Skip to content

Commit

Permalink
BC-5942 - dedicated ConfigMap and Secret for the Admin API deployment (
Browse files Browse the repository at this point in the history 
…#4644)

* add loading Admin API server secret from 1Password

* fix incorrect comment

* add custom configmap for the Admin API server, add task that will deploy it

* switch to the custom configmap and secret for the Admin API deployment

* add ADMIN_API__PORT env to the Admin API server ConfigMap

* change invalid refs names

* modify Admin API server config map data

* move Rocket.Chat URI from the configmap to the secrets (for the Admin API server)
  • Loading branch information
@bn-pass
bn-pass authored Dec 15, 2023
1 parent 071a0ef commit 1f6ddc8
Show file tree
Hide file tree
Showing 5 changed files with 39 additions and 3 deletions.
14 changes: 14 additions & 0 deletions ansible/roles/schulcloud-server-core/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,20 @@
template: onepassword.yml.j2
when: ONEPASSWORD_OPERATOR is defined and ONEPASSWORD_OPERATOR|bool

- name: Admin API server ConfigMap
kubernetes.core.k8s:
kubeconfig: ~/.kube/config
namespace: "{{ NAMESPACE }}"
template: admin-api-server-configmap.yml.j2
apply: yes

- name: Admin API server Secret (from 1Password)
kubernetes.core.k8s:
kubeconfig: ~/.kube/config
namespace: "{{ NAMESPACE }}"
template: admin-api-server-onepassword.yml.j2
when: ONEPASSWORD_OPERATOR is defined and ONEPASSWORD_OPERATOR|bool

- name: Admin API client secret (from 1Password)
kubernetes.core.k8s:
kubeconfig: ~/.kube/config
Expand Down
13 changes: 13 additions & 0 deletions ansible/roles/schulcloud-server-core/templates/admin-api-server-configmap.yml.j2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: admin-api-server-configmap
namespace: {{ NAMESPACE }}
labels:
app: api-admin
data:
NODE_OPTIONS: "--max-old-space-size=3072"
NEST_LOG_LEVEL: "info"
ADMIN_API__PORT: "4030"
SC_DOMAIN: "{{ DOMAIN }}"
FEATURE_PROMETHEUS_METRICS_ENABLED: "true"
4 changes: 2 additions & 2 deletions ansible/roles/schulcloud-server-core/templates/admin-api-server-deployment.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,9 +51,9 @@ spec:
protocol: TCP
envFrom:
- configMapRef:
name: api-configmap
name: admin-api-server-configmap
- secretRef:
name: api-secret
name: admin-api-server-secret
command: ['npm', 'run', 'nest:start:admin-api-server:prod']
resources:
limits:
Expand Down
9 changes: 9 additions & 0 deletions ansible/roles/schulcloud-server-core/templates/admin-api-server-onepassword.yml.j2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: onepassword.com/v1
kind: OnePasswordItem
metadata:
name: admin-api-server-secret
namespace: {{ NAMESPACE }}
labels:
app: api-admin
spec:
itemPath: "vaults/{{ ONEPASSWORD_OPERATOR_VAULT }}/items/admin-api-server"
2 changes: 1 addition & 1 deletion ansible/roles/schulcloud-server-core/templates/admin-api-server-svc.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ metadata:
spec:
type: ClusterIP
ports:
# port for http managing drawing data
# Admin API server port.
- port: 4030
targetPort: 4030
protocol: TCP
Expand Down

0 comments on commit 1f6ddc8

Please sign in to comment.