deploy-k3s: apply observability manifests during 03-deploy

vmagent.yaml lives under manifests/observability/; the deploy script now substitutes the OBS_INGEST_TOKEN from deploy/prod.env into the manifest before apply, and waits on the vmagent rollout. Manual kubectl apply is no longer needed after the next deploy. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-25 14:16:59 -05:00
parent df78d9ccd8
commit 372d4d2d37
1 changed files with 15 additions and 0 deletions
@@ -160,6 +160,18 @@ if [[ -d "${MANIFESTS}/web" ]]; then
  kubectl apply -f "${MANIFESTS}/web/service.yaml"
 fi

+# Observability — vmagent scrapes api Pods :8000/metrics and remote-writes
+# to obs.88oakapps.com. The bearer token comes from deploy/prod.env so it
+# stays out of the repo; the manifest holds TOKEN_PLACEHOLDER.
+if [[ -d "${MANIFESTS}/observability" ]]; then
+  OBS_TOKEN="$(grep -E '^OBS_INGEST_TOKEN=' "${DEPLOY_DIR}/prod.env" 2>/dev/null | cut -d= -f2- || true)"
+  if [[ -z "${OBS_TOKEN}" ]]; then
+    warn "OBS_INGEST_TOKEN not found in deploy/prod.env — skipping vmagent apply"
+  else
+    sed "s|TOKEN_PLACEHOLDER|${OBS_TOKEN}|" "${MANIFESTS}/observability/vmagent.yaml" | kubectl apply -f -
+  fi
+fi
+
 # --- Wait for rollouts ---

 log "Waiting for rollouts..."
@@ -171,6 +183,9 @@ kubectl rollout status deployment/admin -n "${NAMESPACE}" --timeout=300s
 if [[ -d "${MANIFESTS}/web" ]]; then
  kubectl rollout status deployment/web -n "${NAMESPACE}" --timeout=300s
 fi
+if kubectl -n "${NAMESPACE}" get deployment vmagent >/dev/null 2>&1; then
+  kubectl rollout status deployment/vmagent -n "${NAMESPACE}" --timeout=120s
+fi

 # --- Done ---