Skip to content

Commit

Permalink
fix env var name
Browse files Browse the repository at this point in the history
  • Loading branch information
Ralf Grubenmann committed Apr 18, 2024
1 parent c29c049 commit 78e2025
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 11 deletions.
14 changes: 9 additions & 5 deletions helm-chart/renku/templates/data-service/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,9 +67,9 @@ spec:
name: {{ include "renku.fullname" . }}
key: dataServiceKeycloakClientSecret
- name: ENCRYPTION_KEY_PATH
value: /secrets/encryptionKey
- name: SECRET_SERVICE_PUBLIC_KEY_PATH
value: /secrets/publicKey
value: /secrets/encryptionKey/encryptionKey
- name: SECRETS_SERVICE_PUBLIC_KEY_PATH
value: /secrets/publicKey/publicKey
- name: SERVER_DEFAULTS
value: /etc/renku-data-service/server_options/server_defaults.json
- name: SERVER_OPTIONS
Expand Down Expand Up @@ -108,11 +108,9 @@ spec:
- name: server-options
mountPath: /etc/renku-data-service/server_options
- mountPath: "/secrets/encryptionKey"
subPath: enryptionKey
name: encryption-key
readOnly: true
- mountPath: "/secrets/publicKey"
subpath: publicKey
name: secret-service-public-key
readOnly: true
{{- include "certificates.volumeMounts.system" . | nindent 12 }}
Expand Down Expand Up @@ -157,8 +155,14 @@ spec:
- name: encryption-key
secret:
secretName: {{ template "renku.fullname" . }}-secrets-storage
items:
- key: encryptionKey
path: encryptionKey
- name: secret-service-public-key
secret:
secretName: {{ template "renku.fullname" . }}-secret-service-public-key
items:
- key: publicKey
path: publicKey
{{- include "certificates.volumes" . | nindent 8 }}
serviceAccountName: {{ template "renku.fullname" . }}-data-service
25 changes: 19 additions & 6 deletions helm-chart/renku/templates/secrets-storage/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,40 +54,53 @@ spec:
secretKeyRef:
name: {{ .Values.global.db.common.passwordSecretName }}
key: password
- name: SECRET_SERVICE_PRIVATE_KEY_PATH
value: /secrets/privateKey
- name: KEYCLOAK_URL
value: {{ (printf "%s://%s/auth/" (include "renku.http" .) .Values.global.renku.domain) | quote }}
- name: KEYCLOAK_TOKEN_SIGNATURE_ALGS
value: "RS256"
- name: KEYCLOAK_CLIENT_ID
value: {{ include "renku.dataService.keycloak.clientId" . | quote }}
- name: KEYCLOAK_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ include "renku.fullname" . }}
key: dataServiceKeycloakClientSecret
- name: SECRETS_SERVICE_PRIVATE_KEY_PATH
value: /secrets/privateKey/privateKey
livenessProbe:
httpGet:
path: /api/secret/version
path: /api/secrets/version
port: http
initialDelaySeconds: 10
periodSeconds: 10
failureThreshold: 6
readinessProbe:
httpGet:
path: /api/secret/version
path: /api/secrets/version
port: http
initialDelaySeconds: 10
periodSeconds: 2
failureThreshold: 2
startupProbe:
httpGet:
path: /api/secret/version
path: /api/secrets/version
port: http
periodSeconds: 5
failureThreshold: 60
resources:
{{ toYaml .Values.secretsStorage.resources | nindent 12 }}
volumeMounts:
- mountPath: "/secrets/privateKey"
subpath: privateKey
name: secret-service-private-key
readOnly: true
{{- include "certificates.volumeMounts.system" . | nindent 12 }}
volumes:
- name: secret-service-private-key
secret:
secretName: {{ template "renku.fullname" . }}-secret-service-private-key
items:
- key: privateKey
path: privateKey
{{- include "certificates.volumes" . | nindent 8 }}
{{- with .Values.secretsStorage.nodeSelector }}
nodeSelector:
Expand Down

0 comments on commit 78e2025

Please sign in to comment.