Skip to content

Commit

Permalink
BC-7451 - move all S3 Secrets to one Secret
Browse files Browse the repository at this point in the history
  • Loading branch information
@mamutmk5
mamutmk5 authored Jun 19, 2024
1 parent 0d47762 commit e6139e8
Show file tree
Hide file tree
Showing 27 changed files with 66 additions and 0 deletions.
2 changes: 2 additions & 0 deletions ansible/roles/h5p-library-management/templates/api-h5p-library-management-cronjob.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,8 @@ spec:
name: api-secret
- secretRef:
name: api-h5p-library-management-secret
- secretRef:
name: api-files-secret
volumeMounts:
- name: libraries-list
mountPath: /schulcloud-server/config/h5p-libraries.yaml
Expand Down
2 changes: 2 additions & 0 deletions ansible/roles/moin-schule-sync/templates/moin-schule-users-deletion-queueing-cronjob.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ spec:
name: moin-schule-users-deletion-queueing-cronjob-configmap
- secretRef:
name: moin-schule-sync-secret
- secretRef:
name: api-files-secret
command: ['/bin/sh','-c']
args: ['npm run nest:start:deletion-console -- queue unsynced --systemId $SYSTEM_ID']
resources:
Expand Down
2 changes: 2 additions & 0 deletions ansible/roles/moin-schule-sync/templates/moin-schule-users-sync-cronjob.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ spec:
name: moin-schule-users-sync-cronjob-configmap
- secretRef:
name: moin-schule-sync-secret
- secretRef:
name: api-files-secret
command: ['/bin/sh','-c']
args: ['npm run nest:start:idp-console -- sync users --systemType moin.schule --systemId $SYSTEM_ID']
resources:
Expand Down
7 changes: 7 additions & 0 deletions ansible/roles/schulcloud-server-core/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,13 @@
template: onepassword.yml.j2
when: ONEPASSWORD_OPERATOR is defined and ONEPASSWORD_OPERATOR|bool

- name: File Storage Secret by 1Password
kubernetes.core.k8s:
kubeconfig: ~/.kube/config
namespace: "{{ NAMESPACE }}"
template: api-files-onepassword.yml.j2
when: ONEPASSWORD_OPERATOR is defined and ONEPASSWORD_OPERATOR|bool

- name: Admin Api ingress
kubernetes.core.k8s:
kubeconfig: ~/.kube/config
Expand Down
2 changes: 2 additions & 0 deletions ansible/roles/schulcloud-server-core/templates/admin-api-server-deployment.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,8 @@ spec:
name: admin-api-server-configmap
- secretRef:
name: admin-api-server-secret
- secretRef:
name: api-files-secret
command: ['npm', 'run', 'nest:start:admin-api-server:prod']
resources:
limits:
Expand Down
2 changes: 2 additions & 0 deletions ansible/roles/schulcloud-server-core/templates/amqp-files-deployment.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,8 @@ spec:
name: amqp-files-configmap
- secretRef:
name: amqp-files-secret
- secretRef:
name: api-files-secret
command: ['npm', 'run', 'nest:start:files-storage-amqp:prod']
resources:
limits:
Expand Down
2 changes: 2 additions & 0 deletions ansible/roles/schulcloud-server-core/templates/api-delete-s3-files-cronjob.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@ spec:
name: api-configmap
- secretRef:
name: api-secret
- secretRef:
name: api-files-secret
command: ['/bin/sh', '-c']
args: ['npm run nest:start:console -- files cleanup-job 7']
resources:
Expand Down
2 changes: 2 additions & 0 deletions ansible/roles/schulcloud-server-core/templates/api-files-deployment.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,8 @@ spec:
name: api-configmap
- secretRef:
name: api-secret
- secretRef:
name: api-files-secret
command: ['npm', 'run', 'nest:start:files-storage:prod']
readinessProbe:
httpGet:
Expand Down
9 changes: 9 additions & 0 deletions ansible/roles/schulcloud-server-core/templates/api-files-onepassword.yml.j2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: onepassword.com/v1
kind: OnePasswordItem
metadata:
name: api-files-secret
namespace: {{ NAMESPACE }}
labels:
app: api-files
spec:
itemPath: "vaults/{{ ONEPASSWORD_OPERATOR_VAULT }}/items/api-files"
2 changes: 2 additions & 0 deletions ansible/roles/schulcloud-server-core/templates/api-fwu-deployment.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,8 @@ spec:
name: api-configmap
- secretRef:
name: api-secret
- secretRef:
name: api-files-secret
command: ['npm', 'run', 'nest:start:fwu-learning-contents:prod']
readinessProbe:
httpGet:
Expand Down
2 changes: 2 additions & 0 deletions ansible/roles/schulcloud-server-core/templates/board-collaboration-deployment.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,8 @@ spec:
name: board-collaboration-configmap
- secretRef:
name: api-secret
- secretRef:
name: api-files-secret
command: ['npm', 'run', 'nest:start:board-collaboration:prod']
resources:
limits:
Expand Down
2 changes: 2 additions & 0 deletions ansible/roles/schulcloud-server-core/templates/common-cartridge-deployment.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,8 @@ spec:
name: common-cartridge-configmap
- secretRef:
name: common-cartridge-secret
- secretRef:
name: api-files-secret
command: ['npm', 'run', 'nest:start:common-cartridge']
resources:
limits:
Expand Down
2 changes: 2 additions & 0 deletions ansible/roles/schulcloud-server-core/templates/data-deletion-trigger-cronjob.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@ spec:
name: data-deletion-trigger-cronjob-configmap
- secretRef:
name: admin-api-client-secret
- secretRef:
name: api-files-secret
command: ['/bin/sh', '-c']
args: ['npm run nest:start:deletion-console -- execution trigger']
resources:
Expand Down
2 changes: 2 additions & 0 deletions ansible/roles/schulcloud-server-core/templates/deployment.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,8 @@ spec:
name: api-configmap
- secretRef:
name: api-secret
- secretRef:
name: api-files-secret
readinessProbe:
httpGet:
path: /internal/health
Expand Down
2 changes: 2 additions & 0 deletions ansible/roles/schulcloud-server-core/templates/migration-job.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ spec:
name: api-configmap
- secretRef:
name: api-secret
- secretRef:
name: api-files-secret
command: ['/bin/sh','-c']
args: ['npm run ensureIndexes && npm run migration:up']
resources:
Expand Down
2 changes: 2 additions & 0 deletions ansible/roles/schulcloud-server-core/templates/preview-generator-deployment.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,8 @@ spec:
name: preview-generator-configmap
- secretRef:
name: preview-generator-secret
- secretRef:
name: api-files-secret
command: ['npm', 'run', 'nest:start:preview-generator-amqp:prod']
resources:
limits:
Expand Down
2 changes: 2 additions & 0 deletions ansible/roles/schulcloud-server-core/templates/tldraw-delete-files-cronjob.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@ spec:
name: api-configmap
- secretRef:
name: api-secret
- secretRef:
name: api-files-secret
command: ['/bin/sh', '-c']
args: ['npm run nest:start:tldraw-console -- files deletion-job 24']
resources:
Expand Down
2 changes: 2 additions & 0 deletions ansible/roles/schulcloud-server-core/templates/tldraw-deployment.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,8 @@ spec:
name: api-secret
- secretRef:
name: tldraw-server-secret
- secretRef:
name: api-files-secret
command: ['npm', 'run', 'nest:start:tldraw:prod']
resources:
limits:
Expand Down
2 changes: 2 additions & 0 deletions ansible/roles/schulcloud-server-h5p/templates/api-h5p-deployment.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,8 @@ spec:
name: api-secret
- secretRef:
name: api-h5p-editor-secret
- secretRef:
name: api-files-secret
command: ['npm', 'run', 'nest:start:h5p:prod']
readinessProbe:
httpGet:
Expand Down
2 changes: 2 additions & 0 deletions ansible/roles/schulcloud-server-init/templates/job_init.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ spec:
name: api-configmap
- secretRef:
name: api-secret
- secretRef:
name: api-files-secret
env:
- name: K8S_NAMESPACE
valueFrom:
Expand Down
2 changes: 2 additions & 0 deletions ansible/roles/schulcloud-server-init/templates/management-deployment.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,8 @@ spec:
name: api-configmap
- secretRef:
name: api-secret
- secretRef:
name: api-files-secret
command: ['npm', 'run', 'nest:start:management:prod']
readinessProbe:
httpGet:
Expand Down
2 changes: 2 additions & 0 deletions ansible/roles/schulcloud-server-ldapsync/templates/api-ldap-sync-full-cronjob.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@ spec:
name: api-configmap
- secretRef:
name: api-secret
- secretRef:
name: api-files-secret
command: ['/schulcloud-server/scripts/ldapSync.sh']
resources:
limits:
Expand Down
2 changes: 2 additions & 0 deletions ansible/roles/schulcloud-server-ldapsync/templates/api-ldap-worker-deployment.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,8 @@ spec:
name: api-configmap
- secretRef:
name: api-secret
- secretRef:
name: api-files-secret
readinessProbe:
httpGet:
path: /serverversion
Expand Down
2 changes: 2 additions & 0 deletions ansible/roles/schulcloud-server-migration-system/templates/deployment.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,8 @@ spec:
name: api-configmap
- secretRef:
name: api-secret
- secretRef:
name: api-files-secret
readinessProbe:
httpGet:
path: /internal/health
Expand Down
2 changes: 2 additions & 0 deletions ansible/roles/schulcloud-server-tspsync/templates/api-tsp-sync-base-cronjob.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ spec:
envFrom:
- secretRef:
name: api-secret
- secretRef:
name: api-files-secret
command: ['/bin/sh','-c']
args: ['curl -H "X-API-Key: $SYNC_API_KEY" "http://{{ API_TSP_SYNC_SVC|default("api-tsp-sync-svc", true) }}:3030/api/v1/sync?target=tsp-base" | python3 -m json.tool']
restartPolicy: OnFailure
Expand Down
2 changes: 2 additions & 0 deletions ansible/roles/schulcloud-server-tspsync/templates/api-tsp-sync-deployment.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,8 @@ spec:
name: api-configmap
- secretRef:
name: api-secret
- secretRef:
name: api-files-secret
readinessProbe:
httpGet:
path: /serverversion
Expand Down
2 changes: 2 additions & 0 deletions ansible/roles/schulcloud-server-tspsync/templates/api-tsp-sync-school-cronjob.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ spec:
envFrom:
- secretRef:
name: api-secret
- secretRef:
name: api-files-secret
command: ['/bin/sh','-c']
args: ['curl -H "X-API-Key: $SYNC_API_KEY" "http://{{ API_TSP_SYNC_SVC|default("api-tsp-sync-svc", true) }}:3030/api/v1/sync?target=tsp-school" | python3 -m json.tool']
restartPolicy: OnFailure
Expand Down

0 comments on commit e6139e8

Please sign in to comment.