refactored terraform script to add env as k8s secrets

ADORSYS-GIS · Feb 5, 2025 · 007e4d1 · 007e4d1
1 parent 2b2ead3
commit 007e4d1
Show file tree

Hide file tree

Showing 4 changed files with 105 additions and 1 deletion.
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
@@ -120,6 +120,14 @@ jobs:
           echo "TF_VAR_cert_arn=${{ vars.CERT_ARN }}" >> $GITHUB_ENV
           echo "TF_VAR_region=${{ vars.AWS_REGION }}" >> $GITHUB_ENV
           echo "TF_VAR_zone_name=${{ vars.DOMAIN_NAME }}" >> $GITHUB_ENV
+          echo "TF_VAR_prs_private_key=${{ secrets.SERVER_PRIVATE_KEY_JSON }}" >> $GITHUB_ENV
+          echo "TF_VAR_prs_public_key=${{ secrets.SERVER_PUBLIC_KEY_JSON }}" >> $GITHUB_ENV
+          echo "TF_VAR_jwt_issuer=${{ vars.JWT_ISSUER }}" >> $GITHUB_ENV
+          echo "TF_VAR_jwt_expiration=${{ vars.JWT_EXPIRATION_TIME_MS }}" >> $GITHUB_ENV
+          echo "TF_VAR_twilio_account_sid=${{ vars.TWILIO_ACCOUNT_SID }}" >> $GITHUB_ENV
+          echo "TF_VAR_twilio_auth_token=${{ vars.TWILIO_AUTH_TOKEN }}" >> $GITHUB_ENV
+          echo "TF_VAR_twilio_phone_number=${{ vars.TWILIO_PHONE_NUMBER }}" >> $GITHUB_ENV
+          echo "TF_VAR_otp_salt=${{ secrets.OTP_SALT }}" >> $GITHUB_ENV
 
       - name: Terraform Init
         run: |

diff --git a/deploy/dev/webank.yaml b/deploy/dev/webank.yaml
@@ -16,19 +16,39 @@ spec:
       valuesObject:
         userapp:
           image:
+            tag: '3f9ca531fd9a81abf287f2327da01397b788525f'
             pullPolicy: Always
           env:
-            - name: VITE_BACKEND_URL
+            - name: VITE_WEBANK_OBS_URL
               value: '/api'
+            - name: VITE_WEBANK_PRS_URL
+              value: '/api/prs'
+
         obs:
           image:
             tag: '4badba0d3c3b98f0d5a132b3b9e5b78bed2d451c'
+            pullPolicy: Always
+          env:
+            name: webank_obs_env
+            user: webank
+            secretName: webank-obs-secret
+
+
           database:
             host: webank-dev-env-db.cp4v71vs2xe2.eu-central-1.rds.amazonaws.com
             name: webank_dev_env
             user: webank
             secretName: rds-secret
 
+        prs:
+          image:
+            tag: latest
+            pullPolicy: Always
+          env:
+            name: webank_prs_env
+            user: webank
+            secretName: webank-prs-secret
+
         ingress:
           host: dev.webank.gis.ssegning.com
           className: alb

diff --git a/terraform/secret.tf b/terraform/secret.tf
@@ -6,4 +6,32 @@ resource "kubernetes_secret" "rds_secret" {
   data = {
     password = var.db_password
   }
+}
+
+resource "kubernetes_secret" "webank_prs_secret" {
+  metadata {
+    name      = "webank-prs-secret"
+    namespace = "webank"
+  }
+  data = {
+    SERVER_PRIVATE_KEY_JSON = var.prs_private_key
+    SERVER_PUBLIC_KEY_JSON =  var.prs_public_key
+    JWT_ISSUER = var.jwt_issuer
+    JWT_EXPIRATION_TIME_MS = var.jwt_expiration
+    TWILIO_ACCOUNT_SID = var.twilio_account_sid
+    TWILIO_AUTH_TOKEN = var.twilio_auth_token
+    TWILIO_PHONE_NUMBER = var.twilio_phone_number
+    OTP_SALT = var.otp_salt
+  }
+}
+
+resource "kubernetes_secret" "webank_obs_secret" {  
+  metadata {
+    name      = "webank-obs-secret"
+    namespace = "webank"
+  }
+  data = {
+    SERVER_PRIVATE_KEY_JSON = var.prs_private_key
+    SERVER_PUBLIC_KEY_JSON =  var.prs_public_key
+}
 }
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -33,6 +33,54 @@ variable "db_password" {
   sensitive   = true
 }
 
+variable "prs_private_key"{
+  description = "prs private key token"
+  type        = string
+  sensitive   = true
+}
+
+variable "prs_public_key"{
+  description = "prs public key token"
+  type        = string  
+  sensitive = false
+}
+
+variable "jwt_issuer"{
+  description = "jwt issuer"
+  type        = string  
+  sensitive = false
+}
+
+variable "jwt_expiration"{
+  description = "jwt expiration"
+  type        = string  
+  sensitive = false 
+}
+
+variable "twilio_account_sid"{
+  description = "twilio account sid"
+  type        = string  
+  sensitive = false
+}
+
+variable "twilio_auth_token"{
+  description = "twilio auth token"
+  type        = string  
+  sensitive = false
+}
+
+variable "twilio_phone_number"{
+  description = "twilio phone number"
+  type        = string  
+  sensitive = false
+}
+
+variable "otp_salt"{
+  description = "otp salt"
+  type        = string  
+  sensitive = true
+}
+
 variable "db_instance" {
   description = "The instance type for the RDS database"
   type        = string