diff --git a/oc-process.sh b/oc-process.sh index bad4d4a..2f4ba66 100755 --- a/oc-process.sh +++ b/oc-process.sh @@ -29,32 +29,39 @@ if [ $i = "volume" ]; then ITEM=".items[0]" -elif [ $i = "deploy" ]; then +elif [ $i = "secrets" ]; then ITEM=".items[1]" -elif [ $i = "service-app" ]; then +elif [ $i = "deploy" ]; then ITEM=".items[2]" -elif [ $i = "service-api" ]; then +elif [ $i = "service-app" ]; then ITEM=".items[3]" -elif [ $i = "route" ]; then +elif [ $i = "service-api" ]; then ITEM=".items[4]" -elif [ $i = "job" ]; then +elif [ $i = "route" ]; then ITEM=".items[5]" +elif [ $i = "job" ]; then + +ITEM=".items[6]" + else ITEM="" fi +RCLONE_ACCESS_KEY_ID=$(echo -n $RCLONE_ACCESS_KEY_ID | base64) +RCLONE_SECRET_ACCESS_KEY=$(echo -n $RCLONE_SECRET_ACCESS_KEY | base64) + oc process -f $f \ -p BRANCH=$BRANCH \ -p HOST=$HOST \ diff --git a/template.yml b/template.yml index fa56f2a..245b7a8 100644 --- a/template.yml +++ b/template.yml @@ -79,6 +79,14 @@ objects: resources: requests: storage: ${STORAGE} +- kind: Secret + apiVersion: v1 + metadata: + name: ${APP}-${BRANCH} + type: Opaque + data: + rclone_access_key_id: ${RCLONE_ACCESS_KEY_ID} + rclone_secret_access_key: ${RCLONE_SECRET_ACCESS_KEY} - kind: Deployment apiVersion: apps/v1 metadata: @@ -222,10 +230,16 @@ objects: command: ${{CRON_CMD}} env: - name: RCLONE_CONFIG_DEFAULT_ACCESS_KEY_ID - value: ${RCLONE_ACCESS_KEY_ID} + valueFrom: + secretKeyRef: + name: ${APP}-${BRANCH} + key: rclone_access_key_id - name: RCLONE_CONFIG_DEFAULT_SECRET_ACCESS_KEY - value: ${RCLONE_SECRET_ACCESS_KEY} - - name: API_HOSTNAME + valueFrom: + secretKeyRef: + name: ${APP}-${BRANCH} + key: rclone_secret_access_key + - name: API_HOSTNAME value: ${API}-${BRANCH} - name: API_PORT value: ${API_PORT}