Skip to content

feat: Add Outline wiki and PostgreSQL production deployment#1563

Open
LukasCuperDT wants to merge 12 commits into
mainfrom
Outline_migration_to_prod
Open

feat: Add Outline wiki and PostgreSQL production deployment#1563
LukasCuperDT wants to merge 12 commits into
mainfrom
Outline_migration_to_prod

Conversation

@LukasCuperDT

@LukasCuperDT LukasCuperDT commented Mar 27, 2026

Copy link
Copy Markdown
Contributor

Summary

Deploy Outline wiki application and its PostgreSQL database to the production cluster.

Changes

New: Outline production deployment

  • Add Outline Helm chart (local + upstream) with production values
  • Add PostgreSQL Helm chart (local + upstream) with production values using Bitnami subchart
  • Add TLS certificate template for PostgreSQL connections
  • Register both applications in ArgoCD application set

Fixes applied during deployment

  • Use quay.io/opentelekomcloud mirror images for Outline and PostgreSQL
  • Add imagePullSecrets for prod cluster registry access
  • Set imagePullPolicy: Always for Outline, Redis, and PostgreSQL images
  • Add Bitnami Helm repo to AVP sidecar init scripts
  • Allow non-standard images in Bitnami PostgreSQL chart
  • Use scram-sha-256 authentication instead of md5 (PostgreSQL 18 dropped md5 support)
  • Correct Redis hostname reference for Outline production

Testing

  • Validated on preprod environment before applying to prod
  • Helm template rendering verified locally

@LukasCuperDT
feat: add Outline and PostgreSQL production deployment
6425fbd 
- Add upstream/outline values-prod.yaml (outline-k8s.eco.tsi-dev.otc-service.com)
- Add local/outline values-prod.yaml (Redis minimal for prod)
- Add upstream/postgresql values-prod.yaml (dedicated Outline DB)
- Add local/postgresql values-prod.yaml (TLS cert for postgres.eco.tsi-dev.otc-service.com)
- Add ArgoCD applications for postgresql and outline-wiki (prod/otcinfra2)
@LukasCuperDT
fix: add imagePullSecrets for PostgreSQL on prod cluster
5f55aeb 
The otcinfra2 cluster routes docker.io through SWR proxy which requires
authentication via the default-secret.
@LukasCuperDT
fix: use quay.io/opentelekomcloud images for PostgreSQL on prod
36c5e66 
- postgresql:18.3.0
- postgres-exporter:0.19.1
- debian:12
All mirrored to quay.io/opentelekomcloud to bypass SWR proxy auth issues.
@LukasCuperDT
fix: use quay.io/opentelekomcloud images for Outline on prod
16fd986 
- outline:0.84.0
- redis:7-alpine
All mirrored to quay.io/opentelekomcloud to bypass SWR proxy auth issues.
@LukasCuperDT
fix: allow non-standard images in Bitnami PostgreSQL chart
a6752e4 
Add global.security.allowInsecureImages=true to bypass Bitnami's
container verification for quay.io/opentelekomcloud mirrors.
@LukasCuperDT
fix: add bitnami helm repo to AVP sidecar init scripts
fb2e5ad 
Required for PostgreSQL chart dependency resolution.
@LukasCuperDT
fix: set imagePullPolicy=Always for postgresql images
df943d8 
Force fresh pull to replace cached arm64 images with amd64.
@LukasCuperDT
fix: set imagePullPolicy=Always for outline and redis images
30b286e 
Force fresh pull to replace cached arm64 images with amd64.
@LukasCuperDT
fix: use scram-sha-256 auth instead of md5 (PG18 dropped md5)
e6ae4fe
@LukasCuperDT LukasCuperDT force-pushed the Outline_migration_to_prod branch from 4c2499d to fd8ea0f Compare March 27, 2026 14:12
@LukasCuperDT LukasCuperDT force-pushed the Outline_migration_to_prod branch from fd8ea0f to d230d29 Compare March 27, 2026 14:13
@gitguardian

gitguardian Bot commented Mar 27, 2026
edited
Loading

Copy link
Copy Markdown

⚠️ GitGuardian has uncovered 2 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secrets in your pull request
GitGuardian id GitGuardian status Secret Commit Filename
23016484 Triggered Generic Database Assignment 6425fbd kubernetes/helm_charts/upstream/outline/values-preprod.yaml View secret
29178534 Triggered Generic Database Assignment 6425fbd kubernetes/helm_charts/upstream/outline/values-prod.yaml View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secrets safely. Learn here the best practices.
  3. Revoke and rotate these secrets.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

@LukasCuperDT

LukasCuperDT commented Apr 1, 2026

Copy link
Copy Markdown
Contributor Author

recheck

1 similar comment
@LukasCuperDT

LukasCuperDT commented Apr 10, 2026

Copy link
Copy Markdown
Contributor Author

recheck

LukasCuperDT and others added 2 commits April 10, 2026 23:59
@LukasCuperDT
refactor: Replace hardcoded URLs with AVP references for outline and …
d22c840 
…postgresql

- outline values: url, logoutUri, ingress host, tls → outline/config#externalURL
- postgresql values: commonName, dnsNames → postgresql/admin#externalURL
@SebastianGode
fix typo
b1353b5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vladimirhasko vladimirhasko vladimirhasko approved these changes

@SebastianGode SebastianGode SebastianGode approved these changes

@otcbot otcbot Awaiting requested review from otcbot otcbot is a code owner

@tischrei tischrei Awaiting requested review from tischrei tischrei is a code owner

@sgmv sgmv Awaiting requested review from sgmv sgmv is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@LukasCuperDT @vladimirhasko @SebastianGode