--- # Source: leCoffre-front/templates/service-account.yaml apiVersion: v1 kind: ServiceAccount metadata: name: lecoffre-front-sa --- # Source: leCoffre-front/templates/service-account.yaml apiVersion: v1 kind: Secret metadata: name: lecoffre-front-sa-token annotations: kubernetes.io/service-account.name: lecoffre-front-sa type: kubernetes.io/service-account-token --- # Source: leCoffre-front/templates/lecoffre-front.yaml apiVersion: v1 kind: Service metadata: name: lecoffre-front-svc namespace: lecoffre labels: spec: ports: - port: 80 name: http targetPort: 3000 selector: app: lecoffre-front --- # Source: leCoffre-front/templates/lecoffre-front.yaml apiVersion: apps/v1 kind: Deployment metadata: name: lecoffre-front namespace: lecoffre labels: app: lecoffre-front spec: replicas: 1 selector: matchLabels: app: lecoffre-front template: metadata: annotations: vault.hashicorp.com/agent-inject: "true" vault.hashicorp.com/agent-inject-secret-envs: secret/data/lecoffre-front-stg/config/envs vault.hashicorp.com/agent-inject-template-envs: | {{ with secret "secret/data/lecoffre-front-stg/config/envs" }} {{ range $k, $v := .Data.data }} export {{ $k }}="{{ $v }}" {{ end }} {{ end }} vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: custom_lecoffre-front_injector_rol labels: app: lecoffre-front spec: serviceAccountName: lecoffre-front-sa imagePullSecrets: - name: docker-pull-secret containers: - name: lecoffre-front image: "rg.fr-par.scw.cloud/lecoffre/front:v0.1.9" resources: limits: memory: 2Gi requests: cpu: 200m memory: 1Gi imagePullPolicy: Always command: ['sh', '-c', '. /vault/secrets/envs && npm run start'] --- # Source: leCoffre-front/templates/lecoffre-front.yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: lecoffre-front namespace: lecoffre annotations: cert-manager.io/cluster-issuer: letsencrypt-prod kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/from-to-www-redirect: "true" spec: tls: - hosts: [app.stg.lecoffre.smart-chain.fr] secretName: app-tls rules: - host: app.stg.lecoffre.smart-chain.fr http: paths: - path: / pathType: Prefix backend: service: name: lecoffre-front-svc port: number: 80 --- # Source: leCoffre-front/templates/docker-pull-secret.yaml apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: docker-pull-secret spec: refreshInterval: 1h secretStoreRef: name: dockerpullsecret-vault-cluster-secret-store kind: ClusterSecretStore target: template: type: kubernetes.io/dockerconfigjson name: docker-pull-secret creationPolicy: Owner data: - secretKey: .dockerconfigjson remoteRef: key: secret/data/lecoffre-front-stg/config/dockerpullsecret property: .dockerconfigjson