diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index d2d55ecf..c73fba59 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -134,6 +134,12 @@ jobs: --from-literal=CAMELEER_AUTH_TOKEN="$CAMELEER_AUTH_TOKEN" \ --dry-run=client -o yaml | kubectl apply -f - + kubectl create secret generic clickhouse-credentials \ + --namespace=cameleer \ + --from-literal=CLICKHOUSE_USER="$CLICKHOUSE_USER" \ + --from-literal=CLICKHOUSE_PASSWORD="$CLICKHOUSE_PASSWORD" \ + --dry-run=client -o yaml | kubectl apply -f - + kubectl apply -f deploy/clickhouse.yaml kubectl -n cameleer rollout status statefulset/clickhouse --timeout=120s @@ -144,3 +150,5 @@ jobs: env: REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }} CAMELEER_AUTH_TOKEN: ${{ secrets.CAMELEER_AUTH_TOKEN }} + CLICKHOUSE_USER: ${{ secrets.CLICKHOUSE_USER }} + CLICKHOUSE_PASSWORD: ${{ secrets.CLICKHOUSE_PASSWORD }} diff --git a/CLAUDE.md b/CLAUDE.md index e6a2c805..fb934df2 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -50,5 +50,6 @@ java -jar cameleer3-server-app/target/cameleer3-server-app-1.0-SNAPSHOT.jar - Registry: `gitea.siegeln.net/cameleer/cameleer3-server` (container images) - K8s manifests in `deploy/` — ClickHouse StatefulSet + server Deployment + NodePort Service (30081) - Deployment target: k3s at 192.168.50.86, namespace `cameleer` -- Secrets managed in CI deploy step (idempotent `--dry-run=client | kubectl apply`) +- Secrets managed in CI deploy step (idempotent `--dry-run=client | kubectl apply`): `cameleer-auth`, `clickhouse-credentials` +- K8s probes: server uses `/api/v1/health`, ClickHouse uses `/ping` - Docker build uses buildx registry cache + `--provenance=false` for Gitea compatibility diff --git a/HOWTO.md b/HOWTO.md index 29d22be0..f28822cb 100644 --- a/HOWTO.md +++ b/HOWTO.md @@ -279,7 +279,7 @@ cameleer namespace: Push to `main` triggers: **build** (Maven, unit tests) → **docker** (buildx cross-compile amd64, push to Gitea registry) → **deploy** (kubectl apply + rolling update). -Required Gitea org secrets: `REGISTRY_TOKEN`, `KUBECONFIG_BASE64`, `CAMELEER_AUTH_TOKEN`. +Required Gitea org secrets: `REGISTRY_TOKEN`, `KUBECONFIG_BASE64`, `CAMELEER_AUTH_TOKEN`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`. ### Manual K8s Commands diff --git a/deploy/clickhouse.yaml b/deploy/clickhouse.yaml index 2e73c791..4cbd69b6 100644 --- a/deploy/clickhouse.yaml +++ b/deploy/clickhouse.yaml @@ -24,9 +24,15 @@ spec: name: native env: - name: CLICKHOUSE_USER - value: cameleer + valueFrom: + secretKeyRef: + name: clickhouse-credentials + key: CLICKHOUSE_USER - name: CLICKHOUSE_PASSWORD - value: cameleer_dev + valueFrom: + secretKeyRef: + name: clickhouse-credentials + key: CLICKHOUSE_PASSWORD - name: CLICKHOUSE_DB value: cameleer3 volumeMounts: @@ -39,6 +45,22 @@ spec: limits: memory: "2Gi" cpu: "1000m" + livenessProbe: + httpGet: + path: /ping + port: 8123 + initialDelaySeconds: 15 + periodSeconds: 10 + timeoutSeconds: 3 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /ping + port: 8123 + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 3 volumeClaimTemplates: - metadata: name: data diff --git a/deploy/server.yaml b/deploy/server.yaml index 287351ab..53bf751e 100644 --- a/deploy/server.yaml +++ b/deploy/server.yaml @@ -24,9 +24,15 @@ spec: - name: SPRING_DATASOURCE_URL value: "jdbc:ch://clickhouse:8123/cameleer3" - name: SPRING_DATASOURCE_USERNAME - value: "cameleer" + valueFrom: + secretKeyRef: + name: clickhouse-credentials + key: CLICKHOUSE_USER - name: SPRING_DATASOURCE_PASSWORD - value: "cameleer_dev" + valueFrom: + secretKeyRef: + name: clickhouse-credentials + key: CLICKHOUSE_PASSWORD - name: CAMELEER_AUTH_TOKEN valueFrom: secretKeyRef: @@ -39,6 +45,22 @@ spec: limits: memory: "512Mi" cpu: "500m" + livenessProbe: + httpGet: + path: /api/v1/health + port: 8081 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 3 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /api/v1/health + port: 8081 + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 3 --- apiVersion: v1 kind: Service