Skip to content

Commit

Permalink
[meshdb][celery] Map entire secret map instead of individual ones (#765)
Browse files Browse the repository at this point in the history 
* [meshdb][celery] Map entire secret map instead of individual ones
  • Loading branch information
@WillNilges
WillNilges authored Dec 3, 2024
1 parent 41530cf commit a57738f
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 147 deletions.
59 changes: 3 additions & 56 deletions infra/helm/meshdb/charts/celery/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,62 +44,9 @@ spec:
envFrom:
- configMapRef:
name: meshdbconfig
env:
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: meshdb-secrets
key: postgres-password
- name: DB_PASSWORD_RO
valueFrom:
secretKeyRef:
name: meshdb-secrets
key: postgres-password-ro
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: meshdb-secrets
key: aws-access-key-id
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: meshdb-secrets
key: aws-secret-access-key
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: meshdb-secrets
key: smtp-password
- name: DJANGO_SECRET_KEY
valueFrom:
secretKeyRef:
name: meshdb-secrets
key: django-secret-key
- name: NN_ASSIGN_PSK
valueFrom:
secretKeyRef:
name: meshdb-secrets
key: nn-assign-psk
- name: QUERY_PSK
valueFrom:
secretKeyRef:
name: meshdb-secrets
key: query-psk
- name: PANO_GITHUB_TOKEN
valueFrom:
secretKeyRef:
name: meshdb-secrets
key: pano-github-token
- name: UISP_PASS
valueFrom:
secretKeyRef:
name: meshdb-secrets
key: uisp-pass
- name: SLACK_ADMIN_NOTIFICATIONS_WEBHOOK_URL
valueFrom:
secretKeyRef:
name: meshdb-secrets
key: slack-webhook
envFrom:
- secretRef:
name: meshdb-secrets
{{- if .livenessProbe }}
livenessProbe:
{{- toYaml .livenessProbe | nindent 12 }}
Expand Down
79 changes: 3 additions & 76 deletions infra/helm/meshdb/templates/meshweb.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,82 +40,9 @@ spec:
envFrom:
- configMapRef:
name: meshdbconfig
env:
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: meshdb-secrets
key: postgres-password
- name: DB_PASSWORD_RO
valueFrom:
secretKeyRef:
name: meshdb-secrets
key: postgres-password-ro
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: meshdb-secrets
key: aws-access-key-id
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: meshdb-secrets
key: aws-secret-access-key
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: meshdb-secrets
key: smtp-password
- name: DJANGO_SECRET_KEY
valueFrom:
secretKeyRef:
name: meshdb-secrets
key: django-secret-key
- name: NN_ASSIGN_PSK
valueFrom:
secretKeyRef:
name: meshdb-secrets
key: nn-assign-psk
- name: QUERY_PSK
valueFrom:
secretKeyRef:
name: meshdb-secrets
key: query-psk
- name: PANO_GITHUB_TOKEN
valueFrom:
secretKeyRef:
name: meshdb-secrets
key: pano-github-token
- name: UISP_PASS
valueFrom:
secretKeyRef:
name: meshdb-secrets
key: uisp-pass
- name: SLACK_ADMIN_NOTIFICATIONS_WEBHOOK_URL
valueFrom:
secretKeyRef:
name: meshdb-secrets
key: slack-webhook
- name: SLACK_JOIN_REQUESTS_CHANNEL_WEBHOOK_URL
valueFrom:
secretKeyRef:
name: meshdb-secrets
key: slack-join-webhook
- name: OSTICKET_API_TOKEN
valueFrom:
secretKeyRef:
name: meshdb-secrets
key: osticket-api-token
- name: RECAPTCHA_SERVER_SECRET_KEY_V2
valueFrom:
secretKeyRef:
name: meshdb-secrets
key: recaptcha-v2-secret
- name: RECAPTCHA_SERVER_SECRET_KEY_V3
valueFrom:
secretKeyRef:
name: meshdb-secrets
key: recaptcha-v3-secret
envFrom:
- secretRef:
name: meshdb-secrets
volumeMounts:
- name: static-content-vol
mountPath: /opt/meshdb/static
Expand Down
30 changes: 15 additions & 15 deletions infra/helm/meshdb/templates/secrets.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,18 +5,18 @@ metadata:
namespace: {{ .Values.meshdb_app_namespace }}
type: Opaque
data:
postgres-password: {{ .Values.pg.password | b64enc | quote }}
postgres-password-ro: {{ .Values.pg.password_ro | b64enc | quote }}
aws-access-key-id: {{ .Values.aws.access_key_id | b64enc | quote }}
aws-secret-access-key: {{ .Values.aws.secret_access_key | b64enc | quote }}
smtp-password: {{ .Values.email.smtp_password | b64enc | quote }}
django-secret-key: {{ .Values.meshweb.django_secret_key | b64enc | quote }}
nn-assign-psk: {{ .Values.meshweb.nn_assign_psk | b64enc | quote }}
query-psk: {{ .Values.meshweb.query_psk | b64enc | quote }}
uisp-pass: {{ .Values.uisp.psk | b64enc | quote }}
pano-github-token: {{ .Values.meshweb.pano_github_token | b64enc | quote }}
slack-webhook: {{ .Values.meshweb.slack_webhook | b64enc | quote }}
slack-join-webhook: {{ .Values.meshweb.slack_join_webhook | b64enc | quote }}
osticket-api-token: {{ .Values.meshweb.osticket_api_token | b64enc | quote }}
recaptcha-v2-secret: {{ .Values.meshweb.recaptcha_v2_secret | b64enc | quote }}
recaptcha-v3-secret: {{ .Values.meshweb.recaptcha_v3_secret | b64enc | quote }}
DB_PASSWORD: {{ .Values.pg.password | b64enc | quote }}
DB_PASSWORD_RO: {{ .Values.pg.password_ro | b64enc | quote }}
AWS_ACCESS_KEY_ID: {{ .Values.aws.access_key_id | b64enc | quote }}
AWS_SECRET_ACCESS_KEY: {{ .Values.aws.secret_access_key | b64enc | quote }}
SMTP_PASSWORD: {{ .Values.email.smtp_password | b64enc | quote }}
DJANGO_SECRET_KEY: {{ .Values.meshweb.django_secret_key | b64enc | quote }}
NN_ASSIGN_PSK: {{ .Values.meshweb.nn_assign_psk | b64enc | quote }}
QUERY_PSK: {{ .Values.meshweb.query_psk | b64enc | quote }}
PANO_GITHUB_TOKEN: {{ .Values.meshweb.pano_github_token | b64enc | quote }}
UISP_PASS: {{ .Values.uisp.psk | b64enc | quote }}
SLACK_ADMIN_NOTIFICATIONS_WEBHOOK_URL: {{ .Values.meshweb.slack_webhook | b64enc | quote }}
SLACK_JOIN_REQUESTS_CHANNEL_WEBHOOK_URL: {{ .Values.meshweb.slack_join_webhook | b64enc | quote }}
OSTICKET_API_TOKEN: {{ .Values.meshweb.osticket_api_token | b64enc | quote }}
RECAPTCHA_SERVER_SECRET_KEY_V2: {{ .Values.meshweb.recaptcha_v2_secret | b64enc | quote }}
RECAPTCHA_SERVER_SECRET_KEY_V3: {{ .Values.meshweb.recaptcha_v3_secret | b64enc | quote }}

0 comments on commit a57738f

Please sign in to comment.