feat(canary): deploy r001 app surface on sol
All checks were successful
deploy-trade-r001-canary / apply (push) Successful in 1m1s

This commit is contained in:
mpabi
2026-04-12 17:18:42 +02:00
parent 060dcc38a6
commit 6672e1043d
19 changed files with 4511 additions and 3 deletions

View File

@@ -0,0 +1,24 @@
#!/usr/bin/env bash
set -euo pipefail
TARGET_HOST="${TARGET_HOST:-mevnode}"
TARGET_NAMESPACE="${TARGET_NAMESPACE:-trade-r001-canary}"
REGISTRY_HOST="${REGISTRY_HOST:-gitea.mpabi.pl}"
REGISTRY_USER="${REGISTRY_USER:-u1}"
REGISTRY_TOKEN_FILE="${REGISTRY_TOKEN_FILE:-/home/user/dev/trade/tokens/gitea-registry.token}"
ssh_target() {
ssh -o StrictHostKeyChecking=no "$TARGET_HOST" "$@"
}
REGISTRY_TOKEN="$(tr -d '\r\n' < "$REGISTRY_TOKEN_FILE")"
if [ -z "$REGISTRY_TOKEN" ]; then
echo "Registry token is empty" >&2
exit 1
fi
ssh_target "sudo k3s kubectl get ns ${TARGET_NAMESPACE} >/dev/null 2>&1 || sudo k3s kubectl create ns ${TARGET_NAMESPACE} >/dev/null"
ssh_target "sudo k3s kubectl -n ${TARGET_NAMESPACE} create secret docker-registry gitea-registry --docker-server=${REGISTRY_HOST} --docker-username=${REGISTRY_USER} --docker-password='${REGISTRY_TOKEN}' --dry-run=client -o yaml | sudo k3s kubectl apply -f - >/dev/null"
echo "Updated imagePullSecret gitea-registry in ${TARGET_NAMESPACE} on ${TARGET_HOST}"

View File

@@ -0,0 +1,59 @@
#!/usr/bin/env bash
set -euo pipefail
SOURCE_HOST="${SOURCE_HOST:-mevnode_bot}"
SOURCE_NAMESPACE="${SOURCE_NAMESPACE:-trade-staging}"
TARGET_HOST="${TARGET_HOST:-mevnode}"
PG_VERSION="${PG_VERSION:-16}"
ssh_source() {
ssh -o StrictHostKeyChecking=no "$SOURCE_HOST" "$@"
}
ssh_target() {
ssh -o StrictHostKeyChecking=no "$TARGET_HOST" "$@"
}
SRC_SECRET_JSON="$(ssh_source "sudo k3s kubectl -n ${SOURCE_NAMESPACE} get secret trade-postgres -o json")"
POSTGRES_USER="$(printf '%s' "$SRC_SECRET_JSON" | jq -r '.data.POSTGRES_USER' | base64 -d)"
POSTGRES_PASSWORD="$(printf '%s' "$SRC_SECRET_JSON" | jq -r '.data.POSTGRES_PASSWORD' | base64 -d)"
POSTGRES_DB="$(printf '%s' "$SRC_SECRET_JSON" | jq -r '.data.POSTGRES_DB' | base64 -d)"
ssh_target "if ! dpkg -l | grep -q '^ii timescaledb-2-postgresql-${PG_VERSION} '; then curl -fsSL https://packagecloud.io/install/repositories/timescale/timescaledb/script.deb.sh | sudo bash && sudo apt-get update && sudo DEBIAN_FRONTEND=noninteractive apt-get install -y timescaledb-2-postgresql-${PG_VERSION}; fi"
CURRENT_PRELOAD="$(ssh_target "sudo -u postgres psql -Atqc \"show shared_preload_libraries\"")"
case ",${CURRENT_PRELOAD}," in
*,timescaledb,*)
NEW_PRELOAD="${CURRENT_PRELOAD}"
;;
,,)
NEW_PRELOAD="timescaledb"
;;
*)
NEW_PRELOAD="${CURRENT_PRELOAD},timescaledb"
;;
esac
ssh_target "sudo -u postgres psql -Atqc \"ALTER SYSTEM SET shared_preload_libraries = '${NEW_PRELOAD}';\" && sudo systemctl restart postgresql"
APP_USER_SQL=$(printf "%s" "$POSTGRES_USER" | sed "s/'/''/g")
APP_PASSWORD_SQL=$(printf "%s" "$POSTGRES_PASSWORD" | sed "s/'/''/g")
APP_DB_SQL=$(printf "%s" "$POSTGRES_DB" | sed "s/'/''/g")
ssh_target "sudo -u postgres psql -v ON_ERROR_STOP=1 <<'SQL'
DO \$\$
BEGIN
IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = '${APP_USER_SQL}') THEN
EXECUTE format('CREATE ROLE %I LOGIN PASSWORD %L', '${APP_USER_SQL}', '${APP_PASSWORD_SQL}');
ELSE
EXECUTE format('ALTER ROLE %I WITH LOGIN PASSWORD %L', '${APP_USER_SQL}', '${APP_PASSWORD_SQL}');
END IF;
END
\$\$;
SELECT format('CREATE DATABASE %I OWNER %I', '${APP_DB_SQL}', '${APP_USER_SQL}')
WHERE NOT EXISTS (SELECT 1 FROM pg_database WHERE datname = '${APP_DB_SQL}')
\\gexec
ALTER DATABASE \"${POSTGRES_DB}\" OWNER TO \"${POSTGRES_USER}\";
SQL"
echo "Prepared host Postgres on ${TARGET_HOST} for ${POSTGRES_USER}/${POSTGRES_DB} with TimescaleDB enabled"

View File

@@ -0,0 +1,33 @@
#!/usr/bin/env bash
set -euo pipefail
SOURCE_HOST="${SOURCE_HOST:-mevnode_bot}"
SOURCE_NAMESPACE="${SOURCE_NAMESPACE:-trade-staging}"
TARGET_HOST="${TARGET_HOST:-mevnode}"
TARGET_NAMESPACE="${TARGET_NAMESPACE:-trade-r001-canary}"
SECRETS=(
trade-postgres
trade-hasura
trade-api
trade-frontend-tokens
trade-basic-auth
)
ssh_source() {
ssh -o StrictHostKeyChecking=no "$SOURCE_HOST" "$@"
}
ssh_target() {
ssh -o StrictHostKeyChecking=no "$TARGET_HOST" "$@"
}
ssh_target "sudo k3s kubectl get ns ${TARGET_NAMESPACE} >/dev/null 2>&1 || sudo k3s kubectl create ns ${TARGET_NAMESPACE} >/dev/null"
for secret_name in "${SECRETS[@]}"; do
SECRET_JSON="$(ssh_source "sudo k3s kubectl -n ${SOURCE_NAMESPACE} get secret ${secret_name} -o json")"
printf '%s' "$SECRET_JSON" \
| jq --arg ns "$TARGET_NAMESPACE" 'del(.metadata.uid,.metadata.resourceVersion,.metadata.creationTimestamp,.metadata.managedFields,.metadata.ownerReferences,.metadata.selfLink,.metadata.annotations["kubectl.kubernetes.io/last-applied-configuration"]) | .metadata.namespace = $ns' \
| ssh_target "sudo k3s kubectl apply -f - >/dev/null"
echo "Synced ${secret_name} to ${TARGET_NAMESPACE}"
done