pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Transition to using secrets in Key Vault.

Browse Source 
This does the following:

- Removes references to the atst-override.ini file, now deprecated.
- Adds all non-secret data that was managed in the override file to the
  relevant K8s ConfigMaps.
- Adds additional documentation explaining out use of Key Vault for
  secrets management.
This commit is contained in:
dandds
2019-12-05 14:56:07 -05:00
parent f8c31e4dcf
commit ec638d6b01
5 changed files with 53 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
deploy/azure/atst-envvars-configmap.yml
View File

@@ -6,15 +6,28 @@ metadata:
namespace: atat
data:
ASSETS_URL: https://atat-cdn.azureedge.net/
AZURE_ACCOUNT_NAME: atat
AZURE_TO_BUCKET_NAME: task-order-pdfs
BLOB_STORAGE_URL: https://atat.blob.core.windows.net/
CAC_URL: https://auth-staging.atat.code.mil/login-redirect
CDN_ORIGIN: https://azure.atat.code.mil
CELERY_DEFAULT_QUEUE: celery-master
CSP: azure
DEBUG: 0
FLASK_ENV: master
LOG_JSON: "true"
OVERRIDE_CONFIG_FULLPATH: /opt/atat/atst/atst-overrides.ini
MAIL_PORT: 587
MAIL_SENDER: postmaster@atat.code.mil
MAIL_SERVER: smtp.mailgun.org
MAIL_TLS: "true"
OVERRIDE_CONFIG_DIRECTORY: /config
PGAPPNAME: atst
PGDATABASE: staging
PGHOST: atat-db.postgres.database.azure.com
PGPORT: 5432
PGSSLMODE: verify-full
PGSSLROOTCERT: /opt/atat/atst/ssl/pgsslrootcert.crt
PGUSER: atat_master@atat-db
REDIS_HOST: atat.redis.cache.windows.net:6380
REDIS_TLS: "true"
STATIC_URL: https://atat-cdn.azureedge.net/static/