comms: fix mas vault file paths
This commit is contained in:
parent
d90950b82e
commit
5816d4f399
@ -31,13 +31,13 @@ data:
|
|||||||
clients:
|
clients:
|
||||||
- client_id: 01KDXMVQBQ5JNY6SEJPZW6Z8BM
|
- client_id: 01KDXMVQBQ5JNY6SEJPZW6Z8BM
|
||||||
client_auth_method: client_secret_basic
|
client_auth_method: client_secret_basic
|
||||||
client_secret_file: /etc/mas/admin-client/client_secret
|
client_secret_file: /vault/secrets/mas-admin-secret
|
||||||
|
|
||||||
secrets:
|
secrets:
|
||||||
encryption_file: /etc/mas/secrets/encryption
|
encryption_file: /vault/secrets/mas-encryption
|
||||||
keys:
|
keys:
|
||||||
- kid: "othrys-rsa-1"
|
- kid: "othrys-rsa-1"
|
||||||
key_file: /etc/mas/keys/rsa_key
|
key_file: /vault/secrets/mas-rsa-key
|
||||||
|
|
||||||
passwords:
|
passwords:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|||||||
@ -117,26 +117,6 @@ spec:
|
|||||||
- name: rendered
|
- name: rendered
|
||||||
mountPath: /rendered
|
mountPath: /rendered
|
||||||
readOnly: true
|
readOnly: true
|
||||||
- name: vault-secrets
|
|
||||||
mountPath: /etc/mas/secrets/encryption
|
|
||||||
subPath: mas-encryption
|
|
||||||
readOnly: true
|
|
||||||
- name: vault-secrets
|
|
||||||
mountPath: /etc/mas/secrets/matrix_shared_secret
|
|
||||||
subPath: mas-matrix-shared
|
|
||||||
readOnly: true
|
|
||||||
- name: vault-secrets
|
|
||||||
mountPath: /etc/mas/secrets/keycloak_client_secret
|
|
||||||
subPath: mas-kc-secret
|
|
||||||
readOnly: true
|
|
||||||
- name: vault-secrets
|
|
||||||
mountPath: /etc/mas/keys/rsa_key
|
|
||||||
subPath: mas-rsa-key
|
|
||||||
readOnly: true
|
|
||||||
- name: vault-secrets
|
|
||||||
mountPath: /etc/mas/admin-client/client_secret
|
|
||||||
subPath: mas-admin-secret
|
|
||||||
readOnly: true
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 200m
|
cpu: 200m
|
||||||
@ -153,8 +133,6 @@ spec:
|
|||||||
path: config.yaml
|
path: config.yaml
|
||||||
- name: rendered
|
- name: rendered
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
- name: vault-secrets
|
|
||||||
emptyDir: {}
|
|
||||||
- name: vault-scripts
|
- name: vault-scripts
|
||||||
configMap:
|
configMap:
|
||||||
name: comms-vault-env
|
name: comms-vault-env
|
||||||
|
|||||||
@ -6,6 +6,8 @@ metadata:
|
|||||||
namespace: sso
|
namespace: sso
|
||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/cluster-issuer: letsencrypt
|
cert-manager.io/cluster-issuer: letsencrypt
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||||
spec:
|
spec:
|
||||||
ingressClassName: traefik
|
ingressClassName: traefik
|
||||||
rules:
|
rules:
|
||||||
|
|||||||
@ -7,6 +7,8 @@ metadata:
|
|||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/cluster-issuer: letsencrypt
|
cert-manager.io/cluster-issuer: letsencrypt
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: sso-oauth2-proxy-errors@kubernetescrd
|
traefik.ingress.kubernetes.io/router.middlewares: sso-oauth2-proxy-errors@kubernetescrd
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||||
spec:
|
spec:
|
||||||
ingressClassName: traefik
|
ingressClassName: traefik
|
||||||
rules:
|
rules:
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user