comms: fix mas vault file paths

2026-01-15 23:56:32 -03:00 · 2026-01-15 23:56:32 -03:00 · 5816d4f399
commit 5816d4f399
parent d90950b82e
4 changed files with 7 additions and 25 deletions
--- a/services/comms/mas-configmap.yaml
+++ b/services/comms/mas-configmap.yaml
@ -31,13 +31,13 @@ data:
    clients:
      - client_id: 01KDXMVQBQ5JNY6SEJPZW6Z8BM
        client_auth_method: client_secret_basic
-        client_secret_file: /etc/mas/admin-client/client_secret
+        client_secret_file: /vault/secrets/mas-admin-secret

    secrets:
-      encryption_file: /etc/mas/secrets/encryption
+      encryption_file: /vault/secrets/mas-encryption
      keys:
        - kid: "othrys-rsa-1"
-          key_file: /etc/mas/keys/rsa_key
+          key_file: /vault/secrets/mas-rsa-key

    passwords:
      enabled: true
--- a/services/comms/mas-deployment.yaml
+++ b/services/comms/mas-deployment.yaml
@ -117,26 +117,6 @@ spec:
            - name: rendered
              mountPath: /rendered
              readOnly: true
-            - name: vault-secrets
-              mountPath: /etc/mas/secrets/encryption
-              subPath: mas-encryption
-              readOnly: true
-            - name: vault-secrets
-              mountPath: /etc/mas/secrets/matrix_shared_secret
-              subPath: mas-matrix-shared
-              readOnly: true
-            - name: vault-secrets
-              mountPath: /etc/mas/secrets/keycloak_client_secret
-              subPath: mas-kc-secret
-              readOnly: true
-            - name: vault-secrets
-              mountPath: /etc/mas/keys/rsa_key
-              subPath: mas-rsa-key
-              readOnly: true
-            - name: vault-secrets
-              mountPath: /etc/mas/admin-client/client_secret
-              subPath: mas-admin-secret
-              readOnly: true
          resources:
            requests:
              cpu: 200m
@ -153,8 +133,6 @@ spec:
                path: config.yaml
        - name: rendered
          emptyDir: {}
-        - name: vault-secrets
-          emptyDir: {}
        - name: vault-scripts
          configMap:
            name: comms-vault-env
--- a/services/keycloak/ingress.yaml
+++ b/services/keycloak/ingress.yaml
@ -6,6 +6,8 @@ metadata:
  namespace: sso
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
 spec:
  ingressClassName: traefik
  rules:
--- a/services/oauth2-proxy/ingress.yaml
+++ b/services/oauth2-proxy/ingress.yaml
@ -7,6 +7,8 @@ metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    traefik.ingress.kubernetes.io/router.middlewares: sso-oauth2-proxy-errors@kubernetescrd
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
 spec:
  ingressClassName: traefik
  rules: