yay more env stuff
This commit is contained in:
19
deploy/base/db-taskarr-user.yaml
Normal file
19
deploy/base/db-taskarr-user.yaml
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: HCPDynamicSecret
|
||||||
|
metadata:
|
||||||
|
name: taskarr-db-app-user
|
||||||
|
spec:
|
||||||
|
mount: database
|
||||||
|
path: creds/taskarr-role
|
||||||
|
method: GET
|
||||||
|
destination:
|
||||||
|
name: taskarr-db-url
|
||||||
|
create: true
|
||||||
|
# This is where the magic happens
|
||||||
|
transformation:
|
||||||
|
templates:
|
||||||
|
DATABASE_URL:
|
||||||
|
# Use Go template syntax to build the string
|
||||||
|
# 'username' and 'password' come from the Vault response
|
||||||
|
content: "postgresql://{{ .username }}:{{ .password }}@postgres-service.taskarr.svc.cluster.local:5432/taskarr_db?sslmode=disable"
|
||||||
|
refreshAfter: 1h
|
||||||
@@ -48,7 +48,7 @@ spec:
|
|||||||
- name: DATABASE_URL
|
- name: DATABASE_URL
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: taskarr-app
|
name: taskarr-db-url
|
||||||
key: DATABASE_URL
|
key: DATABASE_URL
|
||||||
- name: ORIGIN
|
- name: ORIGIN
|
||||||
valueFrom:
|
valueFrom:
|
||||||
|
|||||||
@@ -13,4 +13,4 @@ resources:
|
|||||||
- ./postgres.yaml
|
- ./postgres.yaml
|
||||||
- ./database-secret.yaml
|
- ./database-secret.yaml
|
||||||
- ./app-secret.yaml
|
- ./app-secret.yaml
|
||||||
- ./expose.yaml
|
- ./db-taskarr-user.yaml
|
||||||
|
|||||||
Reference in New Issue
Block a user