From 29450d287389aaefc7cbb0fcfb1495719ae23b9d Mon Sep 17 00:00:00 2001 From: droot Date: Fri, 29 Jul 2022 22:27:50 -0700 Subject: [PATCH 1/4] ghost: Added mysql and ghost secrets --- ghost/ghost-app/deployment-ghost.yaml | 14 +++++++++++--- ghost/ghost-app/externalsecret.yaml | 20 ++++++++++++++++++++ ghost/mariadb/externalsecret.yaml | 18 ++++++++++++++++++ ghost/mariadb/statefulset-mariadb.yaml | 12 ++++++++++-- 4 files changed, 59 insertions(+), 5 deletions(-) create mode 100644 ghost/ghost-app/externalsecret.yaml create mode 100644 ghost/mariadb/externalsecret.yaml diff --git a/ghost/ghost-app/deployment-ghost.yaml b/ghost/ghost-app/deployment-ghost.yaml index a92acd0..4f21e1e 100644 --- a/ghost/ghost-app/deployment-ghost.yaml +++ b/ghost/ghost-app/deployment-ghost.yaml @@ -8,7 +8,7 @@ metadata: spec: replicas: 1 strategy: - type: Recreate + type: RollingUpdate template: spec: securityContext: @@ -23,8 +23,6 @@ spec: env: - name: BITNAMI_DEBUG value: "true" - - name: ALLOW_EMPTY_PASSWORD - value: "yes" - name: GHOST_DATABASE_HOST value: mariadb - name: GHOST_DATABASE_PORT_NUMBER @@ -33,12 +31,22 @@ spec: value: bitnami_ghost - name: GHOST_DATABASE_USER value: bn_ghost + - name: GHOST_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: mariadb + key: mysql-password - name: GHOST_HOST value: example.com - name: GHOST_PORT_NUMBER value: "2368" - name: GHOST_USERNAME value: user + - name: GHOST_PASSWORD + valueFrom: + secretKeyRef: + name: ghost-app + key: ghost-password - name: GHOST_EMAIL value: user@example.com - name: GHOST_BLOG_TITLE diff --git a/ghost/ghost-app/externalsecret.yaml b/ghost/ghost-app/externalsecret.yaml new file mode 100644 index 0000000..5aef54f --- /dev/null +++ b/ghost/ghost-app/externalsecret.yaml @@ -0,0 +1,20 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: ghost-app + namespace: blog9 + annotations: + force-sync: 1659141116 + labels: + app.kubernetes.io/name: ghost-app +spec: + refreshInterval: 1h # rate SecretManager pulls GCPSM + secretStoreRef: + kind: ClusterSecretStore + name: gcp-secret-provider # name of the SecretStore (or kind specified) + target: + name: ghost-app # name of the k8s Secret to be created + creationPolicy: Owner + dataFrom: + - extract: + key: blog-credentials # name of the GCPSM secret key diff --git a/ghost/mariadb/externalsecret.yaml b/ghost/mariadb/externalsecret.yaml new file mode 100644 index 0000000..ff6dadd --- /dev/null +++ b/ghost/mariadb/externalsecret.yaml @@ -0,0 +1,18 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: mariadb + namespace: blog9 + labels: + app.kubernetes.io/name: mariadb +spec: + refreshInterval: 1h # rate SecretManager pulls GCPSM + secretStoreRef: + kind: ClusterSecretStore + name: gcp-secret-provider # name of the SecretStore (or kind specified) + target: + name: mariadb # name of the k8s Secret to be created + creationPolicy: Owner + dataFrom: + - extract: + key: blog-db-credentials # name of the GCPSM secret key diff --git a/ghost/mariadb/statefulset-mariadb.yaml b/ghost/mariadb/statefulset-mariadb.yaml index c97e518..94886e2 100644 --- a/ghost/mariadb/statefulset-mariadb.yaml +++ b/ghost/mariadb/statefulset-mariadb.yaml @@ -26,12 +26,20 @@ spec: env: - name: BITNAMI_DEBUG value: "true" + - name: MARIADB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: mariadb + key: mysql-root-password + - name: MARIADB_PASSWORD + valueFrom: + secretKeyRef: + name: mariadb + key: mysql-password - name: MARIADB_USER value: bn_ghost - name: MARIADB_DATABASE value: bitnami_ghost - - name: ALLOW_EMPTY_PASSWORD - value: "true" ports: - name: mysql containerPort: 3306 From 59b3e0aed50cdf4fa05af25ead0d5c9a6caac673 Mon Sep 17 00:00:00 2001 From: droot Date: Fri, 29 Jul 2022 22:29:37 -0700 Subject: [PATCH 2/4] --amend --- ghost/ghost-app/externalsecret.yaml | 4 +--- ghost/mariadb/externalsecret.yaml | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/ghost/ghost-app/externalsecret.yaml b/ghost/ghost-app/externalsecret.yaml index 5aef54f..9e3ad27 100644 --- a/ghost/ghost-app/externalsecret.yaml +++ b/ghost/ghost-app/externalsecret.yaml @@ -2,9 +2,7 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: ghost-app - namespace: blog9 - annotations: - force-sync: 1659141116 + namespace: example labels: app.kubernetes.io/name: ghost-app spec: diff --git a/ghost/mariadb/externalsecret.yaml b/ghost/mariadb/externalsecret.yaml index ff6dadd..90fe668 100644 --- a/ghost/mariadb/externalsecret.yaml +++ b/ghost/mariadb/externalsecret.yaml @@ -2,7 +2,7 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: mariadb - namespace: blog9 + namespace: example labels: app.kubernetes.io/name: mariadb spec: From e7cb8dcc8f1ed66d9abb7d2f1e5e04f498b367cd Mon Sep 17 00:00:00 2001 From: droot Date: Tue, 2 Aug 2022 08:09:28 -0700 Subject: [PATCH 3/4] added secret versions --- ghost/ghost-app/externalsecret.yaml | 1 + ghost/mariadb/externalsecret.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/ghost/ghost-app/externalsecret.yaml b/ghost/ghost-app/externalsecret.yaml index 9e3ad27..a139bb2 100644 --- a/ghost/ghost-app/externalsecret.yaml +++ b/ghost/ghost-app/externalsecret.yaml @@ -16,3 +16,4 @@ spec: dataFrom: - extract: key: blog-credentials # name of the GCPSM secret key + version: 2 diff --git a/ghost/mariadb/externalsecret.yaml b/ghost/mariadb/externalsecret.yaml index 90fe668..aaa33bd 100644 --- a/ghost/mariadb/externalsecret.yaml +++ b/ghost/mariadb/externalsecret.yaml @@ -16,3 +16,4 @@ spec: dataFrom: - extract: key: blog-db-credentials # name of the GCPSM secret key + version: 1 From 674b7b83dee9feadae04a77bf89eaa71054d8d9b Mon Sep 17 00:00:00 2001 From: droot Date: Tue, 2 Aug 2022 08:17:15 -0700 Subject: [PATCH 4/4] --amend --- ghost/ghost-app/externalsecret.yaml | 2 +- ghost/mariadb/externalsecret.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ghost/ghost-app/externalsecret.yaml b/ghost/ghost-app/externalsecret.yaml index a139bb2..d721c31 100644 --- a/ghost/ghost-app/externalsecret.yaml +++ b/ghost/ghost-app/externalsecret.yaml @@ -16,4 +16,4 @@ spec: dataFrom: - extract: key: blog-credentials # name of the GCPSM secret key - version: 2 + version: "2" diff --git a/ghost/mariadb/externalsecret.yaml b/ghost/mariadb/externalsecret.yaml index aaa33bd..5bf4ae5 100644 --- a/ghost/mariadb/externalsecret.yaml +++ b/ghost/mariadb/externalsecret.yaml @@ -16,4 +16,4 @@ spec: dataFrom: - extract: key: blog-db-credentials # name of the GCPSM secret key - version: 1 + version: "1"