# Kestra Deployment

GitOps deployment for Kestra with Tailscale HTTPS access and route acceptance.

## Prerequisites

### PostgreSQL Database

Connect to your PostgreSQL server and create the database:

```sql
CREATE DATABASE kestra;
CREATE USER kestra WITH PASSWORD 'your-secure-password';
GRANT ALL PRIVILEGES ON DATABASE kestra TO kestra;
ALTER DATABASE kestra OWNER TO kestra;
```

### Host Configuration

Download configuration files to `/opt/kestra` (first time only):

```bash
sudo mkdir -p /opt/kestra/{tailscale,config}
sudo curl -o /opt/kestra/tailscale/serve-config.json https://gitea.arnodo.fr/Damien/kestra-deployment/raw/branch/main/serve-config.json
sudo curl -o /opt/kestra/config/application.yaml https://gitea.arnodo.fr/Damien/kestra-deployment/raw/branch/main/application.yaml
```

## Deployment

1. Create a new stack in Portainer
2. Select "Repository" and point to this repository
3. Portainer will load `stack.env` automatically
4. Override sensitive values (`CHANGE_ME`) in the environment variables section:
   - `TS_AUTHKEY` - Tailscale auth key (reusable recommended)
   - `DB_PASSWORD` - PostgreSQL password
   - `KESTRA_ADMIN_PASSWORD` - Kestra admin password
5. Deploy

## Features

- **Tailscale Sidecar**: HTTPS access via Tailscale with automatic certificate management
- **Route Acceptance**: `--accept-routes` enabled to reach other services on the tailnet
- **PostgreSQL Backend**: External PostgreSQL for persistent storage and queue
- **Docker-in-Docker**: Socket mounted for running containerized tasks

## Access

Once deployed: https://kestra.taila5ad8.ts.net

## Directory Structure

```
/opt/kestra/
├── tailscale/
│   └── serve-config.json     # Tailscale HTTPS configuration
└── config/
    └── application.yaml      # Kestra configuration
```

## Environment Variables

| Variable | Description | Required |
|----------|-------------|----------|
| `TS_AUTHKEY` | Tailscale authentication key | Yes |
| `DB_HOST` | PostgreSQL host | Yes |
| `DB_PORT` | PostgreSQL port | Yes |
| `DB_NAME` | Database name | Yes |
| `DB_USER` | Database user | Yes |
| `DB_PASSWORD` | Database password | Yes |
| `KESTRA_ADMIN_USER` | Admin username | No (default: admin) |
| `KESTRA_ADMIN_PASSWORD` | Admin password | Yes |