Writable secrets that can be consumed

2025-11-05 21:30:31 +01:00 · 2025-11-05 21:30:31 +01:00 · 2271827ec5
commit 2271827ec5
parent 8fa0489d22
1 changed files with 19 additions and 2 deletions
--- a/backend-api/deployment.yaml
+++ b/backend-api/deployment.yaml
@ -15,6 +15,22 @@ spec:
    spec:
      imagePullSecrets:
        - name: ghcr-secret
+      initContainers:
+        - name: copy-secrets
+          image: busybox
+          command:
+            - sh
+            - -c
+            - |
+              for f in /secrets/*; do
+                cp "$f" /etc/secrets/
+                chmod 666 "/etc/secrets/$(basename $f)"
+              done
+          volumeMounts:
+            - name: backend-api-secrets
+              mountPath: /secrets
+            - name: writable-secrets
+              mountPath: /etc/secrets
      containers:
        - name: backend-api
          image: ghcr.io/gansejunge/app-notifications-backend-api:24
@ -26,10 +42,11 @@ spec:
            - name: LOG_LEVEL
              value: "INFO"
          volumeMounts:
-            - name: backend-api-secrets
+            - name: writable-secrets
              mountPath: /etc/secrets
-              readOnly: true
      volumes:
        - name: backend-api-secrets
          secret:
            secretName: backend-api
+        - name: writable-secrets
+          emptyDir: {}