fix(deploy): use secretRef instead of configMapRef in all deployments
ConfigMap was removed from Helm chart (managed externally). Secret contains all required env vars (APP_DATABASE_URL, APP_REDIS_URL, SMTP credentials, SSH domain/key, etc.) and is always rendered (helm.sh/resource-policy: keep prevents deletion on upgrade). Also add APP_SSH_PORT and APP_SSH_SERVER_PRIVATE_KEY to secret template.
This commit is contained in:
ZhenYi
parent
ad2cb7255f
commit
b7b56938aa
@ -36,8 +36,8 @@ spec:
|
|||||||
containerPort: {{ .Values.app.service.port }}
|
containerPort: {{ .Values.app.service.port }}
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
envFrom:
|
envFrom:
|
||||||
- configMapRef:
|
- secretRef:
|
||||||
name: {{ include "gitdata.fullname" . }}-config
|
name: {{ include "gitdata.fullname" . }}-secrets
|
||||||
{{- range .Values.app.env }}
|
{{- range .Values.app.env }}
|
||||||
- name: {{ .name }}
|
- name: {{ .name }}
|
||||||
value: {{ .value | quote }}
|
value: {{ .value | quote }}
|
||||||
|
|||||||
@ -31,8 +31,8 @@ spec:
|
|||||||
image: "{{ .Values.image.registry }}/{{ .Values.emailWorker.image.repository }}:{{ .Values.emailWorker.image.tag }}"
|
image: "{{ .Values.image.registry }}/{{ .Values.emailWorker.image.repository }}:{{ .Values.emailWorker.image.tag }}"
|
||||||
imagePullPolicy: {{ .Values.emailWorker.image.pullPolicy | default .Values.image.pullPolicy }}
|
imagePullPolicy: {{ .Values.emailWorker.image.pullPolicy | default .Values.image.pullPolicy }}
|
||||||
envFrom:
|
envFrom:
|
||||||
- configMapRef:
|
- secretRef:
|
||||||
name: {{ include "gitdata.fullname" . }}-config
|
name: {{ include "gitdata.fullname" . }}-secrets
|
||||||
{{- range .Values.emailWorker.env }}
|
{{- range .Values.emailWorker.env }}
|
||||||
- name: {{ .name }}
|
- name: {{ .name }}
|
||||||
value: {{ .value | quote }}
|
value: {{ .value | quote }}
|
||||||
|
|||||||
@ -31,8 +31,8 @@ spec:
|
|||||||
image: "{{ .Values.image.registry }}/{{ .Values.gitHook.image.repository }}:{{ .Values.gitHook.image.tag }}"
|
image: "{{ .Values.image.registry }}/{{ .Values.gitHook.image.repository }}:{{ .Values.gitHook.image.tag }}"
|
||||||
imagePullPolicy: {{ .Values.gitHook.image.pullPolicy | default .Values.image.pullPolicy }}
|
imagePullPolicy: {{ .Values.gitHook.image.pullPolicy | default .Values.image.pullPolicy }}
|
||||||
envFrom:
|
envFrom:
|
||||||
- configMapRef:
|
- secretRef:
|
||||||
name: {{ include "gitdata.fullname" . }}-config
|
name: {{ include "gitdata.fullname" . }}-secrets
|
||||||
{{- range .Values.gitHook.env }}
|
{{- range .Values.gitHook.env }}
|
||||||
- name: {{ .name }}
|
- name: {{ .name }}
|
||||||
value: {{ .value | quote }}
|
value: {{ .value | quote }}
|
||||||
|
|||||||
@ -45,8 +45,8 @@ spec:
|
|||||||
containerPort: {{ $svc.service.ssh.port }}
|
containerPort: {{ $svc.service.ssh.port }}
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
envFrom:
|
envFrom:
|
||||||
- configMapRef:
|
- secretRef:
|
||||||
name: {{ $fullName }}-config
|
name: {{ $fullName }}-secrets
|
||||||
env:
|
env:
|
||||||
- name: APP_REPOS_ROOT
|
- name: APP_REPOS_ROOT
|
||||||
value: /data/repos
|
value: /data/repos
|
||||||
|
|||||||
@ -30,8 +30,8 @@ spec:
|
|||||||
image: "{{ .Values.image.registry }}/{{ .Values.operator.image.repository }}:{{ .Values.operator.image.tag }}"
|
image: "{{ .Values.image.registry }}/{{ .Values.operator.image.repository }}:{{ .Values.operator.image.tag }}"
|
||||||
imagePullPolicy: {{ .Values.operator.image.pullPolicy | default .Values.image.pullPolicy }}
|
imagePullPolicy: {{ .Values.operator.image.pullPolicy | default .Values.image.pullPolicy }}
|
||||||
envFrom:
|
envFrom:
|
||||||
- configMapRef:
|
- secretRef:
|
||||||
name: {{ include "gitdata.fullname" . }}-config
|
name: {{ include "gitdata.fullname" . }}-secrets
|
||||||
env:
|
env:
|
||||||
- name: OPERATOR_IMAGE_PREFIX
|
- name: OPERATOR_IMAGE_PREFIX
|
||||||
value: {{ .Values.operator.imagePrefix | default (printf "%s/" (include "gitdata.fullname" .)) | quote }}
|
value: {{ .Values.operator.imagePrefix | default (printf "%s/" (include "gitdata.fullname" .)) | quote }}
|
||||||
|
|||||||
@ -9,7 +9,9 @@
|
|||||||
*/ -}}
|
*/ -}}
|
||||||
|
|
||||||
{{- $secrets := .Values.secrets | default dict -}}
|
{{- $secrets := .Values.secrets | default dict -}}
|
||||||
{{- if $secrets.create -}}
|
{{- /* Always render Secret (helm.sh/resource-policy: keep prevents deletion on upgrade) */ -}}
|
||||||
|
{{- /* Set secrets.enabled: false to disable */ -}}
|
||||||
|
{{- if ne $secrets.enabled false -}}
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
@ -57,6 +59,12 @@ stringData:
|
|||||||
{{- if $secrets.sshDomain }}
|
{{- if $secrets.sshDomain }}
|
||||||
APP_SSH_DOMAIN: {{ $secrets.sshDomain | quote }}
|
APP_SSH_DOMAIN: {{ $secrets.sshDomain | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if $secrets.sshPort }}
|
||||||
|
APP_SSH_PORT: {{ $secrets.sshPort | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if $secrets.sshServerPrivateKey }}
|
||||||
|
APP_SSH_SERVER_PRIVATE_KEY: {{ $secrets.sshServerPrivateKey | quote }}
|
||||||
|
{{- end }}
|
||||||
{{- range $key, $value := $secrets.extra | default dict }}
|
{{- range $key, $value := $secrets.extra | default dict }}
|
||||||
{{ $key }}: {{ $value | quote }}
|
{{ $key }}: {{ $value | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|||||||
@ -41,8 +41,8 @@ spec:
|
|||||||
containerPort: {{ $svc.service.port }}
|
containerPort: {{ $svc.service.port }}
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
envFrom:
|
envFrom:
|
||||||
- configMapRef:
|
- secretRef:
|
||||||
name: {{ $fullName }}-config
|
name: {{ $fullName }}-secrets
|
||||||
env:
|
env:
|
||||||
- name: STATIC_ROOT
|
- name: STATIC_ROOT
|
||||||
value: /data
|
value: /data
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user