feat(k8s): add external secret for geo-service
Creates an ExternalSecret for the geo-service to manage sensitive information through an external secrets store. Removes the legacy create-secrets script and updates references in the deployment configuration to use the new secret. This enhances security and maintainability by centralizing secret management.
This commit is contained in:
@@ -1,17 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
source ${BUILD_TOOLS_PATH}/scripts/kubernetes.sh
|
||||
|
||||
ENVIRONMENT="${1?usage: secrets.sh <environment>}"
|
||||
LASTPASS_SHARE="envconfig\\${ENVIRONMENT}"
|
||||
|
||||
kube_cmd=$(kubernetes:get_command ${ENVIRONMENT})
|
||||
|
||||
SECRET_NAME="google-maps-api"
|
||||
API_KEY=$(lpass show --name "${LASTPASS_SHARE}/${SECRET_NAME}" --notes)
|
||||
|
||||
$kube_cmd delete secret ${SECRET_NAME,,} &> /dev/null || true
|
||||
$kube_cmd create secret generic \
|
||||
${SECRET_NAME,,} \
|
||||
--from-literal=MAPS_API_KEY="${API_KEY}"
|
||||
+1
-1
@@ -47,7 +47,7 @@ spec:
|
||||
name: http
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: google-maps-api
|
||||
name: geo-service
|
||||
restartPolicy: Always
|
||||
---
|
||||
apiVersion: v1
|
||||
|
||||
@@ -0,0 +1,14 @@
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: geo-service
|
||||
spec:
|
||||
refreshInterval: 1h
|
||||
secretStoreRef:
|
||||
name: external-secrets
|
||||
kind: ClusterSecretStore
|
||||
target:
|
||||
creationPolicy: Owner
|
||||
dataFrom:
|
||||
- extract:
|
||||
key: applications/dancefinder/geo-service
|
||||
Reference in New Issue
Block a user