diff --git a/services/health/wger-admin-ensure-cronjob.yaml b/services/health/wger-admin-ensure-cronjob.yaml index 03757f6..3205fd3 100644 --- a/services/health/wger-admin-ensure-cronjob.yaml +++ b/services/health/wger-admin-ensure-cronjob.yaml @@ -21,19 +21,44 @@ spec: vault.hashicorp.com/agent-inject-secret-wger-env: "kv/data/atlas/health/wger-db" vault.hashicorp.com/agent-inject-template-wger-env: | {{- with secret "kv/data/atlas/health/wger-db" -}} - export DJANGO_DB_HOST='{{ .Data.data.DJANGO_DB_HOST | replace "'" "'\"'\"'" }}' - export DJANGO_DB_PORT='{{ .Data.data.DJANGO_DB_PORT | replace "'" "'\"'\"'" }}' - export DJANGO_DB_DATABASE='{{ .Data.data.DJANGO_DB_DATABASE | replace "'" "'\"'\"'" }}' - export DJANGO_DB_USER='{{ .Data.data.DJANGO_DB_USER | replace "'" "'\"'\"'" }}' - export DJANGO_DB_PASSWORD='{{ .Data.data.DJANGO_DB_PASSWORD | replace "'" "'\"'\"'" }}' + export DJANGO_DB_HOST="{{ .Data.data.DJANGO_DB_HOST }}" + export DJANGO_DB_PORT="{{ .Data.data.DJANGO_DB_PORT }}" + export DJANGO_DB_DATABASE="{{ .Data.data.DJANGO_DB_DATABASE }}" + export DJANGO_DB_USER="{{ .Data.data.DJANGO_DB_USER }}" + export DJANGO_DB_PASSWORD="$(cat /vault/secrets/wger-db-password)" {{- end }} {{- with secret "kv/data/atlas/health/wger-secrets" -}} - export SECRET_KEY='{{ .Data.data.SECRET_KEY | replace "'" "'\"'\"'" }}' - export SIGNING_KEY='{{ .Data.data.SIGNING_KEY | replace "'" "'\"'\"'" }}' + export SECRET_KEY="$(cat /vault/secrets/wger-secret-key)" + export SIGNING_KEY="$(cat /vault/secrets/wger-signing-key)" {{- end }} {{- with secret "kv/data/atlas/health/wger-admin" -}} - export WGER_ADMIN_USERNAME='{{ .Data.data.username | replace "'" "'\"'\"'" }}' - export WGER_ADMIN_PASSWORD='{{ .Data.data.password | replace "'" "'\"'\"'" }}' + export WGER_ADMIN_USERNAME="$(cat /vault/secrets/wger-admin-username)" + export WGER_ADMIN_PASSWORD="$(cat /vault/secrets/wger-admin-password)" + {{- end -}} + vault.hashicorp.com/agent-inject-secret-wger-db-password: "kv/data/atlas/health/wger-db" + vault.hashicorp.com/agent-inject-template-wger-db-password: | + {{- with secret "kv/data/atlas/health/wger-db" -}} + {{ .Data.data.DJANGO_DB_PASSWORD }} + {{- end -}} + vault.hashicorp.com/agent-inject-secret-wger-secret-key: "kv/data/atlas/health/wger-secrets" + vault.hashicorp.com/agent-inject-template-wger-secret-key: | + {{- with secret "kv/data/atlas/health/wger-secrets" -}} + {{ .Data.data.SECRET_KEY }} + {{- end -}} + vault.hashicorp.com/agent-inject-secret-wger-signing-key: "kv/data/atlas/health/wger-secrets" + vault.hashicorp.com/agent-inject-template-wger-signing-key: | + {{- with secret "kv/data/atlas/health/wger-secrets" -}} + {{ .Data.data.SIGNING_KEY }} + {{- end -}} + vault.hashicorp.com/agent-inject-secret-wger-admin-username: "kv/data/atlas/health/wger-admin" + vault.hashicorp.com/agent-inject-template-wger-admin-username: | + {{- with secret "kv/data/atlas/health/wger-admin" -}} + {{ .Data.data.username }} + {{- end -}} + vault.hashicorp.com/agent-inject-secret-wger-admin-password: "kv/data/atlas/health/wger-admin" + vault.hashicorp.com/agent-inject-template-wger-admin-password: | + {{- with secret "kv/data/atlas/health/wger-admin" -}} + {{ .Data.data.password }} {{- end -}} spec: serviceAccountName: health-vault-sync diff --git a/services/health/wger-deployment.yaml b/services/health/wger-deployment.yaml index 546a81e..20b1337 100644 --- a/services/health/wger-deployment.yaml +++ b/services/health/wger-deployment.yaml @@ -20,15 +20,30 @@ spec: vault.hashicorp.com/agent-inject-secret-wger-env: "kv/data/atlas/health/wger-db" vault.hashicorp.com/agent-inject-template-wger-env: | {{- with secret "kv/data/atlas/health/wger-db" -}} - export DJANGO_DB_HOST='{{ .Data.data.DJANGO_DB_HOST | replace "'" "'\"'\"'" }}' - export DJANGO_DB_PORT='{{ .Data.data.DJANGO_DB_PORT | replace "'" "'\"'\"'" }}' - export DJANGO_DB_DATABASE='{{ .Data.data.DJANGO_DB_DATABASE | replace "'" "'\"'\"'" }}' - export DJANGO_DB_USER='{{ .Data.data.DJANGO_DB_USER | replace "'" "'\"'\"'" }}' - export DJANGO_DB_PASSWORD='{{ .Data.data.DJANGO_DB_PASSWORD | replace "'" "'\"'\"'" }}' + export DJANGO_DB_HOST="{{ .Data.data.DJANGO_DB_HOST }}" + export DJANGO_DB_PORT="{{ .Data.data.DJANGO_DB_PORT }}" + export DJANGO_DB_DATABASE="{{ .Data.data.DJANGO_DB_DATABASE }}" + export DJANGO_DB_USER="{{ .Data.data.DJANGO_DB_USER }}" + export DJANGO_DB_PASSWORD="$(cat /vault/secrets/wger-db-password)" {{- end }} {{- with secret "kv/data/atlas/health/wger-secrets" -}} - export SECRET_KEY='{{ .Data.data.SECRET_KEY | replace "'" "'\"'\"'" }}' - export SIGNING_KEY='{{ .Data.data.SIGNING_KEY | replace "'" "'\"'\"'" }}' + export SECRET_KEY="$(cat /vault/secrets/wger-secret-key)" + export SIGNING_KEY="$(cat /vault/secrets/wger-signing-key)" + {{- end -}} + vault.hashicorp.com/agent-inject-secret-wger-db-password: "kv/data/atlas/health/wger-db" + vault.hashicorp.com/agent-inject-template-wger-db-password: | + {{- with secret "kv/data/atlas/health/wger-db" -}} + {{ .Data.data.DJANGO_DB_PASSWORD }} + {{- end -}} + vault.hashicorp.com/agent-inject-secret-wger-secret-key: "kv/data/atlas/health/wger-secrets" + vault.hashicorp.com/agent-inject-template-wger-secret-key: | + {{- with secret "kv/data/atlas/health/wger-secrets" -}} + {{ .Data.data.SECRET_KEY }} + {{- end -}} + vault.hashicorp.com/agent-inject-secret-wger-signing-key: "kv/data/atlas/health/wger-secrets" + vault.hashicorp.com/agent-inject-template-wger-signing-key: | + {{- with secret "kv/data/atlas/health/wger-secrets" -}} + {{ .Data.data.SIGNING_KEY }} {{- end -}} spec: affinity: diff --git a/services/health/wger-user-sync-cronjob.yaml b/services/health/wger-user-sync-cronjob.yaml index 2ac85ea..f99afad 100644 --- a/services/health/wger-user-sync-cronjob.yaml +++ b/services/health/wger-user-sync-cronjob.yaml @@ -22,15 +22,30 @@ spec: vault.hashicorp.com/agent-inject-secret-wger-env: "kv/data/atlas/health/wger-db" vault.hashicorp.com/agent-inject-template-wger-env: | {{- with secret "kv/data/atlas/health/wger-db" -}} - export DJANGO_DB_HOST='{{ .Data.data.DJANGO_DB_HOST | replace "'" "'\"'\"'" }}' - export DJANGO_DB_PORT='{{ .Data.data.DJANGO_DB_PORT | replace "'" "'\"'\"'" }}' - export DJANGO_DB_DATABASE='{{ .Data.data.DJANGO_DB_DATABASE | replace "'" "'\"'\"'" }}' - export DJANGO_DB_USER='{{ .Data.data.DJANGO_DB_USER | replace "'" "'\"'\"'" }}' - export DJANGO_DB_PASSWORD='{{ .Data.data.DJANGO_DB_PASSWORD | replace "'" "'\"'\"'" }}' + export DJANGO_DB_HOST="{{ .Data.data.DJANGO_DB_HOST }}" + export DJANGO_DB_PORT="{{ .Data.data.DJANGO_DB_PORT }}" + export DJANGO_DB_DATABASE="{{ .Data.data.DJANGO_DB_DATABASE }}" + export DJANGO_DB_USER="{{ .Data.data.DJANGO_DB_USER }}" + export DJANGO_DB_PASSWORD="$(cat /vault/secrets/wger-db-password)" {{- end }} {{- with secret "kv/data/atlas/health/wger-secrets" -}} - export SECRET_KEY='{{ .Data.data.SECRET_KEY | replace "'" "'\"'\"'" }}' - export SIGNING_KEY='{{ .Data.data.SIGNING_KEY | replace "'" "'\"'\"'" }}' + export SECRET_KEY="$(cat /vault/secrets/wger-secret-key)" + export SIGNING_KEY="$(cat /vault/secrets/wger-signing-key)" + {{- end -}} + vault.hashicorp.com/agent-inject-secret-wger-db-password: "kv/data/atlas/health/wger-db" + vault.hashicorp.com/agent-inject-template-wger-db-password: | + {{- with secret "kv/data/atlas/health/wger-db" -}} + {{ .Data.data.DJANGO_DB_PASSWORD }} + {{- end -}} + vault.hashicorp.com/agent-inject-secret-wger-secret-key: "kv/data/atlas/health/wger-secrets" + vault.hashicorp.com/agent-inject-template-wger-secret-key: | + {{- with secret "kv/data/atlas/health/wger-secrets" -}} + {{ .Data.data.SECRET_KEY }} + {{- end -}} + vault.hashicorp.com/agent-inject-secret-wger-signing-key: "kv/data/atlas/health/wger-secrets" + vault.hashicorp.com/agent-inject-template-wger-signing-key: | + {{- with secret "kv/data/atlas/health/wger-secrets" -}} + {{ .Data.data.SIGNING_KEY }} {{- end -}} spec: serviceAccountName: health-vault-sync