Use secrets from 1Password in Kubernetes

Lovely-Development-Team · Dec 9, 2023 · 32ce84a · 32ce84a
1 parent 3227261
commit 32ce84a
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 10 deletions.
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -144,14 +144,6 @@ jobs:
         run: echo "RELEASE_VERSION=`git describe --tags`" >> $GITHUB_ENV
         continue-on-error: true
 
-      - name: Set secrets
-        uses: azure/k8s-create-secret@v4
-        with:
-          namespace: 'discord-bots'
-          secret-name: 'baby-botto'
-          secret-type: 'Opaque'
-          string-data: '{"MOTTOBOTTO_DISCORD_TOKEN":"${{ secrets.DISCORD_TOKEN }}", "MOTTOBOTTO_AIRTABLE_BASE": "${{ secrets.AIRTABLE_BASE }}", "MOTTOBOTTO_AIRTABLE_KEY": "${{ secrets.AIRTABLE_KEY }}"}'
-
       - name: Substitute env into templates
         run: |
           cat kubernetes/babybotto-config.tpl.yaml | envsubst > kubernetes/babybotto-config.yaml &&
@@ -165,6 +157,7 @@ jobs:
           MOTTOBOTTO_WAVE_ON_TAG: ${{ vars.WAVE_ON_TAG }}
           MOTTOBOTTO_RANDOM_MOTTO_SOURCE_VIEW: ${{ vars.RANDOM_MOTTO_SOURCE_VIEW }}
           MOTTOBOTTO_MAINTAINER_IDS: ${{ vars.MAINTAINER_IDS }}
+          AIRTABLE_BASE: ${{ vars.AIRTABLE_BASE }}
           MOTTOBOTTO_VERSION: ${{ env.RELEASE_VERSION }}
           IMAGE_NAME: ${{ env.IMAGE_NAME }}
 

diff --git a/kubernetes/babybotto-config.tpl.yaml b/kubernetes/babybotto-config.tpl.yaml
@@ -13,4 +13,5 @@ data:
   MOTTOBOTTO_MINIMUM_RANDOM_INTERVAL_MINUTES_PER_USER: "${MOTTOBOTTO_MINIMUM_RANDOM_INTERVAL_MINUTES_PER_USER}"
   MOTTOBOTTO_WAVE_ON_TAG: "${MOTTOBOTTO_WAVE_ON_TAG}"
   MOTTOBOTTO_RANDOM_MOTTO_SOURCE_VIEW: "${MOTTOBOTTO_RANDOM_MOTTO_SOURCE_VIEW}"
-  MOTTOBOTTO_MAINTAINER_IDS: "${MOTTOBOTTO_MAINTAINER_IDS}"
+  MOTTOBOTTO_MAINTAINER_IDS: "${MOTTOBOTTO_MAINTAINER_IDS}"
+  MOTTOBOTTO_AIRTABLE_BASE: "${AIRTABLE_BASE}"
diff --git a/kubernetes/deployment.tpl.yaml b/kubernetes/deployment.tpl.yaml
@@ -7,6 +7,10 @@ metadata:
     app.kubernetes.io/name: MottoBotto
     app.kubernetes.io/instance: BabyBotto
     app.kubernetes.io/version: ${MOTTOBOTTO_VERSION}
+  annotations:
+    operator.1password.io/item-path: "vaults/du4s3tc4ab7wnrijmb5fxjpbse/items/BabyBotto Credentials"
+    operator.1password.io/item-name: "babybotto-credentials"
+    operator.1password.io/auto-restart: "true"
 spec:
   replicas: 1
   selector:
@@ -27,7 +31,7 @@ spec:
           - configMapRef:
               name: baby-botto
           - secretRef:
-              name: baby-botto
+              name: babybotto-credentials
         env:
           - name: MOTTOBOTTO_VERSION
             value: ${MOTTOBOTTO_VERSION}