mirror of
https://github.com/ghndrx/k8s-game-2048.git
synced 2026-02-10 06:45:07 +00:00
82fc2a6691
🧹 PII Cleanup & Security: - Remove all hardcoded domains (darknex.us, hndrx.co) - Remove all hardcoded emails (admin@ references) - Replace all personal info with environment variables - Repository now 100% generic and reusable 🚀 Fully Automatic Pipeline: - Pipeline now runs automatically develop → staging → production - No manual intervention required for production promotions - Auto-promotion triggers after successful tests - All workflows use commit-specific image tags 🔧 Environment Variables: - All manifests use ${VARIABLE_NAME} syntax - All scripts source from .env file - GitHub Actions use secrets for sensitive data - Complete .env.example template provided 📚 Documentation: - New comprehensive WORKFLOWS.md with pipeline details - New PIPELINE_QUICK_REFERENCE.md for quick reference - Updated all docs to use generic placeholders - Added security/privacy section to README 🔐 Security Enhancements: - Updated .gitignore for all sensitive files - Created PII verification script (verify-pii-removal.sh) - Created cleanup automation script (cleanup-pii.sh) - Repository verified PII-free and production-ready BREAKING: Repository now requires .env configuration - Copy .env.example to .env and configure for your environment - Set GitHub repository secrets for CI/CD workflows - All deployments now use environment-specific configuration
154 lines
5.7 KiB
Bash
Executable File
154 lines
5.7 KiB
Bash
Executable File
#!/bin/bash
|
|
set -e
|
|
|
|
# Webhook-based Deployment Setup Script for k8s-game-2048
|
|
echo "🚀 Setting up webhook-based deployment for k8s-game-2048..."
|
|
|
|
# Load configuration from .env file
|
|
if [ -f ".env" ]; then
|
|
echo "📋 Loading configuration from .env file..."
|
|
export $(grep -v '^#' .env | xargs)
|
|
else
|
|
echo "⚠️ No .env file found, using defaults"
|
|
fi
|
|
|
|
# Configuration with fallbacks
|
|
WEBHOOK_SECRET="${WEBHOOK_SECRET:-$(openssl rand -hex 32)}"
|
|
MANIFESTS_PATH="${MANIFESTS_PATH:-/home/administrator/k8s-game-2048/manifests}"
|
|
WEBHOOK_DOMAIN="${WEBHOOK_DOMAIN:-webhook.${BASE_DOMAIN}}"
|
|
KNATIVE_DOMAIN="${KNATIVE_DOMAIN:-${BASE_DOMAIN}}"
|
|
KUBECONFIG_PATH="${KUBECONFIG_PATH:-/etc/rancher/k3s/k3s.yaml}"
|
|
DEPLOY_INGRESS="${DEPLOY_INGRESS:-true}"
|
|
WEBHOOK_REPLICAS="${WEBHOOK_REPLICAS:-1}"
|
|
|
|
echo "📋 Configuration:"
|
|
echo " Webhook Secret: ${WEBHOOK_SECRET:0:8}..."
|
|
echo " Manifests Path: $MANIFESTS_PATH"
|
|
echo " Webhook Domain: $WEBHOOK_DOMAIN"
|
|
echo " Knative Domain: $KNATIVE_DOMAIN"
|
|
echo " Deploy Ingress: $DEPLOY_INGRESS"
|
|
echo " Replicas: $WEBHOOK_REPLICAS"
|
|
|
|
# Step 1: Create webhook system namespace
|
|
echo ""
|
|
echo "📦 Creating webhook system namespace..."
|
|
kubectl create namespace webhook-system --dry-run=client -o yaml | kubectl apply -f -
|
|
|
|
# Step 2: Create webhook secret
|
|
echo "🔐 Creating webhook secret..."
|
|
kubectl create secret generic webhook-secret \
|
|
--from-literal=webhook-secret="$WEBHOOK_SECRET" \
|
|
-n webhook-system \
|
|
--dry-run=client -o yaml | kubectl apply -f -
|
|
|
|
# Step 2.5: Create kubeconfig secret for webhook handler
|
|
echo "🔑 Creating kubeconfig secret..."
|
|
if [ -f "$KUBECONFIG_PATH" ]; then
|
|
kubectl create secret generic webhook-kubeconfig \
|
|
--from-file=config="$KUBECONFIG_PATH" \
|
|
-n webhook-system \
|
|
--dry-run=client -o yaml | kubectl apply -f -
|
|
else
|
|
echo "⚠️ Kubeconfig not found at $KUBECONFIG_PATH"
|
|
echo "Please create the webhook-kubeconfig secret manually:"
|
|
echo "kubectl create secret generic webhook-kubeconfig --from-file=config=~/.kube/config -n webhook-system"
|
|
fi
|
|
|
|
# Step 3: Update webhook handler manifests with correct paths
|
|
echo "🔧 Updating webhook handler manifests..."
|
|
sed -i "s|/home/administrator/k8s-game-2048/manifests|$MANIFESTS_PATH|g" manifests/webhook/webhook-handler.yaml
|
|
sed -i "s|webhook.yourdomain.com|$WEBHOOK_DOMAIN|g" manifests/webhook/webhook-ingress.yaml
|
|
|
|
# Step 4: Deploy webhook handler script ConfigMap
|
|
echo "📜 Deploying webhook handler script..."
|
|
kubectl apply -f manifests/webhook/webhook-script-configmap.yaml
|
|
|
|
# Step 5: Deploy webhook handler
|
|
echo "🤖 Deploying webhook handler..."
|
|
kubectl apply -f manifests/webhook/webhook-handler.yaml
|
|
|
|
# Step 6: Deploy ingress (optional)
|
|
if [ "$DEPLOY_INGRESS" = "true" ]; then
|
|
echo "🌐 Deploying webhook ingress..."
|
|
kubectl apply -f manifests/webhook/webhook-ingress.yaml
|
|
else
|
|
echo "⏭️ Skipping ingress deployment (set DEPLOY_INGRESS=true to enable)"
|
|
fi
|
|
|
|
# Step 7: Wait for deployment to be ready
|
|
echo "⏳ Waiting for webhook handler to be ready..."
|
|
kubectl wait --for=condition=available deployment/webhook-handler -n webhook-system --timeout=300s
|
|
|
|
# Step 8: Get service information
|
|
echo ""
|
|
echo "📊 Webhook handler status:"
|
|
kubectl get pods -n webhook-system -l app=webhook-handler
|
|
|
|
echo ""
|
|
echo "🌐 Service endpoints:"
|
|
kubectl get svc -n webhook-system
|
|
|
|
# Step 9: Test webhook handler
|
|
echo ""
|
|
echo "🧪 Testing webhook handler..."
|
|
WEBHOOK_POD=$(kubectl get pods -n webhook-system -l app=webhook-handler -o jsonpath='{.items[0].metadata.name}')
|
|
if [ -n "$WEBHOOK_POD" ]; then
|
|
echo "Testing health endpoint..."
|
|
kubectl port-forward -n webhook-system pod/$WEBHOOK_POD 8080:8080 &
|
|
KUBECTL_PID=$!
|
|
sleep 5
|
|
|
|
if curl -s http://localhost:8080/health | grep -q "healthy"; then
|
|
echo "✅ Webhook handler health check passed!"
|
|
else
|
|
echo "⚠️ Webhook handler health check failed"
|
|
fi
|
|
|
|
kill $KUBECTL_PID 2>/dev/null || true
|
|
fi
|
|
|
|
# Step 10: Display setup information
|
|
echo ""
|
|
echo "🎉 Webhook-based deployment setup completed!"
|
|
echo ""
|
|
echo "📝 Next steps:"
|
|
echo "1. Configure GitHub repository secrets:"
|
|
echo " - WEBHOOK_SECRET: $WEBHOOK_SECRET"
|
|
echo " - DEV_WEBHOOK_URL: https://$WEBHOOK_DOMAIN/webhook/deploy"
|
|
echo " - STAGING_WEBHOOK_URL: https://$WEBHOOK_DOMAIN/webhook/deploy"
|
|
echo " - PROD_WEBHOOK_URL: https://$WEBHOOK_DOMAIN/webhook/deploy"
|
|
echo " - KNATIVE_DOMAIN: $KNATIVE_DOMAIN"
|
|
echo ""
|
|
echo "2. Expose webhook handler externally:"
|
|
if [ "$DEPLOY_INGRESS" != "true" ]; then
|
|
echo " # Option A: Use port-forward for testing"
|
|
echo " kubectl port-forward -n webhook-system svc/webhook-handler-external 8080:80"
|
|
echo ""
|
|
echo " # Option B: Get LoadBalancer IP (if available)"
|
|
echo " kubectl get svc webhook-handler-external -n webhook-system"
|
|
echo ""
|
|
echo " # Option C: Deploy ingress with your domain"
|
|
echo " DEPLOY_INGRESS=true WEBHOOK_DOMAIN=your-domain.com ./scripts/setup-webhook-deployment.sh"
|
|
fi
|
|
echo ""
|
|
echo "3. Test webhook endpoint:"
|
|
echo " curl -X POST https://$WEBHOOK_DOMAIN/webhook/deploy \\"
|
|
echo " -H 'Content-Type: application/json' \\"
|
|
echo " -H 'X-Signature-SHA256: sha256=SIGNATURE' \\"
|
|
echo " -d '{\"environment\":\"dev\",\"image\":\"nginx:latest\",\"namespace\":\"default\",\"service_name\":\"test\"}'"
|
|
echo ""
|
|
echo "4. Push code changes to trigger automated deployment!"
|
|
|
|
# Output webhook secret for GitHub configuration
|
|
echo ""
|
|
echo "🔑 GitHub Secrets Configuration:"
|
|
echo "===============================|"
|
|
echo "SECRET NAME | SECRET VALUE"
|
|
echo "===============================|"
|
|
echo "WEBHOOK_SECRET | $WEBHOOK_SECRET"
|
|
echo "DEV_WEBHOOK_URL | https://$WEBHOOK_DOMAIN/webhook/deploy"
|
|
echo "STAGING_WEBHOOK_URL | https://$WEBHOOK_DOMAIN/webhook/deploy"
|
|
echo "PROD_WEBHOOK_URL | https://$WEBHOOK_DOMAIN/webhook/deploy"
|
|
echo "KNATIVE_DOMAIN | $KNATIVE_DOMAIN"
|
|
echo "===============================|"
|