Deploy activity-core on railiance01

2026-05-22 13:49:46 +02:00
parent cf92f0d686
commit e2aac3ad8c
8 changed files with 748 additions and 1 deletions
--- a/k8s/railiance/bootstrap-secrets.sh
+++ b/k8s/railiance/bootstrap-secrets.sh
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+NS="${NS:-activity-core}"
+
+kubectl apply -f k8s/railiance/00-namespace.yaml
+
+secret_exists() {
+  kubectl -n "$NS" get secret "$1" >/dev/null 2>&1
+}
+
+random_password() {
+  openssl rand -base64 32 | tr -d '\n'
+}
+
+if ! secret_exists actcore-app-db-secret; then
+  APP_DB_PASSWORD="$(random_password)"
+  kubectl -n "$NS" create secret generic actcore-app-db-secret \
+    --from-literal=username=actcore \
+    --from-literal=database=actcore \
+    --from-literal=password="$APP_DB_PASSWORD"
+else
+  APP_DB_PASSWORD="$(kubectl -n "$NS" get secret actcore-app-db-secret -o jsonpath='{.data.password}' | base64 -d)"
+fi
+
+if ! secret_exists actcore-temporal-db-secret; then
+  kubectl -n "$NS" create secret generic actcore-temporal-db-secret \
+    --from-literal=username=temporal \
+    --from-literal=database=temporal \
+    --from-literal=password="$(random_password)"
+fi
+
+ACTCORE_DB_URL="postgresql+asyncpg://actcore:${APP_DB_PASSWORD}@actcore-app-db:5432/actcore"
+
+if ! secret_exists actcore-runtime-secret; then
+  kubectl -n "$NS" create secret generic actcore-runtime-secret \
+    --from-literal=ACTCORE_DB_URL="$ACTCORE_DB_URL" \
+    --from-literal=WEBHOOK_SECRET_GITEA="" \
+    --from-literal=WEBHOOK_SECRET_GITHUB=""
+fi