fix: move secrets to a k8s secret
Signed-off-by: Ameya Shenoy <shenoy.ameya@gmail.com>
This commit is contained in:
parent
6cc1af314b
commit
d1e5d96fcf
GPG key ID:
F7D58AAC5DACF8D3
7 changed files with 45 additions and 109 deletions
|
|
@ -90,12 +90,19 @@ The recommended way for deploy is on Kubernetes. You can find the related files
|
||||||
|
|
||||||
in `k8s` directory.
|
in `k8s` directory.
|
||||||
|
|
||||||
|
Before deploy create a `secret.yaml` file in `k8s/app`, with base 64 encoded
|
||||||
|
secrets. A sample file named `sample-secret.yaml` has been committed listing all
|
||||||
|
the required variables. Change the secrets preset in the file before using it.
|
||||||
|
|
||||||
- One time deploy
|
- One time deploy
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
# Deploy ingress
|
# Deploy ingress
|
||||||
kubectl apply -f k8s/ingress/ingress-https.yaml
|
kubectl apply -f k8s/ingress/ingress-https.yaml
|
||||||
|
|
||||||
|
# Deploy secrets
|
||||||
|
kubectl apply -f k8s/app/secret.yaml
|
||||||
|
|
||||||
# Deploy Postgres and Redis DB
|
# Deploy Postgres and Redis DB
|
||||||
kubectl apply -f k8s/app/redis.yaml
|
kubectl apply -f k8s/app/redis.yaml
|
||||||
kubectl apply -f k8s/app/postgres.yaml
|
kubectl apply -f k8s/app/postgres.yaml
|
||||||
|
|
@ -109,7 +116,7 @@ kubectl apply -f k8s/app/rqscheduler.yaml
|
||||||
kubectl apply -f k8s/app/frontend.yaml
|
kubectl apply -f k8s/app/frontend.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
- Subsequent deploys can be done by rolloing out a restart since all pods have a `imagePullPolicy` set to Always
|
- Subsequent deploys can be done by rolloing out a restart since all pods have a `imagePullPolicy` set to `Always`
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
# Push containers to Docker Hub and Deploy to K8s
|
# Push containers to Docker Hub and Deploy to K8s
|
||||||
|
|
|
||||||
1
k8s/app/.gitignore
vendored
Normal file
1
k8s/app/.gitignore
vendored
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
secret.yaml
|
||||||
|
|
@ -22,39 +22,9 @@ spec:
|
||||||
containers:
|
containers:
|
||||||
- name: bullish-backend
|
- name: bullish-backend
|
||||||
image: codingcoffee/bullish-backend
|
image: codingcoffee/bullish-backend
|
||||||
env:
|
envFrom:
|
||||||
- name: POSTGRES_USER
|
- secretRef:
|
||||||
value: bullish
|
name: bullish-secret
|
||||||
- name: POSTGRES_PASSWORD
|
|
||||||
value: password
|
|
||||||
- name: POSTGRES_DB
|
|
||||||
value: bullish
|
|
||||||
- name: PGDATA
|
|
||||||
value: /var/lib/postgresql/data/pgdata
|
|
||||||
- name: SECRET_KEY
|
|
||||||
value: sample
|
|
||||||
- name: ALLOWED_HOSTS
|
|
||||||
value: api.bullish.codingcoffee.me
|
|
||||||
- name: CORS_ALLOWED_ORIGINS
|
|
||||||
value: https://bullish.codingcoffee.me
|
|
||||||
- name: REDIS_HOST
|
|
||||||
value: bullish-redis
|
|
||||||
- name: REDIS_PORT
|
|
||||||
value: "6379"
|
|
||||||
- name: REDIS_CACHE_DB
|
|
||||||
value: "1"
|
|
||||||
- name: REDIS_QUEUE_DB
|
|
||||||
value: "0"
|
|
||||||
- name: POSTGRES_SERVER
|
|
||||||
value: bullish-database
|
|
||||||
- name: POSTGRES_USER
|
|
||||||
value: bullish
|
|
||||||
- name: POSTGRES_PASSWORD
|
|
||||||
value: password
|
|
||||||
- name: POSTGRES_DB
|
|
||||||
value: bullish
|
|
||||||
- name: POSTGRES_PORT
|
|
||||||
value: "5432"
|
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -28,15 +28,9 @@ spec:
|
||||||
containers:
|
containers:
|
||||||
- name: postgres
|
- name: postgres
|
||||||
image: postgres:13.1-alpine
|
image: postgres:13.1-alpine
|
||||||
env:
|
envFrom:
|
||||||
- name: POSTGRES_USER
|
- secretRef:
|
||||||
value: bullish
|
name: bullish-secret
|
||||||
- name: POSTGRES_PASSWORD
|
|
||||||
value: password
|
|
||||||
- name: POSTGRES_DB
|
|
||||||
value: bullish
|
|
||||||
- name: PGDATA
|
|
||||||
value: /var/lib/postgresql/data/pgdata
|
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: postgres-data
|
- name: postgres-data
|
||||||
mountPath: /var/lib/postgresql/data/pgdata
|
mountPath: /var/lib/postgresql/data/pgdata
|
||||||
|
|
|
||||||
|
|
@ -26,38 +26,8 @@ spec:
|
||||||
- "/bin/sh"
|
- "/bin/sh"
|
||||||
- "-c"
|
- "-c"
|
||||||
- "python manage.py rqscheduler"
|
- "python manage.py rqscheduler"
|
||||||
env:
|
envFrom:
|
||||||
- name: POSTGRES_USER
|
- secretRef:
|
||||||
value: bullish
|
name: bullish-secret
|
||||||
- name: POSTGRES_PASSWORD
|
|
||||||
value: password
|
|
||||||
- name: POSTGRES_DB
|
|
||||||
value: bullish
|
|
||||||
- name: PGDATA
|
|
||||||
value: /var/lib/postgresql/data/pgdata
|
|
||||||
- name: SECRET_KEY
|
|
||||||
value: sample
|
|
||||||
- name: ALLOWED_HOSTS
|
|
||||||
value: api.bullish.codingcoffee.me
|
|
||||||
- name: CORS_ALLOWED_ORIGINS
|
|
||||||
value: https://bullish.codingcoffee.me
|
|
||||||
- name: REDIS_HOST
|
|
||||||
value: bullish-redis
|
|
||||||
- name: REDIS_PORT
|
|
||||||
value: "6379"
|
|
||||||
- name: REDIS_CACHE_DB
|
|
||||||
value: "1"
|
|
||||||
- name: REDIS_QUEUE_DB
|
|
||||||
value: "0"
|
|
||||||
- name: POSTGRES_SERVER
|
|
||||||
value: bullish-database
|
|
||||||
- name: POSTGRES_USER
|
|
||||||
value: bullish
|
|
||||||
- name: POSTGRES_PASSWORD
|
|
||||||
value: password
|
|
||||||
- name: POSTGRES_DB
|
|
||||||
value: bullish
|
|
||||||
- name: POSTGRES_PORT
|
|
||||||
value: "5432"
|
|
||||||
|
|
||||||
...
|
...
|
||||||
|
|
|
||||||
|
|
@ -26,38 +26,8 @@ spec:
|
||||||
- "/bin/sh"
|
- "/bin/sh"
|
||||||
- "-c"
|
- "-c"
|
||||||
- "python manage.py rqworker default"
|
- "python manage.py rqworker default"
|
||||||
env:
|
envFrom:
|
||||||
- name: POSTGRES_USER
|
- secretRef:
|
||||||
value: bullish
|
name: bullish-secret
|
||||||
- name: POSTGRES_PASSWORD
|
|
||||||
value: password
|
|
||||||
- name: POSTGRES_DB
|
|
||||||
value: bullish
|
|
||||||
- name: PGDATA
|
|
||||||
value: /var/lib/postgresql/data/pgdata
|
|
||||||
- name: SECRET_KEY
|
|
||||||
value: sample
|
|
||||||
- name: ALLOWED_HOSTS
|
|
||||||
value: api.bullish.codingcoffee.me
|
|
||||||
- name: CORS_ALLOWED_ORIGINS
|
|
||||||
value: https://bullish.codingcoffee.me
|
|
||||||
- name: REDIS_HOST
|
|
||||||
value: bullish-redis
|
|
||||||
- name: REDIS_PORT
|
|
||||||
value: "6379"
|
|
||||||
- name: REDIS_CACHE_DB
|
|
||||||
value: "1"
|
|
||||||
- name: REDIS_QUEUE_DB
|
|
||||||
value: "0"
|
|
||||||
- name: POSTGRES_SERVER
|
|
||||||
value: bullish-database
|
|
||||||
- name: POSTGRES_USER
|
|
||||||
value: bullish
|
|
||||||
- name: POSTGRES_PASSWORD
|
|
||||||
value: password
|
|
||||||
- name: POSTGRES_DB
|
|
||||||
value: bullish
|
|
||||||
- name: POSTGRES_PORT
|
|
||||||
value: "5432"
|
|
||||||
|
|
||||||
...
|
...
|
||||||
|
|
|
||||||
24
k8s/app/sample-secret.yaml
Normal file
24
k8s/app/sample-secret.yaml
Normal file
|
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: bullish-secret
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
# You can include additional key value pairs as you do with Opaque Secrets
|
||||||
|
POSTGRES_USER: YnVsbGlzaA==
|
||||||
|
POSTGRES_PASSWORD: cGFzc3dvcmQ=
|
||||||
|
POSTGRES_DB: YnVsbGlzaA==
|
||||||
|
PGDATA: L3Zhci9saWIvcG9zdGdyZXNxbC9kYXRhL3BnZGF0YQ==
|
||||||
|
SECRET_KEY: c2FtcGxl
|
||||||
|
ALLOWED_HOSTS: YXBpLmJ1bGxpc2guY29kaW5nY29mZmVlLm1l
|
||||||
|
CORS_ALLOWED_ORIGINS: aHR0cHM6Ly9idWxsaXNoLmNvZGluZ2NvZmZlZS5tZQ==
|
||||||
|
REDIS_HOST: YnVsbGlzaC1yZWRpcw==
|
||||||
|
REDIS_PORT: NjM3OQ==
|
||||||
|
REDIS_CACHE_DB: MQ==
|
||||||
|
REDIS_QUEUE_DB: MA==
|
||||||
|
POSTGRES_SERVER: YnVsbGlzaC1kYXRhYmFzZQ==
|
||||||
|
POSTGRES_PORT: NTQzMg==
|
||||||
|
|
||||||
|
...
|
||||||
Loading…
Reference in a new issue