philipp/orderbooks
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
orderbooks/scripts/deploy/bootstrap_orderbooks_k8s.sh
philipp 0d86f56514 Add websocket recorder canary deployment
2026-04-19 19:17:56 +02:00

151 lines
5.8 KiB
Bash
Executable file
Raw Permalink Blame History

#!/usr/bin/env bash
set -euo pipefail
ROOT_DIR="$(cd "$(dirname "$0")/../.." && pwd)"
PLATFORM_REPO_DIR="${PLATFORM_REPO_DIR:-/home/philipp/dev/ae/nuri/unrip3}"
PLATFORM_ENV_FILE="${PLATFORM_ENV_FILE:-$PLATFORM_REPO_DIR/scripts/hetzner/bootstrap-secrets.env}"
PLATFORM_RESOLVED_ENV_FILE="${PLATFORM_RESOLVED_ENV_FILE:-$PLATFORM_REPO_DIR/.state/hetzner/bootstrap-secrets.resolved.env}"
KUBECONFIG_PATH="${KUBECONFIG_PATH:-$PLATFORM_REPO_DIR/.state/hetzner/kubeconfig.yaml}"
CI_KUBECONFIG_PATH="${CI_KUBECONFIG_PATH:-$PLATFORM_REPO_DIR/.state/hetzner/kubeconfig.incluster.yaml}"
PROJECT_NAME="${PROJECT_NAME:-orderbooks}"
PROJECT_NAMESPACE="${PROJECT_NAMESPACE:-orderbooks}"
PROJECT_DEPLOYMENTS="${PROJECT_DEPLOYMENTS:-orderbooks-collector,orderbooks-ws-recorder}"
PROJECT_REGISTRY_SECRET_NAME="${PROJECT_REGISTRY_SECRET_NAME:-orderbooks-registry-creds}"
RCLONE_SECRET_NAME="${RCLONE_SECRET_NAME:-orderbooks-rclone-config}"
RCLONE_SECRET_KEY="${RCLONE_SECRET_KEY:-rclone.conf}"
FORGEJO_REPO_OWNER="${FORGEJO_REPO_OWNER:-philipp}"
FORGEJO_REPO_NAME="${FORGEJO_REPO_NAME:-orderbooks}"
FORGEJO_REPO_PRIVATE="${FORGEJO_REPO_PRIVATE:-0}"
require() {
command -v "$1" >/dev/null 2>&1 || {
echo "missing required command: $1" >&2
exit 1
}
}
load_env_defaults() {
local file="$1"
[[ -f "$file" ]] || return 0
eval "$(
python3 - "$file" <<'PY_LOAD_ENV'
import os
import shlex
import sys
for raw in open(sys.argv[1], 'r', encoding='utf-8'):
line = raw.strip()
if not line or line.startswith('#'):
continue
if line.startswith('export '):
line = line[len('export '):]
if '=' not in line:
continue
key, value = line.split('=', 1)
key = key.strip()
value = value.strip()
if len(value) >= 2 and value[0] == value[-1] and value[0] in {'\"', "'"}:
value = value[1:-1]
if key in os.environ:
continue
print(f'export {key}={shlex.quote(value)}')
PY_LOAD_ENV
)"
}
require kubectl
require python3
require base64
load_env_defaults "$PLATFORM_ENV_FILE"
load_env_defaults "$PLATFORM_RESOLVED_ENV_FILE"
# Force orderbooks app identity after loading platform defaults. The platform
# env file may describe the platform repo itself, not this app repo.
PROJECT_NAME="${ORDERBOOKS_PROJECT_NAME:-orderbooks}"
PROJECT_NAMESPACE="${ORDERBOOKS_PROJECT_NAMESPACE:-orderbooks}"
PROJECT_DEPLOYMENTS="${ORDERBOOKS_PROJECT_DEPLOYMENTS:-orderbooks-collector,orderbooks-ws-recorder}"
PROJECT_REGISTRY_SECRET_NAME="${ORDERBOOKS_PROJECT_REGISTRY_SECRET_NAME:-orderbooks-registry-creds}"
RCLONE_SECRET_NAME="${ORDERBOOKS_RCLONE_SECRET_NAME:-orderbooks-rclone-config}"
RCLONE_SECRET_KEY="${ORDERBOOKS_RCLONE_SECRET_KEY:-rclone.conf}"
FORGEJO_REPO_OWNER="${ORDERBOOKS_FORGEJO_REPO_OWNER:-philipp}"
FORGEJO_REPO_NAME="${ORDERBOOKS_FORGEJO_REPO_NAME:-orderbooks}"
FORGEJO_REPO_PRIVATE="${ORDERBOOKS_FORGEJO_REPO_PRIVATE:-0}"
: "${KUBECONFIG_PATH:?missing kubeconfig path}"
: "${CI_KUBECONFIG_PATH:?missing CI kubeconfig path}"
[[ -f "$KUBECONFIG_PATH" ]] || { echo "missing kubeconfig file" >&2; exit 1; }
[[ -f "$CI_KUBECONFIG_PATH" ]] || { echo "missing in-cluster kubeconfig file" >&2; exit 1; }
export KUBECONFIG="$KUBECONFIG_PATH"
if [[ -z "${FORGEJO_URL:-}" ]]; then
if [[ -n "${FORGEJO_ROOT_URL:-}" ]]; then
FORGEJO_URL="$FORGEJO_ROOT_URL"
elif [[ -n "${FORGEJO_DOMAIN:-}" ]]; then
FORGEJO_URL="https://${FORGEJO_DOMAIN}"
else
echo "missing Forgejo URL" >&2
exit 1
fi
fi
: "${FORGEJO_ADMIN_USERNAME:?missing Forgejo admin username}"
if [[ -z "${FORGEJO_TOKEN:-}" ]]; then
: "${FORGEJO_ADMIN_PASSWORD:?missing Forgejo password or token}"
fi
if [[ -z "${REGISTRY_HOST:-}" ]]; then
if [[ -n "${REGISTRY_DOMAIN:-}" && "${REGISTRY_DOMAIN}" != *'${'* ]]; then
REGISTRY_HOST="$REGISTRY_DOMAIN"
else
REGISTRY_HOST="registry.doran.133011.xyz"
fi
fi
shared_registry_user="$(kubectl -n registry get secret registry-secrets -o jsonpath='{.data.htpasswd}' 2>/dev/null | base64 -d 2>/dev/null | cut -d: -f1 || true)"
if [[ -n "$shared_registry_user" ]]; then
REGISTRY_USERNAME="$shared_registry_user"
fi
: "${REGISTRY_USERNAME:?missing registry username}"
: "${REGISTRY_PASSWORD:?missing registry password}"
echo "ensuring namespace ${PROJECT_NAMESPACE}"
kubectl create namespace "$PROJECT_NAMESPACE" --dry-run=client -o yaml | kubectl apply -f -
echo "upserting registry secret ${PROJECT_REGISTRY_SECRET_NAME}"
kubectl -n "$PROJECT_NAMESPACE" create secret docker-registry "$PROJECT_REGISTRY_SECRET_NAME" \
--docker-server="$REGISTRY_HOST" \
--docker-username="$REGISTRY_USERNAME" \
--docker-password="$REGISTRY_PASSWORD" \
--dry-run=client -o yaml | kubectl apply -f -
echo "checking rclone secret key presence"
kubectl -n "$PROJECT_NAMESPACE" get secret "$RCLONE_SECRET_NAME" \
-o "go-template={{if index .data \"${RCLONE_SECRET_KEY}\"}}rclone_secret_key_present{{else}}rclone_secret_key_missing{{end}}{{\"\\n\"}}"
echo "upserting Forgejo repo and Actions settings"
forgejo_args=()
if [[ -n "${FORGEJO_TOKEN:-}" ]]; then
forgejo_args+=(--token "$FORGEJO_TOKEN")
else
forgejo_args+=(--admin-username "$FORGEJO_ADMIN_USERNAME" --admin-password "$FORGEJO_ADMIN_PASSWORD")
fi
if [[ "$FORGEJO_REPO_PRIVATE" == "1" || "$FORGEJO_REPO_PRIVATE" == "true" ]]; then
forgejo_args+=(--repo-private)
fi
python3 "$ROOT_DIR/scripts/deploy/forgejo_repo_bootstrap.py" \
--forgejo-url "$FORGEJO_URL" \
--repo-owner "$FORGEJO_REPO_OWNER" \
--repo-name "$FORGEJO_REPO_NAME" \
--ci-kubeconfig "$CI_KUBECONFIG_PATH" \
--registry-host "$REGISTRY_HOST" \
--project-name "$PROJECT_NAME" \
--project-namespace "$PROJECT_NAMESPACE" \
--project-deployments "$PROJECT_DEPLOYMENTS" \
--project-registry-secret-name "$PROJECT_REGISTRY_SECRET_NAME" \
"${forgejo_args[@]}"
echo "bootstrap complete for ${FORGEJO_REPO_OWNER}/${FORGEJO_REPO_NAME} in namespace ${PROJECT_NAMESPACE}"
Reference in a new issue View git blame Copy permalink