diff --git a/.github/workflows/test-on-pr.yaml b/.github/workflows/test-on-pr.yaml index 7f35dd4e..24e6f5a5 100644 --- a/.github/workflows/test-on-pr.yaml +++ b/.github/workflows/test-on-pr.yaml @@ -14,4 +14,4 @@ jobs: with: kustomize_build_input: sync kube-linter_flags: "--config .kube-linter.yaml" - kubeconform_flags: "-strict -kubernetes-version 1.29.13 -schema-location 'https://raw.githubusercontent.com/ubergesundheit/kube-check-action/main/kubeconform-schemas/{{.ResourceKind}}.json' -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json' -schema-location default" + kubeconform_flags: "-strict -kubernetes-version 1.34.6 -schema-location 'https://raw.githubusercontent.com/ubergesundheit/kube-check-action/main/kubeconform-schemas/{{.ResourceKind}}.json' -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json' -schema-location default" diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml index 0525568e..292a3d4e 100644 --- a/apps/kustomization.yaml +++ b/apps/kustomization.yaml @@ -5,5 +5,5 @@ resources: - ./crashes - ./traffics - ./muenster-update -- ./overpass +# - ./overpass - ./climatems diff --git a/apps/muenster-update/gitrepo.yaml b/apps/muenster-update/gitrepo.yaml index 7aa286a5..72fe785b 100644 --- a/apps/muenster-update/gitrepo.yaml +++ b/apps/muenster-update/gitrepo.yaml @@ -1,7 +1,7 @@ apiVersion: source.toolkit.fluxcd.io/v1 kind: GitRepository metadata: - name: codeformuenster-muenster-jetzt + name: codeformuenster-muenster-update namespace: flux-system spec: interval: 1h diff --git a/apps/muenster-update/image-automations.yaml b/apps/muenster-update/image-automations.yaml index e07b7b92..b5833731 100644 --- a/apps/muenster-update/image-automations.yaml +++ b/apps/muenster-update/image-automations.yaml @@ -1,7 +1,7 @@ apiVersion: image.toolkit.fluxcd.io/v1beta2 kind: ImageRepository metadata: - name: muenster-jetzt-api-container-image + name: muenster-update-api-container-image namespace: flux-system spec: image: docker.io/codeformuenster/muenster-jetzt-api @@ -10,7 +10,7 @@ spec: apiVersion: image.toolkit.fluxcd.io/v1beta2 kind: ImageRepository metadata: - name: muenster-jetzt-api-static-container-image + name: muenster-update-api-static-container-image namespace: flux-system spec: image: docker.io/codeformuenster/muenster-jetzt-api-static @@ -19,7 +19,7 @@ spec: apiVersion: image.toolkit.fluxcd.io/v1beta2 kind: ImageRepository metadata: - name: muenster-jetzt-frontend-container-image + name: muenster-update-frontend-container-image namespace: flux-system spec: image: docker.io/codeformuenster/muenster-jetzt-frontend @@ -28,11 +28,11 @@ spec: apiVersion: image.toolkit.fluxcd.io/v1beta2 kind: ImagePolicy metadata: - name: muenster-jetzt-api-staging + name: muenster-update-api-staging namespace: flux-system spec: imageRepositoryRef: - name: muenster-jetzt-api-container-image + name: muenster-update-api-container-image policy: alphabetical: order: asc @@ -43,11 +43,11 @@ spec: apiVersion: image.toolkit.fluxcd.io/v1beta2 kind: ImagePolicy metadata: - name: muenster-jetzt-api-static-staging + name: muenster-update-api-static-staging namespace: flux-system spec: imageRepositoryRef: - name: muenster-jetzt-api-static-container-image + name: muenster-update-api-static-container-image policy: alphabetical: order: asc @@ -58,11 +58,11 @@ spec: apiVersion: image.toolkit.fluxcd.io/v1beta2 kind: ImagePolicy metadata: - name: muenster-jetzt-frontend-staging + name: muenster-update-frontend-staging namespace: flux-system spec: imageRepositoryRef: - name: muenster-jetzt-frontend-container-image + name: muenster-update-frontend-container-image policy: alphabetical: order: asc @@ -73,11 +73,11 @@ spec: apiVersion: image.toolkit.fluxcd.io/v1beta2 kind: ImagePolicy metadata: - name: muenster-jetzt-production + name: muenster-update-production namespace: flux-system spec: imageRepositoryRef: - name: muenster-jetzt-frontend-container-image + name: muenster-update-frontend-container-image policy: semver: range: ">=v0.1.0" diff --git a/apps/muenster-update/production/kustomization.yaml b/apps/muenster-update/production/kustomization.yaml index 82565b50..171e8640 100644 --- a/apps/muenster-update/production/kustomization.yaml +++ b/apps/muenster-update/production/kustomization.yaml @@ -1,9 +1,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: c4m-muenster-jetzt-production +namespace: c4m-muenster-update-production resources: - ../../../base/namespace-pss-restricted -- muenster-jetzt-production.enc.yaml +- muenster-update-production.enc.yaml +- pgcluster.yaml - sync.yaml diff --git a/apps/muenster-update/production/muenster-jetzt-production.enc.yaml b/apps/muenster-update/production/muenster-jetzt-production.enc.yaml deleted file mode 100644 index 28ee6344..00000000 --- a/apps/muenster-update/production/muenster-jetzt-production.enc.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: backend-api -type: Opaque -stringData: - DB_HOST: ENC[AES256_GCM,data:p9cUY9a4Po0R+A3cmjX/cA==,iv:ijg2/bTUAz/o3Xex+jCBXU95tPTjwJtBBSBXHyHz/6U=,tag:ABIASQIgbAY969Ku1l/ybQ==,type:str] - DB_PORT: ENC[AES256_GCM,data:G+SaXw==,iv:P0bcS1YQlmiquJBW2NSXtg2VQsw2KpJmqK9sQuqKyK0=,tag:rwcrMoar7XJFNl7jaub5ZQ==,type:str] - DB_NAME: ENC[AES256_GCM,data:Fic9T87Dc9B5g0Lim4UzUH8S,iv:K814rrw+Fd4KfTswJMwO4QrupornPnu3vBSYHpsDPnE=,tag:Eouah8Qhwn4Ex6f4ovI2vQ==,type:str] - DB_USER: ENC[AES256_GCM,data:R8fqCGSUUiLgA+rt07MJJonx,iv:RveFcoQxCjUQQLukKfIIBDh9JNNUrx+cqIqwtYvtJCM=,tag:rrGatRqfGSpw/IWGOFafLg==,type:str] - DB_PASSWORD: ENC[AES256_GCM,data:s5Uxz1yyW6bd+aI8IOIhoqCPXTzIiLjJtUMjHS7zvBU1QaSES5h4FPI/atGNC6iB9p1EmjRpFqhnZw0aAY3iXA==,iv:aH6+XtgAojmc9GYGgdcF0s/wDzV9FVRQfP+qnXZAFaM=,tag:m3RouZoDSjshnRkePMuSrQ==,type:str] - DJANGO_SECRET_KEY: ENC[AES256_GCM,data:+NvQTE11YA6yUG+ujPPa+zxJqizkqhHNq7w3LrFCwLZYFUOZOrkti6K89Hqk6RmTcdY=,iv:RWJ7dP5SJd8C/yJrOSwRsaESVe3j1f8x3j6MIBjJ3iI=,tag:8w2tk9WS7uQgqf0WsXwauA==,type:str] - MUENSTERLAND_API_TOKEN: ENC[AES256_GCM,data:feJ/VfSN6pYAoT4F6n9X/oIzIsoNbB4yPGBtaWo2j10=,iv:dNf03AAeOsgU4jCyhxNg3Zr4+XBCTuGIs6X54MNGhVY=,tag:/8XDz6Tesgcd7UnpkyGYWA==,type:str] - DATENPORTAL_USER: ENC[AES256_GCM,data:MzQ11XATlYo6VBY83oc=,iv:ZonH6L2LYgqf05VupdKH5G9zF2f89l8XgA9BvOaqDNQ=,tag:Rni4FBpF8A7ZUyYWnu7wmA==,type:str] - DATENPORTAL_PASSWORD: ENC[AES256_GCM,data:OUfajhLX7gXN,iv:JnXIeDV27IAmt+8zJRnHqfwokWW8BKaPYrJrSONHvQM=,tag:gizbDSDxPWVENdSVetgdtg==,type:str] -sops: - age: - - recipient: age1nzqaqzm7wfz04ld5esukhkghmayzt8xmnrjlau0rdcycjlu53pesgew089 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiM2FzakVzWW03RFBVV2Rx - TkxSNm8zMG5KTGRwbXpydE43L2ViOXlTeXhFCmZWV01IS1lGRlo3TXRyeWRmWVF0 - SFZYM2hocjNmMmNvY1ptaHZQV0hiQkEKLS0tIEdZUVoyOTFKNlI3YzluQnZWdnBI - NGRWOElFRVhtTWVUTjZySTFYWlMvVTQKcz9lqYttwayKziUD3H7+3hCZ36Knbtrs - IbZizZU/gVsBABfHIEpdRjKijFu+aIJ9d9KJ0GLK/PmioEXSyMPhkw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-11T12:46:05Z" - mac: ENC[AES256_GCM,data:J4m6GrFRdTBDauneVUzTfMi9vpqDC3aXyh/v4bEglcmveEIi2pf2qMClFOOTyBBxRHcC+B5VZwfzbrcU+O133DZbJJKJ4xBgt1Tpwn8yavwL8jn2Ioc0ALN1rU1k2TzfvWT1MXkv6h9Q6dnNmeRraBnRp+66BO4lX84aT61GudQ=,iv:Ykd4cFxn6zyxB3ndOa+8495+IhGIA2SPwaJYMyIfavg=,tag:3671yjMfZ1QGcLhXcLfluQ==,type:str] - encrypted_regex: ^(data|stringData)$ - version: 3.10.1 diff --git a/apps/muenster-update/production/muenster-update-production.enc.yaml b/apps/muenster-update/production/muenster-update-production.enc.yaml new file mode 100644 index 00000000..7893813f --- /dev/null +++ b/apps/muenster-update/production/muenster-update-production.enc.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Secret +metadata: + name: backend-api +type: Opaque +stringData: + DJANGO_SECRET_KEY: ENC[AES256_GCM,data:LJs8NOEzZbUfs9FXAP2V5RxMKpGyCWE8QOLT4h6DZMUJXoCp9I+3VY1xUkhXrQ63xSY=,iv:vOvc8nIN6Whn2kA7jQUQueGmVKwKxn/SP3JjAZOfQpo=,tag:c7GvqQyFvmz42P+n7FEszA==,type:str] + MUENSTERLAND_API_TOKEN: ENC[AES256_GCM,data:JG0j2YX5RROq8YuUNnywZwGj8VTd1rvVJ8d4oMxpy8U=,iv:KVjUCDZ/ayOtxOjPSWir/CZ0x6JnoJNoxysuVJrmLxM=,tag:scZC0RQhCmwQmZVQ4j7kzA==,type:str] + DATENPORTAL_USER: ENC[AES256_GCM,data:L2Ue1ikNAdSqBtmP00I=,iv:PuxrIuX/Zt8g8ZFtgDkyMVgA98QleaTNlD5Tj0d//Fw=,tag:j/LubJ0ylfBP1b8+00dGmQ==,type:str] + DATENPORTAL_PASSWORD: ENC[AES256_GCM,data:DJS4UnsXyj33,iv:rM7cPJsiOB6/yY3B/L1GLMMRqGlTv2Gfg39z68I4r/E=,tag:dONTVo8s2OUB4oy3ExYa8A==,type:str] +sops: + age: + - recipient: age1nzqaqzm7wfz04ld5esukhkghmayzt8xmnrjlau0rdcycjlu53pesgew089 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZnJaLzlBSXRUUzZPV09a + MnhseW5WTW11YXhsTUlTMXdJZUhjbjk3dmdFCkd0RUpWWHNLYUlpZUd4MDBqRmRy + ZDJaVy81a3JwbmhlN3ZRWWJUcmptcE0KLS0tIG5zbXpVKzM5ZTZnZzBEL056TVhl + ZkRIRjlvaS9pOE5vRGVlTzRJZktsYlkKM7iQwix6GnITwp7E46DNc78cJOzvRRaF + pdX3EeHyUHshcf7PlZTE1fu37PfgUhr5Z1pY7e8tW+FzoIT+nmylFA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-04-05T14:19:37Z" + mac: ENC[AES256_GCM,data:fGBmNpfv2sfl+UaDKPIgdRvh64JHLOM7TTJBsrUruBmoza/vJrJb1ENG5RlmZNQNt6vTYYHzYELjGYPdeufPes1rYANYLWmsnLj196u5vA/BPgJSnaadtXlrXkyXp9SgcWgt/OUWrn7OtsBrIU6S7a0FZIr1lE7CpjVDaXg2FoE=,iv:UUIDJXqPezKhtoSxDEfrELh9VsIMdDcJhO0239OyuiU=,tag:8h/ulwNvjKCQf6H+m5C+Dw==,type:str] + encrypted_regex: ^(data|stringData)$ + version: 3.12.2 diff --git a/apps/muenster-update/production/pgcluster.yaml b/apps/muenster-update/production/pgcluster.yaml new file mode 100644 index 00000000..86503258 --- /dev/null +++ b/apps/muenster-update/production/pgcluster.yaml @@ -0,0 +1,38 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: pg-ms-update-production + labels: + lab481.de/pg_dump: "false" +spec: + instances: 1 + enablePDB: false + imageName: ghcr.io/cloudnative-pg/postgresql:18.3-system-trixie + storage: + size: 1Gi + bootstrap: + initdb: + encoding: UTF8 + localeCollate: en_US.UTF-8 + localeCType: en_US.UTF-8 + podSelectorRefs: + - name: backend + selector: + matchLabels: + app.kubernetes.io/app: muenster-update + app.kubernetes.io/component: api + - name: crawler + selector: + matchLabels: + app.kubernetes.io/app: muenster-update + app.kubernetes.io/component: crawler + postgresql: + pg_hba: + - host app app ${podselector:backend} scram-sha-256 + - host app app ${podselector:crawler} scram-sha-256 + # Workaround until https://github.com/cloudnative-pg/cloudnative-pg/issues/10371 + # is resolved + - host all all all reject + managed: + services: + disabledDefaultServices: ["ro", "r"] diff --git a/apps/muenster-update/production/sync.yaml b/apps/muenster-update/production/sync.yaml index 45e94896..92d8d5d4 100644 --- a/apps/muenster-update/production/sync.yaml +++ b/apps/muenster-update/production/sync.yaml @@ -1,23 +1,25 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: muenster-jetzt-production + name: muenster-update-production spec: interval: 1h - targetNamespace: c4m-muenster-jetzt-production + targetNamespace: c4m-muenster-update-production sourceRef: kind: GitRepository - name: codeformuenster-muenster-jetzt + name: codeformuenster-muenster-update namespace: flux-system path: "." prune: true images: - name: docker.io/codeformuenster/muenster-jetzt-frontend - newTag: v0.2.1 # {"$imagepolicy": "flux-system:muenster-jetzt-production:tag"} + newTag: v0.2.1 # {"$imagepolicy": "flux-system:muenster-update-production:tag"} - name: docker.io/codeformuenster/muenster-jetzt-api - newTag: v0.2.1 # {"$imagepolicy": "flux-system:muenster-jetzt-production:tag"} + newTag: v0.2.1 # {"$imagepolicy": "flux-system:muenster-update-production:tag"} - name: docker.io/codeformuenster/muenster-jetzt-api-static - newTag: v0.2.1 # {"$imagepolicy": "flux-system:muenster-jetzt-production:tag"} + newTag: v0.2.1 # {"$imagepolicy": "flux-system:muenster-update-production:tag"} + commonLabels: + app.kubernetes.io/app: muenster-update patches: - patch: | - op: add @@ -55,3 +57,111 @@ spec: target: kind: Deployment name: backend-api + - patch: |- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: backend-api + spec: + template: + spec: + initContainers: + - name: migrations + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: pg-ms-update-production-app + key: host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: pg-ms-update-production-app + key: port + - name: DB_NAME + valueFrom: + secretKeyRef: + name: pg-ms-update-production-app + key: dbname + - name: DB_USER + valueFrom: + secretKeyRef: + name: pg-ms-update-production-app + key: user + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: pg-ms-update-production-app + key: password + containers: + - name: backend-api + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: pg-ms-update-production-app + key: host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: pg-ms-update-production-app + key: port + - name: DB_NAME + valueFrom: + secretKeyRef: + name: pg-ms-update-production-app + key: dbname + - name: DB_USER + valueFrom: + secretKeyRef: + name: pg-ms-update-production-app + key: user + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: pg-ms-update-production-app + key: password + target: + kind: Deployment + name: backend-api + - patch: |- + apiVersion: batch/v1 + kind: CronJob + metadata: + name: crawler + spec: + jobTemplate: + spec: + template: + spec: + containers: + - name: crawler + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: pg-ms-update-production-app + key: host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: pg-ms-update-production-app + key: port + - name: DB_NAME + valueFrom: + secretKeyRef: + name: pg-ms-update-production-app + key: dbname + - name: DB_USER + valueFrom: + secretKeyRef: + name: pg-ms-update-production-app + key: user + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: pg-ms-update-production-app + key: password + target: + kind: CronJob + name: crawler diff --git a/apps/muenster-update/staging/kustomization.yaml b/apps/muenster-update/staging/kustomization.yaml index 6c985f4e..910c9440 100644 --- a/apps/muenster-update/staging/kustomization.yaml +++ b/apps/muenster-update/staging/kustomization.yaml @@ -1,9 +1,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: c4m-muenster-jetzt-staging +namespace: c4m-muenster-update-staging resources: - ../../../base/namespace-pss-restricted -- muenster-jetzt-staging.enc.yaml +- muenster-update-staging.enc.yaml +- pgcluster.yaml - sync.yaml diff --git a/apps/muenster-update/staging/muenster-jetzt-staging.enc.yaml b/apps/muenster-update/staging/muenster-jetzt-staging.enc.yaml deleted file mode 100644 index c34ff91a..00000000 --- a/apps/muenster-update/staging/muenster-jetzt-staging.enc.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: backend-api -type: Opaque -stringData: - DB_HOST: ENC[AES256_GCM,data:d2SHiIAAAd2S7RDtwA5oww==,iv:GGho5ME6IUZztdEYqQNz4JYEv/xYP2hYfM3DhDcFc5M=,tag:SMPoqSrh/RI7/GX9vzXdWg==,type:str] - DB_PORT: ENC[AES256_GCM,data:eXRDxA==,iv:ZufH9/T+ABlC1nBUG9P2fbyFgsikoM6MrdSeYAeh2vw=,tag:DUKNYFX7230FQGBF22VUxg==,type:str] - DB_NAME: ENC[AES256_GCM,data:lfzTzuXC6pZ/ZxIAgX+6x1Ds,iv:popCr0CLVWj7S1B20p/PKJ8hWGtRse1CiaTw4eL1mlE=,tag:HpYa0WjZXodCHohXnrKDJA==,type:str] - DB_USER: ENC[AES256_GCM,data:eGkEIO4vAg7FfZFTl/VtQ5HU,iv:hPyR9WdRyaKle5nwlfD8bwcSSxGPb5dmko2dguIMScU=,tag:Ur4smB0N0EvPf503kiescA==,type:str] - DB_PASSWORD: ENC[AES256_GCM,data:8Bnq0jPhdR8JRZBkLLvOqw4XYNgZJ61H7znyRZlpoSDXfdp1w13aH/2ksSxBTJff7+J++GADaglKRmmlajVLcw==,iv:+r6Xlg8hD2FhjwalVTPxi0ENTQuUkZPPOEe/U2h/R+w=,tag:6r/EU2dW6fu9+T9PUGwEIw==,type:str] - DJANGO_SECRET_KEY: ENC[AES256_GCM,data:fW0FihulkZs3D7poX4jD9R+YVtQ65wYjI3ro2bp6bVzTTpk7tImUGflt+s7v49oBzpc=,iv:/f8r+eWjEjcyMw8yvkKnU+FjgA2z9z4wO/GCFVZj6hM=,tag:u2DD4FLODa8urix1ANDfEg==,type:str] - MUENSTERLAND_API_TOKEN: ENC[AES256_GCM,data:6jCZ6cY8mLhaC7yUDqpRsCGM8wU2eNZ1AJ3kYuVM3KM=,iv:nGsITltQ65H+wX4sdjswqTCjB6n2bOMavAM98yoYR+c=,tag:TPJcEsN6GW4CgvU0mdvc7g==,type:str] - DATENPORTAL_USER: ENC[AES256_GCM,data:5L4HiAWX9GQRxz2veZE=,iv:6H+Jy3YpXU6IX67qd1ovZ/iKE5UTWevL03NcdP3/j0g=,tag:L4zVRidVrRMtC9DvS25+pA==,type:str] - DATENPORTAL_PASSWORD: ENC[AES256_GCM,data:zTuI1drzI70x,iv:M3Pyc+4qnLpCjmSNPSFRkKONJcESx5/av+/VLytDxJ4=,tag:9LWZUuhMlJE6ti7zyjLUMQ==,type:str] -sops: - age: - - recipient: age1nzqaqzm7wfz04ld5esukhkghmayzt8xmnrjlau0rdcycjlu53pesgew089 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzdjVoNk5rNXM5Znh0N3kv - bDd0WVhFdmtwZDdCd2hyaTFDNUE2ODdmNnpBCmtEaWFzb0gxMXF1QU1LUWZUNm93 - RGpWYWlPOWZoTXBZbXpoU2dIa3lxTjAKLS0tIGg2R3E2cTdFNmlwaSt2a1BFY2Zv - TStwOVgwbGViRnU5S2thZ214ZElVL3MKAWWp0MilLzdP0p5c0GRqgGjZmPDO5kzu - +/VrG0IDIONO4GaW4ol5eYC94gk6KnLX1GlE0srggFrkBSRyC0C4Ng== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-11T12:40:21Z" - mac: ENC[AES256_GCM,data:LTl6g4OTbbmQe5mefEYQDyvYMA7lE6yVK0/Lu3YIvLCrCB0HHXH5ErLmZNc77CeP7Ft2c9FftBUqxdNDWJYXHjuzAou4m++TR79Z/wtHCpUu5eHUSyaGqVpp/+0RbutIhjo12IWsuu8r/kcb42G8mQ8lMBZGfO5OuS9VXPu8tqM=,iv:ZOijoFvkKnNBGWyLMxcXUPTdfwOIKeBDXi7mV7lPf8Q=,tag:TO+BOwlSajFAtdRXjJCx8A==,type:str] - encrypted_regex: ^(data|stringData)$ - version: 3.10.1 diff --git a/apps/muenster-update/staging/muenster-update-staging.enc.yaml b/apps/muenster-update/staging/muenster-update-staging.enc.yaml new file mode 100644 index 00000000..daa8df6e --- /dev/null +++ b/apps/muenster-update/staging/muenster-update-staging.enc.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Secret +metadata: + name: backend-api +type: Opaque +stringData: + DJANGO_SECRET_KEY: ENC[AES256_GCM,data:5Ia6Cvyv3BC4zVm+aMns/5NvKzEizg8BHWS/AM4/3phPP4H60uvjkYHcwwtpXxKVbj0=,iv:BPxeNmgyAdbijWYn2AWvCXtC3z+ge3ac1hB9rrINGQs=,tag:xJj+M7t5HChz5NioCOT5JQ==,type:str] + MUENSTERLAND_API_TOKEN: ENC[AES256_GCM,data:g8WSpqLDRzeAJKHWljaaHBzDZLiOqnxlcuKSUya+eJ0=,iv:OX+6ZIy23dbL3s9ivzxe4lOYRHEzERJBh2puqTGjm54=,tag:u4unGQ/+Euz4EWZ4YqsINg==,type:str] + DATENPORTAL_USER: ENC[AES256_GCM,data:t3TNxy9G9QfyLuaWCak=,iv:TBlPjScbuemn2mKLORLfPfqu06EQ06qHPAwzOYG1QZ8=,tag:XUYdWhoF+/urMzLnf6zKnQ==,type:str] + DATENPORTAL_PASSWORD: ENC[AES256_GCM,data:0Li8KUvEf0nF,iv:hVPSne6uHYt75dnCjgvGnvnQGXQyLN7XMl9fytozj9U=,tag:SwMdzKnlRkvKYFU5G/iBPg==,type:str] +sops: + age: + - recipient: age1nzqaqzm7wfz04ld5esukhkghmayzt8xmnrjlau0rdcycjlu53pesgew089 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRi9JZGhsZEVHcms2VnJY + bkk5YThBMmNqWmtZZ2VuSCs5dVdNeUxRaXpFCnFTZi9RaGpsQjRQejNzNURTUU5l + a1hseWErTGFMc3FuZ3pvUG0rRm9aSHcKLS0tIGdVa2h5V21BY29YUFZsZnR5MHdE + TnhaUENsMjVnMExkNmd4SGw5c1JmOEUKDRolGxHXK1nhYoyZlwMU5s65MkJR0KJ4 + 92OVUMiMxZYJR/Y1+dj0p9yAcFGL50mp4MaC+WOdSFO+kIbu8ictUw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-04-05T14:17:26Z" + mac: ENC[AES256_GCM,data:JFlzFKhQDQpypRB5Wnf/wsM+ujYG8mZQZIqt9F5m9dPs+H5uJ4GZipN1GI2Je0Zzz+vTLm5VjeVIrFI5nUTgTGr3js9esW/BXZE+qIDIherv2m+I3g+h0GRMlMbtH9ndpCoqtJ/GI20HQL1u/iWoA+WlWCoCZfri75TVkDpdRL0=,iv:dqJwkZNp++qpkZLoh2fawr1Axowa6BjfbHNgGXuslK8=,tag:KDAXWc2n7jptIkOXeAcF9w==,type:str] + encrypted_regex: ^(data|stringData)$ + version: 3.12.2 diff --git a/apps/muenster-update/staging/pgcluster.yaml b/apps/muenster-update/staging/pgcluster.yaml new file mode 100644 index 00000000..998c4c2f --- /dev/null +++ b/apps/muenster-update/staging/pgcluster.yaml @@ -0,0 +1,38 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: pg-ms-update-staging + labels: + lab481.de/pg_dump: "false" +spec: + instances: 1 + enablePDB: false + imageName: ghcr.io/cloudnative-pg/postgresql:18.3-system-trixie + storage: + size: 1Gi + bootstrap: + initdb: + encoding: UTF8 + localeCollate: en_US.UTF-8 + localeCType: en_US.UTF-8 + podSelectorRefs: + - name: backend + selector: + matchLabels: + app.kubernetes.io/app: muenster-update + app.kubernetes.io/component: api + - name: crawler + selector: + matchLabels: + app.kubernetes.io/app: muenster-update + app.kubernetes.io/component: crawler + postgresql: + pg_hba: + - host app app ${podselector:backend} scram-sha-256 + - host app app ${podselector:crawler} scram-sha-256 + # Workaround until https://github.com/cloudnative-pg/cloudnative-pg/issues/10371 + # is resolved + - host all all all reject + managed: + services: + disabledDefaultServices: ["ro", "r"] diff --git a/apps/muenster-update/staging/sync.yaml b/apps/muenster-update/staging/sync.yaml index 2a0b4f48..c0c8d88f 100644 --- a/apps/muenster-update/staging/sync.yaml +++ b/apps/muenster-update/staging/sync.yaml @@ -1,23 +1,25 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: muenster-jetzt-staging + name: muenster-update-staging spec: interval: 1h - targetNamespace: c4m-muenster-jetzt-staging + targetNamespace: c4m-muenster-update-staging sourceRef: kind: GitRepository - name: codeformuenster-muenster-jetzt + name: codeformuenster-muenster-update namespace: flux-system path: "." prune: true images: - name: docker.io/codeformuenster/muenster-jetzt-frontend - newTag: master-37865cb-1702974266 # {"$imagepolicy": "flux-system:muenster-jetzt-frontend-staging:tag"} + newTag: master-37865cb-1702974266 # {"$imagepolicy": "flux-system:muenster-update-frontend-staging:tag"} - name: docker.io/codeformuenster/muenster-jetzt-api - newTag: master-37865cb-1702974204 # {"$imagepolicy": "flux-system:muenster-jetzt-api-staging:tag"} + newTag: master-37865cb-1702974204 # {"$imagepolicy": "flux-system:muenster-update-api-staging:tag"} - name: docker.io/codeformuenster/muenster-jetzt-api-static - newTag: master-37865cb-1702974212 # {"$imagepolicy": "flux-system:muenster-jetzt-api-static-staging:tag"} + newTag: master-37865cb-1702974212 # {"$imagepolicy": "flux-system:muenster-update-api-static-staging:tag"} + commonLabels: + app.kubernetes.io/app: muenster-update patches: - patch: | - op: add @@ -55,3 +57,111 @@ spec: target: kind: Deployment name: backend-api + - patch: |- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: backend-api + spec: + template: + spec: + initContainers: + - name: migrations + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: pg-ms-update-staging-app + key: host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: pg-ms-update-staging-app + key: port + - name: DB_NAME + valueFrom: + secretKeyRef: + name: pg-ms-update-staging-app + key: dbname + - name: DB_USER + valueFrom: + secretKeyRef: + name: pg-ms-update-staging-app + key: user + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: pg-ms-update-staging-app + key: password + containers: + - name: backend-api + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: pg-ms-update-staging-app + key: host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: pg-ms-update-staging-app + key: port + - name: DB_NAME + valueFrom: + secretKeyRef: + name: pg-ms-update-staging-app + key: dbname + - name: DB_USER + valueFrom: + secretKeyRef: + name: pg-ms-update-staging-app + key: user + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: pg-ms-update-staging-app + key: password + target: + kind: Deployment + name: backend-api + - patch: |- + apiVersion: batch/v1 + kind: CronJob + metadata: + name: crawler + spec: + jobTemplate: + spec: + template: + spec: + containers: + - name: crawler + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: pg-ms-update-staging-app + key: host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: pg-ms-update-staging-app + key: port + - name: DB_NAME + valueFrom: + secretKeyRef: + name: pg-ms-update-staging-app + key: dbname + - name: DB_USER + valueFrom: + secretKeyRef: + name: pg-ms-update-staging-app + key: user + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: pg-ms-update-staging-app + key: password + target: + kind: CronJob + name: crawler