aac1b654bb
What changed: - Adds new v3 API and UI deployments (separate api-deployment.yaml, ui-deployment.yaml) alongside the existing monolithic artifactapi-deployment.yaml - Adds CNPG PostgreSQL cluster + pooler to replace the standalone postgres deployment - Adds new api-env configmap, new Vault secrets (postgres-credentials, environment), and a second VaultAuth (default1) - Adds new services targeting the split api and ui selectors - Adds HPAs for both new deployments - Updates kustomization to include all new resources --------- Co-authored-by: Ben Vincent <ben@unkin.net> Reviewed-on: #197
70 lines
1.4 KiB
YAML
70 lines
1.4 KiB
YAML
---
|
|
apiVersion: secrets.hashicorp.com/v1beta1
|
|
kind: VaultStaticSecret
|
|
metadata:
|
|
name: environment
|
|
namespace: artifactapi
|
|
spec:
|
|
destination:
|
|
create: true
|
|
name: environment
|
|
overwrite: false
|
|
hmacSecretData: true
|
|
mount: kv
|
|
path: service/artifactapi/environment
|
|
refreshAfter: 5m
|
|
type: kv-v2
|
|
vaultAuthRef: default
|
|
---
|
|
apiVersion: secrets.hashicorp.com/v1beta1
|
|
kind: VaultStaticSecret
|
|
metadata:
|
|
name: postgres-password
|
|
namespace: artifactapi
|
|
spec:
|
|
destination:
|
|
create: true
|
|
name: postgres-password
|
|
overwrite: true
|
|
hmacSecretData: true
|
|
mount: kv
|
|
path: service/artifactapi/postgres-password
|
|
refreshAfter: 5m
|
|
type: kv-v2
|
|
vaultAuthRef: default
|
|
### change auth ref to default from default1
|
|
---
|
|
apiVersion: secrets.hashicorp.com/v1beta1
|
|
kind: VaultStaticSecret
|
|
metadata:
|
|
name: postgres-credentials
|
|
namespace: artifactapi
|
|
spec:
|
|
destination:
|
|
create: true
|
|
name: postgres-credentials
|
|
overwrite: true
|
|
hmacSecretData: true
|
|
mount: kv
|
|
path: kubernetes/namespace/artifactapi/default/postgres-credentials
|
|
refreshAfter: 5m
|
|
type: kv-v2
|
|
vaultAuthRef: default1
|
|
---
|
|
apiVersion: secrets.hashicorp.com/v1beta1
|
|
kind: VaultStaticSecret
|
|
metadata:
|
|
name: environment2
|
|
namespace: artifactapi
|
|
spec:
|
|
destination:
|
|
create: true
|
|
name: environment
|
|
overwrite: true
|
|
hmacSecretData: true
|
|
mount: kv
|
|
path: kubernetes/namespace/artifactapi/default/environment
|
|
refreshAfter: 5m
|
|
type: kv-v2
|
|
vaultAuthRef: default1
|