From 7f03313c5d61df357d654c37a16b901bae714287 Mon Sep 17 00:00:00 2001
From: Dominik Hebeler <dominik@suma-ev.de>
Date: Thu, 30 Nov 2023 14:50:30 +0100
Subject: [PATCH] mount env as secret

---
 .gitlab-ci.yml                 |  3 ++-
 maps/templates/deployment.yaml | 15 +++++++++++++--
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index de1e2f7..7a1444e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -96,4 +96,5 @@ deploy:
   before_script:
     - kubectl config use-context $CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:maps-deployment
   script:
-    - helm -n $KUBE_NAMESPACE upgrade --install $DEPLOYMENT_CHART_NAME maps/ --set nginx.image.repository=$CI_REGISTRY_IMAGE/nginx --set nginx.image.tag=$IMAGE_TAG --set fpm.image.repository=$CI_REGISTRY_IMAGE/fpm --set fpm.image.tag=$IMAGE_TAG
+    - kubectl -n $KUBE_NAMESPACE create secret generic $DEPLOYMENT_CHART_NAME --from-file=.env=$ENV_PRODUCTION --dry-run=client --save-config -o yaml | kubectl apply -f -
+    - helm -n $KUBE_NAMESPACE upgrade --install $DEPLOYMENT_CHART_NAME maps/ --set nginx.image.repository=$CI_REGISTRY_IMAGE/nginx --set secretName=$DEPLOYMENT_CHART_NAME --set nginx.image.tag=$IMAGE_TAG --set fpm.image.repository=$CI_REGISTRY_IMAGE/fpm --set fpm.image.tag=$IMAGE_TAG
diff --git a/maps/templates/deployment.yaml b/maps/templates/deployment.yaml
index e9992b2..94f89e2 100644
--- a/maps/templates/deployment.yaml
+++ b/maps/templates/deployment.yaml
@@ -48,8 +48,12 @@ spec:
               port: fpm
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
-          {{- with .Values.fpm.volumeMounts }}
           volumeMounts:
+          - name: env
+            mountPath: "/html/.env"
+            subPath: .env
+            readOnly: true
+          {{- with .Values.fpm.volumeMounts }}
             {{- toYaml . | nindent 12 }}
           {{- end }}
         - name: nginx
@@ -75,8 +79,15 @@ spec:
           volumeMounts:
             {{- toYaml . | nindent 12 }}
           {{- end }}
-      {{- with .Values.volumes }}
+      
       volumes:
+      - name: env
+        secret:
+          secretName: {{ .Values.secretName }}
+          items:
+          - key: .env
+            path: .env
+      {{- with .Values.volumes }}
         {{- toYaml . | nindent 8 }}
       {{- end }}
       {{- with .Values.nodeSelector }}
-- 
GitLab