From b7b56938aad99bf01a24f1670af852837d6e4b3e Mon Sep 17 00:00:00 2001 From: ZhenYi <434836402@qq.com> Date: Wed, 15 Apr 2026 14:06:40 +0800 Subject: [PATCH] fix(deploy): use secretRef instead of configMapRef in all deployments ConfigMap was removed from Helm chart (managed externally). Secret contains all required env vars (APP_DATABASE_URL, APP_REDIS_URL, SMTP credentials, SSH domain/key, etc.) and is always rendered (helm.sh/resource-policy: keep prevents deletion on upgrade). Also add APP_SSH_PORT and APP_SSH_SERVER_PRIVATE_KEY to secret template. --- deploy/templates/app-deployment.yaml | 4 ++-- deploy/templates/email-worker-deployment.yaml | 4 ++-- deploy/templates/git-hook-deployment.yaml | 4 ++-- deploy/templates/gitserver-deployment.yaml | 4 ++-- deploy/templates/operator-deployment.yaml | 4 ++-- deploy/templates/secret.yaml | 10 +++++++++- deploy/templates/static-deployment.yaml | 4 ++-- 7 files changed, 21 insertions(+), 13 deletions(-) diff --git a/deploy/templates/app-deployment.yaml b/deploy/templates/app-deployment.yaml index 3f9b5c2..8d28f98 100644 --- a/deploy/templates/app-deployment.yaml +++ b/deploy/templates/app-deployment.yaml @@ -36,8 +36,8 @@ spec: containerPort: {{ .Values.app.service.port }} protocol: TCP envFrom: - - configMapRef: - name: {{ include "gitdata.fullname" . }}-config + - secretRef: + name: {{ include "gitdata.fullname" . }}-secrets {{- range .Values.app.env }} - name: {{ .name }} value: {{ .value | quote }} diff --git a/deploy/templates/email-worker-deployment.yaml b/deploy/templates/email-worker-deployment.yaml index 9d42762..1787328 100644 --- a/deploy/templates/email-worker-deployment.yaml +++ b/deploy/templates/email-worker-deployment.yaml @@ -31,8 +31,8 @@ spec: image: "{{ .Values.image.registry }}/{{ .Values.emailWorker.image.repository }}:{{ .Values.emailWorker.image.tag }}" imagePullPolicy: {{ .Values.emailWorker.image.pullPolicy | default .Values.image.pullPolicy }} envFrom: - - configMapRef: - name: {{ include "gitdata.fullname" . }}-config + - secretRef: + name: {{ include "gitdata.fullname" . }}-secrets {{- range .Values.emailWorker.env }} - name: {{ .name }} value: {{ .value | quote }} diff --git a/deploy/templates/git-hook-deployment.yaml b/deploy/templates/git-hook-deployment.yaml index 05d5fbf..0cb0d9e 100644 --- a/deploy/templates/git-hook-deployment.yaml +++ b/deploy/templates/git-hook-deployment.yaml @@ -31,8 +31,8 @@ spec: image: "{{ .Values.image.registry }}/{{ .Values.gitHook.image.repository }}:{{ .Values.gitHook.image.tag }}" imagePullPolicy: {{ .Values.gitHook.image.pullPolicy | default .Values.image.pullPolicy }} envFrom: - - configMapRef: - name: {{ include "gitdata.fullname" . }}-config + - secretRef: + name: {{ include "gitdata.fullname" . }}-secrets {{- range .Values.gitHook.env }} - name: {{ .name }} value: {{ .value | quote }} diff --git a/deploy/templates/gitserver-deployment.yaml b/deploy/templates/gitserver-deployment.yaml index 2d766cc..5b5fe3f 100644 --- a/deploy/templates/gitserver-deployment.yaml +++ b/deploy/templates/gitserver-deployment.yaml @@ -45,8 +45,8 @@ spec: containerPort: {{ $svc.service.ssh.port }} protocol: TCP envFrom: - - configMapRef: - name: {{ $fullName }}-config + - secretRef: + name: {{ $fullName }}-secrets env: - name: APP_REPOS_ROOT value: /data/repos diff --git a/deploy/templates/operator-deployment.yaml b/deploy/templates/operator-deployment.yaml index 5555cfc..1319a81 100644 --- a/deploy/templates/operator-deployment.yaml +++ b/deploy/templates/operator-deployment.yaml @@ -30,8 +30,8 @@ spec: image: "{{ .Values.image.registry }}/{{ .Values.operator.image.repository }}:{{ .Values.operator.image.tag }}" imagePullPolicy: {{ .Values.operator.image.pullPolicy | default .Values.image.pullPolicy }} envFrom: - - configMapRef: - name: {{ include "gitdata.fullname" . }}-config + - secretRef: + name: {{ include "gitdata.fullname" . }}-secrets env: - name: OPERATOR_IMAGE_PREFIX value: {{ .Values.operator.imagePrefix | default (printf "%s/" (include "gitdata.fullname" .)) | quote }} diff --git a/deploy/templates/secret.yaml b/deploy/templates/secret.yaml index 0f797ae..4d1d03d 100644 --- a/deploy/templates/secret.yaml +++ b/deploy/templates/secret.yaml @@ -9,7 +9,9 @@ */ -}} {{- $secrets := .Values.secrets | default dict -}} -{{- if $secrets.create -}} +{{- /* Always render Secret (helm.sh/resource-policy: keep prevents deletion on upgrade) */ -}} +{{- /* Set secrets.enabled: false to disable */ -}} +{{- if ne $secrets.enabled false -}} apiVersion: v1 kind: Secret metadata: @@ -57,6 +59,12 @@ stringData: {{- if $secrets.sshDomain }} APP_SSH_DOMAIN: {{ $secrets.sshDomain | quote }} {{- end }} + {{- if $secrets.sshPort }} + APP_SSH_PORT: {{ $secrets.sshPort | quote }} + {{- end }} + {{- if $secrets.sshServerPrivateKey }} + APP_SSH_SERVER_PRIVATE_KEY: {{ $secrets.sshServerPrivateKey | quote }} + {{- end }} {{- range $key, $value := $secrets.extra | default dict }} {{ $key }}: {{ $value | quote }} {{- end }} diff --git a/deploy/templates/static-deployment.yaml b/deploy/templates/static-deployment.yaml index 062ef9a..3cdf841 100644 --- a/deploy/templates/static-deployment.yaml +++ b/deploy/templates/static-deployment.yaml @@ -41,8 +41,8 @@ spec: containerPort: {{ $svc.service.port }} protocol: TCP envFrom: - - configMapRef: - name: {{ $fullName }}-config + - secretRef: + name: {{ $fullName }}-secrets env: - name: STATIC_ROOT value: /data