upgrade from 20.0.1 to 22.0.4

.gitea/workflows/vault.yaml

@@ -16,10 +16,11 @@ concurrency:
 
 .vault_step: &vault_step
   name: read vault secret
-  uses: https://gitea.arcodange.duckdns.org/arcodange-org/vault-action.git@main
+  uses: https://gitea.arcodange.lab/arcodange-org/vault-action.git@main
   id: vault-secrets
   with:
-    url: https://vault.arcodange.duckdns.org
+    url: https://vault.arcodange.lab
+    caCertificate: ${{ secrets.HOMELAB_CA_CERT }}
     jwtGiteaOIDC: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }}
     role: gitea_cicd_webapp
     method: jwt
@@ -49,9 +50,12 @@ jobs:
     env:
       OPENTOFU_VERSION: 1.8.2
       TERRAFORM_VAULT_AUTH_JWT: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }}
+      VAULT_CACERT: "${{ github.workspace }}/homelab.pem"
     steps:
       - *vault_step
       - uses: actions/checkout@v4
+      - name: prepare vault self signed cert
+        run: echo -n "${{ secrets.HOMELAB_CA_CERT }}" | base64 -d > $VAULT_CACERT
       - name: terraform apply
         uses: dflook/terraform-apply@v1
         with:

README.md

@@ -1,3 +1,18 @@
 # ERP
 
 ## Dolibarr
+
+### Premiers démarrages
+
+Si l'application log au démarrage l'erreur suivante:
+```sh
+Importing custom SQL from update_table_ownership.sql ...
+sed: couldn't open temporary file /var/www/scripts/before-starting.d/sedwHcRlQ: Read-only file system
+```
+Il faudra prendre la main du shell du pod et executer:
+```sh
+kubectl exec -n erp `kubectl get pod -n erp -l app.kubernetes.io/name=erp -o=name` -c erp -- sh -c 'PGPASSWORD=${DOLI_DB_PASSWORD} psql -U ${DOLI_DB_USER} -h ${DOLI_DB_HOST} -p ${DOLI_DB_HOST_PORT} ${DOLI_DB_NAME} \
+-f /var/www/scripts/before-starting.d/update_table_ownership.sql'
+```
+
+Sous peine de ne plus avoir les droits de consulter la base de données une fois les crédentials mis à jour par vault. Dans ce cas executer la commande mais avec les credentials d'admin postgres.

chart/Chart.yaml

@@ -22,4 +22,4 @@ version: 0.1.0
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 #https://github.com/Dolibarr/dolibarr-docker
-appVersion: "20.0.1"
+appVersion: "22.0.4"

chart/templates/config.yaml

@@ -11,7 +11,7 @@ data:
   # DOLI_DB_USER: root
   # DOLI_DB_PASSWORD: root
   DOLI_DB_NAME: erp
-  DOLI_URL_ROOT: 'https://erp.arcodange.duckdns.org'
+  DOLI_URL_ROOT: 'https://erp.arcodange.lab'
   # DOLI_ADMIN_LOGIN: 'admin'
   # DOLI_ADMIN_PASSWORD: 'admininitialpassword'
   DOLI_ENABLE_MODULES: Societe,Facture

chart/templates/pvc.yaml

@@ -13,4 +13,4 @@ spec:
   resources:
     requests:
       storage: 50Gi
-  storageClassName: nfs-client
+  storageClassName: longhorn

chart/values.yaml

@@ -50,11 +50,11 @@ ingress:
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
     traefik.ingress.kubernetes.io/router.tls: "true"
     traefik.ingress.kubernetes.io/router.tls.certresolver: letsencrypt
-    traefik.ingress.kubernetes.io/router.tls.domains.0.main: arcodange.duckdns.org
-    traefik.ingress.kubernetes.io/router.tls.domains.0.sans: erp.arcodange.duckdns.org
+    traefik.ingress.kubernetes.io/router.tls.domains.0.main: arcodange.lab
+    traefik.ingress.kubernetes.io/router.tls.domains.0.sans: erp.arcodange.lab
     traefik.ingress.kubernetes.io/router.middlewares: localIp@file
   hosts:
-    - host: erp.arcodange.duckdns.org
+    - host: erp.arcodange.lab
       paths:
         - path: /
           pathType: Prefix

iac/providers.tf

@@ -8,7 +8,7 @@ terraform {
 }
 
 provider vault {
-    address = "https://vault.arcodange.duckdns.org"
+    address = "https://vault.arcodange.lab"
     auth_login_jwt { # TERRAFORM_VAULT_AUTH_JWT environment variable
         mount = "gitea_jwt"
         role = "gitea_cicd_erp"

test/.env.example

@@ -1,4 +1,4 @@
-DOLIBARR_ADDRESS=https://erp.arcodange.duckdns.org
+DOLIBARR_ADDRESS=https://erp.arcodange.lab
 DOLI_DB_PASSWORD=
 DOLI_ADMIN_LOGIN=admin
 DOLI_ADMIN_PASSWORD=""