fixed secret encoding & labels

src/main/resources/backup/secret.yaml

@@ -3,7 +3,7 @@ kind: Secret
 metadata:
   name: backup-secret
 type: Opaque
-stringData:
-  aws-access-key-id: aws-access-key-id
-  aws-secret-access-key: aws-secret-access-key
-  restic-password: restic-password
+data:
+  aws-access-key-id: "aws-access-key-id"
+  aws-secret-access-key: "aws-secret-access-key"
+  restic-password: "restic-password"

src/main/resources/nextcloud/deployment.yaml

@@ -1,67 +1,61 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: cloud
+  name: cloud-deployment
 spec:
   selector:
     matchLabels:
-      app: cloud
+      app.kubernetes.io/name: cloud-pod
+      app.kubernetes.io/application: cloud
   strategy:
     type: Recreate
   template:
     metadata:
       labels:
-        app: cloud
+        app.kubernetes.io/name: cloud-pod
+        app.kubernetes.io/application: cloud
+        redeploy: v3
     spec:
       containers:
-        - image: domaindrivenarchitecture/c4k-cloud-app
+        - image: domaindrivenarchitecture/c4k-cloud
           name: cloud-app
           imagePullPolicy: IfNotPresent
           ports:
           - containerPort: 80
           env:
-            - name: NEXTCLOUD_ADMIN_USER_FILE
-              value: /var/run/secrets/cloud-secrets/nextcloud-admin-user
-            - name: NEXTCLOUD_ADMIN_PASSWORD_FILE
-              value: /var/run/secrets/cloud-secrets/nextcloud-admin-password
+            - name: NEXTCLOUD_ADMIN_USER
+              valueFrom:
+                secretKeyRef:
+                  name: cloud-secret
+                  key: nextcloud-admin-user
+            - name: NEXTCLOUD_ADMIN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: cloud-secret
+                  key: nextcloud-admin-password
             - name: NEXTCLOUD_TRUSTED_DOMAINS
               value: fqdn
-            - name: POSTGRES_USER_FILE
-              value: /var/run/secrets/postgres-secret/postgres-user
-            - name: POSTGRES_PASSWORD_FILE
-              value: /var/run/secrets/postgres-secret/postgres-password
-            - name: POSTGRES_DB_FILE
-              value: /var/run/configs/postgres-config/postgres-db
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-secret
+                  key: postgres-user
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-secret
+                  key: postgres-password
+            - name: POSTGRES_DB
+              valueFrom:
+                configMapKeyRef:
+                  name: postgres-config
+                  key: postgres-db
             - name: POSTGRES_HOST
               value: "postgresql-service:5432"
           volumeMounts:
             - name: cloud-data-volume
               mountPath: /var/www/html
-            - name: cloud-secret-volume
-              mountPath: /var/run/secrets/cloud-secrets
-              readOnly: true
-            - name: postgres-secret-volume
-              mountPath: /var/run/secrets/postgres-secret
-              readOnly: true
-            - name: postgres-config-volume
-              mountPath: /var/run/configs/postgres-config
-              readOnly: true
       volumes:
       - name: cloud-data-volume
         persistentVolumeClaim:
           claimName: cloud-pvc
-      - name: cloud-secret-volume
-        secret:
-          secretName: cloud-secret
-      - name: postgres-secret-volume
-        secret:
-          secretName: postgres-secret
-      - name: postgres-config-volume
-        configMap:
-          name: postgres-config
-          items:
-            - key: postgres-db
-              path: postgres-db
-      - name: backup-secret-volume
-        secret:
-          secretName: backup-secret

src/main/resources/nextcloud/persistent-volume.yaml

@@ -4,7 +4,7 @@ metadata:
   name: cloud-pv-volume
   labels:
     type: local
-    app: cloud
+    app.kubernetes.io/application: cloud
 spec:
   storageClassName: manual
   accessModes:

src/main/resources/nextcloud/pvc.yaml

@@ -3,7 +3,7 @@ kind: PersistentVolumeClaim
 metadata:
   name: cloud-pvc
   labels:
-    app: cloud
+    app.kubernetes.io/application: cloud
 spec:
   storageClassName: manual
   accessModes:
@@ -13,4 +13,4 @@ spec:
       storage: 200Gi
   selector:
     matchLabels:
-      app: cloud
+      app.kubernetes.io/application: cloud

src/main/resources/nextcloud/secret.yaml

@@ -3,6 +3,6 @@ kind: Secret
 metadata:
   name: cloud-secret
 type: Opaque
-stringData:
-  nextcloud-admin-user: admin-user
-  nextcloud-admin-password: admin-password
+data:
+  nextcloud-admin-user: "admin-user"
+  nextcloud-admin-password: "admin-password"

src/main/resources/nextcloud/service.yaml

@@ -2,8 +2,12 @@ apiVersion: v1
 kind: Service
 metadata:
   name: cloud-service
+  labels:
+    app.kubernetes.io/name: cloud-service
+    app.kubernetes.io/application: cloud
 spec:
   selector:
-    app.kubernetes.io/name: cloud
+    app.kubernetes.io/name: cloud-pod
+    app.kubernetes.io/application: cloud
   ports:
     - port: 80

valid-config.edn

@@ -1,4 +1,4 @@
-{:fqdn "cloud-neu.prod.meissa-gmbh.de"
+{:fqdn "cloud.test.meissa-gmbh.de"
  :issuer :staging
  :nextcloud-data-volume-path "/var/cloud"
  :postgres-data-volume-path "/var/postgres"