initial commit
This commit is contained in:
@@ -0,0 +1,90 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: ${AKS_DEPLOYMENT_NAME}
|
||||
namespace: ${AKS_NAMESPACE}
|
||||
labels:
|
||||
app: ${AKS_NAMESPACE}
|
||||
spec:
|
||||
replicas: 3
|
||||
selector:
|
||||
matchLabels:
|
||||
app: ${AKS_NAMESPACE}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: ${AKS_NAMESPACE}
|
||||
spec:
|
||||
serviceAccountName: "${AKS_SERVICE_ACCOUNT}"
|
||||
containers:
|
||||
- name: ${AKS_NAMESPACE}
|
||||
image: ateso.azurecr.io/edcenter-single:latest
|
||||
ports:
|
||||
- containerPort: 80
|
||||
volumeMounts:
|
||||
- name: secrets-store01-inline
|
||||
mountPath: "/mnt/secrets-store"
|
||||
readOnly: true
|
||||
env:
|
||||
- name: EDC_MYSQL_HOST
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: edcenter-secret
|
||||
key: EDCMYSQLHOST
|
||||
- name: EDC_MYSQL_DB
|
||||
value: "edc_production"
|
||||
- name: EDC_MYSQL_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: edcenter-secret
|
||||
key: EDCMYSQLUSER
|
||||
- name: EDC_MYSQL_PW
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: edcenter-secret
|
||||
key: EDCMYSQLPASS
|
||||
- name: EDC_SMTP_HOST
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: edcenter-secret
|
||||
key: EDCSMTPHOST
|
||||
- name: EDC_SMTP_PORT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: edcenter-secret
|
||||
key: EDCSMTPPORT
|
||||
- name: EDC_SMTP_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: edcenter-secret
|
||||
key: EDCSMTPUSER
|
||||
- name: EDC_SMTP_PASS
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: edcenter-secret
|
||||
key: EDCSMTPPASS
|
||||
- name: EDC_SMTP_FROM_EMAIL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: edcenter-secret
|
||||
key: EDCSMTPFROMEMAIL
|
||||
- name: EDC_SMTP_FROM_NAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: edcenter-secret
|
||||
key: EDCSMTPFROMNAME
|
||||
- name: EDC_ENTRA_CLIENTID
|
||||
value: "3b6a5214-c98e-46b6-bf37-10261473406d"
|
||||
- name: EDC_ENTRA_AUTHORITY
|
||||
value: "https://login.microsoftonline.com/cb7fcac2-c96c-45ef-b2b3-281a15c71205"
|
||||
- name: EDC_ENTRA_REDIRECTURI
|
||||
value: "http://52.230.147.82"
|
||||
- name: EDC_ENTRA_BASECOMID
|
||||
value: "20"
|
||||
volumes:
|
||||
- name: secrets-store01-inline
|
||||
csi:
|
||||
driver: secrets-store.csi.k8s.io
|
||||
readOnly: true
|
||||
volumeAttributes:
|
||||
secretProviderClass: ${AKS_SERVICE_PROVIDER}
|
||||
@@ -0,0 +1,6 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: ${AKS_NAMESPACE}
|
||||
labels:
|
||||
name: ${AKS_NAMESPACE}
|
||||
@@ -0,0 +1,65 @@
|
||||
apiVersion: secrets-store.csi.x-k8s.io/v1
|
||||
kind: SecretProviderClass
|
||||
metadata:
|
||||
name: ${AKS_SERVICE_PROVIDER}
|
||||
namespace: ${AKS_NAMESPACE}
|
||||
spec:
|
||||
provider: azure
|
||||
parameters:
|
||||
usePodIdentity: "false"
|
||||
clientID: "${USER_ASSIGNED_CLIENT_ID}" # Setting this to use workload identity
|
||||
keyvaultName: ${KEYVAULT_NAME} # Set to the name of your key vault
|
||||
cloudName: "" # [OPTIONAL for Azure] if not provided, the Azure environment defaults to AzurePublicCloud
|
||||
objects: |
|
||||
array:
|
||||
- |
|
||||
objectName: EDCMYSQLHOST
|
||||
objectType: secret
|
||||
- |
|
||||
objectName: EDCMYSQLUSER
|
||||
objectType: secret
|
||||
- |
|
||||
objectName: EDCMYSQLPASS
|
||||
objectType: secret
|
||||
- |
|
||||
objectName: EDCSMTPHOST
|
||||
objectType: secret
|
||||
- |
|
||||
objectName: EDCSMTPPORT
|
||||
objectType: secret
|
||||
- |
|
||||
objectName: EDCSMTPUSER
|
||||
objectType: secret
|
||||
- |
|
||||
objectName: EDCSMTPPASS
|
||||
objectType: secret
|
||||
- |
|
||||
objectName: EDCSMTPFROMEMAIL
|
||||
objectType: secret
|
||||
- |
|
||||
objectName: EDCSMTPFROMNAME
|
||||
objectType: secret
|
||||
|
||||
tenantId: "${IDENTITY_TENANT}" # The tenant ID of the key vault
|
||||
secretObjects:
|
||||
- secretName: edcenter-secret
|
||||
type: Opaque
|
||||
data:
|
||||
- key: EDCMYSQLHOST
|
||||
objectName: EDCMYSQLHOST
|
||||
- key: EDCMYSQLUSER
|
||||
objectName: EDCMYSQLUSER
|
||||
- key: EDCMYSQLPASS
|
||||
objectName: EDCMYSQLPASS
|
||||
- key: EDCSMTPHOST
|
||||
objectName: EDCSMTPHOST
|
||||
- key: EDCSMTPPORT
|
||||
objectName: EDCSMTPPORT
|
||||
- key: EDCSMTPUSER
|
||||
objectName: EDCSMTPUSER
|
||||
- key: EDCSMTPPASS
|
||||
objectName: EDCSMTPPASS
|
||||
- key: EDCSMTPFROMEMAIL
|
||||
objectName: EDCSMTPFROMEMAIL
|
||||
- key: EDCSMTPFROMNAME
|
||||
objectName: EDCSMTPFROMNAME
|
||||
@@ -0,0 +1,13 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: ${AKS_SERVICE}
|
||||
namespace: ${AKS_NAMESPACE}
|
||||
spec:
|
||||
selector:
|
||||
app: ${AKS_NAMESPACE}
|
||||
type: LoadBalancer
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
targetPort: 80
|
||||
@@ -0,0 +1,7 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
annotations:
|
||||
azure.workload.identity/client-id: ${USER_ASSIGNED_CLIENT_ID}
|
||||
name: ${AKS_SERVICE_ACCOUNT}
|
||||
namespace: ${AKS_NAMESPACE}
|
||||
Reference in New Issue
Block a user