admin/FamilyHUB
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Wiki Activity

added k8s manifests, removed webhook server
Build and Deploy / build-and-deploy (push) Successful in 37s
Details

Browse Source
This commit is contained in:
AlexBelyan
2026-05-23 13:07:49 +03:00
parent 6d7124d274
commit 0bedc8d508
14 changed files with 171 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/deploy.yaml
+7 -19
View File
@@ -25,30 +25,18 @@ jobs:
- name: Build and push postgres image - name: Build and push postgres image
uses: docker/build-push-action@v5 uses: docker/build-push-action@v5
# if: | if: |
# contains(github.event.commits[0].modified, 'infra/docker/postgres-pg-cron') || contains(github.event.commits[0].modified, 'infra/postgres-pg-cron') ||
# contains(github.event.commits[0].added, 'infra/docker/postgres-pg-cron') contains(github.event.commits[0].added, 'infra/postgres-pg-cron')
with: with:
context: . context: .
file: infra/docker/postgres-pg-cron/Dockerfile file: infra/postgres/Dockerfile
push: true push: true
tags: | tags: |
${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USER }}/familyhub-postgres:latest ${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USER }}/familyhub-postgres:latest
${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USER }}/familyhub:${{ github.sha }} ${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USER }}/familyhub-postgres:${{ github.sha }}
cache-from: type=registry,ref=${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USER }}/familyhub:cache cache-from: type=registry,ref=${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USER }}/familyhub-postgres:cache
cache-to: type=registry,ref=${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USER }}/familyhub:cache,mode=max cache-to: type=registry,ref=${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USER }}/familyhub-postgres:cache,mode=max
# - name: Build and push webhook image
# uses: docker/build-push-action@v5
# with:
# context: .
# file: infra/webhook/Dockerfile
# push: true
# tags: |
# ${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USER }}/familyhub-webhook:latest
# ${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USER }}/familyhub:${{ github.sha }}
# cache-from: type=registry,ref=${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USER }}/familyhub:cache
# cache-to: type=registry,ref=${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USER }}/familyhub:cache,mode=max
- name: Build and push app image - name: Build and push app image
uses: docker/build-push-action@v5 uses: docker/build-push-action@v5
.gitignore
+3 -1
View File
@@ -6,4 +6,6 @@ data
archive archive
volumes volumes
*.dtmp *.dtmp
*.gocache *.gocache
infra/k8s/secrets.yaml
infra/k8s/google-creds.yaml
infra/docker-compose.yml → infra/docker/docker-compose.yml
-17
View File
@@ -48,23 +48,6 @@ services:
networks: networks:
- family-hub-net - family-hub-net
webhook:
image: git.myhomecloud.tech/admin/familyhub-webhook:latest
container_name: webhook
restart: unless-stopped
pull_policy: always
ports:
- "9001:9001"
environment:
- WEBHOOK_SECRET=${WEBHOOK_SECRET}
# - COMPOSE_FILE=/compose/docker-compose.yml
- COMPOSE_PROJECT=familyhub
volumes:
- /var/run/docker.sock:/var/run/docker.sock
# - ./docker-compose.yml:/compose/docker-compose.yml:ro
networks:
- family-hub-net
networks: networks:
family-hub-net: family-hub-net:
infra/k8s/app.yaml
+62
View File
@@ -0,0 +1,62 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: application
namespace: family-hub
spec:
replicas: 1
selector:
matchLabels:
app: application
template:
metadata:
labels:
app: application
spec:
containers:
- name: application
image: git.myhomecloud.tech/admin/familyhub:latest
ports:
- containerPort: 8000
envFrom:
- configMapRef:
name: family-hub-config
- secretRef:
name: family-hub-secrets
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /secrets/credentials.json
volumeMounts:
- name: google-credentials
mountPath: /secrets
readOnly: true
# livenessProbe:
# httpGet:
# path: /api/v1/health
# port: 8000
# initialDelaySeconds: 10
# periodSeconds: 30
# readinessProbe:
# httpGet:
# path: /api/v1/health
# port: 8000
# initialDelaySeconds: 5
# periodSeconds: 10
volumes:
- name: google-credentials
secret:
secretName: google-credentials
imagePullSecrets:
- name: gitea-registry
---
apiVersion: v1
kind: Service
metadata:
name: application
namespace: family-hub
spec:
selector:
app: application
ports:
- port: 9876
targetPort: 8000
infra/k8s/configmap.yaml
+14
View File
@@ -0,0 +1,14 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: family-hub-config
namespace: family-hub
data:
DB_HOST: postgres
DB_PORT: "6432"
DB_NAME: familyHubDB
DB_USER: familyUser
API_PORT: "8000"
RUN_MODE: standalone
OPEN_API_ENABLED: "true"
DEBUG_MODE: "false"
infra/k8s/ingress.yaml
+19
View File
@@ -0,0 +1,19 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: family-hub
namespace: family-hub
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web
spec:
rules:
- host: family-hub.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: family-hub
port:
number: 9876
infra/k8s/namespace.yaml
+4
View File
@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: family-hub
infra/k8s/postgres.yaml
+62
View File
@@ -0,0 +1,62 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres
namespace: family-hub
spec:
replicas: 1
selector:
matchLabels:
app: postgres
template:
metadata:
labels:
app: postgres
spec:
containers:
- name: postgres
image: git.myhomecloud.tech/admin/familyhub-postgres:latest
env:
- name: POSTGRES_USER
value: familyUser
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: family-hub-secrets
key: DB_PASSWORD
- name: POSTGRES_DB
value: familyHubDB
ports:
- containerPort: 5432
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
imagePullSecrets:
- name: gitea-registry
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: postgres-pvc
---
apiVersion: v1
kind: Service
metadata:
name: postgres
namespace: family-hub
spec:
selector:
app: postgres
ports:
- port: 5432
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgres-pvc
namespace: family-hub
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
infra/docker/postgres-pg-cron/Dockerfile → infra/postgres/Dockerfile
View File
infra/docker/postgres-pg-cron/init/001-create-pg-cron-extension.sql → infra/postgres/init/001-create-pg-cron-extension.sql
View File
infra/webhook/Dockerfile
-12
View File
@@ -1,12 +0,0 @@
FROM golang:1.26-bookworm AS builder
WORKDIR /app
COPY infra/webhook/ .
RUN go mod download && \
CGO_ENABLED=0 GOOS=linux go build -o webhook .
FROM scratch
COPY --from=builder /app/webhook /webhook
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
EXPOSE 9001
ENTRYPOINT ["/webhook"]
infra/webhook/go.mod
-3
View File
@@ -1,3 +0,0 @@
module webhook
go 1.25.0
infra/webhook/go.sum
View File
infra/webhook/main.go
-134
View File
@@ -1,134 +0,0 @@
package main
import (
"context"
"encoding/json"
"fmt"
"io"
"log"
"net"
"net/http"
"net/url"
"os"
)
func newDockerClient() *http.Client {
return &http.Client{
Transport: &http.Transport{
DialContext: func(ctx context.Context, _, _ string) (net.Conn, error) {
return net.Dial("unix", "/var/run/docker.sock")
},
},
}
}
func getImageName(containerName string) (string, error) {
client := newDockerClient()
resp, err := client.Get("http://localhost/containers/" + containerName + "/json")
if err != nil {
return "", err
}
defer resp.Body.Close()
var result struct {
Config struct {
Image string `json:"Image"`
} `json:"Config"`
}
if err := json.NewDecoder(resp.Body).Decode(&result); err != nil {
return "", err
}
return result.Config.Image, nil
}
func pullImage(imageName string) error {
client := newDockerClient()
resp, err := client.Post(
"http://localhost/images/create?fromImage="+url.QueryEscape(imageName),
"application/json",
nil,
)
if err != nil {
return err
}
defer resp.Body.Close()
// читаем до конца чтобы pull завершился полностью
io.Copy(io.Discard, resp.Body)
if resp.StatusCode != http.StatusOK {
return fmt.Errorf("pull failed with status: %d", resp.StatusCode)
}
return nil
}
func restartContainer(containerName string) error {
client := newDockerClient()
resp, err := client.Post(
"http://localhost/containers/"+containerName+"/restart",
"application/json",
nil,
)
if err != nil {
return err
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusNoContent {
return fmt.Errorf("restart failed with status: %d", resp.StatusCode)
}
return nil
}
func main() {
secret := os.Getenv("WEBHOOK_SECRET")
http.HandleFunc("/deploy", func(w http.ResponseWriter, r *http.Request) {
if r.Method != http.MethodPost {
http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
return
}
if r.Header.Get("X-Webhook-Secret") != secret {
http.Error(w, "unauthorized", http.StatusUnauthorized)
return
}
containerName := r.URL.Query().Get("container")
if containerName == "" {
http.Error(w, "container parameter is required", http.StatusBadRequest)
return
}
imageName, err := getImageName(containerName)
if err != nil {
log.Printf("failed to inspect container %s: %v", containerName, err)
http.Error(w, "container not found", http.StatusNotFound)
return
}
log.Printf("Container: %s, Image: %s", containerName, imageName)
log.Printf("Pulling image %s...", imageName)
if err := pullImage(imageName); err != nil {
log.Printf("pull failed: %v", err)
http.Error(w, "pull failed", http.StatusInternalServerError)
return
}
log.Printf("Restarting container %s...", containerName)
if err := restartContainer(containerName); err != nil {
log.Printf("restart failed: %v", err)
http.Error(w, "restart failed", http.StatusInternalServerError)
return
}
log.Printf("Deploy of %s completed", containerName)
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(map[string]string{
"status": "ok",
"container": containerName,
"image": imageName,
})
})
log.Println("Webhook server listening on :9001")
log.Fatal(http.ListenAndServe(":9001", nil))
}