add AUTH_SECRET and ALLOWED_ORIGIN env vars to novelapp deployment
AUTH_SECRET sourced from Vault (secret/novelapp) via K8s secret, ALLOWED_ORIGIN set to https://novelapp.viktorbarzin.me.
This commit is contained in:
Viktor Barzin
parent
29032e0b6b
commit
a3c198e10e
1 changed files with 28 additions and 0 deletions
|
|
@ -3,6 +3,11 @@ variable "tls_secret_name" {
|
|||
sensitive = true
|
||||
}
|
||||
|
||||
data "vault_kv_secret_v2" "secrets" {
|
||||
mount = "secret"
|
||||
name = "novelapp"
|
||||
}
|
||||
|
||||
resource "kubernetes_namespace" "novelapp" {
|
||||
metadata {
|
||||
name = "novelapp"
|
||||
|
|
@ -19,6 +24,16 @@ module "tls_secret" {
|
|||
tls_secret_name = var.tls_secret_name
|
||||
}
|
||||
|
||||
resource "kubernetes_secret" "novelapp_auth" {
|
||||
metadata {
|
||||
name = "novelapp-auth"
|
||||
namespace = kubernetes_namespace.novelapp.metadata[0].name
|
||||
}
|
||||
data = {
|
||||
"auth-secret" = data.vault_kv_secret_v2.secrets.data["auth_secret"]
|
||||
}
|
||||
}
|
||||
|
||||
resource "kubernetes_persistent_volume_claim" "novelapp-data" {
|
||||
metadata {
|
||||
name = "novelapp-data"
|
||||
|
|
@ -92,6 +107,19 @@ resource "kubernetes_deployment" "novelapp" {
|
|||
name = "PORT"
|
||||
value = "3000"
|
||||
}
|
||||
env {
|
||||
name = "AUTH_SECRET"
|
||||
value_from {
|
||||
secret_key_ref {
|
||||
name = kubernetes_secret.novelapp_auth.metadata[0].name
|
||||
key = "auth-secret"
|
||||
}
|
||||
}
|
||||
}
|
||||
env {
|
||||
name = "ALLOWED_ORIGIN"
|
||||
value = "https://novelapp.viktorbarzin.me"
|
||||
}
|
||||
volume_mount {
|
||||
name = "data"
|
||||
mount_path = "/app/data"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue