thalla/lomavuokraus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
lomavuokraus/deploy
History
Tero Halla-aho beb60966d4 Make deploy build script container-engine aware
2025-12-21 22:04:56 +02:00
..
build.sh Make deploy build script container-engine aware 2025-12-21 22:04:56 +02:00
deploy-prod.sh Add unified secrets dotenv loader 2025-12-10 16:05:29 +02:00
deploy-staging.sh Add unified secrets dotenv loader 2025-12-10 16:05:29 +02:00
deploy-test.sh Add unified secrets dotenv loader 2025-12-10 16:05:29 +02:00
deploy.sh Add migration preflight and sync prod DB 2025-12-20 22:59:48 +02:00
env.sh Add testing environment deployment and DNS helpers 2025-12-06 17:33:17 +02:00
install-logging.sh Add Loki logging stack 2025-12-16 11:24:06 +02:00
push.sh feat: enhance listings browsing and amenities 2025-11-24 17:15:20 +02:00
README.md deploy: run migrations using in-cluster DATABASE_URL 2025-12-18 12:45:30 +02:00
rollback-prod.sh feat: enhance listings browsing and amenities 2025-11-24 17:15:20 +02:00
update-logs-dns.sh Allow DYNDNS update script to use env creds 2025-12-16 11:38:37 +02:00
update-test-dns.sh Add testing environment deployment and DNS helpers 2025-12-06 17:33:17 +02:00

README.md

Deploying to k3s (Hetzner)

Prereqs

  • kubectl installed locally.
  • Access to the cluster kubeconfig.
  • Secrets loaded (dotenv via scripts/load-secrets.sh).

Kubeconfig

  • By default deploy/deploy.sh will use $KUBECONFIG. If that is unset and creds/kubeconfig.yaml exists, it will export KUBECONFIG=$PWD/creds/kubeconfig.yaml.
  • Recommended flow for new devs:
    1. Obtain the kubeconfig from the cluster admin.
    2. Save it as creds/kubeconfig.yaml (ignored by git), or set KUBECONFIG to your own path. The repo also includes creds/kubeconfig.enc.yaml (sops/age-encrypted) and a plaintext copy can be produced with the age key.
    3. Verify access: kubectl get ns (you should see lomavuokraus-test/staging/prod).
  • If you want to keep the kubeconfig in-repo but encrypted, store it as creds/kubeconfig.enc.yaml with sops/age and decrypt to creds/kubeconfig.yaml before deploying:
    • Decrypt: SOPS_AGE_KEY_FILE=creds/age-key.txt sops -d creds/kubeconfig.enc.yaml > creds/kubeconfig.yaml
    • Encrypt (admin only): SOPS_AGE_KEY_FILE=creds/age-key.txt sops -e kubeconfig.yaml > creds/kubeconfig.enc.yaml

Deploy commands

  • Test: ./deploy/deploy-test.sh
  • Staging (default): ./deploy/deploy-staging.sh or TARGET=staging ./deploy/deploy.sh
  • Prod: ./deploy/deploy-prod.sh

Notes

  • Ensure deploy/.last-image exists (run deploy/build.sh first).
  • AUTH_SECRET/DATABASE_URL should be in your env or loaded via scripts/load-secrets.sh.
  • deploy/deploy.sh runs prisma migrate deploy automatically when DATABASE_URL is set; if it isn't, it will try to read DATABASE_URL from the in-cluster lomavuokraus-web-secrets in the target namespace (recommended for test/staging/prod).