From e5966ad6d2ad4e81bdbe74726f52e441efef7976 Mon Sep 17 00:00:00 2001 From: gisele-igore Date: Wed, 5 Apr 2023 14:19:10 +0200 Subject: [PATCH] Fix Svc Account --- devops/templates/docker-pull-secret.yaml | 1 + temp.yaml | 126 +++++++++++++++++++++++ 2 files changed, 127 insertions(+) create mode 100644 temp.yaml diff --git a/devops/templates/docker-pull-secret.yaml b/devops/templates/docker-pull-secret.yaml index 9eb72f38..e4d8fc4a 100644 --- a/devops/templates/docker-pull-secret.yaml +++ b/devops/templates/docker-pull-secret.yaml @@ -2,6 +2,7 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: docker-pull-secret + namespace: lecoffre spec: refreshInterval: 1h secretStoreRef: diff --git a/temp.yaml b/temp.yaml new file mode 100644 index 00000000..6db74af0 --- /dev/null +++ b/temp.yaml @@ -0,0 +1,126 @@ +--- +# Source: leCoffre-front/templates/service-account.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: lecoffre-front-sa +--- +# Source: leCoffre-front/templates/service-account.yaml +apiVersion: v1 +kind: Secret +metadata: + name: lecoffre-front-sa-token + annotations: + kubernetes.io/service-account.name: lecoffre-front-sa +type: kubernetes.io/service-account-token +--- +# Source: leCoffre-front/templates/lecoffre-front.yaml +apiVersion: v1 +kind: Service +metadata: + name: lecoffre-front-svc + namespace: lecoffre + labels: +spec: + ports: + - port: 80 + name: http + targetPort: 3000 + selector: + app: lecoffre-front +--- +# Source: leCoffre-front/templates/lecoffre-front.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: lecoffre-front + namespace: lecoffre + labels: + app: lecoffre-front +spec: + replicas: 1 + selector: + matchLabels: + app: lecoffre-front + template: + metadata: + annotations: + vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-inject-secret-envs: secret/data/lecoffre-front-stg/config/envs + vault.hashicorp.com/agent-inject-template-envs: | + {{ with secret "secret/data/lecoffre-front-stg/config/envs" }} + {{ range $k, $v := .Data.data }} + export {{ $k }}="{{ $v }}" + {{ end }} + {{ end }} + vault.hashicorp.com/agent-pre-populate-only: "true" + vault.hashicorp.com/role: custom_lecoffre-front_injector_rol + labels: + app: lecoffre-front + spec: + serviceAccountName: lecoffre-front-sa + imagePullSecrets: + - name: docker-pull-secret + containers: + - name: lecoffre-front + image: "rg.fr-par.scw.cloud/lecoffre/front:v0.1.9" + + resources: + limits: + memory: 2Gi + requests: + cpu: 200m + memory: 1Gi + + imagePullPolicy: Always + command: ['sh', '-c', '. /vault/secrets/envs && npm run start'] +--- +# Source: leCoffre-front/templates/lecoffre-front.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: lecoffre-front + namespace: lecoffre + + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/from-to-www-redirect: "true" + +spec: + tls: + - hosts: [app.stg.lecoffre.smart-chain.fr] + secretName: app-tls + rules: + - host: app.stg.lecoffre.smart-chain.fr + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: lecoffre-front-svc + port: + number: 80 +--- +# Source: leCoffre-front/templates/docker-pull-secret.yaml +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: docker-pull-secret +spec: + refreshInterval: 1h + secretStoreRef: + name: dockerpullsecret-vault-cluster-secret-store + kind: ClusterSecretStore + target: + template: + type: kubernetes.io/dockerconfigjson + name: docker-pull-secret + creationPolicy: Owner + data: + - secretKey: .dockerconfigjson + remoteRef: + key: secret/data/lecoffre-front-stg/config/dockerpullsecret + property: .dockerconfigjson