From 0b3d4d6aafd33909dbda421f2e92c9fb9077ac89 Mon Sep 17 00:00:00 2001 From: Paul Payne Date: Mon, 7 Jul 2025 16:10:11 -0700 Subject: [PATCH] Updates (fixes) app deploy. --- apps/example-admin/ingress.yaml | 4 +- apps/example-app/ingress.yaml | 6 +- apps/immich/db-init-job.yaml | 6 +- apps/immich/deployment-machine-learning.yaml | 6 +- apps/immich/deployment-microservices.yaml | 10 +- apps/immich/deployment-server.yaml | 12 +- apps/immich/ingress.yaml | 8 +- apps/immich/pvc.yaml | 4 +- apps/immich/service.yaml | 4 +- apps/postgres/deployment.yaml | 8 +- apps/postgres/pvc.yaml | 2 +- apps/redis/deployment.yaml | 6 +- apps/redis/service.yaml | 6 +- bin/deploy-app | 112 ------------------ bin/wild-app-config | 93 +++++++++------ bin/wild-app-deploy | 26 ++-- bin/{copy-secret => wild-cluster-secret-copy} | 0 .../kubernetes-dashboard/install.sh | 4 +- setup/cluster-services/nfs/setup-nfs-host.sh | 2 +- 19 files changed, 117 insertions(+), 202 deletions(-) delete mode 100755 bin/deploy-app rename bin/{copy-secret => wild-cluster-secret-copy} (100%) diff --git a/apps/example-admin/ingress.yaml b/apps/example-admin/ingress.yaml index dfdf9a5..02e2a83 100644 --- a/apps/example-admin/ingress.yaml +++ b/apps/example-admin/ingress.yaml @@ -6,7 +6,7 @@ metadata: namespace: example-admin spec: rules: - - host: example-admin.{{ (ds "config").cloud.internalDomain }} + - host: example-admin.{{ .cloud.internalDomain }} http: paths: - path: / @@ -18,5 +18,5 @@ spec: number: 80 tls: - hosts: - - example-admin.{{ (ds "config").cloud.internalDomain }} + - example-admin.{{ .cloud.internalDomain }} secretName: wildcard-internal-wild-cloud-tls diff --git a/apps/example-app/ingress.yaml b/apps/example-app/ingress.yaml index 812bc0e..018c711 100644 --- a/apps/example-app/ingress.yaml +++ b/apps/example-app/ingress.yaml @@ -4,7 +4,7 @@ kind: Ingress metadata: name: example-app annotations: - external-dns.alpha.kubernetes.io/target: {{ (ds "config").cloud.domain }} + external-dns.alpha.kubernetes.io/target: {{ .cloud.domain }} external-dns.alpha.kubernetes.io/cloudflare-proxied: false # Optional: Enable HTTPS redirection @@ -15,7 +15,7 @@ metadata: # traefik.ingress.kubernetes.io/auth-secret: basic-auth spec: rules: - - host: example-app.{{ (ds "config").cloud.domain }} + - host: example-app.{{ .cloud.domain }} http: paths: - path: / @@ -27,5 +27,5 @@ spec: number: 80 tls: - hosts: - - example-app.{{ (ds "config").cloud.domain }} + - example-app.{{ .cloud.domain }} secretName: wildcard-wild-cloud-tls diff --git a/apps/immich/db-init-job.yaml b/apps/immich/db-init-job.yaml index f7ff10f..e9a9614 100644 --- a/apps/immich/db-init-job.yaml +++ b/apps/immich/db-init-job.yaml @@ -55,11 +55,11 @@ spec: name: postgres-secrets key: password - name: DB_HOSTNAME - value: "{{ .config.apps.immich.dbHostname }}" + value: "{{ .apps.immich.dbHostname }}" - name: DB_DATABASE_NAME - value: "{{ .config.apps.immich.dbUsername }}" + value: "{{ .apps.immich.dbUsername }}" - name: DB_USERNAME - value: "{{ .config.apps.immich.dbUsername }}" + value: "{{ .apps.immich.dbUsername }}" - name: DB_PASSWORD valueFrom: secretKeyRef: diff --git a/apps/immich/deployment-machine-learning.yaml b/apps/immich/deployment-machine-learning.yaml index b9470fc..c93b434 100644 --- a/apps/immich/deployment-machine-learning.yaml +++ b/apps/immich/deployment-machine-learning.yaml @@ -15,14 +15,14 @@ spec: component: machine-learning spec: containers: - - image: "{{ .config.apps.immich.mlImage }}" + - image: "{{ .apps.immich.mlImage }}" name: immich-machine-learning ports: - - containerPort: {{ .config.apps.immich.mlPort }} + - containerPort: {{ .apps.immich.mlPort }} protocol: TCP env: - name: TZ - value: "{{ .config.apps.immich.timezone }}" + value: "{{ .apps.immich.timezone }}" volumeMounts: - mountPath: /cache name: immich-cache diff --git a/apps/immich/deployment-microservices.yaml b/apps/immich/deployment-microservices.yaml index 4989507..8630cbd 100644 --- a/apps/immich/deployment-microservices.yaml +++ b/apps/immich/deployment-microservices.yaml @@ -20,22 +20,22 @@ spec: component: microservices spec: containers: - - image: "{{ .config.apps.immich.serverImage }}" + - image: "{{ .apps.immich.serverImage }}" name: immich-microservices env: - name: REDIS_HOSTNAME - value: "{{ .config.apps.immich.redisHostname }}" + value: "{{ .apps.immich.redisHostname }}" - name: DB_HOSTNAME - value: "{{ .config.apps.immich.dbHostname }}" + value: "{{ .apps.immich.dbHostname }}" - name: DB_USERNAME - value: "{{ .config.apps.immich.dbUsername }}" + value: "{{ .apps.immich.dbUsername }}" - name: DB_PASSWORD valueFrom: secretKeyRef: name: immich-secrets key: dbPassword - name: TZ - value: "{{ .config.apps.immich.timezone }}" + value: "{{ .apps.immich.timezone }}" - name: IMMICH_WORKERS_EXCLUDE value: api volumeMounts: diff --git a/apps/immich/deployment-server.yaml b/apps/immich/deployment-server.yaml index 7f7937f..1b79312 100644 --- a/apps/immich/deployment-server.yaml +++ b/apps/immich/deployment-server.yaml @@ -20,25 +20,25 @@ spec: component: server spec: containers: - - image: "{{ .config.apps.immich.serverImage }}" + - image: "{{ .apps.immich.serverImage }}" name: immich-server ports: - - containerPort: {{ .config.apps.immich.serverPort }} + - containerPort: {{ .apps.immich.serverPort }} protocol: TCP env: - name: REDIS_HOSTNAME - value: "{{ .config.apps.immich.redisHostname }}" + value: "{{ .apps.immich.redisHostname }}" - name: DB_HOSTNAME - value: "{{ .config.apps.immich.dbHostname }}" + value: "{{ .apps.immich.dbHostname }}" - name: DB_USERNAME - value: "{{ .config.apps.immich.dbUsername }}" + value: "{{ .apps.immich.dbUsername }}" - name: DB_PASSWORD valueFrom: secretKeyRef: name: immich-secrets key: dbPassword - name: TZ - value: "{{ .config.apps.immich.timezone }}" + value: "{{ .apps.immich.timezone }}" - name: IMMICH_WORKERS_EXCLUDE value: microservices volumeMounts: diff --git a/apps/immich/ingress.yaml b/apps/immich/ingress.yaml index b5ed973..ebddf91 100644 --- a/apps/immich/ingress.yaml +++ b/apps/immich/ingress.yaml @@ -4,11 +4,11 @@ kind: Ingress metadata: name: immich-public annotations: - external-dns.alpha.kubernetes.io/target: "{{ .config.apps.immich.domain }}" + external-dns.alpha.kubernetes.io/target: "{{ .apps.immich.domain }}" external-dns.alpha.kubernetes.io/cloudflare-proxied: "false" spec: rules: - - host: "{{ .config.apps.immich.domain }}" + - host: "{{ .apps.immich.domain }}" http: paths: - path: / @@ -19,6 +19,6 @@ spec: port: number: 3001 tls: - - secretName: wildcard-internal-wild-cloud-tls + - secretName: wildcard-wild-cloud-tls hosts: - - "{{ .config.apps.immich.domain }}" + - "{{ .apps.immich.domain }}" diff --git a/apps/immich/pvc.yaml b/apps/immich/pvc.yaml index 432fd97..33eb69f 100644 --- a/apps/immich/pvc.yaml +++ b/apps/immich/pvc.yaml @@ -9,7 +9,7 @@ spec: - ReadWriteOnce resources: requests: - storage: {{ .config.apps.immich.storage }} + storage: {{ .apps.immich.storage }} --- apiVersion: v1 kind: PersistentVolumeClaim @@ -21,4 +21,4 @@ spec: - ReadWriteOnce resources: requests: - storage: {{ .config.apps.immich.cacheStorage }} + storage: {{ .apps.immich.cacheStorage }} diff --git a/apps/immich/service.yaml b/apps/immich/service.yaml index f857462..639f065 100644 --- a/apps/immich/service.yaml +++ b/apps/immich/service.yaml @@ -9,7 +9,7 @@ metadata: spec: ports: - port: 3001 - targetPort: {{ .config.apps.immich.serverPort }} + targetPort: {{ .apps.immich.serverPort }} selector: app: immich component: server @@ -25,7 +25,7 @@ metadata: app: immich-machine-learning spec: ports: - - port: {{ .config.apps.immich.mlPort }} + - port: {{ .apps.immich.mlPort }} selector: app: immich component: machine-learning diff --git a/apps/postgres/deployment.yaml b/apps/postgres/deployment.yaml index 96693e1..d3bef8a 100644 --- a/apps/postgres/deployment.yaml +++ b/apps/postgres/deployment.yaml @@ -15,7 +15,7 @@ spec: spec: containers: - name: postgres - image: "{{ .config.apps.postgres.image }}" + image: "{{ .apps.postgres.image }}" args: [ "-c", @@ -35,11 +35,11 @@ spec: - name: PGDATA value: /var/lib/postgresql/data/pgdata - name: TZ - value: "{{ .config.apps.postgres.timezone }}" + value: "{{ .apps.postgres.timezone }}" - name: POSTGRES_DB - value: "{{ .config.apps.postgres.database }}" + value: "{{ .apps.postgres.database }}" - name: POSTGRES_USER - value: "{{ .config.apps.postgres.user }}" + value: "{{ .apps.postgres.user }}" - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: diff --git a/apps/postgres/pvc.yaml b/apps/postgres/pvc.yaml index b0051d4..822353a 100644 --- a/apps/postgres/pvc.yaml +++ b/apps/postgres/pvc.yaml @@ -9,4 +9,4 @@ spec: storageClassName: longhorn resources: requests: - storage: {{ (ds "config").apps.postgres.storage | default "10Gi" }} + storage: {{ .apps.postgres.storage | default "10Gi" }} diff --git a/apps/redis/deployment.yaml b/apps/redis/deployment.yaml index 43bda53..2b69e29 100644 --- a/apps/redis/deployment.yaml +++ b/apps/redis/deployment.yaml @@ -14,11 +14,11 @@ spec: app: redis spec: containers: - - image: "{{ .config.apps.redis.image }}" + - image: "{{ .apps.redis.image }}" name: redis ports: - - containerPort: {{ .config.apps.redis.port }} + - containerPort: {{ .apps.redis.port }} env: - name: TZ - value: "{{ .config.apps.redis.timezone }}" + value: "{{ .apps.redis.timezone }}" restartPolicy: Always diff --git a/apps/redis/service.yaml b/apps/redis/service.yaml index f0c5e43..9c75149 100644 --- a/apps/redis/service.yaml +++ b/apps/redis/service.yaml @@ -2,12 +2,12 @@ apiVersion: v1 kind: Service metadata: - name: redis-service + name: redis labels: app: redis spec: ports: - - port: {{ .config.apps.redis.port }} - targetPort: {{ .config.apps.redis.port }} + - port: {{ .apps.redis.port }} + targetPort: {{ .apps.redis.port }} selector: app: redis diff --git a/bin/deploy-app b/bin/deploy-app deleted file mode 100755 index 698bcbf..0000000 --- a/bin/deploy-app +++ /dev/null @@ -1,112 +0,0 @@ -#!/bin/bash -set -e - -# Default values -APP_NAME="" -DRY_RUN=false - -# Source environment variables from load-env.sh -SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -REPO_DIR="$(dirname "$SCRIPT_DIR")" -if [ -f "$REPO_DIR/load-env.sh" ]; then - source "$REPO_DIR/load-env.sh" -fi - -function show_help { - echo "Usage: $0 APP_NAME [options]" - echo "" - echo "Arguments:" - echo " APP_NAME Name of the app to deploy (directory name in apps/)" - echo "" - echo "Optional arguments:" - echo " --dry-run Preview the processed configuration without applying" - echo " --help Show this help message" - echo "" - echo "Examples:" - echo " $0 immich" - echo " $0 nextcloud --dry-run" - exit 1 -} - -# Parse command-line arguments -while [[ $# -gt 0 ]]; do - key="$1" - case $key in - --dry-run) - DRY_RUN=true - shift - ;; - --help) - show_help - ;; - -*) - echo "Unknown option: $1" - show_help - ;; - *) - # First non-option argument is the app name - APP_NAME="$1" - shift - ;; - esac -done - -# Validate app name -if [[ -z "$APP_NAME" ]]; then - echo "Error: APP_NAME must be provided" - show_help -fi - -# Check if app directory exists -APP_DIR="$REPO_DIR/apps/$APP_NAME" -if [[ ! -d "$APP_DIR" ]]; then - echo "Error: App directory not found: $APP_DIR" - exit 1 -fi - -# Check if kustomization.yaml exists -if [[ ! -f "$APP_DIR/kustomization.yaml" ]]; then - echo "Error: kustomization.yaml not found in $APP_DIR" - exit 1 -fi - -echo "Deploying app: $APP_NAME" - -# Step 1: Generate config files -if [[ -f "$APP_DIR/config/.env" ]]; then - echo "Step 1: Generating config files..." - "$SCRIPT_DIR/generate-config" "$APP_NAME" -else - echo "Step 1: No .env file found, skipping config generation" -fi - -# Handle dry run mode -if [[ "$DRY_RUN" == "true" ]]; then - echo "Step 2: Dry-run mode - showing kustomize output:" - kubectl kustomize "$APP_DIR" - exit 0 -fi - -# Step 2: Extract namespace from kustomization -echo "Step 2: Extracting namespace from kustomization..." -NAMESPACE=$(kubectl kustomize "$APP_DIR" | grep -o "namespace: [a-zA-Z0-9_-]\+" | head -1 | cut -d' ' -f2) -if [[ -n "$NAMESPACE" ]]; then - echo "Found namespace: $NAMESPACE" - - # Create the namespace if it doesn't exist - echo "Creating namespace $NAMESPACE if it doesn't exist..." - kubectl create namespace "$NAMESPACE" --dry-run=client -o yaml | kubectl apply -f - - - # Step 3: Copy TLS certificates to the namespace - echo "Step 3: Copying TLS certificates to namespace $NAMESPACE..." - "$SCRIPT_DIR/copy-secret" cert-manager:wildcard-internal-wild-cloud-tls "$NAMESPACE" || echo "Warning: Failed to copy internal wildcard certificate" - "$SCRIPT_DIR/copy-secret" cert-manager:wildcard-wild-cloud-tls "$NAMESPACE" || echo "Warning: Failed to copy external wildcard certificate" -else - echo "Warning: No namespace found in kustomization, using default namespace" -fi - -# Step 4: Apply the app configuration -echo "Step 4: Applying app configuration..." -kubectl apply -k "$APP_DIR" - -echo "✅ App '$APP_NAME' deployed successfully!" \ No newline at end of file diff --git a/bin/wild-app-config b/bin/wild-app-config index fe51b90..60fa2cb 100755 --- a/bin/wild-app-config +++ b/bin/wild-app-config @@ -54,9 +54,30 @@ else init_wild_env fi -CACHE_APP_DIR=".wildcloud/cache/apps/${APP_NAME}" +CONFIG_FILE="${WC_HOME}/config.yaml" +if [ ! -f "${CONFIG_FILE}" ]; then + echo "Creating config file at ${CONFIG_FILE}" + echo "# Wild Cloud Configuration" > "${CONFIG_FILE}" + echo "# This file contains app configurations and should be committed to git" >> "${CONFIG_FILE}" + echo "" >> "${CONFIG_FILE}" +fi + +SECRETS_FILE="${WC_HOME}/secrets.yaml" +if [ ! -f "${SECRETS_FILE}" ]; then + echo "Creating secrets file at ${SECRETS_FILE}" + echo "# Wild Cloud Secrets Configuration" > "${SECRETS_FILE}" + echo "# This file contains sensitive data and should NOT be committed to git" >> "${SECRETS_FILE}" + echo "# Add this file to your .gitignore" >> "${SECRETS_FILE}" + echo "" >> "${SECRETS_FILE}" +fi # Check if app is cached, if not fetch it first +CACHE_APP_DIR="${WC_HOME}/.wildcloud/cache/apps/${APP_NAME}" +if [ ! -d "${CACHE_APP_DIR}" ]; then + echo "Cache directory for app '${APP_NAME}' not found at ${CACHE_APP_DIR}" + echo "Please fetch the app first using 'wild-app-fetch ${APP_NAME}'" + exit 1 +fi if [ ! -d "${CACHE_APP_DIR}" ]; then echo "App '${APP_NAME}' not found in cache, fetching..." if [ "${UPDATE}" = true ]; then @@ -66,9 +87,13 @@ if [ ! -d "${CACHE_APP_DIR}" ]; then fi fi -DEST_APP_DIR="apps/${APP_NAME}" -mkdir -p "apps" +APPS_DIR="${WC_HOME}/apps" +if [ ! -d "${APPS_DIR}" ]; then + echo "Creating apps directory at ${APPS_DIR}" + mkdir -p "${APPS_DIR}" +fi +DEST_APP_DIR="${WC_HOME}/apps/${APP_NAME}" if [ -d "${DEST_APP_DIR}" ]; then if [ "${UPDATE}" = true ]; then echo "Updating app '${APP_NAME}'" @@ -84,6 +109,7 @@ if [ -d "${DEST_APP_DIR}" ]; then rm -rf "${DEST_APP_DIR}" fi fi +mkdir -p "${DEST_APP_DIR}" echo "Pulling app '${APP_NAME}' from cache to ${DEST_APP_DIR}" @@ -93,8 +119,8 @@ if [ -f "${MANIFEST_FILE}" ]; then echo "Merging defaultConfig from manifest.yaml into .wildcloud/config.yaml" # Check if the app section exists in config.yaml, if not create it - if ! yq eval ".apps.${APP_NAME}" .wildcloud/config.yaml >/dev/null 2>&1; then - yq eval ".apps.${APP_NAME} = {}" -i .wildcloud/config.yaml + if ! yq eval ".apps.${APP_NAME}" "${CONFIG_FILE}" >/dev/null 2>&1; then + yq eval ".apps.${APP_NAME} = {}" -i "${CONFIG_FILE}" fi # Extract defaultConfig from manifest.yaml and merge into config.yaml @@ -105,15 +131,15 @@ if [ -f "${MANIFEST_FILE}" ]; then value=$(yq eval ".defaultConfig.${key}" "${MANIFEST_FILE}") # Check if key exists and is not null in app config - current_value=$(yq eval ".apps.${APP_NAME}.${key} // \"null\"" .wildcloud/config.yaml) + current_value=$(yq eval ".apps.${APP_NAME}.${key} // \"null\"" ${CONFIG_FILE}) if [ "${current_value}" = "null" ]; then if [[ "${value}" =~ ^[0-9]+$ ]] || [[ "${value}" =~ ^[0-9]+\.[0-9]+$ ]] || [ "${value}" = "true" ] || [ "${value}" = "false" ]; then # Numeric, boolean values don't need quotes - yq eval ".apps.${APP_NAME}.${key} = ${value}" -i .wildcloud/config.yaml + yq eval ".apps.${APP_NAME}.${key} = ${value}" -i "${CONFIG_FILE}" else # String values need quotes - yq eval ".apps.${APP_NAME}.${key} = \"${value}\"" -i .wildcloud/config.yaml + yq eval ".apps.${APP_NAME}.${key} = \"${value}\"" -i "${CONFIG_FILE}" fi fi done @@ -125,32 +151,32 @@ if [ -f "${MANIFEST_FILE}" ]; then echo "Scaffolding required secrets for app '${APP_NAME}'" # Ensure .wildcloud/secrets.yaml exists - if [ ! -f ".wildcloud/secrets.yaml" ]; then - echo "# Wild Cloud Secrets Configuration" > .wildcloud/secrets.yaml - echo "# This file contains sensitive data and should NOT be committed to git" >> .wildcloud/secrets.yaml - echo "# Add this file to your .gitignore" >> .wildcloud/secrets.yaml - echo "" >> .wildcloud/secrets.yaml + if [ ! -f "${SECRETS_FILE}" ]; then + echo "# Wild Cloud Secrets Configuration" > "${SECRETS_FILE}" + echo "# This file contains sensitive data and should NOT be committed to git" >> "${SECRETS_FILE}" + echo "# Add this file to your .gitignore" >> "${SECRETS_FILE}" + echo "" >> "${SECRETS_FILE}" fi # Check if apps section exists, if not create it - if ! yq eval ".apps" .wildcloud/secrets.yaml >/dev/null 2>&1; then - yq eval ".apps = {}" -i .wildcloud/secrets.yaml + if ! yq eval ".apps" "${SECRETS_FILE}" >/dev/null 2>&1; then + yq eval ".apps = {}" -i "${SECRETS_FILE}" fi # Check if app section exists, if not create it - if ! yq eval ".apps.${APP_NAME}" .wildcloud/secrets.yaml >/dev/null 2>&1; then - yq eval ".apps.${APP_NAME} = {}" -i .wildcloud/secrets.yaml + if ! yq eval ".apps.${APP_NAME}" "${SECRETS_FILE}" >/dev/null 2>&1; then + yq eval ".apps.${APP_NAME} = {}" -i "${SECRETS_FILE}" fi # Add dummy values for each required secret if not already present yq eval '.requiredSecrets[]' "${MANIFEST_FILE}" | while read -r secret_path; do - current_value=$(yq eval ".${secret_path} // \"null\"" .wildcloud/secrets.yaml) + current_value=$(yq eval ".${secret_path} // \"null\"" "${SECRETS_FILE}") if [ "${current_value}" = "null" ]; then echo "Adding dummy secret: ${secret_path}" # Extract just the key name for the dummy value secret_key=$(basename "${secret_path}") - yq eval ".${secret_path} = \"CHANGE_ME_${secret_key^^}\"" -i .wildcloud/secrets.yaml + yq eval ".${secret_path} = \"CHANGE_ME_${secret_key^^}\"" -i "${SECRETS_FILE}" fi done @@ -163,27 +189,20 @@ process_file() { local src_file="$1" local dest_file="$2" - if [[ "${src_file}" == *.yaml ]] || [[ "${src_file}" == *.yml ]]; then - echo "Processing YAML file: ${dest_file}" - - # Build gomplate command with config context (enables .config shorthand) - gomplate_cmd="gomplate -c config=.wildcloud/config.yaml" - - # Add secrets context if secrets.yaml exists (enables .secrets shorthand) - if [ -f ".wildcloud/secrets.yaml" ]; then - gomplate_cmd="${gomplate_cmd} -c secrets=.wildcloud/secrets.yaml" - fi - - # Execute gomplate with the file - ${gomplate_cmd} -f "${src_file}" > "${dest_file}" - else - cp "${src_file}" "${dest_file}" + echo "Processing YAML file: ${dest_file}" + + # Build gomplate command with config context (enables .config shorthand) + gomplate_cmd="gomplate -c .=${CONFIG_FILE}" + + # Add secrets context if secrets.yaml exists (enables .secrets shorthand) + if [ -f "${SECRETS_FILE}" ]; then + gomplate_cmd="${gomplate_cmd} -c secrets=${SECRETS_FILE}" fi + + # Execute gomplate with the file + ${gomplate_cmd} -f "${src_file}" > "${dest_file}" } -# Create destination directory -mkdir -p "${DEST_APP_DIR}" - # Copy directory structure and process files find "${CACHE_APP_DIR}" -type d | while read -r src_dir; do rel_path="${src_dir#${CACHE_APP_DIR}}" diff --git a/bin/wild-app-deploy b/bin/wild-app-deploy index e15e70a..ae3083a 100755 --- a/bin/wild-app-deploy +++ b/bin/wild-app-deploy @@ -52,6 +52,12 @@ else init_wild_env fi +SECRETS_FILE="${WC_HOME}/secrets.yaml" +if [ ! -f "${SECRETS_FILE}" ]; then + echo "Error: Secrets file '${SECRETS_FILE}' not found" + exit 1 +fi + # Function to deploy secrets for an app deploy_secrets() { local app_name="$1" @@ -68,12 +74,6 @@ deploy_secrets() { return 0 fi - # Check if secrets.yaml exists - if [ ! -f ".wildcloud/secrets.yaml" ]; then - echo "Warning: .wildcloud/secrets.yaml not found, skipping secret deployment for ${app_name}" - return 0 - fi - # Use the target namespace parameter local namespace="${target_namespace}" @@ -82,8 +82,8 @@ deploy_secrets() { # Create secret data local secret_data="" while IFS= read -r secret_path; do - # Get the secret value using full path from .wildcloud/secrets.yaml - secret_value=$(yq eval ".${secret_path} // \"\"" .wildcloud/secrets.yaml) + # Get the secret value using full path + secret_value=$(yq eval ".${secret_path} // \"\"" "${SECRETS_FILE}") # Extract just the key name for the Kubernetes secret (handle dotted paths) secret_key="${secret_path##*.}" @@ -94,7 +94,7 @@ deploy_secrets() { fi secret_data="${secret_data} --from-literal=${secret_key}=${secret_value}" else - echo "Error: Required secret '${secret_path}' not found in .wildcloud/secrets.yaml for app '${app_name}'" + echo "Error: Required secret '${secret_path}' not found in ${SECRETS_FILE} for app '${app_name}'" exit 1 fi done < <(yq eval '.requiredSecrets[]' "${manifest_file}") @@ -144,6 +144,14 @@ if [ -f "apps/${APP_NAME}/namespace.yaml" ]; then kubectl apply -f "apps/${APP_NAME}/namespace.yaml" ${DRY_RUN:-} fi +# Copy TLS certificates to the namespace +if [ -f "apps/${APP_NAME}/namespace.yaml" ]; then + NAMESPACE=$(yq eval '.metadata.name' "apps/${APP_NAME}/namespace.yaml") + echo "Step 3: Copying TLS certificates to namespace $NAMESPACE..." + wild-cluster-secret-copy cert-manager:wildcard-internal-wild-cloud-tls "$NAMESPACE" || echo "Warning: Failed to copy internal wildcard certificate" + wild-cluster-secret-copy cert-manager:wildcard-wild-cloud-tls "$NAMESPACE" || echo "Warning: Failed to copy external wildcard certificate" +fi + # Step 2: Deploy secrets (dependencies and main app) echo "Deploying secrets..." if [ -f "${MANIFEST_FILE}" ]; then diff --git a/bin/copy-secret b/bin/wild-cluster-secret-copy similarity index 100% rename from bin/copy-secret rename to bin/wild-cluster-secret-copy diff --git a/setup/cluster-services/kubernetes-dashboard/install.sh b/setup/cluster-services/kubernetes-dashboard/install.sh index b207900..97df0e9 100755 --- a/setup/cluster-services/kubernetes-dashboard/install.sh +++ b/setup/cluster-services/kubernetes-dashboard/install.sh @@ -45,13 +45,13 @@ kubectl wait --for=condition=Ready certificate wildcard-wild-cloud -n cert-manag # Copying cert-manager secrets to the dashboard namespace (if available) echo "Copying cert-manager secrets to dashboard namespace..." if kubectl get secret wildcard-internal-wild-cloud-tls -n cert-manager >/dev/null 2>&1; then - copy-secret cert-manager:wildcard-internal-wild-cloud-tls $NAMESPACE + wild-cluster-secret-copy cert-manager:wildcard-internal-wild-cloud-tls $NAMESPACE else echo "Warning: wildcard-internal-wild-cloud-tls secret not yet available" fi if kubectl get secret wildcard-wild-cloud-tls -n cert-manager >/dev/null 2>&1; then - copy-secret cert-manager:wildcard-wild-cloud-tls $NAMESPACE + wild-cluster-secret-copy cert-manager:wildcard-wild-cloud-tls $NAMESPACE else echo "Warning: wildcard-wild-cloud-tls secret not yet available" fi diff --git a/setup/cluster-services/nfs/setup-nfs-host.sh b/setup/cluster-services/nfs/setup-nfs-host.sh index 276c766..6564420 100755 --- a/setup/cluster-services/nfs/setup-nfs-host.sh +++ b/setup/cluster-services/nfs/setup-nfs-host.sh @@ -210,7 +210,7 @@ configure_smb_sharing() { cat << EOF | sudo tee -a "${smb_config}" [${share_name}] - comment = Media files for Jellyfin + comment = Media files for Wild Cloud path = ${NFS_MEDIA_PATH} browseable = yes read only = no