1
0
Fork 0

k/invoiceshelf: migrate to invoiceshelf, use statefulset, grab secrets from backup

This commit is contained in:
Danny Grove 2024-03-31 03:29:37 -07:00
parent c3d9a55497
commit 10119fd557
Signed by: drgrove
GPG Key ID: E1F4160251DB4C2E
3 changed files with 43 additions and 12 deletions

View File

@ -4,14 +4,16 @@ metadata:
name: env name: env
stringData: stringData:
DB_PASSWORD: ENC[AES256_GCM,data:nHeFXLOI6bMb1hslXLu9xqbMNppGeGzI,iv:rakHQI3iFNgD9gtUX0HdeFG5afP9ln0a+wenqm692T0=,tag:en9KmjYlZ6xzeC0fs9wKzA==,type:str] DB_PASSWORD: ENC[AES256_GCM,data:nHeFXLOI6bMb1hslXLu9xqbMNppGeGzI,iv:rakHQI3iFNgD9gtUX0HdeFG5afP9ln0a+wenqm692T0=,tag:en9KmjYlZ6xzeC0fs9wKzA==,type:str]
APP_KEY: ENC[AES256_GCM,data:pG99OkN9DpXEJ287ty/7e/86v5kEYeikNN6FnV++uNFE4j48aPiQENd+57RxAXFTUl+6,iv:IFXaK2gnXFm6T3O7ClTRk5HqLGmgFdvh7Dn2Jw+MQU0=,tag:0SPKkf5jfyyuwHNvvDVgCg==,type:str]
MAIL_PASSWORD: ENC[AES256_GCM,data:+pWcN1GYSA3pibo8WgvFsAHjnrvhDNsjuO+QXYR7bdZFBKWJbshf0sS8,iv:Kw6qiUEFnd5FRGBMWutOoxMNFZYMf8NyQkPBR9TvfXg=,tag:4IOU6qOXWQ02S6rc1RHiOQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2024-03-31T08:56:24Z" lastmodified: "2024-03-31T09:43:12Z"
mac: ENC[AES256_GCM,data:ZzOHxHPOpazpvXHeMJfSyrRQoH9pK33eNYpZKvMXii3rQKWVw8dc4C0HyzbXo5ahJzF9RdBopiXW9tchjejfE1JJoC/a7SXYNCS+wn5wj4CQwu7u3ungbVROcluoBe7NiVzDhWz9URjZgkNWwyDWWQN9SXZW5xVqSYhAS7xPJTY=,iv:emHnnakeNRN1yWM7QvhF/7JH4K6GXpzWL78o9HNxPtE=,tag:9PUAOuO05M1RoQADq3f8gQ==,type:str] mac: ENC[AES256_GCM,data:I9rIuOh2cTJDrlPYs3kf6o6jPPtdElDmjWENc4Yk29ezpWwUj3+BsICpOU0kOrehvuyKtcM6BcxuvJG5Q92gZoVRvlHDoLypMyK3vDBxhGO0CAbcKnKmUSvROr6IWY5jKh9EWczxU3VkDTrm/BmCJAbjC2Ys51ej73InZez4t0g=,iv:gIaUNj8wKew4bH7dBHW+LV5S0a9allRQkWQ/3aWYJ4Q=,tag:mwwI+RDG0i45sPOSh+e1mg==,type:str]
pgp: pgp:
- created_at: "2024-01-11T20:56:10Z" - created_at: "2024-01-11T20:56:10Z"
enc: |- enc: |-

View File

@ -3,7 +3,7 @@ kind: Kustomization
commonLabels: commonLabels:
app.kubernetes.io/part-of: invoiceshelf app.kubernetes.io/part-of: invoiceshelf
resources: resources:
- deployment.yaml - statefulset.yaml
- service.yaml - service.yaml
- ingress.yaml - ingress.yaml
configMapGenerator: configMapGenerator:
@ -14,6 +14,32 @@ configMapGenerator:
- DB_USERNAME=crater - DB_USERNAME=crater
- DB_DATABASE=crater - DB_DATABASE=crater
- DB_PORT=25060 - DB_PORT=25060
- APP_ENV=production
- APP_DEBUG=false
- APP_LOG_LEVEL=debug
- APP_URL=https://billing.distrust.co
- ASSET_URL=https://billing.distrust.co
- BROADCAST_DRIVER=log
- CACHE_DRIVER=file
- QUEUE_DRIVER=sync
- SESSION_DRIVER=cookie
- SESSION_LIFETIME=1440
- REDIS_HOST=127.0.0.1
- REDIS_PORT=6379
- MAIL_DRIVER=smtp
- MAIL_HOST=smtp.migadu.com
- MAIL_PORT=465
- MAIL_USERNAME=billing@distrust.co
- MAIL_FROM_ADDRESS=billing@distrust.co
- MAIL_FROM_NAME="billing@distrust.co"
- MAIL_ENCRYPTION=ssl
- PUSHER_APP_ID=
- PUSHER_KEY=
- PUSHER_SECRET=
- SANCTUM_STATEFUL_DOMAINS=billing.distrust.co
- SESSION_DOMAIN=billing.distrust.co
- TRUSTED_PROXIES="*"
- CRON_JOB_AUTH_TOKEN=""
generators: generators:
- secret-generator.yaml - secret-generator.yaml
images: images:

View File

@ -1,5 +1,5 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: StatefulSet
metadata: metadata:
name: invoiceshelf name: invoiceshelf
labels: labels:
@ -27,13 +27,16 @@ spec:
ports: ports:
- name: http - name: http
containerPort: 80 containerPort: 80
# Create the flag the install check needs to bypass
lifecycle:
postStart:
exec:
command:
- /bin/sh
- -c
- "touch /var/www/html/InvoiceShelf/storage/app/database_created"
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
volumeMounts:
- name: invoiceshelf-data
mountPath: /var/www/html/InvoiceShelf/storage
volumeClaimTemplates:
- metadata:
name: invoiceshelf-data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 10Gi