From b4932f3a859e9d5e84aee0135c26b86d019cc23e Mon Sep 17 00:00:00 2001 From: jem Date: Tue, 21 Sep 2021 18:46:47 +0200 Subject: [PATCH] fixed secret encoding & labels --- src/main/resources/backup/secret.yaml | 8 +-- src/main/resources/nextcloud/deployment.yaml | 70 +++++++++---------- .../nextcloud/persistent-volume.yaml | 2 +- src/main/resources/nextcloud/pvc.yaml | 4 +- src/main/resources/nextcloud/secret.yaml | 6 +- src/main/resources/nextcloud/service.yaml | 6 +- valid-config.edn | 2 +- 7 files changed, 48 insertions(+), 50 deletions(-) diff --git a/src/main/resources/backup/secret.yaml b/src/main/resources/backup/secret.yaml index 4b68578..d345d7e 100644 --- a/src/main/resources/backup/secret.yaml +++ b/src/main/resources/backup/secret.yaml @@ -3,7 +3,7 @@ kind: Secret metadata: name: backup-secret type: Opaque -stringData: - aws-access-key-id: aws-access-key-id - aws-secret-access-key: aws-secret-access-key - restic-password: restic-password \ No newline at end of file +data: + aws-access-key-id: "aws-access-key-id" + aws-secret-access-key: "aws-secret-access-key" + restic-password: "restic-password" \ No newline at end of file diff --git a/src/main/resources/nextcloud/deployment.yaml b/src/main/resources/nextcloud/deployment.yaml index 340992a..f87b70a 100644 --- a/src/main/resources/nextcloud/deployment.yaml +++ b/src/main/resources/nextcloud/deployment.yaml @@ -1,67 +1,61 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: cloud + name: cloud-deployment spec: selector: matchLabels: - app: cloud + app.kubernetes.io/name: cloud-pod + app.kubernetes.io/application: cloud strategy: type: Recreate template: metadata: labels: - app: cloud + app.kubernetes.io/name: cloud-pod + app.kubernetes.io/application: cloud + redeploy: v3 spec: containers: - - image: domaindrivenarchitecture/c4k-cloud-app + - image: domaindrivenarchitecture/c4k-cloud name: cloud-app imagePullPolicy: IfNotPresent ports: - containerPort: 80 env: - - name: NEXTCLOUD_ADMIN_USER_FILE - value: /var/run/secrets/cloud-secrets/nextcloud-admin-user - - name: NEXTCLOUD_ADMIN_PASSWORD_FILE - value: /var/run/secrets/cloud-secrets/nextcloud-admin-password + - name: NEXTCLOUD_ADMIN_USER + valueFrom: + secretKeyRef: + name: cloud-secret + key: nextcloud-admin-user + - name: NEXTCLOUD_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: cloud-secret + key: nextcloud-admin-password - name: NEXTCLOUD_TRUSTED_DOMAINS value: fqdn - - name: POSTGRES_USER_FILE - value: /var/run/secrets/postgres-secret/postgres-user - - name: POSTGRES_PASSWORD_FILE - value: /var/run/secrets/postgres-secret/postgres-password - - name: POSTGRES_DB_FILE - value: /var/run/configs/postgres-config/postgres-db + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: postgres-secret + key: postgres-user + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: postgres-secret + key: postgres-password + - name: POSTGRES_DB + valueFrom: + configMapKeyRef: + name: postgres-config + key: postgres-db - name: POSTGRES_HOST value: "postgresql-service:5432" volumeMounts: - name: cloud-data-volume mountPath: /var/www/html - - name: cloud-secret-volume - mountPath: /var/run/secrets/cloud-secrets - readOnly: true - - name: postgres-secret-volume - mountPath: /var/run/secrets/postgres-secret - readOnly: true - - name: postgres-config-volume - mountPath: /var/run/configs/postgres-config - readOnly: true volumes: - name: cloud-data-volume persistentVolumeClaim: claimName: cloud-pvc - - name: cloud-secret-volume - secret: - secretName: cloud-secret - - name: postgres-secret-volume - secret: - secretName: postgres-secret - - name: postgres-config-volume - configMap: - name: postgres-config - items: - - key: postgres-db - path: postgres-db - - name: backup-secret-volume - secret: - secretName: backup-secret diff --git a/src/main/resources/nextcloud/persistent-volume.yaml b/src/main/resources/nextcloud/persistent-volume.yaml index 0200dba..17bbd04 100644 --- a/src/main/resources/nextcloud/persistent-volume.yaml +++ b/src/main/resources/nextcloud/persistent-volume.yaml @@ -4,7 +4,7 @@ metadata: name: cloud-pv-volume labels: type: local - app: cloud + app.kubernetes.io/application: cloud spec: storageClassName: manual accessModes: diff --git a/src/main/resources/nextcloud/pvc.yaml b/src/main/resources/nextcloud/pvc.yaml index 23fcdbf..1068bc2 100644 --- a/src/main/resources/nextcloud/pvc.yaml +++ b/src/main/resources/nextcloud/pvc.yaml @@ -3,7 +3,7 @@ kind: PersistentVolumeClaim metadata: name: cloud-pvc labels: - app: cloud + app.kubernetes.io/application: cloud spec: storageClassName: manual accessModes: @@ -13,4 +13,4 @@ spec: storage: 200Gi selector: matchLabels: - app: cloud + app.kubernetes.io/application: cloud diff --git a/src/main/resources/nextcloud/secret.yaml b/src/main/resources/nextcloud/secret.yaml index da692a4..58d649b 100644 --- a/src/main/resources/nextcloud/secret.yaml +++ b/src/main/resources/nextcloud/secret.yaml @@ -3,6 +3,6 @@ kind: Secret metadata: name: cloud-secret type: Opaque -stringData: - nextcloud-admin-user: admin-user - nextcloud-admin-password: admin-password +data: + nextcloud-admin-user: "admin-user" + nextcloud-admin-password: "admin-password" diff --git a/src/main/resources/nextcloud/service.yaml b/src/main/resources/nextcloud/service.yaml index 4711faf..2ef29e4 100644 --- a/src/main/resources/nextcloud/service.yaml +++ b/src/main/resources/nextcloud/service.yaml @@ -2,8 +2,12 @@ apiVersion: v1 kind: Service metadata: name: cloud-service + labels: + app.kubernetes.io/name: cloud-service + app.kubernetes.io/application: cloud spec: selector: - app.kubernetes.io/name: cloud + app.kubernetes.io/name: cloud-pod + app.kubernetes.io/application: cloud ports: - port: 80 diff --git a/valid-config.edn b/valid-config.edn index a9993d9..87ebb80 100644 --- a/valid-config.edn +++ b/valid-config.edn @@ -1,4 +1,4 @@ -{:fqdn "cloud-neu.prod.meissa-gmbh.de" +{:fqdn "cloud.test.meissa-gmbh.de" :issuer :staging :nextcloud-data-volume-path "/var/cloud" :postgres-data-volume-path "/var/postgres"