retrieving data from kubernetes secret

7a799763 · Dominik Hebeler · cf57f71d · 7a799763 · 7a799763 · 7a799763
Commit 7a799763 authored 4 years ago by Dominik Hebeler
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -37,74 +37,6 @@ stages:
 build:
  services:
-# Prepares the secret files that we cannot or don't want to share with public
-prepare_secrets_master:
-  stage: prepare
-  image: alpine:latest
-  script: 
-    - cp $ENVFILE .env
-    - cp $SUMAS config/sumas.json
-    - cp $SUMASEN config/sumasEn.json
-    - cp $BLACKLISTURL config/blacklistUrl.txt
-    - cp $BLACKLISTDOMAINS config/blacklistDomains.txt
-    - cp $ADBLACKLISTURL config/adBlacklistUrl.txt
-    - cp $ADBLACKLISTDOMAINS config/adBlacklistDomains.txt
-    - cp $SPAM config/spam.txt
-    - cp $USERSSEEDER database/seeds/UsersSeeder.php
-    - cp database/useragents.sqlite.example database/useragents.sqlite
-    - sed -i 's/^APP_ENV=.*/APP_ENV=production/g' .env
-    - sed -i 's/^REDIS_PASSWORD=.*/REDIS_PASSWORD=null/g' .env
-  artifacts:
-    paths:
-      - .env
-      - config/sumas.json
-      - config/sumasEn.json
-      - config/blacklistUrl.txt
-      - config/blacklistDomains.txt
-      - config/adBlacklistUrl.txt
-      - config/adBlacklistDomains.txt
-      - config/spam.txt
-      - database/seeds/UsersSeeder.php
-      - database/useragents.sqlite
-  only:
-    refs:
-      - master    
-prepare_secrets_development:
-  stage: prepare
-  image: alpine:latest
-  script: 
-    - cp $ENVFILE .env
-    - cp $SUMAS config/sumas.json
-    - cp $SUMASEN config/sumasEn.json
-    - cp $BLACKLISTURL config/blacklistUrl.txt
-    - cp $BLACKLISTDOMAINS config/blacklistDomains.txt
-    - cp $ADBLACKLISTURL config/adBlacklistUrl.txt
-    - cp $ADBLACKLISTDOMAINS config/adBlacklistDomains.txt
-    - cp $SPAM config/spam.txt
-    - cp $USERSSEEDER database/seeds/UsersSeeder.php
-    - cp database/useragents.sqlite.example database/useragents.sqlite
-    - sed -i 's/^APP_ENV=.*/APP_ENV=development/g' .env
-    - sed -i 's/^REDIS_PASSWORD=.*/REDIS_PASSWORD=null/g' .env
-  artifacts:
-    paths:
-      - .env
-      - config/sumas.json
-      - config/sumasEn.json
-      - config/blacklistUrl.txt
-      - config/blacklistDomains.txt
-      - config/adBlacklistUrl.txt
-      - config/adBlacklistDomains.txt
-      - config/spam.txt
-      - database/seeds/UsersSeeder.php
-      - database/useragents.sqlite
-  only:
-    - branches
-    - tags
-  except:
-    refs:
-      - master
 prepare_node:
  stage: prepare
  image: node:10

--- a/Dockerfile
+++ b/Dockerfile
@@ -69,7 +69,11 @@ COPY --chown=root:nginx . /html
 WORKDIR /html
 EXPOSE 80
-CMD chown -R root:nginx storage/logs/metager bootstrap/cache && \
+CMD cp /root/.env .env && \
+    sed -i 's/^REDIS_PASSWORD=.*/REDIS_PASSWORD=null/g' .env && \
+    if [ "$GITLAB_ENVIRONMENT_NAME" = "production" ]; then sed -i 's/^APP_ENV=.*/APP_ENV=production/g' .env; else sed -i 's/^APP_ENV=.*/APP_ENV=development/g' .env fi && \
+    cp database/useragents.sqlite.example database/useragents.sqlite && \
+    chown -R root:nginx storage/logs/metager bootstrap/cache && \
    chmod -R g+w storage/logs/metager bootstrap/cache && \
    crond -L /dev/stdout && \
    php-fpm7
--- a/chart/templates/deployment.yaml
+++ b/chart/templates/deployment.yaml
@@ -47,6 +47,21 @@ spec:
      - name: mglogs-persistent-storage
        persistentVolumeClaim:
          claimName: mg-logs
+      - name: env-files
+        secret:
+          secretName: metager-env
+      - name: sumas
+        secret:
+          secretName: metager-sumas
+      - name: sumas-en
+        secret:
+          secretName: metager-sumas-en
+      - name: blacklist
+        secret:
+          secretName: metager-blacklist
+      - name: blacklist-ad
+        secret:
+          secretName: metager-ad-blacklist
      containers:
      # Main PHP-FPM Container
      - name: {{ .Chart.Name }}-phpfpm
@@ -81,6 +96,42 @@ spec:
        - name: mglogs-persistent-storage
          mountPath: /html/storage/logs/metager
          readOnly: false
+        - name: env-files
+          mountPath: /root/.env
+          subPath: .env
+          readOnly: true
+        - name: env-files
+          mountPath: /html/database/seeds/UsersSeeder.php
+          subPath: UsersSeeder.php
+          readOnly: true
+        - name: env-files
+          mountPath: /html/config/spam.txt
+          subPath: spam.txt
+          readOnly: true
+        - name: sumas
+          mountPath: /html/config/sumas.json
+          subPath: sumas.json
+          readOnly: true
+        - name: sumas-en
+          mountPath: /html/config/sumasEn.json
+          subPath: sumasEn.json
+          readOnly: true
+        - name: blacklist
+          mountPath: /html/config/blacklistUrl.txt
+          subPath: blacklistUrl.txt
+          readOnly: true
+        - name: blacklist
+          mountPath: /html/config/blacklistDomains.txt
+          subPath: blacklistDomains.txt
+          readOnly: true
+        - name: blacklist-ad
+          mountPath: /html/config/adBlacklistUrl.txt
+          subPath: adBlacklistUrl.txt
+          readOnly: true
+        - name: blacklist-ad
+          mountPath: /html/config/adBlacklistDomains.txt
+          subPath: adBlacklistDomains.txt
+          readOnly: true
        resources:
          requests:
            cpu: 500m