generated from coulomb/repo-seed
tegwick
3e29bc964d
Introduce Dockerfile, entrypoint, and k8s/railiance manifests for the ArgoCD GitOps pilot (ISSUE-WP-0003). Rename the Gitea PyPI build arg to GITEA_PYPI_INDEX_URL so pip still resolves dependencies from PyPI.
38 lines
1.4 KiB
YAML
38 lines
1.4 KiB
YAML
# Runtime secrets for issue-core, materialized from OpenBao by External Secrets
|
|
# Operator (cluster default per railiance-platform docs/argocd-gitops.md).
|
|
#
|
|
# DEPENDENCY: External Secrets Operator is not yet installed on railiance01 and
|
|
# the OpenBao path below must be provisioned by railiance-platform. Until then
|
|
# this resource will not reconcile and the Deployment stays Pending the Secret.
|
|
#
|
|
# OpenBao path: platform/workloads/issue-core/issue-core/issue-core-runtime
|
|
# properties: ISSUE_CORE_API_KEY, GITEA_BACKEND_TOKEN
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: issue-core-runtime
|
|
namespace: issue-core
|
|
labels:
|
|
app.kubernetes.io/name: issue-core
|
|
app.kubernetes.io/part-of: railiance-gitops
|
|
annotations:
|
|
argocd.argoproj.io/sync-wave: "0" # before the Deployment (wave 1)
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
# Provisioned by railiance-platform during ESO install; name TBC on bootstrap.
|
|
name: openbao
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: issue-core-runtime
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: ISSUE_CORE_API_KEY
|
|
remoteRef:
|
|
key: platform/workloads/issue-core/issue-core/issue-core-runtime
|
|
property: ISSUE_CORE_API_KEY
|
|
- secretKey: GITEA_BACKEND_TOKEN
|
|
remoteRef:
|
|
key: platform/workloads/issue-core/issue-core/issue-core-runtime
|
|
property: GITEA_BACKEND_TOKEN
|