fixup! ♻️ migration externalsecrets

2025-12-25 00:34:07 +01:00 · 2023-07-09 09:17:34 +02:00
parent c00e101eec
commit 357fb88067
167 changed files with 1329 additions and 2706 deletions
--- a/kubernetes/apps/default/pushover-notifier/app/ankr-queries/config/config.yaml
+++ b/kubernetes/apps/default/pushover-notifier/app/ankr-queries/config/config.yaml
@@ -0,0 +1,5 @@
+addresses:
+  - address: "0xd14a28667d263efda2033ceb3b466399723c9c9c"
+    memo: "@Defi_Maestro"
+  - address: "0xc880e1befe692db8b1c71357130f25630239e6fc"
+    memo: "@Defi_Maestro2"
--- a/kubernetes/apps/default/pushover-notifier/app/ankr-queries/config/script.py
+++ b/kubernetes/apps/default/pushover-notifier/app/ankr-queries/config/script.py
@@ -0,0 +1,100 @@
+import requests
+import psycopg2
+import yaml
+import os
+import json
+
+# Load configuration
+with open("config.yaml", "r") as f:
+    config = yaml.safe_load(f)
+
+# Pushover credentials
+PUSHOVER_API_URL = "https://api.pushover.net/1/messages.json"
+PUSHOVER_API_TOKEN = os.environ["PUSHOVER_API_TOKEN"]
+PUSHOVER_USER_KEY = os.environ["PUSHOVER_USER_KEY"]
+
+# PostgreSQL connection
+connection = psycopg2.connect(
+    dbname=os.environ["POSTGRES_DB"],
+    user=os.environ["POSTGRES_USER"],
+    password=os.environ["POSTGRES_PASS"],
+    host=os.environ["POSTGRES_HOST"],
+    port=os.environ.get("POSTGRES_PORT", "5432"),
+)
+cursor = connection.cursor()
+
+# Create the database structure
+cursor.execute("""
+CREATE TABLE IF NOT EXISTS ankr_queries_transactions (
+    id SERIAL PRIMARY KEY,
+    address VARCHAR NOT NULL,
+    tx_hash VARCHAR NOT NULL,
+    blockchain VARCHAR NOT NULL,
+    timestamp VARCHAR NOT NULL
+);
+""")
+connection.commit()
+
+
+# Send notification using Pushover
+def send_pushover_notification(title, message):
+    payload = {
+        'token': PUSHOVER_API_TOKEN,
+        'user': PUSHOVER_USER_KEY,
+        'html': 1,
+        'title': title,
+        'message': message
+    }
+    response = requests.post(PUSHOVER_API_URL, data=payload)
+    response.raise_for_status()
+
+# Process new transactions
+def process_new_transactions(address, memo):
+
+    url = "https://rpc.ankr.com/multichain/?ankr_getTransactionsByAddress"
+    headers = {"Content-Type": "application/json"}
+    payload = {
+      "id": 1,
+      "jsonrpc": "2.0",
+      "method": "ankr_getTransactionsByAddress",
+      "params": {
+          "address": f"{address}",
+          "descOrder": True
+      }
+    }
+    response = requests.post(url, headers=headers, data=json.dumps(payload))
+    if response.status_code != 200:
+        print(f"Failed to fetch transactions: {response.text}")
+        return
+
+    for tx in response.json()["result"]["transactions"]:
+        tx_hash = tx['hash']
+        timestamp = tx['timestamp']
+        blockchain = tx['blockchain']
+
+        cursor.execute("""
+        SELECT COUNT(*) FROM ankr_queries_transactions WHERE address=%s AND tx_hash=%s AND blockchain=%s;
+        """, (address, tx_hash, blockchain))
+        exists = cursor.fetchone()[0]
+
+        if not exists:
+            cursor.execute("""
+            INSERT INTO ankr_queries_transactions (address, tx_hash, blockchain, timestamp)
+            VALUES (%s, %s, %s, %s);
+            """, (address, tx_hash, blockchain, timestamp))
+            connection.commit()
+
+            send_pushover_notification(
+                f"New Transaction: {memo}",
+                f"Transaction Hash: <a href=\"http://www.debank.com/profile/{address}/history\">{tx_hash}</a><br>Blockchain: {blockchain}<br>Timestamp: {timestamp}"
+            )
+
+# Main function
+def main():
+    for entry in config["addresses"]:
+        address = entry["address"]
+        memo = entry["memo"]
+        process_new_transactions(address, memo)
+
+if __name__ == "__main__":
+    main()
--- a/kubernetes/apps/default/pushover-notifier/app/ankr-queries/helmrelease.yaml
+++ b/kubernetes/apps/default/pushover-notifier/app/ankr-queries/helmrelease.yaml
@@ -0,0 +1,69 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: &app pushover-notifier-ankr-queries
+  namespace: default
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 1.5.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  maxHistory: 3
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  uninstall:
+    keepHistory: false
+  values:
+    controller:
+      type: cronjob
+      cronjob:
+        concurrencyPolicy: Forbid
+        schedule: "*/30 * * * *"
+      01-init-db:
+        image: ghcr.io/onedr0p/postgres-init:14.8
+        imagePullPolicy: IfNotPresent
+        envFrom: &envFrom
+          - secretRef:
+              name: pushover-notifier-secret
+    image:
+      repository: ghcr.io/auricom/python
+      tag: 1.0.0@sha256:f709710021a6e20a15eac41d7823d5c4722204bad3dcf0702763a693782492bf
+    command:
+      - python3
+      - /app/script.py
+    service:
+      main:
+        enabled: false
+    envFrom: *envFrom
+    resources:
+      requests:
+        cpu: 50m
+        memory: 250Mi
+      limits:
+        memory: 250Mi
+    persistence:
+      config:
+        enabled: true
+        type: configMap
+        name: pushover-notifier-ankr-queries-configmap
+        mountPath: /app/config.yaml
+        subPath: config.yaml
+      script:
+        enabled: true
+        type: configMap
+        name: pushover-notifier-ankr-queries-configmap
+        mountPath: /app/script.py
+        subPath: script.py
--- a/kubernetes/apps/default/pushover-notifier/app/ankr-queries/kustomization.yaml
+++ b/kubernetes/apps/default/pushover-notifier/app/ankr-queries/kustomization.yaml
@@ -0,0 +1,14 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+  - ./helmrelease.yaml
+configMapGenerator:
+  - name: pushover-notifier-ankr-queries-configmap
+    files:
+      - ./config/config.yaml
+      - ./config/script.py
+generatorOptions:
+  disableNameSuffixHash: true
--- a/kubernetes/apps/default/pushover-notifier/app/ankr-queries/secret.sops.yaml
+++ b/kubernetes/apps/default/pushover-notifier/app/ankr-queries/secret.sops.yaml
@@ -0,0 +1,33 @@
+# yamllint disable
+apiVersion: v1
+kind: Secret
+metadata:
+    name: pushover-notifier-ankr-queries-secret
+    namespace: default
+type: Opaque
+stringData:
+    POSTGRES_DB: ENC[AES256_GCM,data:QTTAnp99RU4DhC3mn9IUaTw=,iv:VP6oHP3N9mG9TboqQ9jbIUlK+CoVqxWXFIus692bw/I=,tag:Y0CAs3yH4OM+rZlmqYJTfg==,type:str]
+    POSTGRES_USER: ENC[AES256_GCM,data:wtl7bwSp2EMTwUsA8MzhTXQ=,iv:RccrE8s7XNtNwF2z59BD36GEPmbEw6n6xPVPuS+/6oE=,tag:2xaXDK1cR3KXkljdQtHVNQ==,type:str]
+    POSTGRES_PASS: ENC[AES256_GCM,data:HifiMzAawK0mls6hrE58j2c23lc=,iv:O59tbU+JN4LAfuhLo+4y+AJx7ZrTPWPxPX9QtGLFvYQ=,tag:xtdaVNj6D0Wr/Ven+p8tJg==,type:str]
+    PUSHOVER_API_TOKEN: ENC[AES256_GCM,data:waPntuH+JjGBr2t9I4U9D/llZC9KW/QyyMUu3EHH,iv:NU6/tbrYRoUSME5ecachU0LDNsz7W31DkEw1S8fSIqw=,tag:YbmZbOOn81+kkGb4Sf2Q2w==,type:str]
+    PUSHOVER_USER_KEY: ENC[AES256_GCM,data:zgoGVo8k7xjuT0+W5AyAkGtJpmTkplW3wmAWqZrY,iv:8ZYZT1I7EOK2mfvjSY+4RfRHQeczYmxihfDHcjRpUSI=,tag:Vkq+ny1eVmAOHmBiAutuNg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaU16anJNV2pBZmxPR3h2
+            bWREUnpjcTFvd05ZQ2E4VVBDdm1FL2k4WEYwCkdQSStTNWtpdjNkUW51WS9MekdC
+            VkpTUUFjSjY2a1JMOUtqOVh5M0JRR2sKLS0tIDRmcWpJSEVvaUp4U1lsaTZYZGNw
+            OGVKWU0zNUZJSFh4aFJxQWFsYm1VeFkKaDeI/hl7z0Qh8t5W39Kxu9ert1dt4xo+
+            LX+MjpVqxiZNcfwROD4bkWeQSN+VsxoGOOyj4L15BlggNnlg+L7Hww==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-03-18T15:36:57Z"
+    mac: ENC[AES256_GCM,data:L1q6+ngZzlrpCreFyBaOCik7v3JoTrNJekv2gxsIynaMQuFTtHVGx8/+m2UvEmt3Upc8tbN6N3JYIxoske91EI2mEuv3DEJPBmHcWtuQ/eXyd5E0kowqobasdnTJHGSo7ym2I0BsbYM4v4ZJj83Zm9fUigjRP874N/QCbs829/A=,iv:xO/iVXiWzbATJNUvyOLkQMt++rK837n+iygS9aWBKrE=,tag:eLMaq/VvvKM65JRNlxtEng==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.7.3
--- a/kubernetes/apps/default/pushover-notifier/app/externalsecret.yaml
+++ b/kubernetes/apps/default/pushover-notifier/app/externalsecret.yaml
@@ -0,0 +1,37 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: pushover-notifier
+  namespace: default
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: pushover-notifier-secret
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      data:
+        # App
+        POSTGRES_DB: &dbName pushover-notifier
+        POSTGRES_HOST: &dbHost postgres-rw.default.svc.cluster.local
+        POSTGRES_USER: &dbUser "{{ .POSTGRES_USER }}"
+        POSTGRES_PASS: &dbPass "{{ .POSTGRES_PASS }}"
+        PUSHOVER_API_TOKEN: "{{ .PUSHOVER_API_TOKEN }}"
+        PUSHOVER_USER_KEY: "{{ .PUSHOVER_USER_KEY }}"
+        # Postgres Init
+        INIT_POSTGRES_DBNAME: *dbName
+        INIT_POSTGRES_HOST: *dbHost
+        INIT_POSTGRES_USER: *dbUser
+        INIT_POSTGRES_PASS: *dbPass
+        INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}"
+  dataFrom:
+    - extract:
+        key: cloudnative-pg
+    - extract:
+        key: pushover-notifier
+    - extract:
+        key: pushover
--- a/kubernetes/apps/default/pushover-notifier/app/github-releases/config/config.yaml
+++ b/kubernetes/apps/default/pushover-notifier/app/github-releases/config/config.yaml
@@ -0,0 +1,3 @@
+repositories:
+  - fluxcd/flux2
+  - siderolabs/talos
--- a/kubernetes/apps/default/pushover-notifier/app/github-releases/config/script.py
+++ b/kubernetes/apps/default/pushover-notifier/app/github-releases/config/script.py
@@ -0,0 +1,79 @@
+import os
+import requests
+import yaml
+import psycopg2
+from psycopg2 import sql
+from datetime import datetime
+
+# Load configuration file
+with open("config.yaml", "r") as config_file:
+    config = yaml.safe_load(config_file)
+
+# Pushover credentials
+PUSHOVER_API_URL = "https://api.pushover.net/1/messages.json"
+PUSHOVER_API_TOKEN = os.environ["PUSHOVER_API_TOKEN"]
+PUSHOVER_USER_KEY = os.environ["PUSHOVER_USER_KEY"]
+
+# PostgreSQL connection
+conn = psycopg2.connect(
+    dbname=os.environ["POSTGRES_DB"],
+    user=os.environ["POSTGRES_USER"],
+    password=os.environ["POSTGRES_PASS"],
+    host=os.environ["POSTGRES_HOST"],
+    port=os.environ.get("POSTGRES_PORT", "5432"),
+)
+
+# Create table if not exists
+def create_table():
+    with conn.cursor() as cursor:
+        cursor.execute("""
+        CREATE TABLE IF NOT EXISTS github_releases (
+            repo_name VARCHAR(255) PRIMARY KEY,
+            latest_release VARCHAR(255),
+            release_date TIMESTAMP
+        )
+        """)
+        conn.commit()
+
+# Check for new release
+def check_new_release(repo_name):
+    response = requests.get(f"https://api.github.com/repos/{repo_name}/releases/latest")
+    response.raise_for_status()
+    release_data = response.json()
+    return release_data["tag_name"], release_data["published_at"]
+
+# Send pushover notification
+def send_pushover_notification(repo_name, tag_name):
+    payload = {
+        "token": PUSHOVER_API_TOKEN,
+        "user": PUSHOVER_USER_KEY,
+        "message": f"New stable release {tag_name} for repository {repo_name} is available."
+    }
+    response = requests.post(PUSHOVER_API_URL, data=payload)
+    response.raise_for_status()
+
+# Main function
+def main():
+    create_table()
+    for repo_name in config["repositories"]:
+        latest_tag, release_date = check_new_release(repo_name)
+        release_date = datetime.strptime(release_date, "%Y-%m-%dT%H:%M:%SZ")
+
+        with conn.cursor() as cursor:
+            cursor.execute("""
+            INSERT INTO github_releases (repo_name, latest_release, release_date)
+            VALUES (%s, %s, %s)
+            ON CONFLICT (repo_name) DO UPDATE
+            SET latest_release = EXCLUDED.latest_release,
+                release_date = EXCLUDED.release_date
+            WHERE EXCLUDED.release_date > github_releases.release_date
+            RETURNING *
+            """, (repo_name, latest_tag, release_date))
+            result = cursor.fetchone()
+            conn.commit()
+
+            if result:
+                send_pushover_notification(repo_name, latest_tag)
+
+if __name__ == "__main__":
+    main()
--- a/kubernetes/apps/default/pushover-notifier/app/github-releases/helmrelease.yaml
+++ b/kubernetes/apps/default/pushover-notifier/app/github-releases/helmrelease.yaml
@@ -0,0 +1,70 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: &app pushover-notifier-github-releases
+  namespace: default
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 1.5.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  maxHistory: 3
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  uninstall:
+    keepHistory: false
+  values:
+    controller:
+      type: cronjob
+      cronjob:
+        concurrencyPolicy: Forbid
+        schedule: "23 */3 * * *"
+    initContainers:
+      01-init-db:
+        image: ghcr.io/onedr0p/postgres-init:14.8
+        imagePullPolicy: IfNotPresent
+        envFrom: &envFrom
+          - secretRef:
+              name: pushover-notifier-secret
+    image:
+      repository: ghcr.io/auricom/python
+      tag: 1.0.0@sha256:f709710021a6e20a15eac41d7823d5c4722204bad3dcf0702763a693782492bf
+    command:
+      - python3
+      - /app/script.py
+    service:
+      main:
+        enabled: false
+    envFrom: *envFrom
+    resources:
+      requests:
+        cpu: 50m
+        memory: 250Mi
+      limits:
+        memory: 250Mi
+    persistence:
+      config:
+        enabled: true
+        type: configMap
+        name: pushover-notifier-github-releases-configmap
+        mountPath: /app/config.yaml
+        subPath: config.yaml
+      script:
+        enabled: true
+        type: configMap
+        name: pushover-notifier-github-releases-configmap
+        mountPath: /app/script.py
+        subPath: script.py
--- a/kubernetes/apps/default/pushover-notifier/app/github-releases/kustomization.yaml
+++ b/kubernetes/apps/default/pushover-notifier/app/github-releases/kustomization.yaml
@@ -0,0 +1,14 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+  - ./helmrelease.yaml
+configMapGenerator:
+  - name: pushover-notifier-github-releases-configmap
+    files:
+      - ./config/config.yaml
+      - ./config/script.py
+generatorOptions:
+  disableNameSuffixHash: true
--- a/kubernetes/apps/default/pushover-notifier/app/github-releases/secret.sops.yaml
+++ b/kubernetes/apps/default/pushover-notifier/app/github-releases/secret.sops.yaml
@@ -0,0 +1,33 @@
+# yamllint disable
+apiVersion: v1
+kind: Secret
+metadata:
+    name: pushover-notifier-github-releases-secret
+    namespace: default
+type: Opaque
+stringData:
+    POSTGRES_DB: ENC[AES256_GCM,data:J+zrbZI47CMW5ITQRUXan3M=,iv:Q97KeB8ssOXDVO2XehQF/NA8P9To4oX+NWmnaxy7PFs=,tag:fTzdivfoRoPakpfU4yXi/w==,type:str]
+    POSTGRES_USER: ENC[AES256_GCM,data:LNGaeR1bQfgLJ5RC8G2oTog=,iv:oFUjYbX0YkAEaKpPloYaTEYQOB48Sv2Prf3CFyszGR0=,tag:6Q9NC5bml8Kf0M+Ok+U0dA==,type:str]
+    POSTGRES_PASS: ENC[AES256_GCM,data:HifiMzAawK0mls6hrE58j2c23lc=,iv:O59tbU+JN4LAfuhLo+4y+AJx7ZrTPWPxPX9QtGLFvYQ=,tag:xtdaVNj6D0Wr/Ven+p8tJg==,type:str]
+    PUSHOVER_API_TOKEN: ENC[AES256_GCM,data:MNsnHE3n1Vqb0IjdPAmUPrTKpfIVrn9lk8GPoSlv,iv:AMVXc/WGdU18GSUNySf1PGlRuJzNA7iLxrtgu10BOdI=,tag:R8zge4m1+aklSds25zGc4w==,type:str]
+    PUSHOVER_USER_KEY: ENC[AES256_GCM,data:zgoGVo8k7xjuT0+W5AyAkGtJpmTkplW3wmAWqZrY,iv:8ZYZT1I7EOK2mfvjSY+4RfRHQeczYmxihfDHcjRpUSI=,tag:Vkq+ny1eVmAOHmBiAutuNg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaU16anJNV2pBZmxPR3h2
+            bWREUnpjcTFvd05ZQ2E4VVBDdm1FL2k4WEYwCkdQSStTNWtpdjNkUW51WS9MekdC
+            VkpTUUFjSjY2a1JMOUtqOVh5M0JRR2sKLS0tIDRmcWpJSEVvaUp4U1lsaTZYZGNw
+            OGVKWU0zNUZJSFh4aFJxQWFsYm1VeFkKaDeI/hl7z0Qh8t5W39Kxu9ert1dt4xo+
+            LX+MjpVqxiZNcfwROD4bkWeQSN+VsxoGOOyj4L15BlggNnlg+L7Hww==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-03-18T15:35:14Z"
+    mac: ENC[AES256_GCM,data:sg0K9LM+jAlIhenLH1PercI8Bxz9gRgRB1fGMiPIUpS/n5zTSvkGB9JBVtvzR4NkQz/iYod6R9xtzh3T2FrH/+pAnXugJGwCtcQ6hwGK8lSvg5k4ht23ayS7MSfP/JW9a7etNqgG+QX94C7/peodepMIGJp1zYc4v8lKQ9RAwCQ=,iv:uSfQ27CW62qQnls0jR3BBM+3OaGz75BlyLtudHwVrZM=,tag:2HroSsRaBKHg2g3H84+xRw==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.7.3
--- a/kubernetes/apps/default/pushover-notifier/app/kustomization.yaml
+++ b/kubernetes/apps/default/pushover-notifier/app/kustomization.yaml
@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+  - ./ankr-queries
+  - ./externalsecret.yaml
+  - ./github-releases