diff --git a/archmeister/base/deployment_patch.yaml b/archmeister/base/deployment_patch.yaml index 53a116df..c8368399 100644 --- a/archmeister/base/deployment_patch.yaml +++ b/archmeister/base/deployment_patch.yaml @@ -4,3 +4,6 @@ - op: replace path: /spec/template/spec/containers/0/readinessProbe/httpGet/path value: /healthz +- op: add + path: /spec/template/spec/containers/0/envFrom + value: [] diff --git a/archmeister/manifests/archmeister-env-secret.yaml b/archmeister/manifests/archmeister-env-secret.yaml new file mode 100644 index 00000000..19b080ff --- /dev/null +++ b/archmeister/manifests/archmeister-env-secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: archmeister-env + namespace: atlantis +stringData: + OICD_CLIENT_SECRET: ieK3yak9zoh3yeewee8quahY6seiv7Ro + SEQ_APIKEY: bFdYPKLDvnau3fQa1vRV +type: Opaque diff --git a/archmeister/manifests/cpol.yaml b/archmeister/manifests/cpol.yaml new file mode 100644 index 00000000..453c894a --- /dev/null +++ b/archmeister/manifests/cpol.yaml @@ -0,0 +1,46 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: sync-atlantis-secrets +spec: + background: true + generateExistingOnPolicyUpdate: true + rules: + - name: sync-redis-secrets + generate: + apiVersion: v1 + namespace: atlantis + synchronize: true + cloneList: + namespace: redis + kinds: + - Secret + selector: + matchLabels: + app.kubernetes.io/name: redis + match: + resources: + kinds: + - Namespace + names: + - atlantis + - name: sync-rabbitmq-secrets + generate: + apiVersion: v1 + namespace: atlantis + synchronize: true + cloneList: + namespace: rabbitmq + kinds: + - Secret + selector: + matchLabels: + clone: "true" + match: + resources: + kinds: + - Namespace + names: + - atlantis + validationFailureAction: audit + diff --git a/archmeister/prod/deployment_patch.yaml b/archmeister/prod/deployment_patch.yaml index c83c00d7..99f97ad8 100644 --- a/archmeister/prod/deployment_patch.yaml +++ b/archmeister/prod/deployment_patch.yaml @@ -25,4 +25,27 @@ path: /spec/template/spec/containers/0/env/- value: name: DB_HOST - value: prod-archmeister-rw \ No newline at end of file + value: prod-archmeister-rw +- op: add + path: /spec/template/spec/containers/0/env/- + value: + name: REDIS_USER + value: default +- op: add + path: /spec/template/spec/containers/0/env/- + value: + name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: prod-redis + key: redis-password +- op: add + path: /spec/template/spec/containers/0/env/- + value: + name: RABBITMQ_USER + value: user +- op: add + path: /spec/template/spec/containers/0/envFrom/- + value: + secretRef: + name: archmeister-env diff --git a/archmeister/staging/deployment_patch.yaml b/archmeister/staging/deployment_patch.yaml index 593e47f9..8e5ac6ef 100644 --- a/archmeister/staging/deployment_patch.yaml +++ b/archmeister/staging/deployment_patch.yaml @@ -30,4 +30,27 @@ path: /spec/template/spec/containers/0/env/- value: name: DB_HOST - value: staging-archmeister-rw \ No newline at end of file + value: staging-archmeister-rw +- op: add + path: /spec/template/spec/containers/0/env/- + value: + name: REDIS_USER + value: default +- op: add + path: /spec/template/spec/containers/0/env/- + value: + name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: staging-redis + key: redis-password +- op: add + path: /spec/template/spec/containers/0/env/- + value: + name: RABBITMQ_USER + value: user +- op: add + path: /spec/template/spec/containers/0/envFrom/- + value: + secretRef: + name: archmeister-env