From 10119fd5576f175707024f112db23d224d36a7b0 Mon Sep 17 00:00:00 2001 From: Danny Grove Date: Sun, 31 Mar 2024 03:29:37 -0700 Subject: [PATCH] k/invoiceshelf: migrate to invoiceshelf, use statefulset, grab secrets from backup --- kustomizations/invoiceshelf/env.enc.yaml | 6 ++-- .../invoiceshelf/kustomization.yaml | 28 ++++++++++++++++++- .../{deployment.yaml => statefulset.yaml} | 21 ++++++++------ 3 files changed, 43 insertions(+), 12 deletions(-) rename kustomizations/invoiceshelf/{deployment.yaml => statefulset.yaml} (70%) diff --git a/kustomizations/invoiceshelf/env.enc.yaml b/kustomizations/invoiceshelf/env.enc.yaml index 37ba581..a71fd57 100644 --- a/kustomizations/invoiceshelf/env.enc.yaml +++ b/kustomizations/invoiceshelf/env.enc.yaml @@ -4,14 +4,16 @@ metadata: name: env stringData: DB_PASSWORD: ENC[AES256_GCM,data:nHeFXLOI6bMb1hslXLu9xqbMNppGeGzI,iv:rakHQI3iFNgD9gtUX0HdeFG5afP9ln0a+wenqm692T0=,tag:en9KmjYlZ6xzeC0fs9wKzA==,type:str] + APP_KEY: ENC[AES256_GCM,data:pG99OkN9DpXEJ287ty/7e/86v5kEYeikNN6FnV++uNFE4j48aPiQENd+57RxAXFTUl+6,iv:IFXaK2gnXFm6T3O7ClTRk5HqLGmgFdvh7Dn2Jw+MQU0=,tag:0SPKkf5jfyyuwHNvvDVgCg==,type:str] + MAIL_PASSWORD: ENC[AES256_GCM,data:+pWcN1GYSA3pibo8WgvFsAHjnrvhDNsjuO+QXYR7bdZFBKWJbshf0sS8,iv:Kw6qiUEFnd5FRGBMWutOoxMNFZYMf8NyQkPBR9TvfXg=,tag:4IOU6qOXWQ02S6rc1RHiOQ==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: [] - lastmodified: "2024-03-31T08:56:24Z" - mac: ENC[AES256_GCM,data:ZzOHxHPOpazpvXHeMJfSyrRQoH9pK33eNYpZKvMXii3rQKWVw8dc4C0HyzbXo5ahJzF9RdBopiXW9tchjejfE1JJoC/a7SXYNCS+wn5wj4CQwu7u3ungbVROcluoBe7NiVzDhWz9URjZgkNWwyDWWQN9SXZW5xVqSYhAS7xPJTY=,iv:emHnnakeNRN1yWM7QvhF/7JH4K6GXpzWL78o9HNxPtE=,tag:9PUAOuO05M1RoQADq3f8gQ==,type:str] + lastmodified: "2024-03-31T09:43:12Z" + mac: ENC[AES256_GCM,data:I9rIuOh2cTJDrlPYs3kf6o6jPPtdElDmjWENc4Yk29ezpWwUj3+BsICpOU0kOrehvuyKtcM6BcxuvJG5Q92gZoVRvlHDoLypMyK3vDBxhGO0CAbcKnKmUSvROr6IWY5jKh9EWczxU3VkDTrm/BmCJAbjC2Ys51ej73InZez4t0g=,iv:gIaUNj8wKew4bH7dBHW+LV5S0a9allRQkWQ/3aWYJ4Q=,tag:mwwI+RDG0i45sPOSh+e1mg==,type:str] pgp: - created_at: "2024-01-11T20:56:10Z" enc: |- diff --git a/kustomizations/invoiceshelf/kustomization.yaml b/kustomizations/invoiceshelf/kustomization.yaml index 192cbbc..8322966 100644 --- a/kustomizations/invoiceshelf/kustomization.yaml +++ b/kustomizations/invoiceshelf/kustomization.yaml @@ -3,7 +3,7 @@ kind: Kustomization commonLabels: app.kubernetes.io/part-of: invoiceshelf resources: - - deployment.yaml + - statefulset.yaml - service.yaml - ingress.yaml configMapGenerator: @@ -14,6 +14,32 @@ configMapGenerator: - DB_USERNAME=crater - DB_DATABASE=crater - DB_PORT=25060 + - APP_ENV=production + - APP_DEBUG=false + - APP_LOG_LEVEL=debug + - APP_URL=https://billing.distrust.co + - ASSET_URL=https://billing.distrust.co + - BROADCAST_DRIVER=log + - CACHE_DRIVER=file + - QUEUE_DRIVER=sync + - SESSION_DRIVER=cookie + - SESSION_LIFETIME=1440 + - REDIS_HOST=127.0.0.1 + - REDIS_PORT=6379 + - MAIL_DRIVER=smtp + - MAIL_HOST=smtp.migadu.com + - MAIL_PORT=465 + - MAIL_USERNAME=billing@distrust.co + - MAIL_FROM_ADDRESS=billing@distrust.co + - MAIL_FROM_NAME="billing@distrust.co" + - MAIL_ENCRYPTION=ssl + - PUSHER_APP_ID= + - PUSHER_KEY= + - PUSHER_SECRET= + - SANCTUM_STATEFUL_DOMAINS=billing.distrust.co + - SESSION_DOMAIN=billing.distrust.co + - TRUSTED_PROXIES="*" + - CRON_JOB_AUTH_TOKEN="" generators: - secret-generator.yaml images: diff --git a/kustomizations/invoiceshelf/deployment.yaml b/kustomizations/invoiceshelf/statefulset.yaml similarity index 70% rename from kustomizations/invoiceshelf/deployment.yaml rename to kustomizations/invoiceshelf/statefulset.yaml index 0dda1e2..39f6ada 100644 --- a/kustomizations/invoiceshelf/deployment.yaml +++ b/kustomizations/invoiceshelf/statefulset.yaml @@ -1,5 +1,5 @@ apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: name: invoiceshelf labels: @@ -27,13 +27,16 @@ spec: ports: - name: http containerPort: 80 - # Create the flag the install check needs to bypass - lifecycle: - postStart: - exec: - command: - - /bin/sh - - -c - - "touch /var/www/html/InvoiceShelf/storage/app/database_created" securityContext: allowPrivilegeEscalation: false + volumeMounts: + - name: invoiceshelf-data + mountPath: /var/www/html/InvoiceShelf/storage + volumeClaimTemplates: + - metadata: + name: invoiceshelf-data + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 10Gi