From 7629ea80327e0d532c1cdbfda00105a1181356ab Mon Sep 17 00:00:00 2001
From: Masaki Yatsu <yatsu@yatsu.info>
Date: Wed, 10 Sep 2025 14:51:36 +0900
Subject: [PATCH] examples: add Bytebase to custom examples

---
 custom-example/bytebase/.gitignore            |   2 +
 ...ase-database-external-secret.gomplate.yaml |  27 ++++
 .../bytebase/bytebase-values.gomplate.yaml    |  16 ++
 .../bytebase/ingressroute.gomplate.yaml       |  13 ++
 custom-example/bytebase/justfile              | 143 ++++++++++++++++++
 custom-example/justfile                       |   1 +
 6 files changed, 202 insertions(+)
 create mode 100644 custom-example/bytebase/.gitignore
 create mode 100644 custom-example/bytebase/bytebase-database-external-secret.gomplate.yaml
 create mode 100644 custom-example/bytebase/bytebase-values.gomplate.yaml
 create mode 100644 custom-example/bytebase/ingressroute.gomplate.yaml
 create mode 100644 custom-example/bytebase/justfile

diff --git a/custom-example/bytebase/.gitignore b/custom-example/bytebase/.gitignore
new file mode 100644
index 0000000..acd201b
--- /dev/null
+++ b/custom-example/bytebase/.gitignore
@@ -0,0 +1,2 @@
+bytebase-values.yaml
+bytebase-database-external-secret.yaml
diff --git a/custom-example/bytebase/bytebase-database-external-secret.gomplate.yaml b/custom-example/bytebase/bytebase-database-external-secret.gomplate.yaml
new file mode 100644
index 0000000..2f1a070
--- /dev/null
+++ b/custom-example/bytebase/bytebase-database-external-secret.gomplate.yaml
@@ -0,0 +1,27 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: bytebase-database-external-secret
+  namespace: {{ .Env.BYTEBASE_NAMESPACE }}
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: vault-secret-store
+    kind: ClusterSecretStore
+  target:
+    name: bytebase-database-secret
+    creationPolicy: Owner
+    template:
+      type: Opaque
+      data:
+        username: "{{ `{{ .username }}` }}"
+        password: "{{ `{{ .password }}` }}"
+  data:
+    - secretKey: username
+      remoteRef:
+        key: bytebase/database
+        property: username
+    - secretKey: password
+      remoteRef:
+        key: bytebase/database
+        property: password
\ No newline at end of file
diff --git a/custom-example/bytebase/bytebase-values.gomplate.yaml b/custom-example/bytebase/bytebase-values.gomplate.yaml
new file mode 100644
index 0000000..42309d9
--- /dev/null
+++ b/custom-example/bytebase/bytebase-values.gomplate.yaml
@@ -0,0 +1,16 @@
+bytebase:
+  version: {{ .Env.BYTEBASE_VERSION }}
+
+  option:
+    external-url: https://{{ .Env.BYTEBASE_HOST }}
+
+    externalPg:
+      pgHost: "postgres-cluster-rw.postgres"
+      pgPort: "5432"
+      pgUsername: "bytebase"
+      pgDatabase: "bytebase"
+      existingPgPasswordSecret: "bytebase-database-secret"
+      existingPgPasswordSecretKey: "password"
+
+    persistence:
+      enabled: true
diff --git a/custom-example/bytebase/ingressroute.gomplate.yaml b/custom-example/bytebase/ingressroute.gomplate.yaml
new file mode 100644
index 0000000..45504f8
--- /dev/null
+++ b/custom-example/bytebase/ingressroute.gomplate.yaml
@@ -0,0 +1,13 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: bytebase
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: "Host(`{{ .Env.BYTEBASE_HOST }}`)"
+      kind: Rule
+      services:
+        - name: bytebase-entrypoint
+          port: 80
diff --git a/custom-example/bytebase/justfile b/custom-example/bytebase/justfile
new file mode 100644
index 0000000..72ccc78
--- /dev/null
+++ b/custom-example/bytebase/justfile
@@ -0,0 +1,143 @@
+set fallback := true
+
+export BYTEBASE_NAMESPACE := env("BYTEBASE_NAMESPACE", "bytebase")
+export BYTEBASE_CHART_VERSION := env("BYTEBASE_CHART_VERSION", "1.1.1")
+export BYTEBASE_VERSION := env("BYTEBASE_VERSION", "3.9.2")
+export BYTEBASE_HOST := env("BYTEBASE_HOST", "")
+export EXTERNAL_SECRETS_NAMESPACE := env("EXTERNAL_SECRETS_NAMESPACE", "external-secrets")
+
+[private]
+default:
+    @just --list --unsorted --list-submodules
+
+# Add Helm repository
+add-helm-repo:
+    helm repo add bytebase-repo https://bytebase.github.io/bytebase
+    helm repo update
+
+# Remove Helm repository
+remove-helm-repo:
+    helm repo remove bytebase-repo
+
+# Create Bytebase namespace
+create-namespace:
+    @kubectl get namespace ${BYTEBASE_NAMESPACE} &>/dev/null || \
+        kubectl create namespace ${BYTEBASE_NAMESPACE}
+
+# Delete Bytebase namespace
+delete-namespace:
+    @kubectl delete namespace ${BYTEBASE_NAMESPACE} --ignore-not-found
+
+# Setup database for Bytebase
+setup-database:
+    #!/bin/bash
+    set -euo pipefail
+    echo "Setting up Bytebase database..."
+
+    if just postgres::db-exists bytebase &>/dev/null; then
+        echo "Database 'bytebase' already exists."
+    else
+        echo "Creating new database 'bytebase'..."
+        just postgres::create-db bytebase
+    fi
+
+    # Generate password for user creation/update
+    if just postgres::user-exists bytebase &>/dev/null; then
+        echo "User 'bytebase' already exists."
+        # Check if we can get existing password from Vault/Secret
+        if helm status external-secrets -n ${EXTERNAL_SECRETS_NAMESPACE} &>/dev/null; then
+            # Try to get existing password from Vault
+            if DB_PASSWORD=$(just vault::get bytebase/database password 2>/dev/null); then
+                echo "Using existing password from Vault."
+            else
+                echo "Generating new password and updating Vault..."
+                DB_PASSWORD=$(just utils::random-password)
+                just postgres::change-password bytebase "$DB_PASSWORD"
+            fi
+        else
+            # For direct Secret approach, generate new password
+            echo "Generating new password for existing user..."
+            DB_PASSWORD=$(just utils::random-password)
+            just postgres::change-password bytebase "$DB_PASSWORD"
+        fi
+    else
+        echo "Creating new user 'bytebase'..."
+        DB_PASSWORD=$(just utils::random-password)
+        just postgres::create-user bytebase "$DB_PASSWORD"
+    fi
+
+    echo "Ensuring database permissions..."
+    just postgres::grant bytebase bytebase
+
+    if helm status external-secrets -n ${EXTERNAL_SECRETS_NAMESPACE} &>/dev/null; then
+        echo "External Secrets available. Storing credentials in Vault and creating ExternalSecret..."
+        just vault::put bytebase/database username=bytebase password="$DB_PASSWORD"
+        gomplate -f bytebase-database-external-secret.gomplate.yaml -o bytebase-database-external-secret.yaml
+        kubectl apply -f bytebase-database-external-secret.yaml
+        echo "Waiting for database secret to be ready..."
+        kubectl wait --for=condition=Ready externalsecret/bytebase-database-external-secret \
+            -n ${BYTEBASE_NAMESPACE} --timeout=60s
+    else
+        echo "External Secrets not available. Creating Kubernetes Secret directly..."
+        kubectl delete secret bytebase-database-secret -n ${BYTEBASE_NAMESPACE} --ignore-not-found
+        kubectl create secret generic bytebase-database-secret -n ${BYTEBASE_NAMESPACE} \
+            --from-literal=username=bytebase \
+            --from-literal=password="$DB_PASSWORD"
+        echo "Database secret created directly in Kubernetes"
+    fi
+    echo "Database setup completed."
+
+# Delete database secret
+delete-database-secret:
+    @kubectl delete secret bytebase-database-secret -n ${BYTEBASE_NAMESPACE} --ignore-not-found
+    @kubectl delete externalsecret bytebase-database-external-secret -n ${BYTEBASE_NAMESPACE} --ignore-not-found
+
+
+# Install Bytebase
+install:
+    #!/bin/bash
+    set -euo pipefail
+    export BYTEBASE_HOST=${BYTEBASE_HOST:-}
+    while [ -z "${BYTEBASE_HOST}" ]; do
+        BYTEBASE_HOST=$(
+            gum input --prompt="Bytebase host (FQDN): " --width=100 \
+            --placeholder="e.g., bytebase.example.com"
+        )
+    done
+    echo "Installing Bytebase..."
+    just create-namespace
+    just setup-database
+    just add-helm-repo
+    gomplate -f bytebase-values.gomplate.yaml -o bytebase-values.yaml
+    helm upgrade --cleanup-on-fail --install bytebase bytebase-repo/bytebase \
+        --version ${BYTEBASE_CHART_VERSION} -n ${BYTEBASE_NAMESPACE} --wait -f bytebase-values.yaml
+    gomplate -f ingressroute.gomplate.yaml | kubectl apply -n ${BYTEBASE_NAMESPACE} -f -
+    echo "Bytebase installation completed"
+    echo "Access Bytebase at: https://${BYTEBASE_HOST}"
+
+# Uninstall Bytebase
+uninstall delete-db='true':
+    #!/bin/bash
+    set -euo pipefail
+    echo "Uninstalling Bytebase..."
+    helm uninstall bytebase -n ${BYTEBASE_NAMESPACE} --ignore-not-found
+    just delete-database-secret
+    just delete-namespace
+    if [ "{{ delete-db }}" = "true" ]; then
+        just postgres::delete-db bytebase
+    fi
+    echo "Bytebase uninstalled"
+
+# Clean up database and secrets
+cleanup:
+    #!/bin/bash
+    set -euo pipefail
+    echo "This will delete the Bytebase database and all secrets."
+    if gum confirm "Are you sure you want to proceed?"; then
+        echo "Cleaning up Bytebase resources..."
+        just postgres::delete-db bytebase || true
+        just vault::delete bytebase/database || true
+        echo "Cleanup completed"
+    else
+        echo "Cleanup cancelled"
+    fi
diff --git a/custom-example/justfile b/custom-example/justfile
index 5de27fd..8a31228 100644
--- a/custom-example/justfile
+++ b/custom-example/justfile
@@ -4,5 +4,6 @@ set fallback := true
 default:
     @just --list --unsorted --list-submodules
 
+mod bytebase 'bytebase/justfile'
 mod miniflux 'miniflux/justfile'
 mod reddit-rss 'reddit-rss/justfile'