Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Move non-secret secrets from secrets.yaml files to config maps #172

Closed
wants to merge 1 commit into from
Closed

Move non-secret secrets from secrets.yaml files to config maps #172

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 0 additions & 3 deletions kubernetes/namespaces/default/bot/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,5 @@ This deployment expects a number of secrets and environment variables to exist i
| API_KEYS_SITE_API | The token to access our site's API. |
| BOT_SENTRY_DSN | The sentry DSN to send sentry events to. |
| BOT_TOKEN | The Discord bot token to run the bot on. |
| BOT_TRACE_LOGGERS | Comma separated list of loggers to enable trace logging for |
| DEBUG | Debug mode true/false |
| METABASE_PASSWORD | Password for Metabase |
| METABASE_USERNAME | Username for Metabase |
| URLS_PASTE_URL | The URL to the paste site |
8 changes: 8 additions & 0 deletions kubernetes/namespaces/default/bot/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: bot-config-env
data:
BOT_TRACE_LOGGERS: bot.utils.scheduling.ModPingsOnOff,bot.exts.moderation.modpings,bot.exts.backend.sync._syncers
DEBUG: 'False'
URLS_PASTE_URL: https://paste.pythondiscord.com
2 changes: 2 additions & 0 deletions kubernetes/namespaces/default/bot/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,8 @@ spec:
name: bot-env
- secretRef:
name: redis-credentials
- configMapRef:
name: bot-config-env
volumeMounts:
- mountPath: /bot/logs
name: logs-vol
Expand Down
Binary file modified kubernetes/namespaces/default/bot/secrets.yaml
View file
Open in desktop
Binary file not shown.
7 changes: 0 additions & 7 deletions kubernetes/namespaces/default/modmail/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,4 @@ The services require one shared secret called `modmail` containing the following
| Key | Value | Description |
| ------------------------| ---------------------------------|--------------------------------------------------------------|
| `CONNECTION_URI` | MongoDB connection URI | Used for storing data |
| `DATABASE_TYPE` | `mongodb` | The type of database to use, only supports mongodb right now |
| `DATA_COLLECTION` | `False` | Disable bot metadata collection by modmail devs |
| `DISABLE_AUTOUPDATES` | `yes` | Auto-updates breaks in production |
| `GUILD_ID` | Snowflake of Discord guild | Guild to respond to commands in |
| `LOG_URL` | URL of the web portal | Used for generating links on the bot |
| `OWNERS` | Comma separated list of user IDs | Used for granting high permissions on the bot |
| `REGISTRY_PLUGINS_ONLY` | `false` | Allows the usage of plugins outside of the official registry |
| `TOKEN` | Discord Token | Used to connect to Discord |
2 changes: 2 additions & 0 deletions kubernetes/namespaces/default/modmail/bot/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@ spec:
envFrom:
- secretRef:
name: modmail
- configMapRef:
name: modmail-config-env
securityContext:
readOnlyRootFilesystem: true
volumes:
Expand Down
12 changes: 12 additions & 0 deletions kubernetes/namespaces/default/modmail/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: modmail-config-env
data:
DATABASE_TYPE: 'mongodb' # The type of database to use, only supports mongodb right now
DATA_COLLECTION: 'false' # Disable bot metadata collection by modmail devs
DISABLE_AUTOUPDATES: 'yes'
GUILD_ID: '267624335836053506'
LOG_URL: https://modmail.pythondiscord.com/
OWNERS: 165023948638126080,95872159741644800,336843820513755157
REGISTRY_PLUGINS_ONLY: 'false' # Allow the usage of plugins outside of the official registry
Binary file modified kubernetes/namespaces/default/modmail/secrets.yaml
View file
Open in desktop
Binary file not shown.
2 changes: 2 additions & 0 deletions kubernetes/namespaces/default/modmail/web/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@ spec:
envFrom:
- secretRef:
name: modmail
- configMapRef:
name: modmail-config-env
securityContext:
readOnlyRootFilesystem: true
securityContext:
Expand Down
7 changes: 0 additions & 7 deletions kubernetes/namespaces/default/pixels/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,17 +9,10 @@ It requires a `pixels-env` secret with the following entries:
| Environment | Description |
|---------------|---------------------------------------------------------------------------------------------------------|
| AUTH_URL | A Discord OAuth2 URL with scopes: identify & guilds.members.read |
| BASE_URL | Where the root endpoint can be found |
| CLIENT_ID | Discord Oauth2 client ID |
| CLIENT_SECRET | Discord Oauth2 client secret |
| DATABASE_URL | Postgres database URL. |
| FORCE_LOGIN | Whether to requires authorization for all endpoints beside the login page, and limits access to helpers |
| GUILD_ID | The guild to check for user roles in |
| HELPERS_ROLE | Helpers role ID |
| JWT_SECRET | 32 byte (64 digit hex string) secret for encoding tokens. Any value can be used. |
| LOG_LEVEL | What level to log at |
| MOD_ROLE | Moderator role ID |
| PRODUCTION | Whether the app is in production |
| REDIS_URL | Redis storage URL |
| SENTRY_DSN | The Sentry DSN to send sentry events to |
| WEBHOOK_URL | The webhook to periodically post the canvas state to |
12 changes: 12 additions & 0 deletions kubernetes/namespaces/default/pixels/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: pixels-config-env
data:
BASE_URL: https://pixels.pythondiscord.com
FORCE_LOGIN: 'True'
GUILD_ID: '267624335836053506'
HELPERS_ROLE: '267630620367257601'
LOG_LEVEL: debug
MOD_ROLE: '267630620367257601'
PRODUCTION: 'true'
2 changes: 2 additions & 0 deletions kubernetes/namespaces/default/pixels/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ spec:
envFrom:
- secretRef:
name: pixels-env
- configMapRef:
name: pixels-config-env
startupProbe:
httpGet:
path: /health
Expand Down
Binary file modified kubernetes/namespaces/default/pixels/secrets.yaml
View file
Open in desktop
Binary file not shown.
6 changes: 1 addition & 5 deletions kubernetes/namespaces/default/sir-robin/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,7 @@ This deployment expects a number of secrets/environment variables to exist in a

| Environment | Description |
|---------------------------|-----------------------------------------------|
| AOC_LEADERBOARDS | A list of all AOC leaderboards to use |
| AOC_RAW_LEADERBOARDS | A list of all AOC leaderboards to use |
| AOC_STAFF_LEADERBOARD_ID | The staff AOC leaderboard. |
| AOC_YEAR | The current year to use for AOC |
| BOT_DEBUG | Whether debug is enabled (true/false) |
| BOT_TOKEN | The bot token to run the bot on. |
| CODE_JAM_API_KEY | The API key to the code jam management system |
| SITE_API_TOKEN | The token to access the site API. |
| SITE_URL | The base URL for our website. |
8 changes: 8 additions & 0 deletions kubernetes/namespaces/default/sir-robin/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: sir-robin-config-env
data:
AOC_YEAR: '2023'
BOT_DEBUG: 'False'
CATEGORY_SUMMER_CODE_JAM: '1141401271635554334'
2 changes: 2 additions & 0 deletions kubernetes/namespaces/default/sir-robin/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,5 +32,7 @@ spec:
name: sir-robin-env
- secretRef:
name: redis-credentials
- configMapRef:
name: sir-robin-config-env
securityContext:
readOnlyRootFilesystem: true
Binary file modified kubernetes/namespaces/default/sir-robin/secrets.yaml
View file
Open in desktop
Binary file not shown.
Binary file modified kubernetes/namespaces/default/site/secrets.yaml
View file
Open in desktop
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This diff is just removing two unneeded new line chars

Binary file not shown.
Loading