWORD}" \
|
||||
--from-literal=from-address="${EMAIL_FROM_ADDRESS}" \
|
||||
--from-literal=from-name="${EMAIL_FROM_NAME}" \
|
||||
--from-literal=reply-to="${EMAIL_REPLY_TO:-}" \
|
||||
--dry-run=client -o yaml | kubectl apply -f -
|
||||
|
||||
kubectl -n juwan create secret generic objectstory-s3 \
|
||||
--from-literal=endpoint="${S3_ENDPOINT}" \
|
||||
--from-literal=access-key="${S3_ACCESS_KEY}" \
|
||||
--from-literal=secret-key="${S3_SECRET_KEY}" \
|
||||
--from-literal=bucket="${S3_BUCKET_NAME}" \
|
||||
--from-literal=region="${S3_REGION}" \
|
||||
--dry-run=client -o yaml | kubectl apply -f -
|
||||
|
||||
DEV_CERTS="$(cd "$K01_DIR/../dev/certs" && pwd)"
|
||||
kubectl -n juwan create secret tls chat-wt-tls \
|
||||
--cert="${DEV_CERTS}/tls.crt" \
|
||||
--key="${DEV_CERTS}/tls.key" \
|
||||
--dry-run=client -o yaml | kubectl apply -f -
|
||||
|
||||
DOMAINS=(user player game shop order wallet community review dispute notification search chat)
|
||||
for d in "${DOMAINS[@]}"; do
|
||||
pwd_val="$(openssl rand -hex 16)"
|
||||
write_secret "redis-${d}-password" "$pwd_val"
|
||||
kubectl -n juwan create secret generic "${d}-redis" \
|
||||
--from-literal=password="$pwd_val" \
|
||||
--dry-run=client -o yaml | kubectl apply -f -
|
||||
done
|
||||
|
||||
MONGO_PASSWORD="${MONGO_PASSWORD:-$(openssl rand -hex 16)}"
|
||||
write_secret mongo-password "$MONGO_PASSWORD"
|
||||
kubectl -n juwan create secret generic chat-mongodb-app-user-password \
|
||||
--from-literal=password="$MONGO_PASSWORD" \
|
||||
--dry-run=client -o yaml | kubectl apply -f -
|
||||
|
||||
echo
|
||||
echo "secrets/ written, k8s Secrets applied to namespace juwan"
|
||||
echo "admin password: $ADMIN_PASSWORD"
|
||||
Reference in New Issue
Block a user