diff --git a/ansible/roles/schulcloud-server-core/tasks/main.yml b/ansible/roles/schulcloud-server-core/tasks/main.yml index 048da2580c8..6a83839a2fe 100644 --- a/ansible/roles/schulcloud-server-core/tasks/main.yml +++ b/ansible/roles/schulcloud-server-core/tasks/main.yml @@ -37,6 +37,20 @@ template: onepassword.yml.j2 when: ONEPASSWORD_OPERATOR is defined and ONEPASSWORD_OPERATOR|bool + - name: Admin API server ConfigMap + kubernetes.core.k8s: + kubeconfig: ~/.kube/config + namespace: "{{ NAMESPACE }}" + template: admin-api-server-configmap.yml.j2 + apply: yes + + - name: Admin API server Secret (from 1Password) + kubernetes.core.k8s: + kubeconfig: ~/.kube/config + namespace: "{{ NAMESPACE }}" + template: admin-api-server-onepassword.yml.j2 + when: ONEPASSWORD_OPERATOR is defined and ONEPASSWORD_OPERATOR|bool + - name: Admin API client secret (from 1Password) kubernetes.core.k8s: kubeconfig: ~/.kube/config diff --git a/ansible/roles/schulcloud-server-core/templates/admin-api-server-configmap.yml.j2 b/ansible/roles/schulcloud-server-core/templates/admin-api-server-configmap.yml.j2 new file mode 100644 index 00000000000..5726812014d --- /dev/null +++ b/ansible/roles/schulcloud-server-core/templates/admin-api-server-configmap.yml.j2 @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: admin-api-server-configmap + namespace: {{ NAMESPACE }} + labels: + app: api-admin +data: + NODE_OPTIONS: "--max-old-space-size=3072" + NEST_LOG_LEVEL: "info" + ADMIN_API__PORT: "4030" + SC_DOMAIN: "{{ DOMAIN }}" + FEATURE_PROMETHEUS_METRICS_ENABLED: "true" diff --git a/ansible/roles/schulcloud-server-core/templates/admin-api-server-deployment.yml.j2 b/ansible/roles/schulcloud-server-core/templates/admin-api-server-deployment.yml.j2 index ef0076fd15e..c0d911fb4ca 100644 --- a/ansible/roles/schulcloud-server-core/templates/admin-api-server-deployment.yml.j2 +++ b/ansible/roles/schulcloud-server-core/templates/admin-api-server-deployment.yml.j2 @@ -51,9 +51,9 @@ spec: protocol: TCP envFrom: - configMapRef: - name: api-configmap + name: admin-api-server-configmap - secretRef: - name: api-secret + name: admin-api-server-secret command: ['npm', 'run', 'nest:start:admin-api-server:prod'] resources: limits: diff --git a/ansible/roles/schulcloud-server-core/templates/admin-api-server-onepassword.yml.j2 b/ansible/roles/schulcloud-server-core/templates/admin-api-server-onepassword.yml.j2 new file mode 100644 index 00000000000..8f5583bc122 --- /dev/null +++ b/ansible/roles/schulcloud-server-core/templates/admin-api-server-onepassword.yml.j2 @@ -0,0 +1,9 @@ +apiVersion: onepassword.com/v1 +kind: OnePasswordItem +metadata: + name: admin-api-server-secret + namespace: {{ NAMESPACE }} + labels: + app: api-admin +spec: + itemPath: "vaults/{{ ONEPASSWORD_OPERATOR_VAULT }}/items/admin-api-server" diff --git a/ansible/roles/schulcloud-server-core/templates/admin-api-server-svc.yml.j2 b/ansible/roles/schulcloud-server-core/templates/admin-api-server-svc.yml.j2 index cde6dcef4cd..8a1c44c14cd 100644 --- a/ansible/roles/schulcloud-server-core/templates/admin-api-server-svc.yml.j2 +++ b/ansible/roles/schulcloud-server-core/templates/admin-api-server-svc.yml.j2 @@ -8,7 +8,7 @@ metadata: spec: type: ClusterIP ports: - # port for http managing drawing data + # Admin API server port. - port: 4030 targetPort: 4030 protocol: TCP