fixed secret encoding & labels

This commit is contained in:
jem 2021-09-21 18:46:47 +02:00
parent 456f17562b
commit b4932f3a85
7 changed files with 48 additions and 50 deletions

View file

@ -3,7 +3,7 @@ kind: Secret
metadata:
name: backup-secret
type: Opaque
stringData:
aws-access-key-id: aws-access-key-id
aws-secret-access-key: aws-secret-access-key
restic-password: restic-password
data:
aws-access-key-id: "aws-access-key-id"
aws-secret-access-key: "aws-secret-access-key"
restic-password: "restic-password"

View file

@ -1,67 +1,61 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: cloud
name: cloud-deployment
spec:
selector:
matchLabels:
app: cloud
app.kubernetes.io/name: cloud-pod
app.kubernetes.io/application: cloud
strategy:
type: Recreate
template:
metadata:
labels:
app: cloud
app.kubernetes.io/name: cloud-pod
app.kubernetes.io/application: cloud
redeploy: v3
spec:
containers:
- image: domaindrivenarchitecture/c4k-cloud-app
- image: domaindrivenarchitecture/c4k-cloud
name: cloud-app
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
env:
- name: NEXTCLOUD_ADMIN_USER_FILE
value: /var/run/secrets/cloud-secrets/nextcloud-admin-user
- name: NEXTCLOUD_ADMIN_PASSWORD_FILE
value: /var/run/secrets/cloud-secrets/nextcloud-admin-password
- name: NEXTCLOUD_ADMIN_USER
valueFrom:
secretKeyRef:
name: cloud-secret
key: nextcloud-admin-user
- name: NEXTCLOUD_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: cloud-secret
key: nextcloud-admin-password
- name: NEXTCLOUD_TRUSTED_DOMAINS
value: fqdn
- name: POSTGRES_USER_FILE
value: /var/run/secrets/postgres-secret/postgres-user
- name: POSTGRES_PASSWORD_FILE
value: /var/run/secrets/postgres-secret/postgres-password
- name: POSTGRES_DB_FILE
value: /var/run/configs/postgres-config/postgres-db
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: postgres-secret
key: postgres-user
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: postgres-secret
key: postgres-password
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: postgres-config
key: postgres-db
- name: POSTGRES_HOST
value: "postgresql-service:5432"
volumeMounts:
- name: cloud-data-volume
mountPath: /var/www/html
- name: cloud-secret-volume
mountPath: /var/run/secrets/cloud-secrets
readOnly: true
- name: postgres-secret-volume
mountPath: /var/run/secrets/postgres-secret
readOnly: true
- name: postgres-config-volume
mountPath: /var/run/configs/postgres-config
readOnly: true
volumes:
- name: cloud-data-volume
persistentVolumeClaim:
claimName: cloud-pvc
- name: cloud-secret-volume
secret:
secretName: cloud-secret
- name: postgres-secret-volume
secret:
secretName: postgres-secret
- name: postgres-config-volume
configMap:
name: postgres-config
items:
- key: postgres-db
path: postgres-db
- name: backup-secret-volume
secret:
secretName: backup-secret

View file

@ -4,7 +4,7 @@ metadata:
name: cloud-pv-volume
labels:
type: local
app: cloud
app.kubernetes.io/application: cloud
spec:
storageClassName: manual
accessModes:

View file

@ -3,7 +3,7 @@ kind: PersistentVolumeClaim
metadata:
name: cloud-pvc
labels:
app: cloud
app.kubernetes.io/application: cloud
spec:
storageClassName: manual
accessModes:
@ -13,4 +13,4 @@ spec:
storage: 200Gi
selector:
matchLabels:
app: cloud
app.kubernetes.io/application: cloud

View file

@ -3,6 +3,6 @@ kind: Secret
metadata:
name: cloud-secret
type: Opaque
stringData:
nextcloud-admin-user: admin-user
nextcloud-admin-password: admin-password
data:
nextcloud-admin-user: "admin-user"
nextcloud-admin-password: "admin-password"

View file

@ -2,8 +2,12 @@ apiVersion: v1
kind: Service
metadata:
name: cloud-service
labels:
app.kubernetes.io/name: cloud-service
app.kubernetes.io/application: cloud
spec:
selector:
app.kubernetes.io/name: cloud
app.kubernetes.io/name: cloud-pod
app.kubernetes.io/application: cloud
ports:
- port: 80

View file

@ -1,4 +1,4 @@
{:fqdn "cloud-neu.prod.meissa-gmbh.de"
{:fqdn "cloud.test.meissa-gmbh.de"
:issuer :staging
:nextcloud-data-volume-path "/var/cloud"
:postgres-data-volume-path "/var/postgres"