docs: document required secrets and port-forward access

2026-01-06 00:22:40 +00:00
parent 774bd7832a
commit 7e492fd2ba
1 changed files with 86 additions and 2 deletions
--- a/README.md
+++ b/README.md
@@ -9,6 +9,79 @@ Założenie: obrazy są budowane/pushowane przez CI, a klaster (Argo CD/Flux) sa
 - `kustomize/base/` – wspólne zasoby (bez sekretów)
 - `kustomize/overlays/staging/` – staging (`namespace: trade-staging`)
 - `kustomize/overlays/prod/` – prod (`namespace: trade-prod`)
+- `bootstrap/argocd/` – manifesty `Application` dla Argo CD
+
+## Wymagane sekrety (nie są w repo)
+
+### `trade-postgres`
+W namespace środowiska (np. `trade-staging`) musi istnieć Secret:
+
+- `POSTGRES_USER`
+- `POSTGRES_DB`
+- `POSTGRES_PASSWORD`
+
+### `trade-hasura`
+- `HASURA_GRAPHQL_ADMIN_SECRET`
+- `HASURA_JWT_KEY`
+
+### `trade-pgadmin` (tylko staging overlay)
+- `PGADMIN_DEFAULT_EMAIL`
+- `PGADMIN_DEFAULT_PASSWORD`
+
+## Tworzenie sekretów (przykład, staging)
+
+```bash
+export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
+ns=trade-staging
+
+# Postgres
+read -rsp "POSTGRES_PASSWORD: " POSTGRES_PASSWORD; echo
+cat <<EOF | kubectl apply -f -
+apiVersion: v1
+kind: Secret
+metadata:
+  name: trade-postgres
+  namespace: ${ns}
+type: Opaque
+stringData:
+  POSTGRES_USER: admin
+  POSTGRES_DB: crypto
+  POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+EOF
+unset POSTGRES_PASSWORD
+
+# Hasura
+read -rsp "HASURA_GRAPHQL_ADMIN_SECRET: " HASURA_GRAPHQL_ADMIN_SECRET; echo
+read -rsp "HASURA_JWT_KEY (32+ chars): " HASURA_JWT_KEY; echo
+cat <<EOF | kubectl apply -f -
+apiVersion: v1
+kind: Secret
+metadata:
+  name: trade-hasura
+  namespace: ${ns}
+type: Opaque
+stringData:
+  HASURA_GRAPHQL_ADMIN_SECRET: ${HASURA_GRAPHQL_ADMIN_SECRET}
+  HASURA_JWT_KEY: ${HASURA_JWT_KEY}
+EOF
+unset HASURA_GRAPHQL_ADMIN_SECRET HASURA_JWT_KEY
+
+# pgAdmin (staging)
+read -rp "PGADMIN_DEFAULT_EMAIL: " PGADMIN_DEFAULT_EMAIL
+read -rsp "PGADMIN_DEFAULT_PASSWORD: " PGADMIN_DEFAULT_PASSWORD; echo
+cat <<EOF | kubectl apply -f -
+apiVersion: v1
+kind: Secret
+metadata:
+  name: trade-pgadmin
+  namespace: ${ns}
+type: Opaque
+stringData:
+  PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL}
+  PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD}
+EOF
+unset PGADMIN_DEFAULT_EMAIL PGADMIN_DEFAULT_PASSWORD
+```

 ## Szybki test (bez Argo CD)

@@ -17,8 +90,19 @@ kubectl apply -k kustomize/overlays/staging
 kubectl apply -k kustomize/overlays/prod
 ```

+## Dostęp przez port-forward (staging)
+
+```bash
+# Hasura (UI + API) – jeśli 8080 zajęte, użyj np. 8091
+kubectl -n trade-staging port-forward svc/hasura 8091:8080
+
+# pgAdmin
+kubectl -n trade-staging port-forward svc/pgadmin 5050:80
+
+# Postgres
+kubectl -n trade-staging port-forward svc/postgres 5432:5432
+```
+
 ## Argo CD

 Przykładowa `Application` jest w `bootstrap/argocd/application-trade-staging.yaml`.
-
-Uwaga: sekretów (tokeny/hasła) nie trzymamy w tym repo.