fixed secret encoding & labels

This commit is contained in:
jem 2021-09-21 18:46:47 +02:00
parent 456f17562b
commit b4932f3a85
7 changed files with 48 additions and 50 deletions

View file

@ -3,7 +3,7 @@ kind: Secret
metadata: metadata:
name: backup-secret name: backup-secret
type: Opaque type: Opaque
stringData: data:
aws-access-key-id: aws-access-key-id aws-access-key-id: "aws-access-key-id"
aws-secret-access-key: aws-secret-access-key aws-secret-access-key: "aws-secret-access-key"
restic-password: restic-password restic-password: "restic-password"

View file

@ -1,67 +1,61 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: cloud name: cloud-deployment
spec: spec:
selector: selector:
matchLabels: matchLabels:
app: cloud app.kubernetes.io/name: cloud-pod
app.kubernetes.io/application: cloud
strategy: strategy:
type: Recreate type: Recreate
template: template:
metadata: metadata:
labels: labels:
app: cloud app.kubernetes.io/name: cloud-pod
app.kubernetes.io/application: cloud
redeploy: v3
spec: spec:
containers: containers:
- image: domaindrivenarchitecture/c4k-cloud-app - image: domaindrivenarchitecture/c4k-cloud
name: cloud-app name: cloud-app
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- containerPort: 80 - containerPort: 80
env: env:
- name: NEXTCLOUD_ADMIN_USER_FILE - name: NEXTCLOUD_ADMIN_USER
value: /var/run/secrets/cloud-secrets/nextcloud-admin-user valueFrom:
- name: NEXTCLOUD_ADMIN_PASSWORD_FILE secretKeyRef:
value: /var/run/secrets/cloud-secrets/nextcloud-admin-password name: cloud-secret
key: nextcloud-admin-user
- name: NEXTCLOUD_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: cloud-secret
key: nextcloud-admin-password
- name: NEXTCLOUD_TRUSTED_DOMAINS - name: NEXTCLOUD_TRUSTED_DOMAINS
value: fqdn value: fqdn
- name: POSTGRES_USER_FILE - name: POSTGRES_USER
value: /var/run/secrets/postgres-secret/postgres-user valueFrom:
- name: POSTGRES_PASSWORD_FILE secretKeyRef:
value: /var/run/secrets/postgres-secret/postgres-password name: postgres-secret
- name: POSTGRES_DB_FILE key: postgres-user
value: /var/run/configs/postgres-config/postgres-db - name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: postgres-secret
key: postgres-password
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: postgres-config
key: postgres-db
- name: POSTGRES_HOST - name: POSTGRES_HOST
value: "postgresql-service:5432" value: "postgresql-service:5432"
volumeMounts: volumeMounts:
- name: cloud-data-volume - name: cloud-data-volume
mountPath: /var/www/html mountPath: /var/www/html
- name: cloud-secret-volume
mountPath: /var/run/secrets/cloud-secrets
readOnly: true
- name: postgres-secret-volume
mountPath: /var/run/secrets/postgres-secret
readOnly: true
- name: postgres-config-volume
mountPath: /var/run/configs/postgres-config
readOnly: true
volumes: volumes:
- name: cloud-data-volume - name: cloud-data-volume
persistentVolumeClaim: persistentVolumeClaim:
claimName: cloud-pvc claimName: cloud-pvc
- name: cloud-secret-volume
secret:
secretName: cloud-secret
- name: postgres-secret-volume
secret:
secretName: postgres-secret
- name: postgres-config-volume
configMap:
name: postgres-config
items:
- key: postgres-db
path: postgres-db
- name: backup-secret-volume
secret:
secretName: backup-secret

View file

@ -4,7 +4,7 @@ metadata:
name: cloud-pv-volume name: cloud-pv-volume
labels: labels:
type: local type: local
app: cloud app.kubernetes.io/application: cloud
spec: spec:
storageClassName: manual storageClassName: manual
accessModes: accessModes:

View file

@ -3,7 +3,7 @@ kind: PersistentVolumeClaim
metadata: metadata:
name: cloud-pvc name: cloud-pvc
labels: labels:
app: cloud app.kubernetes.io/application: cloud
spec: spec:
storageClassName: manual storageClassName: manual
accessModes: accessModes:
@ -13,4 +13,4 @@ spec:
storage: 200Gi storage: 200Gi
selector: selector:
matchLabels: matchLabels:
app: cloud app.kubernetes.io/application: cloud

View file

@ -3,6 +3,6 @@ kind: Secret
metadata: metadata:
name: cloud-secret name: cloud-secret
type: Opaque type: Opaque
stringData: data:
nextcloud-admin-user: admin-user nextcloud-admin-user: "admin-user"
nextcloud-admin-password: admin-password nextcloud-admin-password: "admin-password"

View file

@ -2,8 +2,12 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: cloud-service name: cloud-service
labels:
app.kubernetes.io/name: cloud-service
app.kubernetes.io/application: cloud
spec: spec:
selector: selector:
app.kubernetes.io/name: cloud app.kubernetes.io/name: cloud-pod
app.kubernetes.io/application: cloud
ports: ports:
- port: 80 - port: 80

View file

@ -1,4 +1,4 @@
{:fqdn "cloud-neu.prod.meissa-gmbh.de" {:fqdn "cloud.test.meissa-gmbh.de"
:issuer :staging :issuer :staging
:nextcloud-data-volume-path "/var/cloud" :nextcloud-data-volume-path "/var/cloud"
:postgres-data-volume-path "/var/postgres" :postgres-data-volume-path "/var/postgres"