Move db and django secrets to a kube secret

2020-01-15 21:48:27 -05:00 · 2020-01-15 21:48:27 -05:00 · ffc28d6f94
parent 354d7562e5
commit ffc28d6f94
3 changed files with 18 additions and 5 deletions
--- a/templates/deployment.yaml
+++ b/templates/deployment.yaml
@ -4,6 +4,7 @@ metadata:
  name: {{ include "glitchtip.fullname" . }}
  labels:
    {{- include "glitchtip.labels" . | nindent 4 }}
+    lol: "yes"
 spec:
  replicas: {{ .Values.replicaCount }}
  selector:
@ -34,12 +35,13 @@ spec:
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
          env:
-            - name: DATABASE_URL
-            - name: SECRET_KEY
            - name: DEBUG
              value: "False"
            - name: STATIC_URL
              value: /
+          envFrom:
+            - secretRef:
+                name: {{ include "glitchtip.fullname" . }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
--- a/templates/pre-install-job.yaml
+++ b/templates/pre-install-job.yaml
@ -17,9 +17,10 @@ spec:
        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
        command: ["./manage.py","migrate"]
        env:
-          - name: DATABASE_URL
-          - name: SECRET_KEY
          - name: DEBUG
            value: "False"
          - name: STATIC_URL
-            value: /
+            value: /
+        envFrom:
+          - secretRef:
+              name: {{ include "glitchtip.fullname" . }}
--- a/templates/secrets.yaml
+++ b/templates/secrets.yaml
@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "glitchtip.fullname" . }}
+  labels:
+    {{- include "glitchtip.labels" . | nindent 4 }}
+type: Opaque
+data:
+  DATABASE_URL: {{ required "databaseURL is a required value." .Values.databaseURL | b64enc | quote }}
+  SECRET_KEY: {{ required "secretKey is a required value." .Values.secretKey | b64enc | quote }}