admin/stonks-oracle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add Argo Rollouts install, secrets seeding, and Kargo admin password fix to runmefirst.sh

Browse Source
This commit is contained in:
Celes Renata
2026-04-19 21:58:48 +00:00
parent 4425a023d9
commit 651ef838ce
1 changed files with 67 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pipelines/runmefirst.sh
+67
View File
@@ -247,6 +247,58 @@ kubectl apply -f argocd/apps/stonks-live.yaml
echo " ✓ ArgoCD repo secret and Applications applied" echo " ✓ ArgoCD repo secret and Applications applied"
echo "" echo ""
# -------------------------------------------------------
# 6b. Install Argo Rollouts (CRDs + controller for Kargo verification)
# -------------------------------------------------------
echo "--- Step 6b: Installing Argo Rollouts ---"
kubectl create namespace argo-rollouts --dry-run=client -o yaml | kubectl apply -f -
kubectl apply -n argo-rollouts -f https://github.com/argoproj/argo-rollouts/releases/latest/download/install.yaml
kubectl rollout status deployment/argo-rollouts -n argo-rollouts --timeout=120s > /dev/null 2>&1 || true
echo " ✓ Argo Rollouts installed (provides AnalysisRun CRD for Kargo verification)"
echo ""
# -------------------------------------------------------
# 6c. Seed secrets for beta, paper, and live namespaces
# -------------------------------------------------------
echo "--- Step 6c: Seeding secrets for beta/paper/live ---"
# These secrets are NOT managed by Helm (ArgoCD ignoreDifferences prevents overwrite).
# Source credentials from the cluster's infrastructure services.
REDIS_PW=$(kubectl get secret -n redis-service redis -o jsonpath='{.data.redis-password}' | base64 -d 2>/dev/null || echo "")
MINIO_AK=$(kubectl get secret -n minio-service minio-secrets -o jsonpath='{.data.MINIO_ACCESS_KEY}' | base64 -d 2>/dev/null || echo "minioadmin")
MINIO_SK=$(kubectl get secret -n minio-service minio-secrets -o jsonpath='{.data.MINIO_SECRET_KEY}' | base64 -d 2>/dev/null || echo "minioadmin")
ALPACA_KEY=$(cat /root/sources/celesrenata/stonks-oracle/alpaca.key 2>/dev/null || echo "")
ALPACA_SECRET=$(cat /root/sources/celesrenata/stonks-oracle/alpaca.secret 2>/dev/null || echo "")
ALPACA_URL=$(cat /root/sources/celesrenata/stonks-oracle/alpaca.url 2>/dev/null || echo "https://paper-api.alpaca.markets")
POLYGON_KEY=$(cat /root/sources/celesrenata/stonks-oracle/polygon.io.key 2>/dev/null || echo "")
for ns in stonks-beta stonks-paper stonks-oracle; do
kubectl create secret generic stonks-core-secrets \
--from-literal=POSTGRES_PASSWORD='St0nks0racl3!' \
--from-literal=REDIS_PASSWORD="$REDIS_PW" \
--from-literal=MINIO_ACCESS_KEY="$MINIO_AK" \
--from-literal=MINIO_SECRET_KEY="$MINIO_SK" \
-n "$ns" --dry-run=client -o yaml | kubectl apply -f -
kubectl create secret generic stonks-broker-secrets \
--from-literal=BROKER_API_KEY="$ALPACA_KEY" \
--from-literal=BROKER_API_SECRET="$ALPACA_SECRET" \
--from-literal=BROKER_BASE_URL="$ALPACA_URL" \
-n "$ns" --dry-run=client -o yaml | kubectl apply -f -
kubectl create secret generic stonks-market-secrets \
--from-literal=MARKET_DATA_API_KEY="$POLYGON_KEY" \
-n "$ns" --dry-run=client -o yaml | kubectl apply -f -
kubectl create secret generic stonks-gmail-secrets \
--from-literal=GMAIL_SENDER='celes@celestium.life' \
--from-literal=GMAIL_RECIPIENT='celes@celestium.life' \
--from-literal=GMAIL_APP_PASSWORD='' \
-n "$ns" --dry-run=client -o yaml | kubectl apply -f -
kubectl create secret generic stonks-dashboard-secrets \
--from-literal=SUPERSET_SECRET_KEY='stonks-superset-key' \
--from-literal=SUPERSET_ADMIN_PASSWORD='St0nks0racl3!' \
-n "$ns" --dry-run=client -o yaml | kubectl apply -f -
echo " ✓ Secrets seeded in $ns"
done
echo ""
# ------------------------------------------------------- # -------------------------------------------------------
# 7. Install Kargo via Helm # 7. Install Kargo via Helm
# ------------------------------------------------------- # -------------------------------------------------------
@@ -289,6 +341,21 @@ for i in $(seq 1 24); do
done done
echo " ✓ Kargo installed" echo " ✓ Kargo installed"
# Fix Kargo admin password — Helm chart leaves the secret empty on fresh install.
# The hash must match the password in kargo/values.yaml (passwordHash field).
KARGO_PW_HASH='$2b$10$juNdw96VeP/7oP3.RYPnwuUo2lk/eheAqkUqbwh16a1UH17olxyWC'
kubectl get secret kargo-api -n kargo -o json | \
python3 -c "
import sys, json, base64
d = json.load(sys.stdin)
d['data']['ADMIN_ACCOUNT_PASSWORD_HASH'] = base64.b64encode(b'${KARGO_PW_HASH}').decode()
for k in ['managedFields','resourceVersion','uid','creationTimestamp']:
d['metadata'].pop(k, None)
json.dump(d, sys.stdout)
" | kubectl replace -f - > /dev/null 2>&1 || true
kubectl delete pod -n kargo -l app.kubernetes.io/component=api --ignore-not-found > /dev/null 2>&1
echo " ✓ Kargo admin password configured (admin / St0nksKarg0!)"
kubectl apply -f kargo/project.yaml kubectl apply -f kargo/project.yaml
kubectl apply -f kargo/project-config.yaml kubectl apply -f kargo/project-config.yaml
kubectl apply -f kargo/warehouse.yaml kubectl apply -f kargo/warehouse.yaml