K8s/Secret: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
← Older edit
VisualWikitext
 
(One intermediate revision by the same user not shown)
Line 104: Line 104:
           name: academia
           name: academia
YML
YML
</syntaxhighlight>
|-
|valign='top' colspan='2'|
<syntaxhighlight lang="bash">
cat <<'EXE'| bash
K8S_CTX_NAME="$(kubectl config view -o=yaml|yq '.contexts[0].name')"
K8S_TMP_PATH=$(mktemp -d --suffix ".k8s-${K8S_CTX_NAME}")
trap "rm -rf '${K8S_TMP_PATH}'" EXIT
cat <<'CFG'| \
tee ${K8S_TMP_PATH}/000-default.conf >/dev/null
<VirtualHost *:80>
    ServerName  wiki.chorke.org
    ServerAdmin  info@chorke.org
    DocumentRoot /var/www/html
    <Directory /var/www/html>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
#  AllowEncodedSlashes NoDecode
    ErrorLog  ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
CFG
cat <<'HTA'| \
tee ${K8S_TMP_PATH}/.htaccess >/dev/null
RewriteEngine On
# skip existing files and directories
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
# rewrite all other urls to index.php
RewriteRule ^(.*)$ index.php [L]
HTA
echo
tree    -a ${K8S_TMP_PATH}
kubectl -n chorke-wiki-mediawiki \
create secret generic apache --from-file=${K8S_TMP_PATH}
EXE
:'
├── 000-default.conf
└── .htaccess
'
</syntaxhighlight>
</syntaxhighlight>
|}
|}
Line 122: Line 172:


|valign='top'|
|valign='top'|
* [[K8s/MediaWiki|K8s » MediaWiki]]
* [[K8s/Nexus|K8s » Nexus]]
* [[K8s/N8N|K8s » N8N]]


|valign='top'|
|valign='top'|

Latest revision as of 02:35, 29 July 2025

K8s » Secret » Usages

K8s » Secret » Usages 

cat <<'YML'| kubectl apply -n academia -f -
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: minio
data:
  v4auth: true
  pathstyle: true
  region: us-east-1
  bucket: gitlab-registry
  accesskey: Tnen3kCv71osfJKkhcIP
  regionendpoint: "http://minio.minio:9000"

---
apiVersion: v1
kind: Secret
metadata:
  name: mariadb
type: Opaque
data:
  mariadb-replication-password: sadaqah!
  mariadb-root-password: sadaqah!
  mariadb-password: sadaqah!

---
apiVersion: v1
kind: Secret
metadata:
  name: postgresql
type: Opaque
data:
  replication-password: sadaqah!
  postgres-password: sadaqah!
  password: sadaqah!

---
apiVersion: v1
kind: Secret
metadata:
  name: certificate
type: Opaque
data:
  challenge-password: sadaqah!
  rootca-pass-phrase: sadaqah!
  subca-pass-phrase: sadaqah!
YML

cat <<'YML'| kubectl apply -n academia -f -
---
apiVersion: v1
kind: Pod
metadata:
  name: academia
spec:
  containers:
  - name: academia
    image: harbor.shahed.biz/academia/nginx:latest
    env:
      - name: MYSQL_PWD
        valueFrom:
          secretKeyRef:
            name: mariadb
            key: mariadb-password
      - name: PGPASSWORD
        valueFrom:
          secretKeyRef:
            name: postgresql
            key: password
      - name: ROOTCA_PASS_PHRASE
        valueFrom:
          secretKeyRef:
            name: certificate
            key: rootca-pass-phrase
      - name: SUBCA_PASS_PHRASE
        valueFrom:
          secretKeyRef:
            name: certificate
            key: subca-pass-phrase
      - name: S3_BUCKET
        valueFrom:
          configMapKeyRef:
            name: minio
            key: bucket
      - name: S3_REGION
        valueFrom:
          configMapKeyRef:
            name: minio
            key: region
    envFrom:
      - secretRef:
          name: academia
      - configMapRef:
          name: academia
YML

cat <<'EXE'| bash
K8S_CTX_NAME="$(kubectl config view -o=yaml|yq '.contexts[0].name')"
K8S_TMP_PATH=$(mktemp -d --suffix ".k8s-${K8S_CTX_NAME}")
trap "rm -rf '${K8S_TMP_PATH}'" EXIT

cat <<'CFG'| \
tee ${K8S_TMP_PATH}/000-default.conf >/dev/null
<VirtualHost *:80>
    ServerName   wiki.chorke.org
    ServerAdmin  info@chorke.org
    DocumentRoot /var/www/html

    <Directory /var/www/html>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

#   AllowEncodedSlashes NoDecode
    ErrorLog  ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
CFG

cat <<'HTA'| \
tee ${K8S_TMP_PATH}/.htaccess >/dev/null
RewriteEngine On

# skip existing files and directories
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]

# rewrite all other urls to index.php
RewriteRule ^(.*)$ index.php [L]
HTA

echo
tree    -a ${K8S_TMP_PATH}
kubectl -n chorke-wiki-mediawiki \
 create secret generic apache --from-file=${K8S_TMP_PATH}
EXE
:'
├── 000-default.conf
└── .htaccess
'

References

Retrieved from "https://wiki.chorke.org/index.php?title=K8s/Secret&oldid=15586"