fixup! ♻️ migration externalsecrets

2025-09-17 18:24:14 +02:00 · 2023-07-09 09:17:34 +02:00
parent c00e101eec
commit 357fb88067
167 changed files with 1329 additions and 2706 deletions
--- a/kubernetes/apps/default/pushover-notifier/app/github-releases/config/config.yaml
+++ b/kubernetes/apps/default/pushover-notifier/app/github-releases/config/config.yaml
@@ -0,0 +1,3 @@
+repositories:
+  - fluxcd/flux2
+  - siderolabs/talos
--- a/kubernetes/apps/default/pushover-notifier/app/github-releases/config/script.py
+++ b/kubernetes/apps/default/pushover-notifier/app/github-releases/config/script.py
@@ -0,0 +1,79 @@
+import os
+import requests
+import yaml
+import psycopg2
+from psycopg2 import sql
+from datetime import datetime
+
+# Load configuration file
+with open("config.yaml", "r") as config_file:
+    config = yaml.safe_load(config_file)
+
+# Pushover credentials
+PUSHOVER_API_URL = "https://api.pushover.net/1/messages.json"
+PUSHOVER_API_TOKEN = os.environ["PUSHOVER_API_TOKEN"]
+PUSHOVER_USER_KEY = os.environ["PUSHOVER_USER_KEY"]
+
+# PostgreSQL connection
+conn = psycopg2.connect(
+    dbname=os.environ["POSTGRES_DB"],
+    user=os.environ["POSTGRES_USER"],
+    password=os.environ["POSTGRES_PASS"],
+    host=os.environ["POSTGRES_HOST"],
+    port=os.environ.get("POSTGRES_PORT", "5432"),
+)
+
+# Create table if not exists
+def create_table():
+    with conn.cursor() as cursor:
+        cursor.execute("""
+        CREATE TABLE IF NOT EXISTS github_releases (
+            repo_name VARCHAR(255) PRIMARY KEY,
+            latest_release VARCHAR(255),
+            release_date TIMESTAMP
+        )
+        """)
+        conn.commit()
+
+# Check for new release
+def check_new_release(repo_name):
+    response = requests.get(f"https://api.github.com/repos/{repo_name}/releases/latest")
+    response.raise_for_status()
+    release_data = response.json()
+    return release_data["tag_name"], release_data["published_at"]
+
+# Send pushover notification
+def send_pushover_notification(repo_name, tag_name):
+    payload = {
+        "token": PUSHOVER_API_TOKEN,
+        "user": PUSHOVER_USER_KEY,
+        "message": f"New stable release {tag_name} for repository {repo_name} is available."
+    }
+    response = requests.post(PUSHOVER_API_URL, data=payload)
+    response.raise_for_status()
+
+# Main function
+def main():
+    create_table()
+    for repo_name in config["repositories"]:
+        latest_tag, release_date = check_new_release(repo_name)
+        release_date = datetime.strptime(release_date, "%Y-%m-%dT%H:%M:%SZ")
+
+        with conn.cursor() as cursor:
+            cursor.execute("""
+            INSERT INTO github_releases (repo_name, latest_release, release_date)
+            VALUES (%s, %s, %s)
+            ON CONFLICT (repo_name) DO UPDATE
+            SET latest_release = EXCLUDED.latest_release,
+                release_date = EXCLUDED.release_date
+            WHERE EXCLUDED.release_date > github_releases.release_date
+            RETURNING *
+            """, (repo_name, latest_tag, release_date))
+            result = cursor.fetchone()
+            conn.commit()
+
+            if result:
+                send_pushover_notification(repo_name, latest_tag)
+
+if __name__ == "__main__":
+    main()
--- a/kubernetes/apps/default/pushover-notifier/app/github-releases/helmrelease.yaml
+++ b/kubernetes/apps/default/pushover-notifier/app/github-releases/helmrelease.yaml
@@ -0,0 +1,70 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: &app pushover-notifier-github-releases
+  namespace: default
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 1.5.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  maxHistory: 3
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  uninstall:
+    keepHistory: false
+  values:
+    controller:
+      type: cronjob
+      cronjob:
+        concurrencyPolicy: Forbid
+        schedule: "23 */3 * * *"
+    initContainers:
+      01-init-db:
+        image: ghcr.io/onedr0p/postgres-init:14.8
+        imagePullPolicy: IfNotPresent
+        envFrom: &envFrom
+          - secretRef:
+              name: pushover-notifier-secret
+    image:
+      repository: ghcr.io/auricom/python
+      tag: 1.0.0@sha256:f709710021a6e20a15eac41d7823d5c4722204bad3dcf0702763a693782492bf
+    command:
+      - python3
+      - /app/script.py
+    service:
+      main:
+        enabled: false
+    envFrom: *envFrom
+    resources:
+      requests:
+        cpu: 50m
+        memory: 250Mi
+      limits:
+        memory: 250Mi
+    persistence:
+      config:
+        enabled: true
+        type: configMap
+        name: pushover-notifier-github-releases-configmap
+        mountPath: /app/config.yaml
+        subPath: config.yaml
+      script:
+        enabled: true
+        type: configMap
+        name: pushover-notifier-github-releases-configmap
+        mountPath: /app/script.py
+        subPath: script.py
--- a/kubernetes/apps/default/pushover-notifier/app/github-releases/kustomization.yaml
+++ b/kubernetes/apps/default/pushover-notifier/app/github-releases/kustomization.yaml
@@ -0,0 +1,14 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+  - ./helmrelease.yaml
+configMapGenerator:
+  - name: pushover-notifier-github-releases-configmap
+    files:
+      - ./config/config.yaml
+      - ./config/script.py
+generatorOptions:
+  disableNameSuffixHash: true
--- a/kubernetes/apps/default/pushover-notifier/app/github-releases/secret.sops.yaml
+++ b/kubernetes/apps/default/pushover-notifier/app/github-releases/secret.sops.yaml
@@ -0,0 +1,33 @@
+# yamllint disable
+apiVersion: v1
+kind: Secret
+metadata:
+    name: pushover-notifier-github-releases-secret
+    namespace: default
+type: Opaque
+stringData:
+    POSTGRES_DB: ENC[AES256_GCM,data:J+zrbZI47CMW5ITQRUXan3M=,iv:Q97KeB8ssOXDVO2XehQF/NA8P9To4oX+NWmnaxy7PFs=,tag:fTzdivfoRoPakpfU4yXi/w==,type:str]
+    POSTGRES_USER: ENC[AES256_GCM,data:LNGaeR1bQfgLJ5RC8G2oTog=,iv:oFUjYbX0YkAEaKpPloYaTEYQOB48Sv2Prf3CFyszGR0=,tag:6Q9NC5bml8Kf0M+Ok+U0dA==,type:str]
+    POSTGRES_PASS: ENC[AES256_GCM,data:HifiMzAawK0mls6hrE58j2c23lc=,iv:O59tbU+JN4LAfuhLo+4y+AJx7ZrTPWPxPX9QtGLFvYQ=,tag:xtdaVNj6D0Wr/Ven+p8tJg==,type:str]
+    PUSHOVER_API_TOKEN: ENC[AES256_GCM,data:MNsnHE3n1Vqb0IjdPAmUPrTKpfIVrn9lk8GPoSlv,iv:AMVXc/WGdU18GSUNySf1PGlRuJzNA7iLxrtgu10BOdI=,tag:R8zge4m1+aklSds25zGc4w==,type:str]
+    PUSHOVER_USER_KEY: ENC[AES256_GCM,data:zgoGVo8k7xjuT0+W5AyAkGtJpmTkplW3wmAWqZrY,iv:8ZYZT1I7EOK2mfvjSY+4RfRHQeczYmxihfDHcjRpUSI=,tag:Vkq+ny1eVmAOHmBiAutuNg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaU16anJNV2pBZmxPR3h2
+            bWREUnpjcTFvd05ZQ2E4VVBDdm1FL2k4WEYwCkdQSStTNWtpdjNkUW51WS9MekdC
+            VkpTUUFjSjY2a1JMOUtqOVh5M0JRR2sKLS0tIDRmcWpJSEVvaUp4U1lsaTZYZGNw
+            OGVKWU0zNUZJSFh4aFJxQWFsYm1VeFkKaDeI/hl7z0Qh8t5W39Kxu9ert1dt4xo+
+            LX+MjpVqxiZNcfwROD4bkWeQSN+VsxoGOOyj4L15BlggNnlg+L7Hww==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-03-18T15:35:14Z"
+    mac: ENC[AES256_GCM,data:sg0K9LM+jAlIhenLH1PercI8Bxz9gRgRB1fGMiPIUpS/n5zTSvkGB9JBVtvzR4NkQz/iYod6R9xtzh3T2FrH/+pAnXugJGwCtcQ6hwGK8lSvg5k4ht23ayS7MSfP/JW9a7etNqgG+QX94C7/peodepMIGJp1zYc4v8lKQ9RAwCQ=,iv:uSfQ27CW62qQnls0jR3BBM+3OaGz75BlyLtudHwVrZM=,tag:2HroSsRaBKHg2g3H84+xRw==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.7.3