aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Chris Lovering <[email protected]>2024-01-08 14:58:05 +0000
committerGravatar Chris Lovering <[email protected]>2024-01-31 14:00:10 +0000
commitd7472f7f775b195ddd55d7a953ce79ba9e14803e (patch)
tree2fc376f929f3f390e67a429841ba598470af0fb7
parentBump dorny/paths-filter from 2 to 3 (#177) (diff)
Move non-secret secrets from secrets.yaml files to config maps
Diffstat
-rw-r--r--kubernetes/namespaces/default/bot/README.md3
-rw-r--r--kubernetes/namespaces/default/bot/configmap.yaml8
-rw-r--r--kubernetes/namespaces/default/bot/deployment.yaml2
-rw-r--r--kubernetes/namespaces/default/bot/secrets.yamlbin675 -> 492 bytes
-rw-r--r--kubernetes/namespaces/default/modmail/README.md7
-rw-r--r--kubernetes/namespaces/default/modmail/bot/deployment.yaml2
-rw-r--r--kubernetes/namespaces/default/modmail/configmap.yaml12
-rw-r--r--kubernetes/namespaces/default/modmail/secrets.yamlbin558 -> 299 bytes
-rw-r--r--kubernetes/namespaces/default/modmail/web/deployment.yaml2
-rw-r--r--kubernetes/namespaces/default/pixels/README.md7
-rw-r--r--kubernetes/namespaces/default/pixels/configmap.yaml12
-rw-r--r--kubernetes/namespaces/default/pixels/deployment.yaml2
-rw-r--r--kubernetes/namespaces/default/pixels/secrets.yamlbin1185 -> 975 bytes
-rw-r--r--kubernetes/namespaces/default/sir-robin/README.md6
-rw-r--r--kubernetes/namespaces/default/sir-robin/configmap.yaml8
-rw-r--r--kubernetes/namespaces/default/sir-robin/deployment.yaml2
-rw-r--r--kubernetes/namespaces/default/sir-robin/secrets.yamlbin1820 -> 1730 bytes
-rw-r--r--kubernetes/namespaces/default/site/secrets.yamlbin2461 -> 2455 bytes
18 files changed, 51 insertions, 22 deletions
diff --git a/kubernetes/namespaces/default/bot/README.md b/kubernetes/namespaces/default/bot/README.md
index 6a992b5..565cf70 100644
--- a/kubernetes/namespaces/default/bot/README.md
+++ b/kubernetes/namespaces/default/bot/README.md
@@ -11,8 +11,5 @@ This deployment expects a number of secrets and environment variables to exist i
| API_KEYS_SITE_API | The token to access our site's API. |
| BOT_SENTRY_DSN | The sentry DSN to send sentry events to. |
| BOT_TOKEN | The Discord bot token to run the bot on. |
-| BOT_TRACE_LOGGERS | Comma separated list of loggers to enable trace logging for |
-| DEBUG | Debug mode true/false |
| METABASE_PASSWORD | Password for Metabase |
| METABASE_USERNAME | Username for Metabase |
-| URLS_PASTE_URL | The URL to the paste site |
diff --git a/kubernetes/namespaces/default/bot/configmap.yaml b/kubernetes/namespaces/default/bot/configmap.yaml
new file mode 100644
index 0000000..2459763
--- /dev/null
+++ b/kubernetes/namespaces/default/bot/configmap.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: bot-config-env
+data:
+ BOT_TRACE_LOGGERS: bot.utils.scheduling.ModPingsOnOff,bot.exts.moderation.modpings,bot.exts.backend.sync._syncers
+ DEBUG: 'False'
+ URLS_PASTE_URL: https://paste.pythondiscord.com
diff --git a/kubernetes/namespaces/default/bot/deployment.yaml b/kubernetes/namespaces/default/bot/deployment.yaml
index e05b2ec..8f274f7 100644
--- a/kubernetes/namespaces/default/bot/deployment.yaml
+++ b/kubernetes/namespaces/default/bot/deployment.yaml
@@ -32,6 +32,8 @@ spec:
name: bot-env
- secretRef:
name: redis-credentials
+ - configMapRef:
+ name: bot-config-env
volumeMounts:
- mountPath: /bot/logs
name: logs-vol
diff --git a/kubernetes/namespaces/default/bot/secrets.yaml b/kubernetes/namespaces/default/bot/secrets.yaml
index c48842e..339d44a 100644
--- a/kubernetes/namespaces/default/bot/secrets.yaml
+++ b/kubernetes/namespaces/default/bot/secrets.yaml
Binary files differ
diff --git a/kubernetes/namespaces/default/modmail/README.md b/kubernetes/namespaces/default/modmail/README.md
index 92ac16b..b78857b 100644
--- a/kubernetes/namespaces/default/modmail/README.md
+++ b/kubernetes/namespaces/default/modmail/README.md
@@ -9,11 +9,4 @@ The services require one shared secret called `modmail` containing the following
| Key | Value | Description |
| ------------------------| ---------------------------------|--------------------------------------------------------------|
| `CONNECTION_URI` | MongoDB connection URI | Used for storing data |
-| `DATABASE_TYPE` | `mongodb` | The type of database to use, only supports mongodb right now |
-| `DATA_COLLECTION` | `False` | Disable bot metadata collection by modmail devs |
-| `DISABLE_AUTOUPDATES` | `yes` | Auto-updates breaks in production |
-| `GUILD_ID` | Snowflake of Discord guild | Guild to respond to commands in |
-| `LOG_URL` | URL of the web portal | Used for generating links on the bot |
-| `OWNERS` | Comma separated list of user IDs | Used for granting high permissions on the bot |
-| `REGISTRY_PLUGINS_ONLY` | `false` | Allows the usage of plugins outside of the official registry |
| `TOKEN` | Discord Token | Used to connect to Discord |
diff --git a/kubernetes/namespaces/default/modmail/bot/deployment.yaml b/kubernetes/namespaces/default/modmail/bot/deployment.yaml
index e640fdc..b54fd2a 100644
--- a/kubernetes/namespaces/default/modmail/bot/deployment.yaml
+++ b/kubernetes/namespaces/default/modmail/bot/deployment.yaml
@@ -34,6 +34,8 @@ spec:
envFrom:
- secretRef:
name: modmail
+ - configMapRef:
+ name: modmail-config-env
securityContext:
readOnlyRootFilesystem: true
volumes:
diff --git a/kubernetes/namespaces/default/modmail/configmap.yaml b/kubernetes/namespaces/default/modmail/configmap.yaml
new file mode 100644
index 0000000..30e417a
--- /dev/null
+++ b/kubernetes/namespaces/default/modmail/configmap.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: modmail-config-env
+data:
+ DATABASE_TYPE: 'mongodb' # The type of database to use, only supports mongodb right now
+ DATA_COLLECTION: 'false' # Disable bot metadata collection by modmail devs
+ DISABLE_AUTOUPDATES: 'yes'
+ GUILD_ID: '267624335836053506'
+ LOG_URL: https://modmail.pythondiscord.com/
+ OWNERS: 165023948638126080,95872159741644800,336843820513755157
+ REGISTRY_PLUGINS_ONLY: 'false' # Allow the usage of plugins outside of the official registry
diff --git a/kubernetes/namespaces/default/modmail/secrets.yaml b/kubernetes/namespaces/default/modmail/secrets.yaml
index f2d5d5d..5fda68c 100644
--- a/kubernetes/namespaces/default/modmail/secrets.yaml
+++ b/kubernetes/namespaces/default/modmail/secrets.yaml
Binary files differ
diff --git a/kubernetes/namespaces/default/modmail/web/deployment.yaml b/kubernetes/namespaces/default/modmail/web/deployment.yaml
index 1070e22..74ae535 100644
--- a/kubernetes/namespaces/default/modmail/web/deployment.yaml
+++ b/kubernetes/namespaces/default/modmail/web/deployment.yaml
@@ -28,6 +28,8 @@ spec:
envFrom:
- secretRef:
name: modmail
+ - configMapRef:
+ name: modmail-config-env
securityContext:
readOnlyRootFilesystem: true
securityContext:
diff --git a/kubernetes/namespaces/default/pixels/README.md b/kubernetes/namespaces/default/pixels/README.md
index 10e4a5d..f4ebf12 100644
--- a/kubernetes/namespaces/default/pixels/README.md
+++ b/kubernetes/namespaces/default/pixels/README.md
@@ -9,17 +9,10 @@ It requires a `pixels-env` secret with the following entries:
| Environment | Description |
|---------------|---------------------------------------------------------------------------------------------------------|
| AUTH_URL | A Discord OAuth2 URL with scopes: identify & guilds.members.read |
-| BASE_URL | Where the root endpoint can be found |
| CLIENT_ID | Discord Oauth2 client ID |
| CLIENT_SECRET | Discord Oauth2 client secret |
| DATABASE_URL | Postgres database URL. |
-| FORCE_LOGIN | Whether to requires authorization for all endpoints beside the login page, and limits access to helpers |
-| GUILD_ID | The guild to check for user roles in |
-| HELPERS_ROLE | Helpers role ID |
| JWT_SECRET | 32 byte (64 digit hex string) secret for encoding tokens. Any value can be used. |
-| LOG_LEVEL | What level to log at |
-| MOD_ROLE | Moderator role ID |
-| PRODUCTION | Whether the app is in production |
| REDIS_URL | Redis storage URL |
| SENTRY_DSN | The Sentry DSN to send sentry events to |
| WEBHOOK_URL | The webhook to periodically post the canvas state to |
diff --git a/kubernetes/namespaces/default/pixels/configmap.yaml b/kubernetes/namespaces/default/pixels/configmap.yaml
new file mode 100644
index 0000000..c3ccd50
--- /dev/null
+++ b/kubernetes/namespaces/default/pixels/configmap.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: pixels-config-env
+data:
+ BASE_URL: https://pixels.pythondiscord.com
+ FORCE_LOGIN: 'True'
+ GUILD_ID: '267624335836053506'
+ HELPERS_ROLE: '267630620367257601'
+ LOG_LEVEL: debug
+ MOD_ROLE: '267630620367257601'
+ PRODUCTION: 'true'
diff --git a/kubernetes/namespaces/default/pixels/deployment.yaml b/kubernetes/namespaces/default/pixels/deployment.yaml
index 7775216..34e7b50 100644
--- a/kubernetes/namespaces/default/pixels/deployment.yaml
+++ b/kubernetes/namespaces/default/pixels/deployment.yaml
@@ -21,6 +21,8 @@ spec:
envFrom:
- secretRef:
name: pixels-env
+ - configMapRef:
+ name: pixels-config-env
startupProbe:
httpGet:
path: /health
diff --git a/kubernetes/namespaces/default/pixels/secrets.yaml b/kubernetes/namespaces/default/pixels/secrets.yaml
index b3c77cd..f9db2fb 100644
--- a/kubernetes/namespaces/default/pixels/secrets.yaml
+++ b/kubernetes/namespaces/default/pixels/secrets.yaml
Binary files differ
diff --git a/kubernetes/namespaces/default/sir-robin/README.md b/kubernetes/namespaces/default/sir-robin/README.md
index 652cb53..736bc7f 100644
--- a/kubernetes/namespaces/default/sir-robin/README.md
+++ b/kubernetes/namespaces/default/sir-robin/README.md
@@ -7,11 +7,7 @@ This deployment expects a number of secrets/environment variables to exist in a
| Environment | Description |
|---------------------------|-----------------------------------------------|
-| AOC_LEADERBOARDS | A list of all AOC leaderboards to use |
+| AOC_RAW_LEADERBOARDS | A list of all AOC leaderboards to use |
| AOC_STAFF_LEADERBOARD_ID | The staff AOC leaderboard. |
-| AOC_YEAR | The current year to use for AOC |
-| BOT_DEBUG | Whether debug is enabled (true/false) |
| BOT_TOKEN | The bot token to run the bot on. |
| CODE_JAM_API_KEY | The API key to the code jam management system |
-| SITE_API_TOKEN | The token to access the site API. |
-| SITE_URL | The base URL for our website. |
diff --git a/kubernetes/namespaces/default/sir-robin/configmap.yaml b/kubernetes/namespaces/default/sir-robin/configmap.yaml
new file mode 100644
index 0000000..ec13a93
--- /dev/null
+++ b/kubernetes/namespaces/default/sir-robin/configmap.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: sir-robin-config-env
+data:
+ AOC_YEAR: '2023'
+ BOT_DEBUG: 'False'
+ CATEGORY_SUMMER_CODE_JAM: '1141401271635554334'
diff --git a/kubernetes/namespaces/default/sir-robin/deployment.yaml b/kubernetes/namespaces/default/sir-robin/deployment.yaml
index ec32f44..9fbf0a1 100644
--- a/kubernetes/namespaces/default/sir-robin/deployment.yaml
+++ b/kubernetes/namespaces/default/sir-robin/deployment.yaml
@@ -32,5 +32,7 @@ spec:
name: sir-robin-env
- secretRef:
name: redis-credentials
+ - configMapRef:
+ name: sir-robin-config-env
securityContext:
readOnlyRootFilesystem: true
diff --git a/kubernetes/namespaces/default/sir-robin/secrets.yaml b/kubernetes/namespaces/default/sir-robin/secrets.yaml
index bc2d796..22add8b 100644
--- a/kubernetes/namespaces/default/sir-robin/secrets.yaml
+++ b/kubernetes/namespaces/default/sir-robin/secrets.yaml
Binary files differ
diff --git a/kubernetes/namespaces/default/site/secrets.yaml b/kubernetes/namespaces/default/site/secrets.yaml
index 1e42248..e71c56a 100644
--- a/kubernetes/namespaces/default/site/secrets.yaml
+++ b/kubernetes/namespaces/default/site/secrets.yaml
Binary files differ
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-20 06:54:35 +0000