From 950b462651a4150f870cfb911a5e758b07bb0bd1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= Date: Sat, 6 Jun 2026 03:09:49 +0000 Subject: [PATCH] fluxcd: node red --- services/node-red/.gitignore | 1 + services/node-red/.sops.yaml | 11 ++++++++ services/node-red/README.md | 28 ++++++++++--------- .../app/.env.d/node-red-settings.example.js | 10 ------- services/node-red/deploy/app/deployment.yaml | 4 ++- .../node-red/deploy/app/image-policy.yaml | 13 +++++++++ services/node-red/deploy/app/image-repo.yaml | 7 +++++ .../deploy/app/image-update-automation.yaml | 25 +++++++++++++++++ .../deploy/{infra => app}/ingress.yaml | 0 .../node-red/deploy/app/kustomization.yaml | 18 ++++++------ .../deploy/app/limbomox-ssh-secret.yaml | 23 +++++++++++++++ .../deploy/app/node-red-settings-secret.yaml | 23 +++++++++++++++ .../node-red/deploy/flux/.env.d/.gitignore | 2 ++ services/node-red/deploy/flux/app-sync.yaml | 13 +++++++++ .../node-red/deploy/flux/kustomization.yaml | 11 ++++++++ .../node-red/deploy/infra/kustomization.yaml | 7 ----- services/node-red/deploy/infra/namespace.yaml | 7 ----- services/node-red/ops-scripts/apply-app.sh | 5 ---- services/node-red/ops-scripts/apply-flux.sh | 3 ++ services/node-red/ops-scripts/apply-infra.sh | 5 ---- 20 files changed, 158 insertions(+), 58 deletions(-) create mode 100644 services/node-red/.gitignore create mode 100644 services/node-red/.sops.yaml delete mode 100644 services/node-red/deploy/app/.env.d/node-red-settings.example.js create mode 100644 services/node-red/deploy/app/image-policy.yaml create mode 100644 services/node-red/deploy/app/image-repo.yaml create mode 100644 services/node-red/deploy/app/image-update-automation.yaml rename services/node-red/deploy/{infra => app}/ingress.yaml (100%) create mode 100644 services/node-red/deploy/app/limbomox-ssh-secret.yaml create mode 100644 services/node-red/deploy/app/node-red-settings-secret.yaml create mode 100644 services/node-red/deploy/flux/.env.d/.gitignore create mode 100644 services/node-red/deploy/flux/app-sync.yaml create mode 100644 services/node-red/deploy/flux/kustomization.yaml delete mode 100644 services/node-red/deploy/infra/kustomization.yaml delete mode 100644 services/node-red/deploy/infra/namespace.yaml delete mode 100755 services/node-red/ops-scripts/apply-app.sh create mode 100755 services/node-red/ops-scripts/apply-flux.sh delete mode 100755 services/node-red/ops-scripts/apply-infra.sh diff --git a/services/node-red/.gitignore b/services/node-red/.gitignore new file mode 100644 index 0000000..c5d7d92 --- /dev/null +++ b/services/node-red/.gitignore @@ -0,0 +1 @@ +**.dec.** \ No newline at end of file diff --git a/services/node-red/.sops.yaml b/services/node-red/.sops.yaml new file mode 100644 index 0000000..86d5522 --- /dev/null +++ b/services/node-red/.sops.yaml @@ -0,0 +1,11 @@ +creation_rules: + # encrypt all values from file + - path_regex: \.private\.dec\.yaml$ + encrypted_regex: '^(.*)$' + age: + - age1gk946fp37xtm3fv500407zdd5h89a5lvxysrufhau3f73xcq8ewqcu8l5g + # encrypt secrets files + - path_regex: .*.yaml + encrypted_regex: ^(data|stringData)$ + age: + - age1gk946fp37xtm3fv500407zdd5h89a5lvxysrufhau3f73xcq8ewqcu8l5g \ No newline at end of file diff --git a/services/node-red/README.md b/services/node-red/README.md index c9b9554..8764a72 100644 --- a/services/node-red/README.md +++ b/services/node-red/README.md @@ -1,20 +1,22 @@ # node-red -**Deploy app:** - -```bash {cwd=../../} -./services/node-red/ops-scripts/apply-app.sh -``` - -**Deploy Infra:** - -```bash {cwd=../../} -./services/node-red/ops-scripts/apply-infra.sh -``` - -Create password to add to node-red settings file. ``` bash #npm install bcryptjs node -e "console.log(require('bcryptjs').hashSync(process.argv[1], 8));" YOUR-PASSWORD ``` + +## Setup + +Using flux for reconciliation. + +``` bash +./ops-scripts/apply-flux.sh +``` + +**Encrypt secrets:** + +``` bash +sops -e deploy/app/limbomox-ssh-secret.dec.yaml > deploy/app/limbomox-ssh-secret.yaml +sops -e deploy/app/node-red-settings-secret.dec.yaml > deploy/app/node-red-settings-secret.yaml +``` diff --git a/services/node-red/deploy/app/.env.d/node-red-settings.example.js b/services/node-red/deploy/app/.env.d/node-red-settings.example.js deleted file mode 100644 index 54e55ad..0000000 --- a/services/node-red/deploy/app/.env.d/node-red-settings.example.js +++ /dev/null @@ -1,10 +0,0 @@ -module.exports = { - adminAuth: { - type: "credentials", - users: [{ - username: "?????", - password: "??????", - permissions: "*" - }] - } -} diff --git a/services/node-red/deploy/app/deployment.yaml b/services/node-red/deploy/app/deployment.yaml index ec1ac45..9f6b0fb 100644 --- a/services/node-red/deploy/app/deployment.yaml +++ b/services/node-red/deploy/app/deployment.yaml @@ -15,7 +15,9 @@ spec: spec: containers: - name: node-red - image: nodered/node-red:latest + ### Maintained by flux - Image Update Automation + image: nodered/node-red:latest # {"$imagepolicy": "node-red:node-red"} + ### imagePullPolicy: Always ports: - containerPort: 1880 diff --git a/services/node-red/deploy/app/image-policy.yaml b/services/node-red/deploy/app/image-policy.yaml new file mode 100644 index 0000000..6dce859 --- /dev/null +++ b/services/node-red/deploy/app/image-policy.yaml @@ -0,0 +1,13 @@ +apiVersion: image.toolkit.fluxcd.io/v1 +kind: ImagePolicy +metadata: + name: node-red +spec: + imageRepositoryRef: + name: node-red + filterTags: + pattern: '^latest$' + policy: + alphabetical: {} + digestReflectionPolicy: Always + interval: 24h \ No newline at end of file diff --git a/services/node-red/deploy/app/image-repo.yaml b/services/node-red/deploy/app/image-repo.yaml new file mode 100644 index 0000000..879acc6 --- /dev/null +++ b/services/node-red/deploy/app/image-repo.yaml @@ -0,0 +1,7 @@ +apiVersion: image.toolkit.fluxcd.io/v1 +kind: ImageRepository +metadata: + name: node-red +spec: + image: nodered/node-red + interval: 72h \ No newline at end of file diff --git a/services/node-red/deploy/app/image-update-automation.yaml b/services/node-red/deploy/app/image-update-automation.yaml new file mode 100644 index 0000000..5ca8cde --- /dev/null +++ b/services/node-red/deploy/app/image-update-automation.yaml @@ -0,0 +1,25 @@ +apiVersion: image.toolkit.fluxcd.io/v1 +kind: ImageUpdateAutomation +metadata: + name: node-red +spec: + interval: 72h + sourceRef: + kind: GitRepository + name: casa + namespace: casa-limbosolutions-com + git: + checkout: + ref: + branch: main + commit: + author: + name: FluxCD + email: flux@local + messageTemplate: | + Update node-red image. + push: + branch: main + update: + path: ./services/node-red/deploy/app/deployment.yaml + strategy: Setters \ No newline at end of file diff --git a/services/node-red/deploy/infra/ingress.yaml b/services/node-red/deploy/app/ingress.yaml similarity index 100% rename from services/node-red/deploy/infra/ingress.yaml rename to services/node-red/deploy/app/ingress.yaml diff --git a/services/node-red/deploy/app/kustomization.yaml b/services/node-red/deploy/app/kustomization.yaml index f35a35e..dea1bc9 100644 --- a/services/node-red/deploy/app/kustomization.yaml +++ b/services/node-red/deploy/app/kustomization.yaml @@ -1,17 +1,15 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +namespace: node-red resources: - pvc.yaml - deployment.yaml - service.yaml -generatorOptions: - disableNameSuffixHash: true -secretGenerator: - -- name: limbomox-ssh - files: - - id-ed25519=./.env.d/limbomox.node-red.id_ed25519 + - ingress.yaml + - node-red-settings-secret.yaml + - limbomox-ssh-secret.yaml + - image-policy.yaml + - image-repo.yaml + - image-update-automation.yaml -- name: node-red-settings - files: - - settings.js=./.env.d/node-red-settings.js + diff --git a/services/node-red/deploy/app/limbomox-ssh-secret.yaml b/services/node-red/deploy/app/limbomox-ssh-secret.yaml new file mode 100644 index 0000000..36cb42b --- /dev/null +++ b/services/node-red/deploy/app/limbomox-ssh-secret.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Secret +metadata: + name: limbomox-ssh + namespace: default +type: Opaque +stringData: + id-ed25519: ENC[AES256_GCM,data:dODSqS2icQsYT09YMhdkeYHbbzC0DoiMg3S5GMhnkecP9UNzWHaVYjtHd24jUjn3nrMFG6DdeTTLqKwhIeOiMbELwFjj9P6BEhVW0tVXEhSv3XkLvF8AIV3wkql2BaiLrK/YBPMYn5tcWTARL8mWWp5YuCqoAAJp4gCUmlmvlch1FvS8I3RYazua2WSsARA0F21es6MJHccicv8kLEBuwWTFwaIkZDKlHMP8A3NYMV8Cwya35bu9CuZKfFc5MwziyIFXSreQ4Ft1YcDLG3ZrFx/nOnEZzstEFFmMtNwgCIwidJIeUm0r5f9zV0wbJ0u0FHxFFopKg78H+DLA28BC7NUIWmZtYR4qxvfS+yGKKPs7GtEnomRxrva4kfEc1Wfwy5x0LLfjiRTx0onfV3OFrdT9ZvZ6nqSLBTWpXk8bjx3tj5GeSCLAjgE7NLzhhQCInZYxtE9eShlI+fDIU2rkQH6kS86UhMbp5jd3Y7vWbSySfEhSziJmvuNZZsFNcI49zkc15VKD6qhhJ1x51+pg1cClEYkIRE3PCdEe,iv:rSpfatskq/mCxAjZ9m5AukO9B0z8MG8jBeU2xL+7j4k=,tag:pqVzcQ2bd738/UEyoX8BOg==,type:str] +sops: + age: + - enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRCs4Um1OM0FWMDE4S2E5 + cE1PRWJIRTMwOFNIRElWOXNSMmkzczFVTDNvCjdoNUFEdVUyYlUzbmJLOTNBLzNl + SmdraWl4MXBSM2NncUpXejVKaUZYcWMKLS0tIGVFak9Nb0R3VllSYjlseUJNOGFX + T0FTeTlMWGp3Rm5ZMUtxZ3ZCM3ZIeXcKSAvHgabvJANtEOWSQvmoD6kMsWOOAG1G + /r2rNvr7WyQky4W1goEE9GfTkNhO7BtjY/bzp20HwnTzEYWI5r37Mg== + -----END AGE ENCRYPTED FILE----- + recipient: age1gk946fp37xtm3fv500407zdd5h89a5lvxysrufhau3f73xcq8ewqcu8l5g + encrypted_regex: ^(data|stringData)$ + lastmodified: "2026-06-06T02:59:51Z" + mac: ENC[AES256_GCM,data:/YIiA+rdhhsOzQrMQ4Ia9UYPobG8xXhMMTIRtgug2kIjj2e5UAcbqXTonp7bgnYLnC/PAcd4IDXbrZBnUZ9iiuEz102jM/CmJYWlSG4QyTNeveHVbQun4CdHqCkFytvZfN/hm12CfEg5rGiHxjS5rUCjnu0H21+d55U+K6xvm44=,iv:go44tFr9Mup3wptU1qKa5Ch8ayHQTXx+3N1kCg1Q+SA=,tag:z3q69W8UhqqHMV+6jl7fbg==,type:str] + version: 3.13.1 diff --git a/services/node-red/deploy/app/node-red-settings-secret.yaml b/services/node-red/deploy/app/node-red-settings-secret.yaml new file mode 100644 index 0000000..d3ef076 --- /dev/null +++ b/services/node-red/deploy/app/node-red-settings-secret.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Secret +metadata: + name: node-red-settings + namespace: default +type: Opaque +stringData: + settings.js: ENC[AES256_GCM,data:2cVFfU49mELFThxCGvOmvPh8shAdSkkLFsg2/35Y6iH3EPQXdU5mhNVRwRMApC8gLkjVqA+7+OnDeYHoYAAB7U2IAES0+lc4Z4vrNPBv4U45nZXet+JJAQHjVoYlbN60HLci9wFfGFtFNCVc4Wo1Q+xitW0nqAeDCiwnUBDWt9uu1+a/zNh9/j2hITmiOj+YKf1J83v5m9ERxywCJEPtiuiUBPbDs6Xml4bEkwchA1/fYxj9ufjuHaO6a/QHwimelEd6mlln19NJ7vKTpAVgSF3Yxf7kIT7B2MCVGJAy9GaBGDg7xVi8sJHF6GRS8YBbQ/uIXgE=,iv:ydewkmW9VbHrkBtQBo+4Hpq07+7ZuNbbNcvKPyeCjb8=,tag:s0xCytVnz5Qc5AoFY2z9lw==,type:str] +sops: + age: + - enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQVzlQNVJvYlNIRVNZOWpI + Y3RCbytmUVRjcDFoZ0JaeXBqNE9QOWxpcTJvCk5EdEJXVlZsYkFBRVJYb0pTOTl1 + TVhkM294S3dudGtraHlqLzB2K0k0bmcKLS0tIE13NktDRzlIbnFxaitWYSs2VTl5 + RGlLalBJbEMyVnBMNjRGWkdpNCtFVDgK+K3kn+8sT8/Ev2vz8bP2UhkjoUJyYpWH + taGn2TowwQaRRNGx31Ndj3P2xiZpg5SfjUeFUfXYrVrCAdR58JAfHA== + -----END AGE ENCRYPTED FILE----- + recipient: age1gk946fp37xtm3fv500407zdd5h89a5lvxysrufhau3f73xcq8ewqcu8l5g + encrypted_regex: ^(data|stringData)$ + lastmodified: "2026-06-06T02:59:51Z" + mac: ENC[AES256_GCM,data:Mzh5/I5tdem1kO8P/hZkXPruadAQ/ZlN/AgxT2zTZwuC0cdH6ufGPGGOsTMglh6RXXO4s4IShoKg8KbUECWIDeaUTj45ss7CqHj5wOUI3yMvM2GPW11yOsDCnw9nHaGnmTLoMkSKkijkB+szvfNt7lWMDIS2ON4DCywXvWIYsLc=,iv:pR74z80NAZ+R8NpxXK7OVIq2XVyTOXs91PMuM0UeGXc=,tag:sbtkRMwtzjStsqSM8Ofs1Q==,type:str] + version: 3.13.1 diff --git a/services/node-red/deploy/flux/.env.d/.gitignore b/services/node-red/deploy/flux/.env.d/.gitignore new file mode 100644 index 0000000..d29675e --- /dev/null +++ b/services/node-red/deploy/flux/.env.d/.gitignore @@ -0,0 +1,2 @@ +** +!.gitignore \ No newline at end of file diff --git a/services/node-red/deploy/flux/app-sync.yaml b/services/node-red/deploy/flux/app-sync.yaml new file mode 100644 index 0000000..b5a2b01 --- /dev/null +++ b/services/node-red/deploy/flux/app-sync.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: node-red +spec: + interval: 1m + sourceRef: + kind: GitRepository + name: casa + namespace: casa-limbosolutions-com + path: services/node-red/deploy/app + prune: true + \ No newline at end of file diff --git a/services/node-red/deploy/flux/kustomization.yaml b/services/node-red/deploy/flux/kustomization.yaml new file mode 100644 index 0000000..7e3d32b --- /dev/null +++ b/services/node-red/deploy/flux/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: node-red +resources: + - app-sync.yaml +secretGenerator: + - name: flux-sops-age + files: + - "age.agekey=./.env.d/age.agekey" +generatorOptions: + disableNameSuffixHash: true \ No newline at end of file diff --git a/services/node-red/deploy/infra/kustomization.yaml b/services/node-red/deploy/infra/kustomization.yaml deleted file mode 100644 index 9b6f553..0000000 --- a/services/node-red/deploy/infra/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - namespace.yaml - - ingress.yaml -generatorOptions: - disableNameSuffixHash: true \ No newline at end of file diff --git a/services/node-red/deploy/infra/namespace.yaml b/services/node-red/deploy/infra/namespace.yaml deleted file mode 100644 index e5e3549..0000000 --- a/services/node-red/deploy/infra/namespace.yaml +++ /dev/null @@ -1,7 +0,0 @@ - -apiVersion: v1 -kind: Namespace -metadata: - name: node-red - labels: - name: node-red \ No newline at end of file diff --git a/services/node-red/ops-scripts/apply-app.sh b/services/node-red/ops-scripts/apply-app.sh deleted file mode 100755 index b296bed..0000000 --- a/services/node-red/ops-scripts/apply-app.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -set -e -echo "Executing app deploy." - -kubectl kustomize ./services/node-red/deploy/app | kubectl apply -f - \ No newline at end of file diff --git a/services/node-red/ops-scripts/apply-flux.sh b/services/node-red/ops-scripts/apply-flux.sh new file mode 100755 index 0000000..5f3695e --- /dev/null +++ b/services/node-red/ops-scripts/apply-flux.sh @@ -0,0 +1,3 @@ +#!/bin/bash +set -e +kubectl kustomize ./services/node-red/deploy/flux | kubectl apply -f - \ No newline at end of file diff --git a/services/node-red/ops-scripts/apply-infra.sh b/services/node-red/ops-scripts/apply-infra.sh deleted file mode 100755 index 2ddc0da..0000000 --- a/services/node-red/ops-scripts/apply-infra.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -set -e -echo "Executing infra deploy." - -kubectl kustomize ./services/node-red/deploy/infra | kubectl apply -f - \ No newline at end of file