From 7a799763d8631e85e054214aa93c911b0fb99688 Mon Sep 17 00:00:00 2001
From: Dominik Hebeler <dominik@suma-ev.de>
Date: Mon, 31 Aug 2020 12:59:59 +0200
Subject: [PATCH] retrieving data from kubernetes secret
---
.gitlab-ci.yml | 68 ---------------------------------
Dockerfile | 6 ++-
chart/templates/deployment.yaml | 51 +++++++++++++++++++++++++
3 files changed, 56 insertions(+), 69 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 54cdae772..53868e10b 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -37,74 +37,6 @@ stages:
build:
services:
-# Prepares the secret files that we cannot or don't want to share with public
-prepare_secrets_master:
- stage: prepare
- image: alpine:latest
- script:
- - cp $ENVFILE .env
- - cp $SUMAS config/sumas.json
- - cp $SUMASEN config/sumasEn.json
- - cp $BLACKLISTURL config/blacklistUrl.txt
- - cp $BLACKLISTDOMAINS config/blacklistDomains.txt
- - cp $ADBLACKLISTURL config/adBlacklistUrl.txt
- - cp $ADBLACKLISTDOMAINS config/adBlacklistDomains.txt
- - cp $SPAM config/spam.txt
- - cp $USERSSEEDER database/seeds/UsersSeeder.php
- - cp database/useragents.sqlite.example database/useragents.sqlite
- - sed -i 's/^APP_ENV=.*/APP_ENV=production/g' .env
- - sed -i 's/^REDIS_PASSWORD=.*/REDIS_PASSWORD=null/g' .env
- artifacts:
- paths:
- - .env
- - config/sumas.json
- - config/sumasEn.json
- - config/blacklistUrl.txt
- - config/blacklistDomains.txt
- - config/adBlacklistUrl.txt
- - config/adBlacklistDomains.txt
- - config/spam.txt
- - database/seeds/UsersSeeder.php
- - database/useragents.sqlite
- only:
- refs:
- - master
-
-prepare_secrets_development:
- stage: prepare
- image: alpine:latest
- script:
- - cp $ENVFILE .env
- - cp $SUMAS config/sumas.json
- - cp $SUMASEN config/sumasEn.json
- - cp $BLACKLISTURL config/blacklistUrl.txt
- - cp $BLACKLISTDOMAINS config/blacklistDomains.txt
- - cp $ADBLACKLISTURL config/adBlacklistUrl.txt
- - cp $ADBLACKLISTDOMAINS config/adBlacklistDomains.txt
- - cp $SPAM config/spam.txt
- - cp $USERSSEEDER database/seeds/UsersSeeder.php
- - cp database/useragents.sqlite.example database/useragents.sqlite
- - sed -i 's/^APP_ENV=.*/APP_ENV=development/g' .env
- - sed -i 's/^REDIS_PASSWORD=.*/REDIS_PASSWORD=null/g' .env
- artifacts:
- paths:
- - .env
- - config/sumas.json
- - config/sumasEn.json
- - config/blacklistUrl.txt
- - config/blacklistDomains.txt
- - config/adBlacklistUrl.txt
- - config/adBlacklistDomains.txt
- - config/spam.txt
- - database/seeds/UsersSeeder.php
- - database/useragents.sqlite
- only:
- - branches
- - tags
- except:
- refs:
- - master
-
prepare_node:
stage: prepare
image: node:10
diff --git a/Dockerfile b/Dockerfile
index 7bfbc1866..5f19f01f6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -69,7 +69,11 @@ COPY --chown=root:nginx . /html
WORKDIR /html
EXPOSE 80
-CMD chown -R root:nginx storage/logs/metager bootstrap/cache && \
+CMD cp /root/.env .env && \
+ sed -i 's/^REDIS_PASSWORD=.*/REDIS_PASSWORD=null/g' .env && \
+ if [ "$GITLAB_ENVIRONMENT_NAME" = "production" ]; then sed -i 's/^APP_ENV=.*/APP_ENV=production/g' .env; else sed -i 's/^APP_ENV=.*/APP_ENV=development/g' .env fi && \
+ cp database/useragents.sqlite.example database/useragents.sqlite && \
+ chown -R root:nginx storage/logs/metager bootstrap/cache && \
chmod -R g+w storage/logs/metager bootstrap/cache && \
crond -L /dev/stdout && \
php-fpm7
diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml
index b790fdcba..c01a6f114 100644
--- a/chart/templates/deployment.yaml
+++ b/chart/templates/deployment.yaml
@@ -47,6 +47,21 @@ spec:
- name: mglogs-persistent-storage
persistentVolumeClaim:
claimName: mg-logs
+ - name: env-files
+ secret:
+ secretName: metager-env
+ - name: sumas
+ secret:
+ secretName: metager-sumas
+ - name: sumas-en
+ secret:
+ secretName: metager-sumas-en
+ - name: blacklist
+ secret:
+ secretName: metager-blacklist
+ - name: blacklist-ad
+ secret:
+ secretName: metager-ad-blacklist
containers:
# Main PHP-FPM Container
- name: {{ .Chart.Name }}-phpfpm
@@ -81,6 +96,42 @@ spec:
- name: mglogs-persistent-storage
mountPath: /html/storage/logs/metager
readOnly: false
+ - name: env-files
+ mountPath: /root/.env
+ subPath: .env
+ readOnly: true
+ - name: env-files
+ mountPath: /html/database/seeds/UsersSeeder.php
+ subPath: UsersSeeder.php
+ readOnly: true
+ - name: env-files
+ mountPath: /html/config/spam.txt
+ subPath: spam.txt
+ readOnly: true
+ - name: sumas
+ mountPath: /html/config/sumas.json
+ subPath: sumas.json
+ readOnly: true
+ - name: sumas-en
+ mountPath: /html/config/sumasEn.json
+ subPath: sumasEn.json
+ readOnly: true
+ - name: blacklist
+ mountPath: /html/config/blacklistUrl.txt
+ subPath: blacklistUrl.txt
+ readOnly: true
+ - name: blacklist
+ mountPath: /html/config/blacklistDomains.txt
+ subPath: blacklistDomains.txt
+ readOnly: true
+ - name: blacklist-ad
+ mountPath: /html/config/adBlacklistUrl.txt
+ subPath: adBlacklistUrl.txt
+ readOnly: true
+ - name: blacklist-ad
+ mountPath: /html/config/adBlacklistDomains.txt
+ subPath: adBlacklistDomains.txt
+ readOnly: true
resources:
requests:
cpu: 500m
--
GitLab