notifier/ops-deployment
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Writable secrets that can be consumed

Browse Source
This commit is contained in:
Florian 2025-11-05 21:41:39 +01:00
parent 2271827ec5
commit a8a01b81b5
4 changed files with 77 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
backend-api-internal/deployment.yaml
View File

@ -15,6 +15,22 @@ spec:
spec: spec:
imagePullSecrets: imagePullSecrets:
- name: ghcr-secret - name: ghcr-secret
initContainers:
- name: copy-secrets
image: busybox
command:
- sh
- -c
- |
for f in /secrets/*; do
cp "$f" /etc/secrets/
chmod 666 "/etc/secrets/$(basename $f)"
done
volumeMounts:
- name: backend-api-internal-secrets
mountPath: /secrets
- name: writable-secrets
mountPath: /etc/secrets
containers: containers:
- name: backend-api-internal - name: backend-api-internal
image: ghcr.io/gansejunge/app-notifications-backend-api-internal:11 image: ghcr.io/gansejunge/app-notifications-backend-api-internal:11
@ -28,10 +44,13 @@ spec:
- name: LOG_LEVEL - name: LOG_LEVEL
value: "INFO" value: "INFO"
volumeMounts: volumeMounts:
- name: backend-api-internal-secrets - name: writable-secrets
mountPath: /etc/secrets mountPath: /etc/secrets
readOnly: true readOnly: true
volumes: volumes:
- name: backend-api-internal-secrets - name: backend-api-internal-secrets
secret: secret:
secretName: backend-api-internal secretName: backend-api-internal
- name: writable-secrets
emptyDir: {}

20
backend-push-notifications/deployment.yaml
View File

@ -15,6 +15,22 @@ spec:
spec: spec:
imagePullSecrets: imagePullSecrets:
- name: ghcr-secret - name: ghcr-secret
initContainers:
- name: copy-secrets
image: busybox
command:
- sh
- -c
- |
for f in /secrets/*; do
cp "$f" /etc/secrets/
chmod 666 "/etc/secrets/$(basename $f)"
done
volumeMounts:
- name: backend-push-notifications-secrets
mountPath: /secrets
- name: writable-secrets
mountPath: /etc/secrets
containers: containers:
- name: backend-push-notifications - name: backend-push-notifications
image: ghcr.io/gansejunge/app-notifications-backend-push-notifications:8 image: ghcr.io/gansejunge/app-notifications-backend-push-notifications:8
@ -27,10 +43,12 @@ spec:
- name: BACKEND_PN_DB_HOST - name: BACKEND_PN_DB_HOST
value: "mysql.app-notifications.svc.cluster.local" value: "mysql.app-notifications.svc.cluster.local"
volumeMounts: volumeMounts:
- name: backend-push-notifications-secrets - name: writable-secrets
mountPath: /etc/secrets mountPath: /etc/secrets
readOnly: true readOnly: true
volumes: volumes:
- name: backend-push-notifications-secrets - name: backend-push-notifications-secrets
secret: secret:
secretName: backend-push-notifications secretName: backend-push-notifications
- name: writable-secrets
emptyDir: {}

20
service-docker-repository-query/deployment.yaml
View File

@ -15,6 +15,22 @@ spec:
spec: spec:
imagePullSecrets: imagePullSecrets:
- name: ghcr-secret - name: ghcr-secret
initContainers:
- name: copy-secrets
image: busybox
command:
- sh
- -c
- |
for f in /secrets/*; do
cp "$f" /etc/secrets/
chmod 666 "/etc/secrets/$(basename $f)"
done
volumeMounts:
- name: service-docker-repository-query-secrets
mountPath: /secrets
- name: writable-secrets
mountPath: /etc/secrets
containers: containers:
- name: service-docker-repository-query - name: service-docker-repository-query
image: ghcr.io/gansejunge/app-notifications-service-docker-repository-query:13 image: ghcr.io/gansejunge/app-notifications-service-docker-repository-query:13
@ -29,10 +45,12 @@ spec:
- name: BACKEND_API_URL - name: BACKEND_API_URL
value: "http://backend-api-internal.app-notifications.svc.cluster.local:8101/internal/receive-notifications" value: "http://backend-api-internal.app-notifications.svc.cluster.local:8101/internal/receive-notifications"
volumeMounts: volumeMounts:
- name: service-docker-repository-query-secrets - name: writable-secrets
mountPath: /etc/secrets mountPath: /etc/secrets
readOnly: true readOnly: true
volumes: volumes:
- name: service-docker-repository-query-secrets - name: service-docker-repository-query-secrets
secret: secret:
secretName: service-docker-repository-query secretName: service-docker-repository-query
- name: writable-secrets
emptyDir: {}

20
service-royalroad-chapters/deployment.yaml
View File

@ -15,6 +15,22 @@ spec:
spec: spec:
imagePullSecrets: imagePullSecrets:
- name: ghcr-secret - name: ghcr-secret
initContainers:
- name: copy-secrets
image: busybox
command:
- sh
- -c
- |
for f in /secrets/*; do
cp "$f" /etc/secrets/
chmod 666 "/etc/secrets/$(basename $f)"
done
volumeMounts:
- name: service-royalroad-chapters-secrets
mountPath: /secrets
- name: writable-secrets
mountPath: /etc/secrets
containers: containers:
- name: service-royalroad-chapters - name: service-royalroad-chapters
image: ghcr.io/gansejunge/app-notifications-service-royalroad-chapters:16 image: ghcr.io/gansejunge/app-notifications-service-royalroad-chapters:16
@ -29,10 +45,12 @@ spec:
- name: BACKEND_API_URL - name: BACKEND_API_URL
value: "http://backend-api-internal.app-notifications.svc.cluster.local:8101/internal/receive-notifications" value: "http://backend-api-internal.app-notifications.svc.cluster.local:8101/internal/receive-notifications"
volumeMounts: volumeMounts:
- name: service-royalroad-chapters-secrets - name: writable-secrets
mountPath: /etc/secrets mountPath: /etc/secrets
readOnly: true readOnly: true
volumes: volumes:
- name: service-royalroad-chapters-secrets - name: service-royalroad-chapters-secrets
secret: secret:
secretName: service-royalroad-chapters secretName: service-royalroad-chapters
- name: writable-secrets
emptyDir: {}