Damien/kestra-deployment
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: add deployment documentation

Browse Source
This commit is contained in:
Damien Arnodo
2026-01-11 11:27:17 +00:00
parent 435d111630
commit 87ec2a011f
1 changed files with 71 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
README.md Normal file
View File

@@ -0,0 +1,71 @@
# Kestra Deployment
GitOps deployment for Kestra with Tailscale HTTPS access and route acceptance.
## Prerequisites
### PostgreSQL Database
Connect to your PostgreSQL server and create the database:
```sql
CREATE DATABASE kestra;
CREATE USER kestra WITH PASSWORD 'your-secure-password';
GRANT ALL PRIVILEGES ON DATABASE kestra TO kestra;
ALTER DATABASE kestra OWNER TO kestra;
```
### Host Configuration
Download configuration files to `/opt/kestra` (first time only):
```bash
sudo mkdir -p /opt/kestra/{tailscale,config}
sudo curl -o /opt/kestra/tailscale/serve-config.json https://gitea.arnodo.fr/Damien/kestra-deployment/raw/branch/main/serve-config.json
sudo curl -o /opt/kestra/config/application.yaml https://gitea.arnodo.fr/Damien/kestra-deployment/raw/branch/main/application.yaml
```
## Deployment
1. Create a new stack in Portainer
2. Select "Repository" and point to this repository
3. Portainer will load `stack.env` automatically
4. Override sensitive values (`CHANGE_ME`) in the environment variables section:
- `TS_AUTHKEY` - Tailscale auth key (reusable recommended)
- `DB_PASSWORD` - PostgreSQL password
- `KESTRA_ADMIN_PASSWORD` - Kestra admin password
5. Deploy
## Features
- **Tailscale Sidecar**: HTTPS access via Tailscale with automatic certificate management
- **Route Acceptance**: `--accept-routes` enabled to reach other services on the tailnet
- **PostgreSQL Backend**: External PostgreSQL for persistent storage and queue
- **Docker-in-Docker**: Socket mounted for running containerized tasks
## Access
Once deployed: https://kestra.taila5ad8.ts.net
## Directory Structure
```
/opt/kestra/
├── tailscale/
│ └── serve-config.json # Tailscale HTTPS configuration
└── config/
└── application.yaml # Kestra configuration
```
## Environment Variables
| Variable | Description | Required |
|----------|-------------|----------|
| `TS_AUTHKEY` | Tailscale authentication key | Yes |
| `DB_HOST` | PostgreSQL host | Yes |
| `DB_PORT` | PostgreSQL port | Yes |
| `DB_NAME` | Database name | Yes |
| `DB_USER` | Database user | Yes |
| `DB_PASSWORD` | Database password | Yes |
| `KESTRA_ADMIN_USER` | Admin username | No (default: admin) |
| `KESTRA_ADMIN_PASSWORD` | Admin password | Yes |