ReMarket-SE2 · HermanPlay · May 18, 2025 · May 3, 2025 · May 3, 2025 · May 3, 2025
@@ -56,23 +56,40 @@ jobs:
             --version v1.17.0 \
             --set crds.enabled=true
 
+      - name: Create values.yaml
+        run: |
+          cat <<EOF > values.yaml
+          webapp:
+            containers:
+              env:
+                google_client_id: "${{ secrets.GOOGLE_CLIENT_ID }}"
+                google_client_secret: "${{ secrets.GOOGLE_CLIENT_SECRET }}"
+                jwt_secret: "${{ secrets.JWT_SECRET }}"
+                secret: "${{ secrets.SECRET }}"
+                next_public_app_url: "${{ secrets.NEXT_PUBLIC_APP_URL }}"
+                nextauth_url: "${{ secrets.NEXT_PUBLIC_APP_URL }}"
+                nextauth_secret: "${{ secrets.NEXTAUTH_SECRET }}"
+                stripe_secret_key: "${{ secrets.STRIPE_SECRET_KEY }}"
+                stripe_webhook_secret: "${{ secrets.STRIPE_WEBHOOK_SECRET }}"
+          database:
+            container:
+              env:
+                POSTGRES_USER: "${{ secrets.POSTGRES_USER }}"
+                POSTGRES_PASSWORD: "${{ secrets.POSTGRES_PASSWORD }}"
+                POSTGRES_DB: "${{ secrets.POSTGRES_DB }}"
+          EOF
+
+      - name: Build dependency
+        run: |
+          helm dependency build ./helm
+
       - name: Deploy
         run: |
-          helm dependency build ./helm &&
           helm upgrade remarket ./helm \
             --install \
             --namespace remarket \
             --create-namespace \
-            --set webapp.containers.env.google_client_id=${{ secrets.GOOGLE_CLIENT_ID }} \
-            --set webapp.containers.env.google_client_secret=${{ secrets.GOOGLE_CLIENT_SECRET }} \
-            --set webapp.containers.env.jwt_secret=${{ secrets.JWT_SECRET }} \
-            --set webapp.containers.env.secret=${{ secrets.SECRET }} \
-            --set webapp.containers.env.next_public_app_url=${{ secrets.NEXT_PUBLIC_APP_URL }} \
-            --set webapp.containers.env.nextauth_url=${{ secrets.NEXT_PUBLIC_APP_URL }} \
-            --set webapp.containers.env.nextauth_secret=${{ secrets.NEXTAUTH_SECRET }} \
-            --set database.container.env.POSTGRES_USER=${{ secrets.POSTGRES_USER }} \
-            --set database.container.env.POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }} \
-            --set database.container.env.POSTGRES_DB=${{ secrets.POSTGRES_DB }} \
-            --set issuer.enabled=true
+            --values values.yaml
 
-          echo Done
+      - name: Cleanup values file
+        run: rm values.yaml
@@ -25,7 +25,7 @@ HELM_VALUES="./environments/${ENV}.yaml"
 
 echo "Builing dependencies"
 
-cd helm && helm dependency build && cd ..
+cd helm && helm dependency build && helm repo update && cd ..
 
 echo "Installing cert-manager CRDs..."
 helm upgrade \
@@ -36,8 +36,8 @@ helm upgrade \
   --version v1.17.0 \
   --set crds.enabled=true
 
-echo "Deploying application..."
 
+echo "Deploying application..."
 helm upgrade \
     --install \
     $APP_RELEASE \
@@ -46,7 +46,8 @@ helm upgrade \
     --create-namespace \
     -f "$HELM_VALUES" \
     --set webapp.containers.env.google_client_id="$GOOGLE_CLIENT_ID" \
-    --set webapp.containers.env.google_client_secret="$GOOGLE_CLIENT_SECRET"
+    --set webapp.containers.env.google_client_secret="$GOOGLE_CLIENT_SECRET" \
+    --set issuer.enabled=false
 
 
 # Step 2: Get Ingress details

@@ -1,20 +1,18 @@
-{{- if .Values.issuer.enabled }}
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  name: letsencrypt-prod
-spec:
-  acme:
-    # The ACME server URL
-    server: https://acme-v02.api.letsencrypt.org/directory
-    # Email address used for ACME registration
-    email: filip.shramko.stud@gmail.com
-    # Name of a secret used to store the ACME account private key
-    privateKeySecretRef:
-      name: letsencrypt-prod
-    # Enable the HTTP-01 challenge provider
-    solvers:
-      - http01:
-          ingress:
-            ingressClassName: nginx
-{{- end }}
+# apiVersion: cert-manager.io/v1
+# kind: Issuer
+# metadata:
+#   name: letsencrypt-prod
+# spec:
+#   acme:
+#     # The ACME server URL
+#     server: https://acme-v02.api.letsencrypt.org/directory
+#     # Email address used for ACME registration
+#     email: filip.shramko.stud@gmail.com
+#     # Name of a secret used to store the ACME account private key
+#     privateKeySecretRef:
+#       name: letsencrypt-prod
+#     # Enable the HTTP-01 challenge provider
+#     solvers:
+#       - http01:
+#           ingress:
+#             ingressClassName: nginx
@@ -41,3 +41,7 @@ spec:
               value: {{ .Values.webapp.containers.env.nextauth_url }}
             - name: NEXT_PUBLIC_APP_URL
               value: {{ .Values.webapp.containers.env.next_public_app_url }}
+            - name: STRIPE_SECRET_KEY
+              value: {{ .Values.webapp.containers.env.stripe_secret_key }}
+            - name: STRIPE_WEBHOOK_SECRET
+              value: {{ .Values.webapp.containers.env.stripe_webhook_secret }}
@@ -2,20 +2,15 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: {{ .Values.webapp.name }}
-  {{- if .Values.issuer.enabled }}
   annotations:
     cert-manager.io/issuer: "letsencrypt-prod"
-  {{- end }}
 spec:
   ingressClassName: {{ .Values.webapp.ingress.className }}
-
-  {{- if .Values.issuer.enabled }}
-  tls:
-    - hosts:
-      - {{ .Values.webapp.ingress.host }}
-      secretName: tls-secret
-  {{- end }}
-
+  # tls:
+  #   - hosts:
+  #     - {{ .Values.webapp.ingress.host }}
+  #     - "grafana.{{ .Values.webapp.ingress.host }}"
+  #     secretName: tls-secret
   rules:
     - host: {{ .Values.webapp.ingress.host }}
       http:
@@ -34,6 +29,6 @@ spec:
             pathType: Prefix
             backend:
               service:
-                name: {{ .Release.Name }}-grafana
+                name: "{{ .Release.Name }}-grafana"
                 port:
                   number: {{ .Values.webapp.service.port }}
@@ -16,6 +16,8 @@ webapp:
       nextauth_secret: "secret"
       next_public_app_url: "http://localhost:3000"
       nextauth_url: "http://localhost:3000"
+      stripe_secret_key: "secret"
+      stripe_webhook_secret: "secret"
   service:
     type: ClusterIP
     port: 80
@@ -55,3 +57,5 @@ issuer:
 kube-prometheus-stack:
   nodeExporter:
     enabled: false
+  grafana:
+    defaultDashboardsEnabled: true
@@ -17,6 +17,9 @@ resource "google_container_cluster" "primary" {
     machine_type = var.machine_type
     disk_size_gb = 20
   }
+  monitoring_config {
+    enable_components = ["SYSTEM_COMPONENTS", "SCHEDULER"]
+  }
 }
 
 resource "google_container_node_pool" "primary_preemptible_nodes" {