K8s/Secret
Jump to navigation
Jump to search
K8s » Secret » Usages
|
K8s » Secret » Usages | |
|---|---|
cat <<'YML'| kubectl apply -n academia -f -
---
apiVersion: v1
kind: ConfigMap
metadata:
name: minio
data:
v4auth: true
pathstyle: true
region: us-east-1
bucket: gitlab-registry
accesskey: Tnen3kCv71osfJKkhcIP
regionendpoint: "http://minio.minio:9000"
---
apiVersion: v1
kind: Secret
metadata:
name: mariadb
type: Opaque
data:
mariadb-replication-password: sadaqah!
mariadb-root-password: sadaqah!
mariadb-password: sadaqah!
---
apiVersion: v1
kind: Secret
metadata:
name: postgresql
type: Opaque
data:
replication-password: sadaqah!
postgres-password: sadaqah!
password: sadaqah!
---
apiVersion: v1
kind: Secret
metadata:
name: certificate
type: Opaque
data:
challenge-password: sadaqah!
rootca-pass-phrase: sadaqah!
subca-pass-phrase: sadaqah!
YML
|
cat <<'YML'| kubectl apply -n academia -f -
---
apiVersion: v1
kind: Pod
metadata:
name: academia
spec:
containers:
- name: academia
image: harbor.shahed.biz/academia/nginx:latest
env:
- name: MYSQL_PWD
valueFrom:
secretKeyRef:
name: mariadb
key: mariadb-password
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: postgresql
key: password
- name: ROOTCA_PASS_PHRASE
valueFrom:
secretKeyRef:
name: certificate
key: rootca-pass-phrase
- name: SUBCA_PASS_PHRASE
valueFrom:
secretKeyRef:
name: certificate
key: subca-pass-phrase
- name: S3_BUCKET
valueFrom:
configMapKeyRef:
name: minio
key: bucket
- name: S3_REGION
valueFrom:
configMapKeyRef:
name: minio
key: region
envFrom:
- secretRef:
name: academia
- configMapRef:
name: academia
YML
|
cat <<'EXE'| bash
K8S_CTX_NAME="$(kubectl config view -o=yaml|yq '.contexts[0].name')"
K8S_TMP_PATH=$(mktemp -d --suffix ".k8s-${K8S_CTX_NAME}")
trap "rm -rf '${K8S_TMP_PATH}'" EXIT
cat <<'CFG'| \
tee ${K8S_TMP_PATH}/000-default.conf >/dev/null
<VirtualHost *:80>
ServerName wiki.chorke.org
ServerAdmin info@chorke.org
DocumentRoot /var/www/html
<Directory /var/www/html>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
# AllowEncodedSlashes NoDecode
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
CFG
cat <<'HTA'| \
tee ${K8S_TMP_PATH}/.htaccess >/dev/null
RewriteEngine On
# skip existing files and directories
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
# rewrite all other urls to index.php
RewriteRule ^(.*)$ index.php [L]
HTA
echo
tree -a ${K8S_TMP_PATH}
kubectl -n chorke-wiki-mediawiki \
create secret generic apache --from-file=${K8S_TMP_PATH}
EXE
:'
├── 000-default.conf
└── .htaccess
'
| |
References
|
| ||
|
| ||