Some maintenance for muenster-update (#78)

* Disable overpass

* Update to k8s 1.34.6 in workflow

* Rename to muenster-update & add cnpg.io Cluster

Author: ubergesundheit

.github/workflows/test-on-pr.yaml

@@ -14,4 +14,4 @@ jobs:
         with:
           kustomize_build_input: sync
           kube-linter_flags: "--config .kube-linter.yaml"
-          kubeconform_flags: "-strict -kubernetes-version 1.29.13 -schema-location 'https://raw.githubusercontent.com/ubergesundheit/kube-check-action/main/kubeconform-schemas/{{.ResourceKind}}.json' -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json' -schema-location default"
+          kubeconform_flags: "-strict -kubernetes-version 1.34.6 -schema-location 'https://raw.githubusercontent.com/ubergesundheit/kube-check-action/main/kubeconform-schemas/{{.ResourceKind}}.json' -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json' -schema-location default"

apps/kustomization.yaml

@@ -5,5 +5,5 @@ resources:
 - ./crashes
 - ./traffics
 - ./muenster-update
-- ./overpass
+# - ./overpass
 - ./climatems

apps/muenster-update/gitrepo.yaml

@@ -1,7 +1,7 @@
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: GitRepository
 metadata:
-  name: codeformuenster-muenster-jetzt
+  name: codeformuenster-muenster-update
   namespace: flux-system
 spec:
   interval: 1h

apps/muenster-update/image-automations.yaml

@@ -1,7 +1,7 @@
 apiVersion: image.toolkit.fluxcd.io/v1beta2
 kind: ImageRepository
 metadata:
-  name: muenster-jetzt-api-container-image
+  name: muenster-update-api-container-image
   namespace: flux-system
 spec:
   image: docker.io/codeformuenster/muenster-jetzt-api
@@ -10,7 +10,7 @@ spec:
 apiVersion: image.toolkit.fluxcd.io/v1beta2
 kind: ImageRepository
 metadata:
-  name: muenster-jetzt-api-static-container-image
+  name: muenster-update-api-static-container-image
   namespace: flux-system
 spec:
   image: docker.io/codeformuenster/muenster-jetzt-api-static
@@ -19,7 +19,7 @@ spec:
 apiVersion: image.toolkit.fluxcd.io/v1beta2
 kind: ImageRepository
 metadata:
-  name: muenster-jetzt-frontend-container-image
+  name: muenster-update-frontend-container-image
   namespace: flux-system
 spec:
   image: docker.io/codeformuenster/muenster-jetzt-frontend
@@ -28,11 +28,11 @@ spec:
 apiVersion: image.toolkit.fluxcd.io/v1beta2
 kind: ImagePolicy
 metadata:
-  name: muenster-jetzt-api-staging
+  name: muenster-update-api-staging
   namespace: flux-system
 spec:
   imageRepositoryRef:
-    name: muenster-jetzt-api-container-image
+    name: muenster-update-api-container-image
   policy:
     alphabetical:
       order: asc
@@ -43,11 +43,11 @@ spec:
 apiVersion: image.toolkit.fluxcd.io/v1beta2
 kind: ImagePolicy
 metadata:
-  name: muenster-jetzt-api-static-staging
+  name: muenster-update-api-static-staging
   namespace: flux-system
 spec:
   imageRepositoryRef:
-    name: muenster-jetzt-api-static-container-image
+    name: muenster-update-api-static-container-image
   policy:
     alphabetical:
       order: asc
@@ -58,11 +58,11 @@ spec:
 apiVersion: image.toolkit.fluxcd.io/v1beta2
 kind: ImagePolicy
 metadata:
-  name: muenster-jetzt-frontend-staging
+  name: muenster-update-frontend-staging
   namespace: flux-system
 spec:
   imageRepositoryRef:
-    name: muenster-jetzt-frontend-container-image
+    name: muenster-update-frontend-container-image
   policy:
     alphabetical:
       order: asc
@@ -73,11 +73,11 @@ spec:
 apiVersion: image.toolkit.fluxcd.io/v1beta2
 kind: ImagePolicy
 metadata:
-  name: muenster-jetzt-production
+  name: muenster-update-production
   namespace: flux-system
 spec:
   imageRepositoryRef:
-    name: muenster-jetzt-frontend-container-image
+    name: muenster-update-frontend-container-image
   policy:
     semver:
       range: ">=v0.1.0"

apps/muenster-update/production/kustomization.yaml

@@ -1,9 +1,10 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
-namespace: c4m-muenster-jetzt-production
+namespace: c4m-muenster-update-production
 
 resources:
 - ../../../base/namespace-pss-restricted
-- muenster-jetzt-production.enc.yaml
+- muenster-update-production.enc.yaml
+- pgcluster.yaml
 - sync.yaml

apps/muenster-update/production/muenster-jetzt-production.enc.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: backend-api
+type: Opaque
+stringData:
+    DJANGO_SECRET_KEY: ENC[AES256_GCM,data:LJs8NOEzZbUfs9FXAP2V5RxMKpGyCWE8QOLT4h6DZMUJXoCp9I+3VY1xUkhXrQ63xSY=,iv:vOvc8nIN6Whn2kA7jQUQueGmVKwKxn/SP3JjAZOfQpo=,tag:c7GvqQyFvmz42P+n7FEszA==,type:str]
+    MUENSTERLAND_API_TOKEN: ENC[AES256_GCM,data:JG0j2YX5RROq8YuUNnywZwGj8VTd1rvVJ8d4oMxpy8U=,iv:KVjUCDZ/ayOtxOjPSWir/CZ0x6JnoJNoxysuVJrmLxM=,tag:scZC0RQhCmwQmZVQ4j7kzA==,type:str]
+    DATENPORTAL_USER: ENC[AES256_GCM,data:L2Ue1ikNAdSqBtmP00I=,iv:PuxrIuX/Zt8g8ZFtgDkyMVgA98QleaTNlD5Tj0d//Fw=,tag:j/LubJ0ylfBP1b8+00dGmQ==,type:str]
+    DATENPORTAL_PASSWORD: ENC[AES256_GCM,data:DJS4UnsXyj33,iv:rM7cPJsiOB6/yY3B/L1GLMMRqGlTv2Gfg39z68I4r/E=,tag:dONTVo8s2OUB4oy3ExYa8A==,type:str]
+sops:
+    age:
+        - recipient: age1nzqaqzm7wfz04ld5esukhkghmayzt8xmnrjlau0rdcycjlu53pesgew089
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZnJaLzlBSXRUUzZPV09a
+            MnhseW5WTW11YXhsTUlTMXdJZUhjbjk3dmdFCkd0RUpWWHNLYUlpZUd4MDBqRmRy
+            ZDJaVy81a3JwbmhlN3ZRWWJUcmptcE0KLS0tIG5zbXpVKzM5ZTZnZzBEL056TVhl
+            ZkRIRjlvaS9pOE5vRGVlTzRJZktsYlkKM7iQwix6GnITwp7E46DNc78cJOzvRRaF
+            pdX3EeHyUHshcf7PlZTE1fu37PfgUhr5Z1pY7e8tW+FzoIT+nmylFA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-04-05T14:19:37Z"
+    mac: ENC[AES256_GCM,data:fGBmNpfv2sfl+UaDKPIgdRvh64JHLOM7TTJBsrUruBmoza/vJrJb1ENG5RlmZNQNt6vTYYHzYELjGYPdeufPes1rYANYLWmsnLj196u5vA/BPgJSnaadtXlrXkyXp9SgcWgt/OUWrn7OtsBrIU6S7a0FZIr1lE7CpjVDaXg2FoE=,iv:UUIDJXqPezKhtoSxDEfrELh9VsIMdDcJhO0239OyuiU=,tag:8h/ulwNvjKCQf6H+m5C+Dw==,type:str]
+    encrypted_regex: ^(data|stringData)$
+    version: 3.12.2

apps/muenster-update/production/muenster-update-production.enc.yaml

@@ -0,0 +1,38 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: pg-ms-update-production
+  labels:
+    lab481.de/pg_dump: "false"
+spec:
+  instances: 1
+  enablePDB: false
+  imageName: ghcr.io/cloudnative-pg/postgresql:18.3-system-trixie
+  storage:
+    size: 1Gi
+  bootstrap:
+    initdb:
+      encoding: UTF8
+      localeCollate: en_US.UTF-8
+      localeCType: en_US.UTF-8
+  podSelectorRefs:
+  - name: backend
+    selector:
+      matchLabels:
+        app.kubernetes.io/app: muenster-update
+        app.kubernetes.io/component: api
+  - name: crawler
+    selector:
+      matchLabels:
+        app.kubernetes.io/app: muenster-update
+        app.kubernetes.io/component: crawler
+  postgresql:
+    pg_hba:
+    - host app app ${podselector:backend} scram-sha-256
+    - host app app ${podselector:crawler} scram-sha-256
+    # Workaround until https://github.com/cloudnative-pg/cloudnative-pg/issues/10371
+    # is resolved
+    - host all all all reject
+  managed:
+    services:
+      disabledDefaultServices: ["ro", "r"]

apps/muenster-update/production/pgcluster.yaml

@@ -1,23 +1,25 @@
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
-  name: muenster-jetzt-production
+  name: muenster-update-production
 spec:
   interval: 1h
-  targetNamespace: c4m-muenster-jetzt-production
+  targetNamespace: c4m-muenster-update-production
   sourceRef:
     kind: GitRepository
-    name: codeformuenster-muenster-jetzt
+    name: codeformuenster-muenster-update
     namespace: flux-system
   path: "."
   prune: true
   images:
   - name: docker.io/codeformuenster/muenster-jetzt-frontend
-    newTag: v0.2.1 # {"$imagepolicy": "flux-system:muenster-jetzt-production:tag"}
+    newTag: v0.2.1 # {"$imagepolicy": "flux-system:muenster-update-production:tag"}
   - name: docker.io/codeformuenster/muenster-jetzt-api
-    newTag: v0.2.1 # {"$imagepolicy": "flux-system:muenster-jetzt-production:tag"}
+    newTag: v0.2.1 # {"$imagepolicy": "flux-system:muenster-update-production:tag"}
   - name: docker.io/codeformuenster/muenster-jetzt-api-static
-    newTag: v0.2.1 # {"$imagepolicy": "flux-system:muenster-jetzt-production:tag"}
+    newTag: v0.2.1 # {"$imagepolicy": "flux-system:muenster-update-production:tag"}
+  commonLabels:
+    app.kubernetes.io/app: muenster-update
   patches:
   - patch: |
       - op: add
@@ -55,3 +57,111 @@ spec:
     target:
       kind: Deployment
       name: backend-api
+  - patch: |-
+      apiVersion: apps/v1
+      kind: Deployment
+      metadata:
+        name: backend-api
+      spec:
+        template:
+          spec:
+            initContainers:
+            - name: migrations
+              env:
+              - name: DB_HOST
+                valueFrom:
+                  secretKeyRef:
+                    name: pg-ms-update-production-app
+                    key: host
+              - name: DB_PORT
+                valueFrom:
+                  secretKeyRef:
+                    name: pg-ms-update-production-app
+                    key: port
+              - name: DB_NAME
+                valueFrom:
+                  secretKeyRef:
+                    name: pg-ms-update-production-app
+                    key: dbname
+              - name: DB_USER
+                valueFrom:
+                  secretKeyRef:
+                    name: pg-ms-update-production-app
+                    key: user
+              - name: DB_PASSWORD
+                valueFrom:
+                  secretKeyRef:
+                    name: pg-ms-update-production-app
+                    key: password
+            containers:
+            - name: backend-api
+              env:
+              - name: DB_HOST
+                valueFrom:
+                  secretKeyRef:
+                    name: pg-ms-update-production-app
+                    key: host
+              - name: DB_PORT
+                valueFrom:
+                  secretKeyRef:
+                    name: pg-ms-update-production-app
+                    key: port
+              - name: DB_NAME
+                valueFrom:
+                  secretKeyRef:
+                    name: pg-ms-update-production-app
+                    key: dbname
+              - name: DB_USER
+                valueFrom:
+                  secretKeyRef:
+                    name: pg-ms-update-production-app
+                    key: user
+              - name: DB_PASSWORD
+                valueFrom:
+                  secretKeyRef:
+                    name: pg-ms-update-production-app
+                    key: password
+    target:
+      kind: Deployment
+      name: backend-api
+  - patch: |-
+      apiVersion: batch/v1
+      kind: CronJob
+      metadata:
+        name: crawler
+      spec:
+        jobTemplate:
+          spec:
+            template:
+              spec:
+                containers:
+                - name: crawler
+                  env:
+                  - name: DB_HOST
+                    valueFrom:
+                      secretKeyRef:
+                        name: pg-ms-update-production-app
+                        key: host
+                  - name: DB_PORT
+                    valueFrom:
+                      secretKeyRef:
+                        name: pg-ms-update-production-app
+                        key: port
+                  - name: DB_NAME
+                    valueFrom:
+                      secretKeyRef:
+                        name: pg-ms-update-production-app
+                        key: dbname
+                  - name: DB_USER
+                    valueFrom:
+                      secretKeyRef:
+                        name: pg-ms-update-production-app
+                        key: user
+                  - name: DB_PASSWORD
+                    valueFrom:
+                      secretKeyRef:
+                        name: pg-ms-update-production-app
+                        key: password
+    target:
+      kind: CronJob
+      name: crawler

apps/muenster-update/production/sync.yaml

@@ -1,9 +1,10 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
-namespace: c4m-muenster-jetzt-staging
+namespace: c4m-muenster-update-staging
 
 resources:
 - ../../../base/namespace-pss-restricted
-- muenster-jetzt-staging.enc.yaml
+- muenster-update-staging.enc.yaml
+- pgcluster.yaml
 - sync.yaml