Ops: Adjust deployment manifests for environment

2026-05-07 17:49:48 -04:00
parent 666c32cd69
commit 551ddbec3b
6 changed files with 17 additions and 13 deletions
--- a/k8s/api/deployment.yaml
+++ b/k8s/api/deployment.yaml
@@ -15,7 +15,7 @@ spec:
    spec:
      initContainers:
        - name: migrate
-          image: reactbin-api:latest
+          image: git.juggalol.com/juggalol/reactbin-api:v1.0.0
          command: ["alembic", "upgrade", "head"]
          workingDir: /app
          envFrom:
--- a/k8s/ingress.yaml
+++ b/k8s/ingress.yaml
@@ -1,4 +1,3 @@
-# Replace <your-domain> with the real domain before applying
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@@ -11,10 +10,10 @@ spec:
  ingressClassName: nginx
  tls:
    - hosts:
-        - <your-domain>
+        - reactbin.juggalol.com
      secretName: reactbin-tls
  rules:
-    - host: <your-domain>
+    - host: reactbin.juggalol.com
      http:
        paths:
          # /api/ must appear before / — nginx evaluates paths in declaration order
--- a/k8s/minio/statefulset.yaml
+++ b/k8s/minio/statefulset.yaml
@@ -1,4 +1,3 @@
-# Replace 'latest' with the real image tag before applying
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
--- a/k8s/vault/api-secret.yaml
+++ b/k8s/vault/api-secret.yaml
@@ -4,8 +4,8 @@ metadata:
  name: api-secret
  namespace: reactbin
 spec:
-  vaultAuthRef: reactbin-auth
-  mount: secret
+  vaultAuthRef: reactbin-vault-auth
+  mount: kv
  type: kv-v2
  # Required Vault keys at this path:
  #   DATABASE_URL, JWT_SECRET_KEY, OWNER_USERNAME, OWNER_PASSWORD,
--- a/k8s/vault/minio-secret.yaml
+++ b/k8s/vault/minio-secret.yaml
@@ -4,8 +4,8 @@ metadata:
  name: minio-secret
  namespace: reactbin
 spec:
-  vaultAuthRef: reactbin-auth
-  mount: secret
+  vaultAuthRef: reactbin-vault-auth
+  mount: kv
  type: kv-v2
  # Required Vault keys at this path:
  #   MINIO_ROOT_USER, MINIO_ROOT_PASSWORD
--- a/k8s/vault/vault-auth.yaml
+++ b/k8s/vault/vault-auth.yaml
@@ -1,7 +1,13 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: vso-reactbin
+  namespace: reactbin
+---
 apiVersion: secrets.hashicorp.com/v1beta1
 kind: VaultAuth
 metadata:
-  name: reactbin-auth
+  name: reactbin-vault-auth
  namespace: reactbin
 spec:
  method: kubernetes
@@ -10,7 +16,7 @@ spec:
    # The operator must create this role in Vault and bind it to the
    # default service account in the reactbin namespace with read access
    # to both reactbin/api/config and reactbin/minio/credentials.
-    role: reactbin
-    serviceAccount: default
+    role: vso-reactbin
+    serviceAccount: vso-reactbin
    audiences:
-      - https://kubernetes.default.svc
+      - vault