--- # Source: leCoffre-back/templates/service-account.yaml apiVersion: v1 kind: ServiceAccount metadata: name: lecoffre-back-sa --- # Source: leCoffre-back/templates/service-account.yaml apiVersion: v1 kind: Secret metadata: name: lecoffre-back-sa-token annotations: kubernetes.io/service-account.name: lecoffre-back-sa type: kubernetes.io/service-account-token --- # Source: leCoffre-back/templates/lecoffre-back.yaml apiVersion: v1 kind: Service metadata: name: lecoffre-back-svc namespace: lecoffre labels: spec: ports: - port: 80 name: http targetPort: 1337 selector: app: lecoffre-back --- # Source: leCoffre-back/templates/lecoffre-back.yaml apiVersion: apps/v1 kind: Deployment metadata: name: lecoffre-back namespace: lecoffre labels: app: lecoffre-back spec: replicas: 1 selector: matchLabels: app: lecoffre-back template: metadata: annotations: vault.hashicorp.com/agent-inject: "true" vault.hashicorp.com/agent-inject-secret-envs-api: secret/data/lecoffre-back-stg/config/envs-api vault.hashicorp.com/agent-inject-template-envs-api: | {{ with secret "secret/data/lecoffre-back-stg/config/envs-api" }} {{ range $k, $v := .Data.data }} export {{ $k }}="{{ $v }}" {{ end }} {{ end }} vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: custom_lecoffre-back_injector_rol labels: app: lecoffre-back spec: serviceAccountName: lecoffre-back-sa imagePullSecrets: - name: docker-pull-secret containers: - name: lecoffre-back image: "rg.fr-par.scw.cloud/lecoffre/back:v0.3.2" resources: limits: memory: 2Gi requests: cpu: 200m memory: 1Gi imagePullPolicy: Always command: ['sh', '-c', '. /vault/secrets/envs-api && npm start'] --- # Source: leCoffre-back/templates/lecoffre-back.yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: lecoffre-back namespace: lecoffre annotations: cert-manager.io/cluster-issuer: letsencrypt-prod kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/from-to-www-redirect: "true" spec: rules: - host: api.stg.lecoffre.smart-chain.fr http: paths: - path: / pathType: Prefix backend: service: name: lecoffre-back-svc port: number: 80 --- # Source: leCoffre-back/templates/docker-pull-secret.yaml apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: docker-pull-secret spec: refreshInterval: 1h secretStoreRef: name: dockerpullsecret-vault-cluster-secret-store kind: ClusterSecretStore target: template: type: kubernetes.io/dockerconfigjson name: docker-pull-secret creationPolicy: Owner data: - secretKey: .dockerconfigjson remoteRef: key: secret/data/minteed-stg/config/dockerpullsecret property: .dockerconfigjson