diff --git a/.kontinuous/env/preprod/templates/app.sealed.secret.yaml b/.kontinuous/env/preprod/templates/app.sealed.secret.yaml index 6cb1477a..ca9c3ae5 100644 --- a/.kontinuous/env/preprod/templates/app.sealed.secret.yaml +++ b/.kontinuous/env/preprod/templates/app.sealed.secret.yaml @@ -6,7 +6,7 @@ metadata: name: app spec: encryptedData: - NEXTAUTH_SECRET: AgBdDOpKTwHKWU2g0+hGyGZpP0LC6f3sEtw1ejLkk72Rhip/Soia+/4gKzXHb938u0YE1FQsz8tntM2/mmCv6+hmtgvsE+aaNWEBqTMkOby/bbChrxhw50es06cWBK7ts0m6NGNvyNfdEWHWWrOTDmO7m/4f0oS9KAaXjeFdNlOEU8kq7Fe5W5/hdNpH7u8MF7MwWwGrQyO9QHHNp3Ojyc5i/PIEBjE4VgxnLlX/B3i+sPjymIQhI8bsd9HXwvqM3V8TK/AI5JceYodz7UkBlPipgS4Bg2ldmK8xgXkYuRrehh+sTo8faiuMwVAYmdFYJYRwhMMg04IZ4yGsHu0NxmFuVAUvQL+5ksoDoJTGjWxrwR4+LT7NiGPRma65ARpFD0iDj/n+pKODkXA/ol+2p9I4gEHzWVwECIEjKMXVuOGAfHVjklZWj6+qYY74w9yF/P+QsWsK68p2igjFb1RfXszeujAQyF25vhNB5MXCFkeuLaEyU1yNFULc6vyc0HJO1Y/8zNWXmqqDSUMlc/mGrO/TojkMKwDrfbMhIhegW0JcgcHJSpPnXpReYKp77PH8ElavbqmjVN1SXXlA1kCHX9QzERHvoIMzJFXCryOSXIVq3LkYiNeKCNJKEHpIB9exuOdwqJXBb/lnPponkZOh4JpyGgjARc6HoQsGr0mzpYkIIRYny/tSvW6vrIT1Yak+VWcNTlw+1+nu7av1dax7HDVkZ3AnepD6zsHSEnoNp0zy7ZkZPJZtN7E8vEEf8Q== +# NEXTAUTH_SECRET: AgBdDOpKTwHKWU2g0+hGyGZpP0LC6f3sEtw1ejLkk72Rhip/Soia+/4gKzXHb938u0YE1FQsz8tntM2/mmCv6+hmtgvsE+aaNWEBqTMkOby/bbChrxhw50es06cWBK7ts0m6NGNvyNfdEWHWWrOTDmO7m/4f0oS9KAaXjeFdNlOEU8kq7Fe5W5/hdNpH7u8MF7MwWwGrQyO9QHHNp3Ojyc5i/PIEBjE4VgxnLlX/B3i+sPjymIQhI8bsd9HXwvqM3V8TK/AI5JceYodz7UkBlPipgS4Bg2ldmK8xgXkYuRrehh+sTo8faiuMwVAYmdFYJYRwhMMg04IZ4yGsHu0NxmFuVAUvQL+5ksoDoJTGjWxrwR4+LT7NiGPRma65ARpFD0iDj/n+pKODkXA/ol+2p9I4gEHzWVwECIEjKMXVuOGAfHVjklZWj6+qYY74w9yF/P+QsWsK68p2igjFb1RfXszeujAQyF25vhNB5MXCFkeuLaEyU1yNFULc6vyc0HJO1Y/8zNWXmqqDSUMlc/mGrO/TojkMKwDrfbMhIhegW0JcgcHJSpPnXpReYKp77PH8ElavbqmjVN1SXXlA1kCHX9QzERHvoIMzJFXCryOSXIVq3LkYiNeKCNJKEHpIB9exuOdwqJXBb/lnPponkZOh4JpyGgjARc6HoQsGr0mzpYkIIRYny/tSvW6vrIT1Yak+VWcNTlw+1+nu7av1dax7HDVkZ3AnepD6zsHSEnoNp0zy7ZkZPJZtN7E8vEEf8Q== KEYCLOAK_CLIENT_ID: AgB8KATkspkNplsty+H4bBjm7Ce4pxmy3/s0h0KFnO69dFj5Xwy36nJ5H7g4oTE8xQBDEPWX/YyF5/rqFGTeN5Btybk3yRRQoS+j5OyMruUOdvwthN2RQlma6IMeHp65UwIFuOrYn44w4kZBYbXM9teinH3qI/IvLs+8s5D3NxbD6TYTPcUVOxfiuI21atN35qgVCrMtWBy7w1VjcA9Trjwv3nc0fOUkKWZNNmc7S5zh/UneJJC0Wlf96x1OkYNbSm1GB6H5T80ayPDB1d5nT2598Hz1BFhsxbsqfoABQYcQIOULggMkQaAGHkgGk4lCF4U83b4m3lIb7il6W7UmANMW4ZdFUsftA3o37WUq2rfasIjHLrZuNka97SkU9ZJKm4axb5bNRz+xCxwv6FaWQTfvrI/qYUAsuFpgMPRphEyxngOoHLqyrBa2fN+ahNYyniIXBp2TmUhzfjybXt56QWwNUEDeMGesk9FTw3ssCAgu3PwrJv4REYpMKzdszuGlCd9v21XtWxnABDLIme9WxapM9AXZhWm+ftJTHbSSlHwDdJPHCulh05dLrJ63C3AtsnncyeMNl0nkMHqN51yB2cus6qeE4LL5zErK/f4fmp31HuzfAveR6zzZKJ+tXPvkg//mABaFhfMMHpvPo4oqU8wOyqKFZU6mDfA5DsYWgsMiU4kpePkaXbAUUxYw8N5CY/s7ic8+wT+lGWwO KEYCLOAK_CLIENT_SECRET: AgAiI7KGxjFjhjSY3hYrlQ30oQ7eNE2jkaEcO3gOAQhlWMFvSu1b51rhl3htkPO5YTkAsfbC7EIZkdSTEjjF6eFUKua5Z51jbKf8wmmW3VfWky26yzzyazUJ7Sv/rAPwr4ialLUivvoYLrJECE49GasHm9mosBEuvuqpFYYmiJlSOrG9kM8RdybaZmGLiUZBUIRN1bIrC9ix7kdndaCQ8ysRVH76xQ2wpXYJU4rVn2bOJgbvR4T4q/pe6TeT/H7yUZ9ritgVPH9tFCuGK0xZ3CXFnUFwQsdsB9c0aB2jwoi2YmsK0XRasRAmu7PxsqD34xGkwtopVTvLsuKhCcN/V1x81gB/8+pW1Ox6yhQKH06GNsIruamhVxeIOXP7vt0/B93+cnZQUuFL7xt7rxnZEKq/1Ja0av/2UkxAUNYNc+kdRvLJbm8TVkWUuoWbMLUrsg3S6fItRHMG1M1t9MvdeihVlTyBThadnIfKSS3RiBKi/7Maozpa2g/ATsYX15qbDeONMgRZmo6itKGtmm6RBJpluSsGmPjBBO30oSdIV8gNEzdQuboSB86XjrDgQbGPj4Mn2aeQSEoNlxS0pjXB8/jOzp68YIh7by0LVrTA8su60oNrQCA5SVXTrO/PQJpXsC998iuohL1CvWIbxkP+GxXptwoRbrNy4lYPtxYGSCFH/rdEgPElLlHy4EMpfnVr+1NWvTWsusg6fgJXtcovXz+2aYQ42yhYVg5dS26xeX6cAg== template: diff --git a/.kontinuous/patches/secrets.js b/.kontinuous/patches/secrets.js new file mode 100644 index 00000000..0135c412 --- /dev/null +++ b/.kontinuous/patches/secrets.js @@ -0,0 +1,26 @@ +/* +Patch manifests +*/ +module.exports = (manifests) => { + for (const manifest of manifests) { + const { kind } = manifest; + if (kind === "Deployment" && manifest.metadata.name === "app") { + manifest.spec.template.metadata.annotation = { + ...manifest.spec.template.metadata.annotation, + "vault.hashicorp.com/service": "http://vault.vault-dev.svc:8200", + "vault.hashicorp.com/agent-inject": "true", + "vault.hashicorp.com/role": "webapp", + "vault.hashicorp.com/agent-inject-secret-nextauth": 'kv/data/dev/nextauth_secret', + "vault.hashicorp.com/agent-inject-secret-keycloack_client_id": 'kv/data/dev/keycloack_client_id', + "vault.hashicorp.com/agent-inject-secret-keycloack_client_secret": 'kv/data/dev/keycloack_client_secret', + "vault.hashicorp.com/agent-inject-template-dev": '| \ + {{- with secret "kv/dev/nextauth_secret" -}} \ + {{- range $key, $value := .Data.data }} \ + export {{ $key }}={{ $value }} \ + {{- end }} \ + {{- end }}' + }; + } + } + return manifests; +}; \ No newline at end of file diff --git a/.kontinuous/values.yaml b/.kontinuous/values.yaml index 9179162a..70dce64f 100644 --- a/.kontinuous/values.yaml +++ b/.kontinuous/values.yaml @@ -49,6 +49,8 @@ app: ingress: annotations: nginx.ingress.kubernetes.io/proxy-buffer-size: "128k" +# args: +# ['sh', '-c', 'source /vault/secrets/dev && node start'] jobs: runs: