trade/trade-deploy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
trade-deploy/README.md

131 lines
3.3 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# trade-deploy
Repo na manifesty GitOps (pull) dla projektu `trade` na k3s.
Założenie: obrazy są budowane/pushowane przez CI, a klaster (Argo CD/Flux) sam pobiera „desired state” z tego repo.
## Struktura
- `kustomize/base/` wspólne zasoby (bez sekretów)
- `kustomize/overlays/staging/` staging (`namespace: trade-staging`)
- `kustomize/overlays/prod/` prod (`namespace: trade-prod`)
- `bootstrap/argocd/` manifesty `Application` dla Argo CD
## Wymagane sekrety (nie są w repo)
### `trade-postgres`
W namespace środowiska (np. `trade-staging`) musi istnieć Secret:
- `POSTGRES_USER`
- `POSTGRES_DB`
- `POSTGRES_PASSWORD`
### `trade-hasura`
- `HASURA_GRAPHQL_ADMIN_SECRET`
- `HASURA_JWT_KEY`
### `trade-pgadmin` (tylko staging overlay)
- `PGADMIN_DEFAULT_EMAIL`
- `PGADMIN_DEFAULT_PASSWORD`
## Tworzenie sekretów (przykład, staging)
```bash
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
ns=trade-staging
# Postgres
read -rsp "POSTGRES_PASSWORD: " POSTGRES_PASSWORD; echo
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: trade-postgres
namespace: ${ns}
type: Opaque
stringData:
POSTGRES_USER: admin
POSTGRES_DB: crypto
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
EOF
unset POSTGRES_PASSWORD
# Hasura
read -rsp "HASURA_GRAPHQL_ADMIN_SECRET: " HASURA_GRAPHQL_ADMIN_SECRET; echo
read -rsp "HASURA_JWT_KEY (32+ chars): " HASURA_JWT_KEY; echo
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: trade-hasura
namespace: ${ns}
type: Opaque
stringData:
HASURA_GRAPHQL_ADMIN_SECRET: ${HASURA_GRAPHQL_ADMIN_SECRET}
HASURA_JWT_KEY: ${HASURA_JWT_KEY}
EOF
unset HASURA_GRAPHQL_ADMIN_SECRET HASURA_JWT_KEY
# pgAdmin (staging)
read -rp "PGADMIN_DEFAULT_EMAIL: " PGADMIN_DEFAULT_EMAIL
read -rsp "PGADMIN_DEFAULT_PASSWORD: " PGADMIN_DEFAULT_PASSWORD; echo
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: trade-pgadmin
namespace: ${ns}
type: Opaque
stringData:
PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL}
PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD}
EOF
unset PGADMIN_DEFAULT_EMAIL PGADMIN_DEFAULT_PASSWORD
```
## Szybki test (bez Argo CD)
```bash
kubectl apply -k kustomize/overlays/staging
kubectl apply -k kustomize/overlays/prod
```
## Dostęp przez port-forward (staging)
```bash
# Hasura (UI + API) jeśli 8080 zajęte, użyj np. 8091
kubectl -n trade-staging port-forward svc/hasura 8091:8080
# pgAdmin
kubectl -n trade-staging port-forward svc/pgadmin 5050:80
# Postgres
kubectl -n trade-staging port-forward svc/postgres 5432:5432
```
## Weryfikacja (staging)
```bash
# Argo CD: status aplikacji
kubectl -n argocd get applications.argoproj.io trade-staging -o wide
# Workloady
kubectl -n trade-staging get pods -o wide
kubectl -n trade-staging get svc
kubectl -n trade-staging get pvc
# Hasura bootstrap
kubectl -n trade-staging get job hasura-bootstrap
kubectl -n trade-staging logs job/hasura-bootstrap --tail=200
# Logi (gdy coś nie wstaje)
kubectl -n trade-staging logs deploy/hasura --tail=200
kubectl -n trade-staging logs statefulset/postgres --tail=200
```
Jeśli pody mają `CreateContainerConfigError` z komunikatem o brakującym sekrecie (`trade-postgres` / `trade-hasura` / `trade-pgadmin`), najpierw utwórz sekrety (sekcja wyżej).
## Argo CD
Przykładowa `Application` jest w `bootstrap/argocd/application-trade-staging.yaml`.
Reference in New Issue View Git Blame Copy Permalink