Celes Renata
85 lines
3.2 KiB
Bash
Executable File
85 lines
3.2 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
NAMESPACE="stonks-oracle"
|
|
REPO_DIR="$HOME/sources/celesrenata/stonks-oracle"
|
|
CHART_DIR="$REPO_DIR/infra/helm/stonks-oracle"
|
|
MIGRATIONS_DIR="$REPO_DIR/infra/migrations"
|
|
|
|
# --- Secrets ---
|
|
GHCR_TOKEN=$(cat /run/secrets/github_token)
|
|
MINIO_ACCESS_KEY="AKIA6V7J3N9B5P0D2YQH"
|
|
MINIO_SECRET_KEY='8fG3!v2rJ7$wN@9mLpQ6zXbC4tKdPqW1'
|
|
PG_PASSWORD='St0nks0racl3!'
|
|
REDIS_PASSWORD='PSCh4ng3me!'
|
|
|
|
echo "=== Stonks Oracle Deployment ==="
|
|
|
|
# --- 1. Ensure namespace exists with correct labels ---
|
|
echo "[1/4] Ensuring namespace $NAMESPACE exists..."
|
|
if ! kubectl get namespace "$NAMESPACE" >/dev/null 2>&1; then
|
|
kubectl create namespace "$NAMESPACE"
|
|
fi
|
|
# Label it so Helm doesn't complain about ownership
|
|
kubectl label namespace "$NAMESPACE" app.kubernetes.io/managed-by=Helm --overwrite
|
|
kubectl annotate namespace "$NAMESPACE" meta.helm.sh/release-name=stonks-oracle meta.helm.sh/release-namespace=stonks-oracle --overwrite
|
|
|
|
# --- 2. Create PostgreSQL user and database ---
|
|
echo "[2/4] Setting up PostgreSQL database and user..."
|
|
kubectl exec -i -n postgresql-service postgresql-1 -c postgres -- psql -U postgres <<EOF
|
|
DO \$\$
|
|
BEGIN
|
|
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'stonks') THEN
|
|
CREATE USER stonks WITH PASSWORD '$PG_PASSWORD';
|
|
ELSE
|
|
ALTER USER stonks WITH PASSWORD '$PG_PASSWORD';
|
|
END IF;
|
|
END
|
|
\$\$;
|
|
|
|
SELECT 'CREATE DATABASE stonks OWNER stonks'
|
|
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'stonks')\gexec
|
|
|
|
GRANT ALL PRIVILEGES ON DATABASE stonks TO stonks;
|
|
EOF
|
|
|
|
# --- 3. Run migrations ---
|
|
echo "[3/4] Running database migrations..."
|
|
for f in $(ls "$MIGRATIONS_DIR"/*.sql | sort); do
|
|
echo " -> $(basename "$f")"
|
|
kubectl exec -i -n postgresql-service postgresql-1 -c postgres -- psql -U postgres -d stonks < "$f" 2>&1 | grep -v "already exists" || true
|
|
done
|
|
|
|
# Grant permissions
|
|
kubectl exec -i -n postgresql-service postgresql-1 -c postgres -- psql -U postgres -d stonks <<EOF
|
|
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO stonks;
|
|
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO stonks;
|
|
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO stonks;
|
|
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO stonks;
|
|
EOF
|
|
|
|
# --- 4. Helm deploy ---
|
|
echo "[4/4] Deploying via Helm..."
|
|
helm upgrade --install stonks-oracle "$CHART_DIR" \
|
|
--namespace "$NAMESPACE" \
|
|
--set "ghcrAuth.password=$GHCR_TOKEN" \
|
|
--set "secrets.core.POSTGRES_PASSWORD=$PG_PASSWORD" \
|
|
--set "secrets.core.MINIO_ACCESS_KEY=$MINIO_ACCESS_KEY" \
|
|
--set "secrets.core.MINIO_SECRET_KEY=$MINIO_SECRET_KEY" \
|
|
--set "secrets.core.REDIS_PASSWORD=$REDIS_PASSWORD"
|
|
|
|
# --- Rolling restart to pick up secrets ---
|
|
echo "Rolling restart..."
|
|
for dep in $(kubectl get deployments -n "$NAMESPACE" -o name); do
|
|
kubectl rollout restart -n "$NAMESPACE" "$dep"
|
|
done
|
|
|
|
echo ""
|
|
echo "=== Deployment complete ==="
|
|
echo "Waiting for pods..."
|
|
sleep 10
|
|
kubectl get pods -n "$NAMESPACE" -o custom-columns='NAME:.metadata.name,READY:.status.containerStatuses[0].ready,STATUS:.status.phase,RESTARTS:.status.containerStatuses[0].restartCount'
|
|
echo ""
|
|
echo "Ingress endpoints:"
|
|
kubectl get ingress -n "$NAMESPACE" -o custom-columns='HOST:.spec.rules[0].host,ADDRESS:.status.loadBalancer.ingress[0].ip'
|