CSTF/wild-cloud
1
1
Fork 0
Code Issues 12 Pull Requests Actions Packages Projects 1 Releases 1 Wiki Activity

Updates (fixes) app deploy.

Browse Source
This commit is contained in:
Paul Payne
2025-07-07 16:10:11 -07:00
parent 51af391985
commit 0b3d4d6aaf
19 changed files with 117 additions and 202 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apps/example-admin/ingress.yaml
View File

@@ -6,7 +6,7 @@ metadata:
namespace: example-admin namespace: example-admin
spec: spec:
rules: rules:
- host: example-admin.{{ (ds "config").cloud.internalDomain }} - host: example-admin.{{ .cloud.internalDomain }}
http: http:
paths: paths:
- path: / - path: /
@@ -18,5 +18,5 @@ spec:
number: 80 number: 80
tls: tls:
- hosts: - hosts:
- example-admin.{{ (ds "config").cloud.internalDomain }} - example-admin.{{ .cloud.internalDomain }}
secretName: wildcard-internal-wild-cloud-tls secretName: wildcard-internal-wild-cloud-tls

6
apps/example-app/ingress.yaml
View File

@@ -4,7 +4,7 @@ kind: Ingress
metadata: metadata:
name: example-app name: example-app
annotations: annotations:
external-dns.alpha.kubernetes.io/target: {{ (ds "config").cloud.domain }} external-dns.alpha.kubernetes.io/target: {{ .cloud.domain }}
external-dns.alpha.kubernetes.io/cloudflare-proxied: false external-dns.alpha.kubernetes.io/cloudflare-proxied: false
# Optional: Enable HTTPS redirection # Optional: Enable HTTPS redirection
@@ -15,7 +15,7 @@ metadata:
# traefik.ingress.kubernetes.io/auth-secret: basic-auth # traefik.ingress.kubernetes.io/auth-secret: basic-auth
spec: spec:
rules: rules:
- host: example-app.{{ (ds "config").cloud.domain }} - host: example-app.{{ .cloud.domain }}
http: http:
paths: paths:
- path: / - path: /
@@ -27,5 +27,5 @@ spec:
number: 80 number: 80
tls: tls:
- hosts: - hosts:
- example-app.{{ (ds "config").cloud.domain }} - example-app.{{ .cloud.domain }}
secretName: wildcard-wild-cloud-tls secretName: wildcard-wild-cloud-tls

6
apps/immich/db-init-job.yaml
View File

@@ -55,11 +55,11 @@ spec:
name: postgres-secrets name: postgres-secrets
key: password key: password
- name: DB_HOSTNAME - name: DB_HOSTNAME
value: "{{ .config.apps.immich.dbHostname }}" value: "{{ .apps.immich.dbHostname }}"
- name: DB_DATABASE_NAME - name: DB_DATABASE_NAME
value: "{{ .config.apps.immich.dbUsername }}" value: "{{ .apps.immich.dbUsername }}"
- name: DB_USERNAME - name: DB_USERNAME
value: "{{ .config.apps.immich.dbUsername }}" value: "{{ .apps.immich.dbUsername }}"
- name: DB_PASSWORD - name: DB_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:

6
apps/immich/deployment-machine-learning.yaml
View File

@@ -15,14 +15,14 @@ spec:
component: machine-learning component: machine-learning
spec: spec:
containers: containers:
- image: "{{ .config.apps.immich.mlImage }}" - image: "{{ .apps.immich.mlImage }}"
name: immich-machine-learning name: immich-machine-learning
ports: ports:
- containerPort: {{ .config.apps.immich.mlPort }} - containerPort: {{ .apps.immich.mlPort }}
protocol: TCP protocol: TCP
env: env:
- name: TZ - name: TZ
value: "{{ .config.apps.immich.timezone }}" value: "{{ .apps.immich.timezone }}"
volumeMounts: volumeMounts:
- mountPath: /cache - mountPath: /cache
name: immich-cache name: immich-cache

10
apps/immich/deployment-microservices.yaml
View File

@@ -20,22 +20,22 @@ spec:
component: microservices component: microservices
spec: spec:
containers: containers:
- image: "{{ .config.apps.immich.serverImage }}" - image: "{{ .apps.immich.serverImage }}"
name: immich-microservices name: immich-microservices
env: env:
- name: REDIS_HOSTNAME - name: REDIS_HOSTNAME
value: "{{ .config.apps.immich.redisHostname }}" value: "{{ .apps.immich.redisHostname }}"
- name: DB_HOSTNAME - name: DB_HOSTNAME
value: "{{ .config.apps.immich.dbHostname }}" value: "{{ .apps.immich.dbHostname }}"
- name: DB_USERNAME - name: DB_USERNAME
value: "{{ .config.apps.immich.dbUsername }}" value: "{{ .apps.immich.dbUsername }}"
- name: DB_PASSWORD - name: DB_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: immich-secrets name: immich-secrets
key: dbPassword key: dbPassword
- name: TZ - name: TZ
value: "{{ .config.apps.immich.timezone }}" value: "{{ .apps.immich.timezone }}"
- name: IMMICH_WORKERS_EXCLUDE - name: IMMICH_WORKERS_EXCLUDE
value: api value: api
volumeMounts: volumeMounts:

12
apps/immich/deployment-server.yaml
View File

@@ -20,25 +20,25 @@ spec:
component: server component: server
spec: spec:
containers: containers:
- image: "{{ .config.apps.immich.serverImage }}" - image: "{{ .apps.immich.serverImage }}"
name: immich-server name: immich-server
ports: ports:
- containerPort: {{ .config.apps.immich.serverPort }} - containerPort: {{ .apps.immich.serverPort }}
protocol: TCP protocol: TCP
env: env:
- name: REDIS_HOSTNAME - name: REDIS_HOSTNAME
value: "{{ .config.apps.immich.redisHostname }}" value: "{{ .apps.immich.redisHostname }}"
- name: DB_HOSTNAME - name: DB_HOSTNAME
value: "{{ .config.apps.immich.dbHostname }}" value: "{{ .apps.immich.dbHostname }}"
- name: DB_USERNAME - name: DB_USERNAME
value: "{{ .config.apps.immich.dbUsername }}" value: "{{ .apps.immich.dbUsername }}"
- name: DB_PASSWORD - name: DB_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: immich-secrets name: immich-secrets
key: dbPassword key: dbPassword
- name: TZ - name: TZ
value: "{{ .config.apps.immich.timezone }}" value: "{{ .apps.immich.timezone }}"
- name: IMMICH_WORKERS_EXCLUDE - name: IMMICH_WORKERS_EXCLUDE
value: microservices value: microservices
volumeMounts: volumeMounts:

8
apps/immich/ingress.yaml
View File

@@ -4,11 +4,11 @@ kind: Ingress
metadata: metadata:
name: immich-public name: immich-public
annotations: annotations:
external-dns.alpha.kubernetes.io/target: "{{ .config.apps.immich.domain }}" external-dns.alpha.kubernetes.io/target: "{{ .apps.immich.domain }}"
external-dns.alpha.kubernetes.io/cloudflare-proxied: "false" external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
spec: spec:
rules: rules:
- host: "{{ .config.apps.immich.domain }}" - host: "{{ .apps.immich.domain }}"
http: http:
paths: paths:
- path: / - path: /
@@ -19,6 +19,6 @@ spec:
port: port:
number: 3001 number: 3001
tls: tls:
- secretName: wildcard-internal-wild-cloud-tls - secretName: wildcard-wild-cloud-tls
hosts: hosts:
- "{{ .config.apps.immich.domain }}" - "{{ .apps.immich.domain }}"

4
apps/immich/pvc.yaml
View File

@@ -9,7 +9,7 @@ spec:
- ReadWriteOnce - ReadWriteOnce
resources: resources:
requests: requests:
storage: {{ .config.apps.immich.storage }} storage: {{ .apps.immich.storage }}
--- ---
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
@@ -21,4 +21,4 @@ spec:
- ReadWriteOnce - ReadWriteOnce
resources: resources:
requests: requests:
storage: {{ .config.apps.immich.cacheStorage }} storage: {{ .apps.immich.cacheStorage }}

4
apps/immich/service.yaml
View File

@@ -9,7 +9,7 @@ metadata:
spec: spec:
ports: ports:
- port: 3001 - port: 3001
targetPort: {{ .config.apps.immich.serverPort }} targetPort: {{ .apps.immich.serverPort }}
selector: selector:
app: immich app: immich
component: server component: server
@@ -25,7 +25,7 @@ metadata:
app: immich-machine-learning app: immich-machine-learning
spec: spec:
ports: ports:
- port: {{ .config.apps.immich.mlPort }} - port: {{ .apps.immich.mlPort }}
selector: selector:
app: immich app: immich
component: machine-learning component: machine-learning

8
apps/postgres/deployment.yaml
View File

@@ -15,7 +15,7 @@ spec:
spec: spec:
containers: containers:
- name: postgres - name: postgres
image: "{{ .config.apps.postgres.image }}" image: "{{ .apps.postgres.image }}"
args: args:
[ [
"-c", "-c",
@@ -35,11 +35,11 @@ spec:
- name: PGDATA - name: PGDATA
value: /var/lib/postgresql/data/pgdata value: /var/lib/postgresql/data/pgdata
- name: TZ - name: TZ
value: "{{ .config.apps.postgres.timezone }}" value: "{{ .apps.postgres.timezone }}"
- name: POSTGRES_DB - name: POSTGRES_DB
value: "{{ .config.apps.postgres.database }}" value: "{{ .apps.postgres.database }}"
- name: POSTGRES_USER - name: POSTGRES_USER
value: "{{ .config.apps.postgres.user }}" value: "{{ .apps.postgres.user }}"
- name: POSTGRES_PASSWORD - name: POSTGRES_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:

2
apps/postgres/pvc.yaml
View File

@@ -9,4 +9,4 @@ spec:
storageClassName: longhorn storageClassName: longhorn
resources: resources:
requests: requests:
storage: {{ (ds "config").apps.postgres.storage | default "10Gi" }} storage: {{ .apps.postgres.storage | default "10Gi" }}

6
apps/redis/deployment.yaml
View File

@@ -14,11 +14,11 @@ spec:
app: redis app: redis
spec: spec:
containers: containers:
- image: "{{ .config.apps.redis.image }}" - image: "{{ .apps.redis.image }}"
name: redis name: redis
ports: ports:
- containerPort: {{ .config.apps.redis.port }} - containerPort: {{ .apps.redis.port }}
env: env:
- name: TZ - name: TZ
value: "{{ .config.apps.redis.timezone }}" value: "{{ .apps.redis.timezone }}"
restartPolicy: Always restartPolicy: Always

6
apps/redis/service.yaml
View File

@@ -2,12 +2,12 @@
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: redis-service name: redis
labels: labels:
app: redis app: redis
spec: spec:
ports: ports:
- port: {{ .config.apps.redis.port }} - port: {{ .apps.redis.port }}
targetPort: {{ .config.apps.redis.port }} targetPort: {{ .apps.redis.port }}
selector: selector:
app: redis app: redis

112
bin/deploy-app
View File

@@ -1,112 +0,0 @@
#!/bin/bash
set -e
# Default values
APP_NAME=""
DRY_RUN=false
# Source environment variables from load-env.sh
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
REPO_DIR="$(dirname "$SCRIPT_DIR")"
if [ -f "$REPO_DIR/load-env.sh" ]; then
source "$REPO_DIR/load-env.sh"
fi
function show_help {
echo "Usage: $0 APP_NAME [options]"
echo ""
echo "Arguments:"
echo " APP_NAME Name of the app to deploy (directory name in apps/)"
echo ""
echo "Optional arguments:"
echo " --dry-run Preview the processed configuration without applying"
echo " --help Show this help message"
echo ""
echo "Examples:"
echo " $0 immich"
echo " $0 nextcloud --dry-run"
exit 1
}
# Parse command-line arguments
while [[ $# -gt 0 ]]; do
key="$1"
case $key in
--dry-run)
DRY_RUN=true
shift
;;
--help)
show_help
;;
-*)
echo "Unknown option: $1"
show_help
;;
*)
# First non-option argument is the app name
APP_NAME="$1"
shift
;;
esac
done
# Validate app name
if [[ -z "$APP_NAME" ]]; then
echo "Error: APP_NAME must be provided"
show_help
fi
# Check if app directory exists
APP_DIR="$REPO_DIR/apps/$APP_NAME"
if [[ ! -d "$APP_DIR" ]]; then
echo "Error: App directory not found: $APP_DIR"
exit 1
fi
# Check if kustomization.yaml exists
if [[ ! -f "$APP_DIR/kustomization.yaml" ]]; then
echo "Error: kustomization.yaml not found in $APP_DIR"
exit 1
fi
echo "Deploying app: $APP_NAME"
# Step 1: Generate config files
if [[ -f "$APP_DIR/config/.env" ]]; then
echo "Step 1: Generating config files..."
"$SCRIPT_DIR/generate-config" "$APP_NAME"
else
echo "Step 1: No .env file found, skipping config generation"
fi
# Handle dry run mode
if [[ "$DRY_RUN" == "true" ]]; then
echo "Step 2: Dry-run mode - showing kustomize output:"
kubectl kustomize "$APP_DIR"
exit 0
fi
# Step 2: Extract namespace from kustomization
echo "Step 2: Extracting namespace from kustomization..."
NAMESPACE=$(kubectl kustomize "$APP_DIR" | grep -o "namespace: [a-zA-Z0-9_-]\+" | head -1 | cut -d' ' -f2)
if [[ -n "$NAMESPACE" ]]; then
echo "Found namespace: $NAMESPACE"
# Create the namespace if it doesn't exist
echo "Creating namespace $NAMESPACE if it doesn't exist..."
kubectl create namespace "$NAMESPACE" --dry-run=client -o yaml | kubectl apply -f -
# Step 3: Copy TLS certificates to the namespace
echo "Step 3: Copying TLS certificates to namespace $NAMESPACE..."
"$SCRIPT_DIR/copy-secret" cert-manager:wildcard-internal-wild-cloud-tls "$NAMESPACE" || echo "Warning: Failed to copy internal wildcard certificate"
"$SCRIPT_DIR/copy-secret" cert-manager:wildcard-wild-cloud-tls "$NAMESPACE" || echo "Warning: Failed to copy external wildcard certificate"
else
echo "Warning: No namespace found in kustomization, using default namespace"
fi
# Step 4: Apply the app configuration
echo "Step 4: Applying app configuration..."
kubectl apply -k "$APP_DIR"
echo "✅ App '$APP_NAME' deployed successfully!"

93
bin/wild-app-config
View File

@@ -54,9 +54,30 @@ else
init_wild_env init_wild_env
fi fi
CACHE_APP_DIR=".wildcloud/cache/apps/${APP_NAME}" CONFIG_FILE="${WC_HOME}/config.yaml"
if [ ! -f "${CONFIG_FILE}" ]; then
echo "Creating config file at ${CONFIG_FILE}"
echo "# Wild Cloud Configuration" > "${CONFIG_FILE}"
echo "# This file contains app configurations and should be committed to git" >> "${CONFIG_FILE}"
echo "" >> "${CONFIG_FILE}"
fi
SECRETS_FILE="${WC_HOME}/secrets.yaml"
if [ ! -f "${SECRETS_FILE}" ]; then
echo "Creating secrets file at ${SECRETS_FILE}"
echo "# Wild Cloud Secrets Configuration" > "${SECRETS_FILE}"
echo "# This file contains sensitive data and should NOT be committed to git" >> "${SECRETS_FILE}"
echo "# Add this file to your .gitignore" >> "${SECRETS_FILE}"
echo "" >> "${SECRETS_FILE}"
fi
# Check if app is cached, if not fetch it first # Check if app is cached, if not fetch it first
CACHE_APP_DIR="${WC_HOME}/.wildcloud/cache/apps/${APP_NAME}"
if [ ! -d "${CACHE_APP_DIR}" ]; then
echo "Cache directory for app '${APP_NAME}' not found at ${CACHE_APP_DIR}"
echo "Please fetch the app first using 'wild-app-fetch ${APP_NAME}'"
exit 1
fi
if [ ! -d "${CACHE_APP_DIR}" ]; then if [ ! -d "${CACHE_APP_DIR}" ]; then
echo "App '${APP_NAME}' not found in cache, fetching..." echo "App '${APP_NAME}' not found in cache, fetching..."
if [ "${UPDATE}" = true ]; then if [ "${UPDATE}" = true ]; then
@@ -66,9 +87,13 @@ if [ ! -d "${CACHE_APP_DIR}" ]; then
fi fi
fi fi
DEST_APP_DIR="apps/${APP_NAME}" APPS_DIR="${WC_HOME}/apps"
mkdir -p "apps" if [ ! -d "${APPS_DIR}" ]; then
echo "Creating apps directory at ${APPS_DIR}"
mkdir -p "${APPS_DIR}"
fi
DEST_APP_DIR="${WC_HOME}/apps/${APP_NAME}"
if [ -d "${DEST_APP_DIR}" ]; then if [ -d "${DEST_APP_DIR}" ]; then
if [ "${UPDATE}" = true ]; then if [ "${UPDATE}" = true ]; then
echo "Updating app '${APP_NAME}'" echo "Updating app '${APP_NAME}'"
@@ -84,6 +109,7 @@ if [ -d "${DEST_APP_DIR}" ]; then
rm -rf "${DEST_APP_DIR}" rm -rf "${DEST_APP_DIR}"
fi fi
fi fi
mkdir -p "${DEST_APP_DIR}"
echo "Pulling app '${APP_NAME}' from cache to ${DEST_APP_DIR}" echo "Pulling app '${APP_NAME}' from cache to ${DEST_APP_DIR}"
@@ -93,8 +119,8 @@ if [ -f "${MANIFEST_FILE}" ]; then
echo "Merging defaultConfig from manifest.yaml into .wildcloud/config.yaml" echo "Merging defaultConfig from manifest.yaml into .wildcloud/config.yaml"
# Check if the app section exists in config.yaml, if not create it # Check if the app section exists in config.yaml, if not create it
if ! yq eval ".apps.${APP_NAME}" .wildcloud/config.yaml >/dev/null 2>&1; then if ! yq eval ".apps.${APP_NAME}" "${CONFIG_FILE}" >/dev/null 2>&1; then
yq eval ".apps.${APP_NAME} = {}" -i .wildcloud/config.yaml yq eval ".apps.${APP_NAME} = {}" -i "${CONFIG_FILE}"
fi fi
# Extract defaultConfig from manifest.yaml and merge into config.yaml # Extract defaultConfig from manifest.yaml and merge into config.yaml
@@ -105,15 +131,15 @@ if [ -f "${MANIFEST_FILE}" ]; then
value=$(yq eval ".defaultConfig.${key}" "${MANIFEST_FILE}") value=$(yq eval ".defaultConfig.${key}" "${MANIFEST_FILE}")
# Check if key exists and is not null in app config # Check if key exists and is not null in app config
current_value=$(yq eval ".apps.${APP_NAME}.${key} // \"null\"" .wildcloud/config.yaml) current_value=$(yq eval ".apps.${APP_NAME}.${key} // \"null\"" ${CONFIG_FILE})
if [ "${current_value}" = "null" ]; then if [ "${current_value}" = "null" ]; then
if [[ "${value}" =~ ^[0-9]+$ ]] || [[ "${value}" =~ ^[0-9]+\.[0-9]+$ ]] || [ "${value}" = "true" ] || [ "${value}" = "false" ]; then if [[ "${value}" =~ ^[0-9]+$ ]] || [[ "${value}" =~ ^[0-9]+\.[0-9]+$ ]] || [ "${value}" = "true" ] || [ "${value}" = "false" ]; then
# Numeric, boolean values don't need quotes # Numeric, boolean values don't need quotes
yq eval ".apps.${APP_NAME}.${key} = ${value}" -i .wildcloud/config.yaml yq eval ".apps.${APP_NAME}.${key} = ${value}" -i "${CONFIG_FILE}"
else else
# String values need quotes # String values need quotes
yq eval ".apps.${APP_NAME}.${key} = \"${value}\"" -i .wildcloud/config.yaml yq eval ".apps.${APP_NAME}.${key} = \"${value}\"" -i "${CONFIG_FILE}"
fi fi
fi fi
done done
@@ -125,32 +151,32 @@ if [ -f "${MANIFEST_FILE}" ]; then
echo "Scaffolding required secrets for app '${APP_NAME}'" echo "Scaffolding required secrets for app '${APP_NAME}'"
# Ensure .wildcloud/secrets.yaml exists # Ensure .wildcloud/secrets.yaml exists
if [ ! -f ".wildcloud/secrets.yaml" ]; then if [ ! -f "${SECRETS_FILE}" ]; then
echo "# Wild Cloud Secrets Configuration" > .wildcloud/secrets.yaml echo "# Wild Cloud Secrets Configuration" > "${SECRETS_FILE}"
echo "# This file contains sensitive data and should NOT be committed to git" >> .wildcloud/secrets.yaml echo "# This file contains sensitive data and should NOT be committed to git" >> "${SECRETS_FILE}"
echo "# Add this file to your .gitignore" >> .wildcloud/secrets.yaml echo "# Add this file to your .gitignore" >> "${SECRETS_FILE}"
echo "" >> .wildcloud/secrets.yaml echo "" >> "${SECRETS_FILE}"
fi fi
# Check if apps section exists, if not create it # Check if apps section exists, if not create it
if ! yq eval ".apps" .wildcloud/secrets.yaml >/dev/null 2>&1; then if ! yq eval ".apps" "${SECRETS_FILE}" >/dev/null 2>&1; then
yq eval ".apps = {}" -i .wildcloud/secrets.yaml yq eval ".apps = {}" -i "${SECRETS_FILE}"
fi fi
# Check if app section exists, if not create it # Check if app section exists, if not create it
if ! yq eval ".apps.${APP_NAME}" .wildcloud/secrets.yaml >/dev/null 2>&1; then if ! yq eval ".apps.${APP_NAME}" "${SECRETS_FILE}" >/dev/null 2>&1; then
yq eval ".apps.${APP_NAME} = {}" -i .wildcloud/secrets.yaml yq eval ".apps.${APP_NAME} = {}" -i "${SECRETS_FILE}"
fi fi
# Add dummy values for each required secret if not already present # Add dummy values for each required secret if not already present
yq eval '.requiredSecrets[]' "${MANIFEST_FILE}" | while read -r secret_path; do yq eval '.requiredSecrets[]' "${MANIFEST_FILE}" | while read -r secret_path; do
current_value=$(yq eval ".${secret_path} // \"null\"" .wildcloud/secrets.yaml) current_value=$(yq eval ".${secret_path} // \"null\"" "${SECRETS_FILE}")
if [ "${current_value}" = "null" ]; then if [ "${current_value}" = "null" ]; then
echo "Adding dummy secret: ${secret_path}" echo "Adding dummy secret: ${secret_path}"
# Extract just the key name for the dummy value # Extract just the key name for the dummy value
secret_key=$(basename "${secret_path}") secret_key=$(basename "${secret_path}")
yq eval ".${secret_path} = \"CHANGE_ME_${secret_key^^}\"" -i .wildcloud/secrets.yaml yq eval ".${secret_path} = \"CHANGE_ME_${secret_key^^}\"" -i "${SECRETS_FILE}"
fi fi
done done
@@ -163,27 +189,20 @@ process_file() {
local src_file="$1" local src_file="$1"
local dest_file="$2" local dest_file="$2"
if [[ "${src_file}" == *.yaml ]] || [[ "${src_file}" == *.yml ]]; then echo "Processing YAML file: ${dest_file}"
echo "Processing YAML file: ${dest_file}"
# Build gomplate command with config context (enables .config shorthand)
# Build gomplate command with config context (enables .config shorthand) gomplate_cmd="gomplate -c .=${CONFIG_FILE}"
gomplate_cmd="gomplate -c config=.wildcloud/config.yaml"
# Add secrets context if secrets.yaml exists (enables .secrets shorthand)
# Add secrets context if secrets.yaml exists (enables .secrets shorthand) if [ -f "${SECRETS_FILE}" ]; then
if [ -f ".wildcloud/secrets.yaml" ]; then gomplate_cmd="${gomplate_cmd} -c secrets=${SECRETS_FILE}"
gomplate_cmd="${gomplate_cmd} -c secrets=.wildcloud/secrets.yaml"
fi
# Execute gomplate with the file
${gomplate_cmd} -f "${src_file}" > "${dest_file}"
else
cp "${src_file}" "${dest_file}"
fi fi
# Execute gomplate with the file
${gomplate_cmd} -f "${src_file}" > "${dest_file}"
} }
# Create destination directory
mkdir -p "${DEST_APP_DIR}"
# Copy directory structure and process files # Copy directory structure and process files
find "${CACHE_APP_DIR}" -type d | while read -r src_dir; do find "${CACHE_APP_DIR}" -type d | while read -r src_dir; do
rel_path="${src_dir#${CACHE_APP_DIR}}" rel_path="${src_dir#${CACHE_APP_DIR}}"

26
bin/wild-app-deploy
View File

@@ -52,6 +52,12 @@ else
init_wild_env init_wild_env
fi fi
SECRETS_FILE="${WC_HOME}/secrets.yaml"
if [ ! -f "${SECRETS_FILE}" ]; then
echo "Error: Secrets file '${SECRETS_FILE}' not found"
exit 1
fi
# Function to deploy secrets for an app # Function to deploy secrets for an app
deploy_secrets() { deploy_secrets() {
local app_name="$1" local app_name="$1"
@@ -68,12 +74,6 @@ deploy_secrets() {
return 0 return 0
fi fi
# Check if secrets.yaml exists
if [ ! -f ".wildcloud/secrets.yaml" ]; then
echo "Warning: .wildcloud/secrets.yaml not found, skipping secret deployment for ${app_name}"
return 0
fi
# Use the target namespace parameter # Use the target namespace parameter
local namespace="${target_namespace}" local namespace="${target_namespace}"
@@ -82,8 +82,8 @@ deploy_secrets() {
# Create secret data # Create secret data
local secret_data="" local secret_data=""
while IFS= read -r secret_path; do while IFS= read -r secret_path; do
# Get the secret value using full path from .wildcloud/secrets.yaml # Get the secret value using full path
secret_value=$(yq eval ".${secret_path} // \"\"" .wildcloud/secrets.yaml) secret_value=$(yq eval ".${secret_path} // \"\"" "${SECRETS_FILE}")
# Extract just the key name for the Kubernetes secret (handle dotted paths) # Extract just the key name for the Kubernetes secret (handle dotted paths)
secret_key="${secret_path##*.}" secret_key="${secret_path##*.}"
@@ -94,7 +94,7 @@ deploy_secrets() {
fi fi
secret_data="${secret_data} --from-literal=${secret_key}=${secret_value}" secret_data="${secret_data} --from-literal=${secret_key}=${secret_value}"
else else
echo "Error: Required secret '${secret_path}' not found in .wildcloud/secrets.yaml for app '${app_name}'" echo "Error: Required secret '${secret_path}' not found in ${SECRETS_FILE} for app '${app_name}'"
exit 1 exit 1
fi fi
done < <(yq eval '.requiredSecrets[]' "${manifest_file}") done < <(yq eval '.requiredSecrets[]' "${manifest_file}")
@@ -144,6 +144,14 @@ if [ -f "apps/${APP_NAME}/namespace.yaml" ]; then
kubectl apply -f "apps/${APP_NAME}/namespace.yaml" ${DRY_RUN:-} kubectl apply -f "apps/${APP_NAME}/namespace.yaml" ${DRY_RUN:-}
fi fi
# Copy TLS certificates to the namespace
if [ -f "apps/${APP_NAME}/namespace.yaml" ]; then
NAMESPACE=$(yq eval '.metadata.name' "apps/${APP_NAME}/namespace.yaml")
echo "Step 3: Copying TLS certificates to namespace $NAMESPACE..."
wild-cluster-secret-copy cert-manager:wildcard-internal-wild-cloud-tls "$NAMESPACE" || echo "Warning: Failed to copy internal wildcard certificate"
wild-cluster-secret-copy cert-manager:wildcard-wild-cloud-tls "$NAMESPACE" || echo "Warning: Failed to copy external wildcard certificate"
fi
# Step 2: Deploy secrets (dependencies and main app) # Step 2: Deploy secrets (dependencies and main app)
echo "Deploying secrets..." echo "Deploying secrets..."
if [ -f "${MANIFEST_FILE}" ]; then if [ -f "${MANIFEST_FILE}" ]; then

0
bin/copy-secret → bin/wild-cluster-secret-copy
View File

4
setup/cluster-services/kubernetes-dashboard/install.sh
View File

@@ -45,13 +45,13 @@ kubectl wait --for=condition=Ready certificate wildcard-wild-cloud -n cert-manag
# Copying cert-manager secrets to the dashboard namespace (if available) # Copying cert-manager secrets to the dashboard namespace (if available)
echo "Copying cert-manager secrets to dashboard namespace..." echo "Copying cert-manager secrets to dashboard namespace..."
if kubectl get secret wildcard-internal-wild-cloud-tls -n cert-manager >/dev/null 2>&1; then if kubectl get secret wildcard-internal-wild-cloud-tls -n cert-manager >/dev/null 2>&1; then
copy-secret cert-manager:wildcard-internal-wild-cloud-tls $NAMESPACE wild-cluster-secret-copy cert-manager:wildcard-internal-wild-cloud-tls $NAMESPACE
else else
echo "Warning: wildcard-internal-wild-cloud-tls secret not yet available" echo "Warning: wildcard-internal-wild-cloud-tls secret not yet available"
fi fi
if kubectl get secret wildcard-wild-cloud-tls -n cert-manager >/dev/null 2>&1; then if kubectl get secret wildcard-wild-cloud-tls -n cert-manager >/dev/null 2>&1; then
copy-secret cert-manager:wildcard-wild-cloud-tls $NAMESPACE wild-cluster-secret-copy cert-manager:wildcard-wild-cloud-tls $NAMESPACE
else else
echo "Warning: wildcard-wild-cloud-tls secret not yet available" echo "Warning: wildcard-wild-cloud-tls secret not yet available"
fi fi

2
setup/cluster-services/nfs/setup-nfs-host.sh
View File

@@ -210,7 +210,7 @@ configure_smb_sharing() {
cat << EOF | sudo tee -a "${smb_config}" cat << EOF | sudo tee -a "${smb_config}"
[${share_name}] [${share_name}]
comment = Media files for Jellyfin comment = Media files for Wild Cloud
path = ${NFS_MEDIA_PATH} path = ${NFS_MEDIA_PATH}
browseable = yes browseable = yes
read only = no read only = no