Transition to using secrets in Key Vault.

This does the following:

- Removes references to the atst-override.ini file, now deprecated.
- Adds all non-secret data that was managed in the override file to the
  relevant K8s ConfigMaps.
- Adds additional documentation explaining out use of Key Vault for
  secrets management.
This commit is contained in:
dandds
2019-12-05 14:56:07 -05:00
parent f8c31e4dcf
commit ec638d6b01
5 changed files with 53 additions and 72 deletions

View File

@@ -5,9 +5,25 @@ metadata:
name: atst-worker-envvars
namespace: atat
data:
AZURE_ACCOUNT_NAME: atat
AZURE_TO_BUCKET_NAME: task-order-pdfs
CAC_URL: https://auth-staging.atat.code.mil/login-redirect
CELERY_DEFAULT_QUEUE: celery-master
DISABLE_CRL_CHECK: "True"
DEBUG: 0
DISABLE_CRL_CHECK: "true"
MAIL_PORT: 587
MAIL_SENDER: postmaster@atat.code.mil
MAIL_SERVER: smtp.mailgun.org
MAIL_TLS: "true"
OVERRIDE_CONFIG_DIRECTORY: /config
PGAPPNAME: atst
PGDATABASE: staging
PGHOST: atat-db.postgres.database.azure.com
PGPORT: 5432
PGSSLMODE: verify-full
PGSSLROOTCERT: /opt/atat/atst/ssl/pgsslrootcert.crt
PGUSER: atat_master@atat-db
REDIS_HOST: atat.redis.cache.windows.net:6380
REDIS_TLS: "true"
SERVER_NAME: azure.atat.code.mil
TZ: UTC