will/rxminder
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add container registry support and Kustomize foundation

Browse Source 
- Add registry secret template for private container registry authentication
- Fix frontend deployment to use imagePullSecrets for private registry
- Enhance deploy-k8s.sh with registry authentication handling
- Add PVC storage size validation to prevent storage reduction errors
- Add graceful StatefulSet update error handling
- Fix template variable substitution for DOCKER_IMAGE
- Remove conflicting static PVC file that had unprocessed template variables
- Add Kustomize structure as alternative to shell script templates:
  - Base configuration with common resources
  - Development overlay with dev-specific configurations
  - Support for environment-specific image tags and resource limits

Registry setup requires setting REGISTRY_USERNAME, REGISTRY_PASSWORD, and
optionally REGISTRY_HOST in .env file for private registry authentication.
This commit is contained in:
William Valentin
2025-09-07 20:28:23 -07:00
parent 2913f879ca
commit e47150f80a
7 changed files with 296 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

97
scripts/deploy-k8s.sh
View File

@@ -2,6 +2,17 @@
# Kubernetes deployment script with environment variable substitution
# This script processes template files and applies them to Kubernetes
#
# Registry Authentication Setup:
# To pull images from a private registry, set these environment variables:
# REGISTRY_USERNAME - Username for the container registry
# REGISTRY_PASSWORD - Password/token for the container registry
# REGISTRY_HOST - Registry hostname (default: gitea-http.taildb3494.ts.net)
#
# Example in .env file:
# REGISTRY_USERNAME=your-username
# REGISTRY_PASSWORD=your-password-or-token
# REGISTRY_HOST=gitea-http.taildb3494.ts.net
set -euo pipefail
@@ -72,6 +83,20 @@ substitute_templates() {
done
}
# Function to create registry authentication
create_registry_auth() {
if [[ -n "${REGISTRY_USERNAME:-}" && -n "${REGISTRY_PASSWORD:-}" ]]; then
local registry_host="${REGISTRY_HOST:-gitea-http.taildb3494.ts.net}"
local auth_string=$(echo -n "${REGISTRY_USERNAME}:${REGISTRY_PASSWORD}" | base64 -w 0)
local docker_config="{\"auths\":{\"${registry_host}\":{\"auth\":\"${auth_string}\"}}}"
export REGISTRY_AUTH_BASE64=$(echo -n "$docker_config" | base64 -w 0)
print_info "Registry authentication configured for $registry_host"
else
print_warning "Registry credentials not provided - skipping registry secret creation"
export REGISTRY_AUTH_BASE64=""
fi
}
# Function to validate required environment variables
validate_env() {
local required_vars=("INGRESS_HOST")
@@ -105,6 +130,44 @@ ensure_namespace() {
fi
}
# Function to convert Kubernetes storage units to bytes
storage_to_bytes() {
local storage="$1"
local number=$(echo "$storage" | sed 's/[^0-9]*//g')
local unit=$(echo "$storage" | sed 's/[0-9]*//g')
case "$unit" in
"Ki"|"K") echo $((number * 1024)) ;;
"Mi"|"M") echo $((number * 1024 * 1024)) ;;
"Gi"|"G") echo $((number * 1024 * 1024 * 1024)) ;;
"Ti"|"T") echo $((number * 1024 * 1024 * 1024 * 1024)) ;;
"") echo "$number" ;;
*) echo "0" ;;
esac
}
# Function to check if PVC storage can be updated
can_update_pvc_storage() {
local pvc_file="$1"
local pvc_name=$(grep "name:" "$pvc_file" | head -1 | awk '{print $2}')
local new_storage=$(grep "storage:" "$pvc_file" | awk '{print $2}')
# Check if PVC exists
if kubectl get pvc "$pvc_name" -n "$NAMESPACE" &> /dev/null; then
local current_storage=$(kubectl get pvc "$pvc_name" -n "$NAMESPACE" -o jsonpath='{.status.capacity.storage}')
# Convert storage sizes to bytes for comparison
local current_bytes=$(storage_to_bytes "$current_storage")
local new_bytes=$(storage_to_bytes "$new_storage")
if [[ "$new_bytes" -lt "$current_bytes" ]]; then
print_warning "Skipping PVC $pvc_name: cannot reduce storage from $current_storage to $new_storage"
return 1
fi
fi
return 0
}
# Function to apply Kubernetes manifests
apply_manifests() {
local manifest_dir="$1"
@@ -129,8 +192,29 @@ apply_manifests() {
if [[ -d "$TEMP_DIR" ]]; then
for manifest_file in "$TEMP_DIR"/*.yaml; do
if [[ -f "$manifest_file" ]]; then
print_info "Applying template: $(basename "$manifest_file")"
kubectl apply -f "$manifest_file" -n "$NAMESPACE"
local basename_file=$(basename "$manifest_file")
# Special handling for PVC files
if [[ "$basename_file" == *"pvc.yaml" ]] && grep -q "kind: PersistentVolumeClaim" "$manifest_file"; then
if can_update_pvc_storage "$manifest_file"; then
print_info "Applying template: $basename_file"
kubectl apply -f "$manifest_file" -n "$NAMESPACE"
fi
# Special handling for registry secret - skip if no auth provided
elif [[ "$basename_file" == *"registry-secret.yaml" ]] && [[ -z "${REGISTRY_AUTH_BASE64:-}" ]]; then
print_info "Skipping registry secret: no registry credentials provided"
else
print_info "Applying template: $basename_file"
if ! kubectl apply -f "$manifest_file" -n "$NAMESPACE" 2>/dev/null; then
# Handle StatefulSet update failures gracefully
if [[ "$basename_file" == *"statefulset.yaml" ]] && grep -q "kind: StatefulSet" "$manifest_file"; then
print_warning "StatefulSet update failed (likely due to immutable fields) - continuing deployment"
else
# Re-run the command to show the actual error for non-StatefulSet resources
kubectl apply -f "$manifest_file" -n "$NAMESPACE"
fi
fi
fi
fi
done
fi
@@ -255,9 +339,18 @@ main() {
# Load environment variables
load_env "$env_file"
# Set default values for required variables
export APP_NAME="${APP_NAME:-rxminder}"
export STORAGE_CLASS="${STORAGE_CLASS:-longhorn}"
export STORAGE_SIZE="${STORAGE_SIZE:-5Gi}"
export DOCKER_IMAGE="${DOCKER_IMAGE:-gitea-http.taildb3494.ts.net/will/rxminder:latest}"
# Set default namespace if not provided in environment
NAMESPACE="${NAMESPACE:-rxminder}"
# Create registry authentication if credentials are provided
create_registry_auth
# Validate required environment variables
validate_env