thalla/lomavuokraus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
lomavuokraus/deploy
History
Tero Halla-aho 28a313830b Allow DYNDNS update script to use env creds
2025-12-16 11:38:37 +02:00
..
build.sh Add Trivy update reminder and ignore sensitive paths 2025-12-15 21:49:20 +02:00
deploy-prod.sh Add unified secrets dotenv loader 2025-12-10 16:05:29 +02:00
deploy-staging.sh Add unified secrets dotenv loader 2025-12-10 16:05:29 +02:00
deploy-test.sh Add unified secrets dotenv loader 2025-12-10 16:05:29 +02:00
deploy.sh Default to repo kubeconfig and document deploy access 2025-12-12 11:48:39 +02:00
env.sh Add testing environment deployment and DNS helpers 2025-12-06 17:33:17 +02:00
install-logging.sh Add Loki logging stack 2025-12-16 11:24:06 +02:00
push.sh feat: enhance listings browsing and amenities 2025-11-24 17:15:20 +02:00
README.md Add encrypted kubeconfig and ignore plaintext 2025-12-13 23:32:01 +02:00
rollback-prod.sh feat: enhance listings browsing and amenities 2025-11-24 17:15:20 +02:00
update-logs-dns.sh Allow DYNDNS update script to use env creds 2025-12-16 11:38:37 +02:00
update-test-dns.sh Add testing environment deployment and DNS helpers 2025-12-06 17:33:17 +02:00

README.md

Deploying to k3s (Hetzner)

Prereqs

  • kubectl installed locally.
  • Access to the cluster kubeconfig.
  • Secrets loaded (dotenv via scripts/load-secrets.sh).

Kubeconfig

  • By default deploy/deploy.sh will use $KUBECONFIG. If that is unset and creds/kubeconfig.yaml exists, it will export KUBECONFIG=$PWD/creds/kubeconfig.yaml.
  • Recommended flow for new devs:
    1. Obtain the kubeconfig from the cluster admin.
    2. Save it as creds/kubeconfig.yaml (ignored by git), or set KUBECONFIG to your own path. The repo also includes creds/kubeconfig.enc.yaml (sops/age-encrypted) and a plaintext copy can be produced with the age key.
    3. Verify access: kubectl get ns (you should see lomavuokraus-test/staging/prod).
  • If you want to keep the kubeconfig in-repo but encrypted, store it as creds/kubeconfig.enc.yaml with sops/age and decrypt to creds/kubeconfig.yaml before deploying:
    • Decrypt: SOPS_AGE_KEY_FILE=creds/age-key.txt sops -d creds/kubeconfig.enc.yaml > creds/kubeconfig.yaml
    • Encrypt (admin only): SOPS_AGE_KEY_FILE=creds/age-key.txt sops -e kubeconfig.yaml > creds/kubeconfig.enc.yaml

Deploy commands

  • Test: ./deploy/deploy-test.sh
  • Staging (default): ./deploy/deploy-staging.sh or TARGET=staging ./deploy/deploy.sh
  • Prod: ./deploy/deploy-prod.sh

Notes

  • Ensure deploy/.last-image exists (run deploy/build.sh first).
  • AUTH_SECRET/DATABASE_URL should be in your env or loaded via scripts/load-secrets.sh.