Commit bc9a35da authored by Dominik Hebeler's avatar Dominik Hebeler

Merge branch '995-use-kubernetes-secrets' into 'development'

Resolve "Use Kubernetes Secrets"

Closes #995

See merge request !1642
parents cf57f71d d17b38c0
...@@ -37,74 +37,6 @@ stages: ...@@ -37,74 +37,6 @@ stages:
build: build:
services: services:
# Prepares the secret files that we cannot or don't want to share with public
prepare_secrets_master:
stage: prepare
image: alpine:latest
script:
- cp $ENVFILE .env
- cp $SUMAS config/sumas.json
- cp $SUMASEN config/sumasEn.json
- cp $BLACKLISTURL config/blacklistUrl.txt
- cp $BLACKLISTDOMAINS config/blacklistDomains.txt
- cp $ADBLACKLISTURL config/adBlacklistUrl.txt
- cp $ADBLACKLISTDOMAINS config/adBlacklistDomains.txt
- cp $SPAM config/spam.txt
- cp $USERSSEEDER database/seeds/UsersSeeder.php
- cp database/useragents.sqlite.example database/useragents.sqlite
- sed -i 's/^APP_ENV=.*/APP_ENV=production/g' .env
- sed -i 's/^REDIS_PASSWORD=.*/REDIS_PASSWORD=null/g' .env
artifacts:
paths:
- .env
- config/sumas.json
- config/sumasEn.json
- config/blacklistUrl.txt
- config/blacklistDomains.txt
- config/adBlacklistUrl.txt
- config/adBlacklistDomains.txt
- config/spam.txt
- database/seeds/UsersSeeder.php
- database/useragents.sqlite
only:
refs:
- master
prepare_secrets_development:
stage: prepare
image: alpine:latest
script:
- cp $ENVFILE .env
- cp $SUMAS config/sumas.json
- cp $SUMASEN config/sumasEn.json
- cp $BLACKLISTURL config/blacklistUrl.txt
- cp $BLACKLISTDOMAINS config/blacklistDomains.txt
- cp $ADBLACKLISTURL config/adBlacklistUrl.txt
- cp $ADBLACKLISTDOMAINS config/adBlacklistDomains.txt
- cp $SPAM config/spam.txt
- cp $USERSSEEDER database/seeds/UsersSeeder.php
- cp database/useragents.sqlite.example database/useragents.sqlite
- sed -i 's/^APP_ENV=.*/APP_ENV=development/g' .env
- sed -i 's/^REDIS_PASSWORD=.*/REDIS_PASSWORD=null/g' .env
artifacts:
paths:
- .env
- config/sumas.json
- config/sumasEn.json
- config/blacklistUrl.txt
- config/blacklistDomains.txt
- config/adBlacklistUrl.txt
- config/adBlacklistDomains.txt
- config/spam.txt
- database/seeds/UsersSeeder.php
- database/useragents.sqlite
only:
- branches
- tags
except:
refs:
- master
prepare_node: prepare_node:
stage: prepare stage: prepare
image: node:10 image: node:10
...@@ -211,6 +143,11 @@ integrationtest: ...@@ -211,6 +143,11 @@ integrationtest:
script: script:
# Install Dev Dependencies # Install Dev Dependencies
- composer install - composer install
- cp .env.example .env
- echo "WEBDRIVER_USER=\"$WEBDRIVER_KEY\"" >> .env
- echo "WEBDRIVER_URL=\"$WEBDRIVER_URL\"" >> .env
- echo "WEBDRIVER_KEY=\"$WEBDRIVER_USER\"" >> .env
- php artisan key:generate
- URL=$(cat environment_url.txt | tr -d '\n') - URL=$(cat environment_url.txt | tr -d '\n')
- sed -i "s#^APP_URL=.*#APP_URL=$URL#g" .env - sed -i "s#^APP_URL=.*#APP_URL=$URL#g" .env
- sed -i "s#^BRANCH_NAME=.*#BRANCH_NAME=$CI_COMMIT_REF_NAME#g" .env - sed -i "s#^BRANCH_NAME=.*#BRANCH_NAME=$CI_COMMIT_REF_NAME#g" .env
......
...@@ -69,7 +69,11 @@ COPY --chown=root:nginx . /html ...@@ -69,7 +69,11 @@ COPY --chown=root:nginx . /html
WORKDIR /html WORKDIR /html
EXPOSE 80 EXPOSE 80
CMD chown -R root:nginx storage/logs/metager bootstrap/cache && \ CMD cp /root/.env .env && \
sed -i 's/^REDIS_PASSWORD=.*/REDIS_PASSWORD=null/g' .env && \
if [ "$GITLAB_ENVIRONMENT_NAME" = "production" ]; then sed -i 's/^APP_ENV=.*/APP_ENV=production/g' .env; else sed -i 's/^APP_ENV=.*/APP_ENV=development/g' .env; fi && \
cp database/useragents.sqlite.example database/useragents.sqlite && \
chown -R root:nginx storage/logs/metager bootstrap/cache && \
chmod -R g+w storage/logs/metager bootstrap/cache && \ chmod -R g+w storage/logs/metager bootstrap/cache && \
crond -L /dev/stdout && \ crond -L /dev/stdout && \
php-fpm7 php-fpm7
...@@ -47,6 +47,21 @@ spec: ...@@ -47,6 +47,21 @@ spec:
- name: mglogs-persistent-storage - name: mglogs-persistent-storage
persistentVolumeClaim: persistentVolumeClaim:
claimName: mg-logs claimName: mg-logs
- name: env-files
secret:
secretName: metager-env
- name: sumas
secret:
secretName: metager-sumas
- name: sumas-en
secret:
secretName: metager-sumas-en
- name: blacklist
secret:
secretName: metager-blacklist
- name: blacklist-ad
secret:
secretName: metager-ad-blacklist
containers: containers:
# Main PHP-FPM Container # Main PHP-FPM Container
- name: {{ .Chart.Name }}-phpfpm - name: {{ .Chart.Name }}-phpfpm
...@@ -81,6 +96,42 @@ spec: ...@@ -81,6 +96,42 @@ spec:
- name: mglogs-persistent-storage - name: mglogs-persistent-storage
mountPath: /html/storage/logs/metager mountPath: /html/storage/logs/metager
readOnly: false readOnly: false
- name: env-files
mountPath: /root/.env
subPath: .env
readOnly: true
- name: env-files
mountPath: /html/database/seeds/UsersSeeder.php
subPath: UsersSeeder.php
readOnly: true
- name: env-files
mountPath: /html/config/spam.txt
subPath: spam.txt
readOnly: true
- name: sumas
mountPath: /html/config/sumas.json
subPath: sumas.json
readOnly: true
- name: sumas-en
mountPath: /html/config/sumasEn.json
subPath: sumasEn.json
readOnly: true
- name: blacklist
mountPath: /html/config/blacklistUrl.txt
subPath: blacklistUrl.txt
readOnly: true
- name: blacklist
mountPath: /html/config/blacklistDomains.txt
subPath: blacklistDomains.txt
readOnly: true
- name: blacklist-ad
mountPath: /html/config/adBlacklistUrl.txt
subPath: adBlacklistUrl.txt
readOnly: true
- name: blacklist-ad
mountPath: /html/config/adBlacklistDomains.txt
subPath: adBlacklistDomains.txt
readOnly: true
resources: resources:
requests: requests:
cpu: 500m cpu: 500m
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment