initial commit

This commit is contained in:
2024-10-01 20:18:29 +02:00
commit 09e75fd638
13 changed files with 585 additions and 0 deletions
+90
View File
@@ -0,0 +1,90 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ${AKS_DEPLOYMENT_NAME}
namespace: ${AKS_NAMESPACE}
labels:
app: ${AKS_NAMESPACE}
spec:
replicas: 3
selector:
matchLabels:
app: ${AKS_NAMESPACE}
template:
metadata:
labels:
app: ${AKS_NAMESPACE}
spec:
serviceAccountName: "${AKS_SERVICE_ACCOUNT}"
containers:
- name: ${AKS_NAMESPACE}
image: ateso.azurecr.io/edcenter-single:latest
ports:
- containerPort: 80
volumeMounts:
- name: secrets-store01-inline
mountPath: "/mnt/secrets-store"
readOnly: true
env:
- name: EDC_MYSQL_HOST
valueFrom:
secretKeyRef:
name: edcenter-secret
key: EDCMYSQLHOST
- name: EDC_MYSQL_DB
value: "edc_production"
- name: EDC_MYSQL_USER
valueFrom:
secretKeyRef:
name: edcenter-secret
key: EDCMYSQLUSER
- name: EDC_MYSQL_PW
valueFrom:
secretKeyRef:
name: edcenter-secret
key: EDCMYSQLPASS
- name: EDC_SMTP_HOST
valueFrom:
secretKeyRef:
name: edcenter-secret
key: EDCSMTPHOST
- name: EDC_SMTP_PORT
valueFrom:
secretKeyRef:
name: edcenter-secret
key: EDCSMTPPORT
- name: EDC_SMTP_USER
valueFrom:
secretKeyRef:
name: edcenter-secret
key: EDCSMTPUSER
- name: EDC_SMTP_PASS
valueFrom:
secretKeyRef:
name: edcenter-secret
key: EDCSMTPPASS
- name: EDC_SMTP_FROM_EMAIL
valueFrom:
secretKeyRef:
name: edcenter-secret
key: EDCSMTPFROMEMAIL
- name: EDC_SMTP_FROM_NAME
valueFrom:
secretKeyRef:
name: edcenter-secret
key: EDCSMTPFROMNAME
- name: EDC_ENTRA_CLIENTID
value: "3b6a5214-c98e-46b6-bf37-10261473406d"
- name: EDC_ENTRA_AUTHORITY
value: "https://login.microsoftonline.com/cb7fcac2-c96c-45ef-b2b3-281a15c71205"
- name: EDC_ENTRA_REDIRECTURI
value: "http://52.230.147.82"
- name: EDC_ENTRA_BASECOMID
value: "20"
volumes:
- name: secrets-store01-inline
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: ${AKS_SERVICE_PROVIDER}
+6
View File
@@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: ${AKS_NAMESPACE}
labels:
name: ${AKS_NAMESPACE}
+65
View File
@@ -0,0 +1,65 @@
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
name: ${AKS_SERVICE_PROVIDER}
namespace: ${AKS_NAMESPACE}
spec:
provider: azure
parameters:
usePodIdentity: "false"
clientID: "${USER_ASSIGNED_CLIENT_ID}" # Setting this to use workload identity
keyvaultName: ${KEYVAULT_NAME} # Set to the name of your key vault
cloudName: "" # [OPTIONAL for Azure] if not provided, the Azure environment defaults to AzurePublicCloud
objects: |
array:
- |
objectName: EDCMYSQLHOST
objectType: secret
- |
objectName: EDCMYSQLUSER
objectType: secret
- |
objectName: EDCMYSQLPASS
objectType: secret
- |
objectName: EDCSMTPHOST
objectType: secret
- |
objectName: EDCSMTPPORT
objectType: secret
- |
objectName: EDCSMTPUSER
objectType: secret
- |
objectName: EDCSMTPPASS
objectType: secret
- |
objectName: EDCSMTPFROMEMAIL
objectType: secret
- |
objectName: EDCSMTPFROMNAME
objectType: secret
tenantId: "${IDENTITY_TENANT}" # The tenant ID of the key vault
secretObjects:
- secretName: edcenter-secret
type: Opaque
data:
- key: EDCMYSQLHOST
objectName: EDCMYSQLHOST
- key: EDCMYSQLUSER
objectName: EDCMYSQLUSER
- key: EDCMYSQLPASS
objectName: EDCMYSQLPASS
- key: EDCSMTPHOST
objectName: EDCSMTPHOST
- key: EDCSMTPPORT
objectName: EDCSMTPPORT
- key: EDCSMTPUSER
objectName: EDCSMTPUSER
- key: EDCSMTPPASS
objectName: EDCSMTPPASS
- key: EDCSMTPFROMEMAIL
objectName: EDCSMTPFROMEMAIL
- key: EDCSMTPFROMNAME
objectName: EDCSMTPFROMNAME
+13
View File
@@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: ${AKS_SERVICE}
namespace: ${AKS_NAMESPACE}
spec:
selector:
app: ${AKS_NAMESPACE}
type: LoadBalancer
ports:
- protocol: TCP
port: 80
targetPort: 80
+7
View File
@@ -0,0 +1,7 @@
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
azure.workload.identity/client-id: ${USER_ASSIGNED_CLIENT_ID}
name: ${AKS_SERVICE_ACCOUNT}
namespace: ${AKS_NAMESPACE}