Skip to content

Commit c9e0a41

Browse files
rajsinghtechrajsinghtech
committed
Push to k8s
1 parent caa272e commit c9e0a41

File tree

8 files changed

+95
-50
lines changed

8 files changed

+95
-50
lines changed

.github/workflows/docker-build-push.yml

Lines changed: 10 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -21,22 +21,23 @@ jobs:
2121
if: startsWith(github.ref, 'refs/tags/')
2222
run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login quay.io -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin
2323

24-
- name: Get tag or commit SHA
24+
- name: Get tag or branch name
2525
id: vars
2626
run: |
2727
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
2828
echo "image_tag=${{ github.ref_name }}" >> $GITHUB_ENV
2929
else
30-
echo "image_tag=${{ github.sha }}" >> $GITHUB_ENV
30+
# Get branch name and replace / with - for Docker tag compatibility
31+
BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/} | sed 's/\//-/g')
32+
echo "image_tag=${BRANCH_NAME}-${{ github.sha }}" >> $GITHUB_ENV
3133
fi
3234
3335
- name: Build Docker Image
3436
run: docker build . -t fleet-telemetry-consumer:${{ env.image_tag }}
3537

36-
- name: Tag Docker Image (only if pushing)
37-
if: startsWith(github.ref, 'refs/tags/')
38-
run: docker tag fleet-telemetry-consumer:${{ env.image_tag }} quay.io/rajsinghcpre/fleet-telemetry-consumer:${{ env.image_tag }}
39-
40-
- name: Push Docker Image (only if pushing)
41-
if: startsWith(github.ref, 'refs/tags/')
42-
run: docker push quay.io/rajsinghcpre/fleet-telemetry-consumer:${{ env.image_tag }}
38+
- name: Tag and Push Docker Image
39+
run: |
40+
docker tag fleet-telemetry-consumer:${{ env.image_tag }} quay.io/rajsinghcpre/fleet-telemetry-consumer:${{ env.image_tag }}
41+
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
42+
docker push quay.io/rajsinghcpre/fleet-telemetry-consumer:${{ env.image_tag }}
43+
fi

Makefile

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,12 +24,15 @@ pull-secrets:
2424
@echo "Creating static directory if it doesn't exist..."
2525
@mkdir -p ./secrets
2626
@mkdir -p ./secrets/fleet-api
27-
@mkdir -p ./secrets/ssl
27+
@mkdir -p ./secrets/tesla-ssl
2828
@mkdir -p ./secrets/pg
29+
@mkdir -p ./secrets/fleet-telemetry-ssl
2930
@echo "Pulling secrets from tesla-fleet-api..."
3031
kubectl get secret tesla-fleet-api -n tesla -o jsonpath='{.data}' | jq -r 'to_entries[] | "echo \"Extracting \(.key)...\"; echo \(.value) | base64 -d > \"./secrets/fleet-api/\(.key)\""' | sh
3132
@echo "Pulling secrets from tesla-raj-tls..."
32-
kubectl get secret tesla-raj-tls -n tesla -o jsonpath='{.data}' | jq -r 'to_entries[] | "echo \"Extracting \(.key)...\"; echo \(.value) | base64 -d > \"./secrets/ssl/\(.key)\""' | sh
33+
kubectl get secret tesla-raj-tls -n tesla -o jsonpath='{.data}' | jq -r 'to_entries[] | "echo \"Extracting \(.key)...\"; echo \(.value) | base64 -d > \"./secrets/tesla-ssl/\(.key)\""' | sh
34+
@echo "Pulling secrets from fleet-telemetry-tesla-raj-tls..."
35+
kubectl get secret fleet-telemetry-tesla-raj-tls -n tesla -o jsonpath='{.data}' | jq -r 'to_entries[] | "echo \"Extracting \(.key)...\"; echo \(.value) | base64 -d > \"./secrets/fleet-telemetry-ssl/\(.key)\""' | sh
3336
@echo "Pulling secrets from fleet-telemetry-consumer-db-app..."
3437
kubectl get secret fleet-telemetry-consumer-db-app -n tesla -o jsonpath='{.data}' | jq -r 'to_entries[] | "echo \"Extracting \(.key)...\"; echo \(.value) | base64 -d | sed \"s/\\.tesla/\\.tesla\\.svc\\.cluster\\.local/g\" > \"./secrets/pg/\(.key)\""' | sh
3538
@echo "Done pulling secrets!"

docker-compose.yml

Lines changed: 13 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -6,14 +6,22 @@ services:
66
ports:
77
- "4443:4443"
88
environment:
9-
- TESLA_HTTP_PROXY_TLS_CERT=/config/tls.crt
10-
- TESLA_HTTP_PROXY_TLS_KEY=/config/tls.key
9+
- TESLA_HTTP_PROXY_TLS_CERT=/secrets/tesla-ssl/tls.crt
10+
- TESLA_HTTP_PROXY_TLS_KEY=/secrets/tesla-ssl/tls.key
1111
- TESLA_HTTP_PROXY_HOST=0.0.0.0
1212
- TESLA_HTTP_PROXY_PORT=4443
1313
- TESLA_HTTP_PROXY_TIMEOUT=10s
1414
- TESLA_KEY_FILE=/secret/private-key.pem
1515
- TESLA_VERBOSE=true
1616
volumes:
17-
- ./secrets/ssl/tls.crt:/config/tls.crt:ro
18-
- ./secrets/ssl/tls.key:/config/tls.key:ro
19-
- ./secrets/fleet-api/private-key.pem:/secret/private-key.pem:ro
17+
- ./secrets/tesla-ssl/tls.crt:/secrets/tesla-ssl/tls.crt:ro
18+
- ./secrets/tesla-ssl/tls.key:/secrets/tesla-ssl/tls.key:ro
19+
- ./secrets/fleet-api/private-key.pem:/secret/private-key.pem:ro
20+
# fleet-telemetry-consumer:
21+
# build:
22+
# context: .
23+
# dockerfile: Dockerfile
24+
# ports:
25+
# - "3000:3000"
26+
# depends_on:
27+
# - tesla-http-proxy

examples/kustomization/certificate.yaml

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,13 +8,28 @@ spec:
88
size: 256
99
rotationPolicy: Always
1010
dnsNames:
11-
- fleet-telemetry.tesla.rajsingh.info
1211
- tesla.rajsingh.info
1312
issuerRef:
1413
group: cert-manager.io
1514
kind: ClusterIssuer
1615
name: raj-issuer
1716
secretName: tesla-raj-tls
17+
usages:
18+
- digital signature
19+
- key encipherment
20+
---
21+
apiVersion: cert-manager.io/v1
22+
kind: Certificate
23+
metadata:
24+
name: fleet-telemetry-tesla-raj-tls
25+
spec:
26+
dnsNames:
27+
- fleet-telemetry.tesla.rajsingh.info
28+
issuerRef:
29+
group: cert-manager.io
30+
kind: ClusterIssuer
31+
name: raj-issuer
32+
secretName: fleet-telemetry-tesla-raj-tls
1833
usages:
1934
- digital signature
2035
- key encipherment

examples/kustomization/fleet-telemetry-consumer.yaml

Lines changed: 48 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -13,57 +13,54 @@ spec:
1313
labels:
1414
app: fleet-telemetry-consumer
1515
spec:
16-
securityContext:
17-
runAsNonRoot: true
18-
seccompProfile:
19-
type: RuntimeDefault
2016
containers:
2117
- name: tesla-http-proxy
2218
image: tesla/vehicle-command:latest
19+
imagePullPolicy: Always
2320
ports:
2421
- containerPort: 4443
2522
env:
2623
- name: TESLA_HTTP_PROXY_TLS_CERT
27-
value: /config/tls.crt
24+
value: /secrets/tesla-ssl/tls.crt
2825
- name: TESLA_HTTP_PROXY_TLS_KEY
29-
value: /config/tls.key
26+
value: /secrets/tesla-ssl/tls.key
3027
- name: TESLA_HTTP_PROXY_HOST
3128
value: "0.0.0.0"
3229
- name: TESLA_HTTP_PROXY_PORT
3330
value: "4443"
3431
- name: TESLA_HTTP_PROXY_TIMEOUT
3532
value: "10s"
3633
- name: TESLA_KEY_FILE
37-
value: /secret/private-key.pem
34+
value: /secrets/fleet-api/private-key.pem
3835
- name: TESLA_VERBOSE
3936
value: "true"
4037
volumeMounts:
41-
- name: certs
42-
mountPath: /config
43-
- name: fleet-key-secret
44-
mountPath: /secret
38+
- name: fleet-api
39+
mountPath: /secrets/fleet-api
40+
- name: tesla-ssl
41+
mountPath: /secrets/tesla-ssl
4542
- name: fleet-telemetry-consumer
4643
image: quay.io/rajsinghcpre/fleet-telemetry-consumer:v0.0.27
47-
command: ["/fleet-telemetry-consumer", "-config=/etc/fleet-telemetry-consumer/config.json"]
44+
command: ["main.go"]
4845
ports:
4946
- containerPort: 3000
5047
volumeMounts:
51-
- name: config
52-
mountPath: /etc/fleet-telemetry-consumer
53-
- name: certs
54-
mountPath: /etc/ssl/certs
55-
- name: pg-secret
48+
- name: tesla-ssl
49+
mountPath: /secrets/tesla-ssl
50+
- name: fleet-api
51+
mountPath: /secrets/fleet-api
52+
- name: pg
5653
mountPath: /secrets/pg
5754
volumes:
58-
- name: config
59-
configMap:
60-
name: fleet-telemetry-consumer-config
61-
- name: certs
62-
secret:
63-
secretName: tesla-raj-tls
64-
- name: pg-secret
65-
secret:
66-
secretName: fleet-telemetry-consumer-db-app
55+
- name: tesla-ssl
56+
secret:
57+
secretName: tesla-raj-tls
58+
- name: fleet-api
59+
secret:
60+
secretName: tesla-fleet-api
61+
- name: pg
62+
secret:
63+
secretName: fleet-telemetry-consumer-db-app
6764
---
6865
apiVersion: v1
6966
kind: Service
@@ -76,4 +73,28 @@ spec:
7673
- protocol: TCP
7774
port: 80
7875
targetPort: 3000
79-
type: ClusterIP
76+
type: ClusterIP
77+
---
78+
apiVersion: gateway.networking.k8s.io/v1
79+
kind: HTTPRoute
80+
metadata:
81+
name: fleet-telemetry-consumer
82+
spec:
83+
parentRefs:
84+
- group: gateway.networking.k8s.io
85+
kind: Gateway
86+
name: robbinsdale
87+
namespace: envoy-gateway-system
88+
hostnames:
89+
- "tesla.rajsingh.info"
90+
rules:
91+
- backendRefs:
92+
- group: ""
93+
kind: Service
94+
name: fleet-telemetry-consumer
95+
port: 80
96+
weight: 1
97+
matches:
98+
- path:
99+
type: PathPrefix
100+
value: /

examples/kustomization/fleet-telemetry.yaml

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -13,10 +13,6 @@ spec:
1313
labels:
1414
app: fleet-telemetry
1515
spec:
16-
securityContext:
17-
runAsNonRoot: true
18-
seccompProfile:
19-
type: RuntimeDefault
2016
containers:
2117
- name: fleet-telemetry
2218
image: tesla/fleet-telemetry:v0.6.0
@@ -38,7 +34,7 @@ spec:
3834
name: fleet-telemetry-config
3935
- name: certs
4036
secret:
41-
secretName: tesla-raj-tls
37+
secretName: fleet-telemetry-tesla-raj-tls
4238
---
4339
apiVersion: v1
4440
kind: Service

examples/kustomization/kustomization.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ resources:
88
- secrets.yaml
99
- public-key-webserver.yaml
1010
- pg.yaml
11+
- fleet-telemetry-consumer.yaml
1112
configMapGenerator:
1213
- name: fleet-telemetry-config
1314
files:

main.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -398,7 +398,7 @@ func configureTelemetry(vin, accessToken string) error {
398398
proxyURL := "https://localhost:4443"
399399

400400
// Read the CA certificate
401-
caCert, err := os.ReadFile("./secrets/ssl/tls.crt")
401+
caCert, err := os.ReadFile("./secrets/fleet-telemetry-ssl/tls.crt")
402402
if err != nil {
403403
return fmt.Errorf("error reading CA certificate: %v", err)
404404
}

0 commit comments

Comments
 (0)