feat: Add JWT and Redis configuration to deployment and environment setup
All checks were successful
CI - Build and Push / Build and Push Docker Image (push) Successful in 50s
All checks were successful
CI - Build and Push / Build and Push Docker Image (push) Successful in 50s
This commit is contained in:
43
script/cd.sh
43
script/cd.sh
@@ -24,6 +24,14 @@ CONTAINER_IMAGE_TAG="${CONTAINER_IMAGE_TAG:-latest}"
|
||||
|
||||
# Application Configuration
|
||||
DATABASE_DSN="${DATABASE_DSN:-postgres://postgres:password@localhost:5432/steam_union?sslmode=disable}"
|
||||
JWT_SECRET="${JWT_SECRET:-your-secret-key-change-in-production}"
|
||||
JWT_ISSUER="${JWT_ISSUER:-cialloo-authenticator}"
|
||||
JWT_EXPIRES_IN="${JWT_EXPIRES_IN:-604800}"
|
||||
STEAM_CALLBACK_URL="${STEAM_CALLBACK_URL:-https://www.cialloo.com/api/authenticator/steam/callback}"
|
||||
STEAM_FRONTEND_CALLBACK_URL="${STEAM_FRONTEND_CALLBACK_URL:-https://www.cialloo.com/auth/callback}"
|
||||
REDIS_HOST="${REDIS_HOST:-redis.production.svc.cluster.local:6379}"
|
||||
REDIS_TYPE="${REDIS_TYPE:-node}"
|
||||
REDIS_PASS="${REDIS_PASS:-}"
|
||||
FORCE_RESTART="${FORCE_RESTART:-true}"
|
||||
|
||||
# =============================================================================
|
||||
@@ -46,6 +54,14 @@ print_help() {
|
||||
echo " CONTAINER_IMAGE_NAME Image name (default: authenticator)"
|
||||
echo " CONTAINER_IMAGE_TAG Image tag (default: latest)"
|
||||
echo " DATABASE_DSN Database connection string"
|
||||
echo " JWT_SECRET JWT secret key"
|
||||
echo " JWT_ISSUER JWT issuer"
|
||||
echo " JWT_EXPIRES_IN JWT expiration time in seconds"
|
||||
echo " STEAM_CALLBACK_URL Steam OAuth callback URL"
|
||||
echo " STEAM_FRONTEND_CALLBACK_URL Frontend callback URL after auth"
|
||||
echo " REDIS_HOST Redis host and port"
|
||||
echo " REDIS_TYPE Redis type (node/cluster)"
|
||||
echo " REDIS_PASS Redis password"
|
||||
echo " FORCE_RESTART Force rollout restart (default: true)"
|
||||
echo ""
|
||||
echo "Commands:"
|
||||
@@ -98,6 +114,20 @@ create_image_pull_secret() {
|
||||
echo "✓ Image pull secret created/updated"
|
||||
}
|
||||
|
||||
# Create or update application secrets
|
||||
create_app_secrets() {
|
||||
echo "Creating application secrets..."
|
||||
|
||||
kubectl create secret generic authenticator-secrets \
|
||||
--from-literal=database-dsn="${DATABASE_DSN}" \
|
||||
--from-literal=jwt-secret="${JWT_SECRET}" \
|
||||
--from-literal=redis-pass="${REDIS_PASS}" \
|
||||
--namespace="${KUBERNETES_NAMESPACE}" \
|
||||
--dry-run=client -o yaml | kubectl apply -f -
|
||||
|
||||
echo "✓ Application secrets created/updated"
|
||||
}
|
||||
|
||||
# Deploy to Kubernetes
|
||||
deploy_to_kubernetes() {
|
||||
FULL_IMAGE_NAME="${CONTAINER_REGISTRY_URL}/${CONTAINER_REGISTRY_NAMESPACE}/${CONTAINER_IMAGE_NAME}:${CONTAINER_IMAGE_TAG}"
|
||||
@@ -120,14 +150,27 @@ deploy_to_kubernetes() {
|
||||
# Create image pull secret
|
||||
create_image_pull_secret || return 1
|
||||
|
||||
# Create application secrets
|
||||
create_app_secrets || return 1
|
||||
|
||||
# Apply Kubernetes manifests with variable substitution
|
||||
echo "Applying Kubernetes manifests..."
|
||||
|
||||
export FULL_IMAGE_NAME
|
||||
export KUBERNETES_NAMESPACE
|
||||
export KUBERNETES_INGRESS_HOST
|
||||
export KUBERNETES_DEPLOYMENT_REPLICAS
|
||||
export CONTAINER_IMAGE_NAME
|
||||
export CONTAINER_REGISTRY_URL
|
||||
export CONTAINER_REGISTRY_NAMESPACE
|
||||
export CONTAINER_IMAGE_TAG
|
||||
export DATABASE_DSN
|
||||
export JWT_ISSUER
|
||||
export JWT_EXPIRES_IN
|
||||
export STEAM_CALLBACK_URL
|
||||
export STEAM_FRONTEND_CALLBACK_URL
|
||||
export REDIS_HOST
|
||||
export REDIS_TYPE
|
||||
|
||||
for file in script/k8s/*.yaml; do
|
||||
echo "Applying: $(basename $file)"
|
||||
|
||||
Reference in New Issue
Block a user