fluxcd: node red

2026-06-06 03:09:49 +00:00
parent 244ff73e6e
commit 950b462651
20 changed files with 158 additions and 58 deletions
@@ -0,0 +1 @@
 **.dec.**
@@ -0,0 +1,11 @@
 creation_rules:
  # encrypt all values from file
  - path_regex: \.private\.dec\.yaml$
    encrypted_regex: '^(.*)$'
    age:
      - age1gk946fp37xtm3fv500407zdd5h89a5lvxysrufhau3f73xcq8ewqcu8l5g
  # encrypt secrets files
  - path_regex: .*.yaml
    encrypted_regex: ^(data|stringData)$
    age: 
      - age1gk946fp37xtm3fv500407zdd5h89a5lvxysrufhau3f73xcq8ewqcu8l5g
@@ -1,20 +1,22 @@
 # node-red
 **Deploy app:**
 ```bash {cwd=../../}
 ./services/node-red/ops-scripts/apply-app.sh
 ```
 **Deploy Infra:**
 ```bash {cwd=../../}
 ./services/node-red/ops-scripts/apply-infra.sh
 ```
 Create password to add to node-red settings file.
 ``` bash
 #npm install bcryptjs
 node -e "console.log(require('bcryptjs').hashSync(process.argv[1], 8));" YOUR-PASSWORD
 ```
 ## Setup
 Using flux for reconciliation.
 ``` bash
 ./ops-scripts/apply-flux.sh
 ```
 **Encrypt secrets:**
 ``` bash
 sops -e deploy/app/limbomox-ssh-secret.dec.yaml > deploy/app/limbomox-ssh-secret.yaml
 sops -e deploy/app/node-red-settings-secret.dec.yaml > deploy/app/node-red-settings-secret.yaml
 ```
@@ -1,10 +0,0 @@
 module.exports = {
    adminAuth: {
        type: "credentials",
        users: [{
            username: "?????",
            password: "??????",
            permissions: "*"
        }]
    }
 }
@@ -15,7 +15,9 @@ spec:
    spec:
      containers:
      - name: node-red
-        image: nodered/node-red:latest
+        ### Maintained by flux - Image Update Automation
        image: nodered/node-red:latest # {"$imagepolicy": "node-red:node-red"}
        ###
        imagePullPolicy: Always
        ports:
        - containerPort: 1880
@@ -0,0 +1,13 @@
 apiVersion: image.toolkit.fluxcd.io/v1
 kind: ImagePolicy
 metadata:
  name: node-red
 spec:
  imageRepositoryRef:
    name: node-red
  filterTags:
    pattern: '^latest$'
  policy:
    alphabetical: {}
  digestReflectionPolicy: Always
  interval: 24h
@@ -0,0 +1,7 @@
 apiVersion: image.toolkit.fluxcd.io/v1
 kind: ImageRepository
 metadata:
  name: node-red
 spec:
  image: nodered/node-red
  interval: 72h
@@ -0,0 +1,25 @@
 apiVersion: image.toolkit.fluxcd.io/v1
 kind: ImageUpdateAutomation
 metadata:
  name: node-red
 spec:
  interval: 72h
  sourceRef:
    kind: GitRepository
    name: casa
    namespace: casa-limbosolutions-com
  git:
    checkout:
      ref:
        branch: main
    commit:
      author:
        name: FluxCD
        email: flux@local
      messageTemplate: |
        Update node-red image.
    push:
      branch: main
  update:
    path: ./services/node-red/deploy/app/deployment.yaml
    strategy: Setters
@@ -1,17 +1,15 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: node-red
 resources:
  - pvc.yaml
  - deployment.yaml
  - service.yaml
-generatorOptions:
+  - ingress.yaml
-  disableNameSuffixHash: true
+  - node-red-settings-secret.yaml
-secretGenerator:
+  - limbomox-ssh-secret.yaml
  - image-policy.yaml
  - image-repo.yaml
  - image-update-automation.yaml
 - name: limbomox-ssh
  files: 
    - id-ed25519=./.env.d/limbomox.node-red.id_ed25519
 - name: node-red-settings 
  files: 
    - settings.js=./.env.d/node-red-settings.js
@@ -0,0 +1,23 @@
 apiVersion: v1
 kind: Secret
 metadata:
    name: limbomox-ssh
    namespace: default
 type: Opaque
 stringData:
    id-ed25519: ENC[AES256_GCM,data:dODSqS2icQsYT09YMhdkeYHbbzC0DoiMg3S5GMhnkecP9UNzWHaVYjtHd24jUjn3nrMFG6DdeTTLqKwhIeOiMbELwFjj9P6BEhVW0tVXEhSv3XkLvF8AIV3wkql2BaiLrK/YBPMYn5tcWTARL8mWWp5YuCqoAAJp4gCUmlmvlch1FvS8I3RYazua2WSsARA0F21es6MJHccicv8kLEBuwWTFwaIkZDKlHMP8A3NYMV8Cwya35bu9CuZKfFc5MwziyIFXSreQ4Ft1YcDLG3ZrFx/nOnEZzstEFFmMtNwgCIwidJIeUm0r5f9zV0wbJ0u0FHxFFopKg78H+DLA28BC7NUIWmZtYR4qxvfS+yGKKPs7GtEnomRxrva4kfEc1Wfwy5x0LLfjiRTx0onfV3OFrdT9ZvZ6nqSLBTWpXk8bjx3tj5GeSCLAjgE7NLzhhQCInZYxtE9eShlI+fDIU2rkQH6kS86UhMbp5jd3Y7vWbSySfEhSziJmvuNZZsFNcI49zkc15VKD6qhhJ1x51+pg1cClEYkIRE3PCdEe,iv:rSpfatskq/mCxAjZ9m5AukO9B0z8MG8jBeU2xL+7j4k=,tag:pqVzcQ2bd738/UEyoX8BOg==,type:str]
 sops:
    age:
        - enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRCs4Um1OM0FWMDE4S2E5
            cE1PRWJIRTMwOFNIRElWOXNSMmkzczFVTDNvCjdoNUFEdVUyYlUzbmJLOTNBLzNl
            SmdraWl4MXBSM2NncUpXejVKaUZYcWMKLS0tIGVFak9Nb0R3VllSYjlseUJNOGFX
            T0FTeTlMWGp3Rm5ZMUtxZ3ZCM3ZIeXcKSAvHgabvJANtEOWSQvmoD6kMsWOOAG1G
            /r2rNvr7WyQky4W1goEE9GfTkNhO7BtjY/bzp20HwnTzEYWI5r37Mg==
            -----END AGE ENCRYPTED FILE-----
          recipient: age1gk946fp37xtm3fv500407zdd5h89a5lvxysrufhau3f73xcq8ewqcu8l5g
    encrypted_regex: ^(data|stringData)$
    lastmodified: "2026-06-06T02:59:51Z"
    mac: ENC[AES256_GCM,data:/YIiA+rdhhsOzQrMQ4Ia9UYPobG8xXhMMTIRtgug2kIjj2e5UAcbqXTonp7bgnYLnC/PAcd4IDXbrZBnUZ9iiuEz102jM/CmJYWlSG4QyTNeveHVbQun4CdHqCkFytvZfN/hm12CfEg5rGiHxjS5rUCjnu0H21+d55U+K6xvm44=,iv:go44tFr9Mup3wptU1qKa5Ch8ayHQTXx+3N1kCg1Q+SA=,tag:z3q69W8UhqqHMV+6jl7fbg==,type:str]
    version: 3.13.1
@@ -0,0 +1,23 @@
 apiVersion: v1
 kind: Secret
 metadata:
    name: node-red-settings
    namespace: default
 type: Opaque
 stringData:
    settings.js: ENC[AES256_GCM,data:2cVFfU49mELFThxCGvOmvPh8shAdSkkLFsg2/35Y6iH3EPQXdU5mhNVRwRMApC8gLkjVqA+7+OnDeYHoYAAB7U2IAES0+lc4Z4vrNPBv4U45nZXet+JJAQHjVoYlbN60HLci9wFfGFtFNCVc4Wo1Q+xitW0nqAeDCiwnUBDWt9uu1+a/zNh9/j2hITmiOj+YKf1J83v5m9ERxywCJEPtiuiUBPbDs6Xml4bEkwchA1/fYxj9ufjuHaO6a/QHwimelEd6mlln19NJ7vKTpAVgSF3Yxf7kIT7B2MCVGJAy9GaBGDg7xVi8sJHF6GRS8YBbQ/uIXgE=,iv:ydewkmW9VbHrkBtQBo+4Hpq07+7ZuNbbNcvKPyeCjb8=,tag:s0xCytVnz5Qc5AoFY2z9lw==,type:str]
 sops:
    age:
        - enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQVzlQNVJvYlNIRVNZOWpI
            Y3RCbytmUVRjcDFoZ0JaeXBqNE9QOWxpcTJvCk5EdEJXVlZsYkFBRVJYb0pTOTl1
            TVhkM294S3dudGtraHlqLzB2K0k0bmcKLS0tIE13NktDRzlIbnFxaitWYSs2VTl5
            RGlLalBJbEMyVnBMNjRGWkdpNCtFVDgK+K3kn+8sT8/Ev2vz8bP2UhkjoUJyYpWH
            taGn2TowwQaRRNGx31Ndj3P2xiZpg5SfjUeFUfXYrVrCAdR58JAfHA==
            -----END AGE ENCRYPTED FILE-----
          recipient: age1gk946fp37xtm3fv500407zdd5h89a5lvxysrufhau3f73xcq8ewqcu8l5g
    encrypted_regex: ^(data|stringData)$
    lastmodified: "2026-06-06T02:59:51Z"
    mac: ENC[AES256_GCM,data:Mzh5/I5tdem1kO8P/hZkXPruadAQ/ZlN/AgxT2zTZwuC0cdH6ufGPGGOsTMglh6RXXO4s4IShoKg8KbUECWIDeaUTj45ss7CqHj5wOUI3yMvM2GPW11yOsDCnw9nHaGnmTLoMkSKkijkB+szvfNt7lWMDIS2ON4DCywXvWIYsLc=,iv:pR74z80NAZ+R8NpxXK7OVIq2XVyTOXs91PMuM0UeGXc=,tag:sbtkRMwtzjStsqSM8Ofs1Q==,type:str]
    version: 3.13.1
@@ -0,0 +1,2 @@
 **
 !.gitignore
@@ -0,0 +1,13 @@
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
  name: node-red
 spec:
  interval: 1m
  sourceRef:
    kind: GitRepository
    name: casa
    namespace: casa-limbosolutions-com
  path: services/node-red/deploy/app
  prune: true
@@ -0,0 +1,11 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: node-red
 resources:
 - app-sync.yaml
 secretGenerator:
  - name: flux-sops-age
    files:
      - "age.agekey=./.env.d/age.agekey"
 generatorOptions:
  disableNameSuffixHash: true
@@ -1,7 +0,0 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - namespace.yaml
  - ingress.yaml
 generatorOptions:
  disableNameSuffixHash: true
@@ -1,7 +0,0 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: node-red
  labels:
    name: node-red
@@ -1,5 +0,0 @@
 #!/bin/bash
 set -e
 echo "Executing app deploy."
 kubectl kustomize ./services/node-red/deploy/app | kubectl apply -f -
@@ -0,0 +1,3 @@
 #!/bin/bash
 set -e
 kubectl kustomize ./services/node-red/deploy/flux | kubectl apply -f -
@@ -1,5 +0,0 @@
 #!/bin/bash
 set -e
 echo "Executing infra deploy."
 kubectl kustomize ./services/node-red/deploy/infra | kubectl apply -f -