trade/trade-deploy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: document required secrets and port-forward access

Browse Source
This commit is contained in:
u1
2026-01-06 00:22:40 +00:00
parent 774bd7832a
commit 7e492fd2ba
1 changed files with 86 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
README.md
View File

@@ -9,6 +9,79 @@ Założenie: obrazy są budowane/pushowane przez CI, a klaster (Argo CD/Flux) sa
- `kustomize/base/` wspólne zasoby (bez sekretów) - `kustomize/base/` wspólne zasoby (bez sekretów)
- `kustomize/overlays/staging/` staging (`namespace: trade-staging`) - `kustomize/overlays/staging/` staging (`namespace: trade-staging`)
- `kustomize/overlays/prod/` prod (`namespace: trade-prod`) - `kustomize/overlays/prod/` prod (`namespace: trade-prod`)
- `bootstrap/argocd/` manifesty `Application` dla Argo CD
## Wymagane sekrety (nie są w repo)
### `trade-postgres`
W namespace środowiska (np. `trade-staging`) musi istnieć Secret:
- `POSTGRES_USER`
- `POSTGRES_DB`
- `POSTGRES_PASSWORD`
### `trade-hasura`
- `HASURA_GRAPHQL_ADMIN_SECRET`
- `HASURA_JWT_KEY`
### `trade-pgadmin` (tylko staging overlay)
- `PGADMIN_DEFAULT_EMAIL`
- `PGADMIN_DEFAULT_PASSWORD`
## Tworzenie sekretów (przykład, staging)
```bash
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
ns=trade-staging
# Postgres
read -rsp "POSTGRES_PASSWORD: " POSTGRES_PASSWORD; echo
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: trade-postgres
namespace: ${ns}
type: Opaque
stringData:
POSTGRES_USER: admin
POSTGRES_DB: crypto
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
EOF
unset POSTGRES_PASSWORD
# Hasura
read -rsp "HASURA_GRAPHQL_ADMIN_SECRET: " HASURA_GRAPHQL_ADMIN_SECRET; echo
read -rsp "HASURA_JWT_KEY (32+ chars): " HASURA_JWT_KEY; echo
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: trade-hasura
namespace: ${ns}
type: Opaque
stringData:
HASURA_GRAPHQL_ADMIN_SECRET: ${HASURA_GRAPHQL_ADMIN_SECRET}
HASURA_JWT_KEY: ${HASURA_JWT_KEY}
EOF
unset HASURA_GRAPHQL_ADMIN_SECRET HASURA_JWT_KEY
# pgAdmin (staging)
read -rp "PGADMIN_DEFAULT_EMAIL: " PGADMIN_DEFAULT_EMAIL
read -rsp "PGADMIN_DEFAULT_PASSWORD: " PGADMIN_DEFAULT_PASSWORD; echo
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: trade-pgadmin
namespace: ${ns}
type: Opaque
stringData:
PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL}
PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD}
EOF
unset PGADMIN_DEFAULT_EMAIL PGADMIN_DEFAULT_PASSWORD
```
## Szybki test (bez Argo CD) ## Szybki test (bez Argo CD)
@@ -17,8 +90,19 @@ kubectl apply -k kustomize/overlays/staging
kubectl apply -k kustomize/overlays/prod kubectl apply -k kustomize/overlays/prod
``` ```
## Dostęp przez port-forward (staging)
```bash
# Hasura (UI + API) jeśli 8080 zajęte, użyj np. 8091
kubectl -n trade-staging port-forward svc/hasura 8091:8080
# pgAdmin
kubectl -n trade-staging port-forward svc/pgadmin 5050:80
# Postgres
kubectl -n trade-staging port-forward svc/postgres 5432:5432
```
## Argo CD ## Argo CD
Przykładowa `Application` jest w `bootstrap/argocd/application-trade-staging.yaml`. Przykładowa `Application` jest w `bootstrap/argocd/application-trade-staging.yaml`.
Uwaga: sekretów (tokeny/hasła) nie trzymamy w tym repo.