diff --git a/services/communication/mas-deployment.yaml b/services/communication/mas-deployment.yaml index 711640c..1091278 100644 --- a/services/communication/mas-deployment.yaml +++ b/services/communication/mas-deployment.yaml @@ -28,33 +28,41 @@ spec: - key: hardware operator: In values: ["rpi5","rpi4"] - containers: - - name: mas - image: ghcr.io/element-hq/matrix-authentication-service:0.20.0 + initContainers: + - name: render-config + image: alpine:3.20 command: ["/bin/sh","-c"] args: - | set -euo pipefail umask 077 - DB_PASS_ESCAPED="$(printf '%s' "${MAS_DB_PASSWORD}" | sed 's/[\\/&]/\\&/g')" - sed "s/@@MAS_DB_PASSWORD@@/${DB_PASS_ESCAPED}/g" /etc/mas/config.yaml > /var/run/mas-config.yaml - - exec mas-cli server --config /var/run/mas-config.yaml + sed "s/@@MAS_DB_PASSWORD@@/${DB_PASS_ESCAPED}/g" /etc/mas/config.yaml > /rendered/config.yaml env: - name: MAS_DB_PASSWORD valueFrom: secretKeyRef: name: mas-db key: password + volumeMounts: + - name: config + mountPath: /etc/mas/config.yaml + subPath: config.yaml + readOnly: true + - name: rendered + mountPath: /rendered + readOnly: false + containers: + - name: mas + image: ghcr.io/element-hq/matrix-authentication-service:0.20.0 + args: ["server","--config","/rendered/config.yaml"] ports: - name: http containerPort: 8080 protocol: TCP volumeMounts: - - name: config - mountPath: /etc/mas/config.yaml - subPath: config.yaml + - name: rendered + mountPath: /rendered readOnly: true - name: secrets mountPath: /etc/mas/secrets @@ -76,6 +84,8 @@ spec: items: - key: config.yaml path: config.yaml + - name: rendered + emptyDir: {} - name: secrets secret: secretName: mas-secrets-runtime