diff --git a/crawler/templates/cronjob.yaml b/crawler/templates/cronjob.yaml index 4ef2968..170ce3d 100644 --- a/crawler/templates/cronjob.yaml +++ b/crawler/templates/cronjob.yaml @@ -46,14 +46,17 @@ spec: - name: ELASTIC_USER value: "{{ .Values.crawler.env.elastic_user }}" - name: ELASTIC_PWD - value: crawler-secrets@azurekeyvault?elastic-pass + valueFrom: + secretKeyRef: + name: {{ template "crawler.fullname" . }}-azure-kv + key: elastic-pass restartPolicy: Never volumes: - name: configs secret: - secretName: {{ template "crawler.fullname" . }}-secrets + secretName: {{ template "crawler.fullname" . }}-azure-kv items: - key: domains.yml path: domains.yml diff --git a/crawler/templates/secret.yaml b/crawler/templates/secret.yaml new file mode 100644 index 0000000..6394270 --- /dev/null +++ b/crawler/templates/secret.yaml @@ -0,0 +1,15 @@ +--- + +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ template "crawler.fullname" . }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: azure-kv-secret-store + target: + name: {{ template "crawler.fullname" . }}-azure-kv + dataFrom: + - extract: + key: k8s-secrets-{{ template "crawler.fullname" . }} diff --git a/crawler/templates/secrets.yaml b/crawler/templates/secrets.yaml deleted file mode 100644 index 5f363fd..0000000 --- a/crawler/templates/secrets.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- - -apiVersion: spv.no/v1alpha1 - -kind: AzureKeyVaultSecret -metadata: - # Name of the secret to reference from env injector - name: {{ template "crawler.fullname" . }}-secrets -spec: - vault: - # Name of the Azure Keyvault - name: devita-prod-kv - object: - # Name of the secret to retrieve from the Azure Keyvault - name: k8s-secrets-crawler - type: multi-key-value-secret - contentType: application/x-json - output: - secret: - # Name of the secret in Kubernetes - name: {{ template "crawler.fullname" . }}-secrets diff --git a/onboarding/templates/deployment.yaml b/onboarding/templates/deployment.yaml index 7779909..a536cb1 100644 --- a/onboarding/templates/deployment.yaml +++ b/onboarding/templates/deployment.yaml @@ -84,13 +84,25 @@ spec: - name: ONBOARDING_EMAIL_SUBJECT value: "{{ .Values.onboarding.env.onboarding_email_subject }}" - name: ONBOARDING_SMTP_HOSTNAME - value: onboarding-secrets@azurekeyvault?smtp-hostname + valueFrom: + secretKeyRef: + name: {{ template "onboarding.fullname" . }}-azure-kv + key: smtp-hostname - name: ONBOARDING_SMTP_USERNAME - value: onboarding-secrets@azurekeyvault?smtp-username + valueFrom: + secretKeyRef: + name: {{ template "onboarding.fullname" . }}-azure-kv + key: smtp-username - name: ONBOARDING_SMTP_PASSWORD - value: onboarding-secrets@azurekeyvault?smtp-password + valueFrom: + secretKeyRef: + name: {{ template "onboarding.fullname" . }}-azure-kv + key: smtp-password - name: ONBOARDING_PASETO_KEY - value: onboarding-secrets@azurekeyvault?paseto-key + valueFrom: + secretKeyRef: + name: {{ template "onboarding.fullname" . }}-azure-kv + key: paseto-key {{- if eq (default "production" .Values.onboarding.deployEnvironment) "production" }} volumeMounts: diff --git a/onboarding/templates/secret.yaml b/onboarding/templates/secret.yaml new file mode 100644 index 0000000..deaa0e6 --- /dev/null +++ b/onboarding/templates/secret.yaml @@ -0,0 +1,13 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ template "onboarding.fullname" . }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: azure-kv-secret-store + target: + name: {{ template "onboarding.fullname" . }}-azure-kv + dataFrom: + - extract: + key: k8s-secrets-onboarding \ No newline at end of file diff --git a/onboarding/templates/secrets.yaml b/onboarding/templates/secrets.yaml deleted file mode 100644 index 357c945..0000000 --- a/onboarding/templates/secrets.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- - -apiVersion: spv.no/v1alpha1 - -kind: AzureKeyVaultSecret -metadata: - # Name of the secret to reference from env injector - name: {{ template "onboarding.fullname" . }}-secrets -spec: - vault: - # Name of the Azure Keyvault - name: devita-prod-kv - object: - # Name of the secret to retrieve from the Azure Keyvault - name: k8s-secrets-onboarding - type: multi-key-value-secret - contentType: application/x-json diff --git a/onboarding/values.yaml b/onboarding/values.yaml index a06fb5b..84ba398 100644 --- a/onboarding/values.yaml +++ b/onboarding/values.yaml @@ -8,7 +8,7 @@ onboarding: images: repository: docker.io/italia/developers-italia-onboarding - tag: v1.3.1 + tag: v1.3.3 pullPolicy: Always env: