From 32ce84a2f2f65db69763d952c92df7e06348d1b0 Mon Sep 17 00:00:00 2001
From: David Stephens <git@dwrs.org>
Date: Sat, 9 Dec 2023 14:33:27 +0000
Subject: [PATCH] Use secrets from 1Password in Kubernetes

---
 .github/workflows/docker-publish.yml | 9 +--------
 kubernetes/babybotto-config.tpl.yaml | 3 ++-
 kubernetes/deployment.tpl.yaml       | 6 +++++-
 3 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index 0562ca5..fd26711 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -144,14 +144,6 @@ jobs:
         run: echo "RELEASE_VERSION=`git describe --tags`" >> $GITHUB_ENV
         continue-on-error: true
 
-      - name: Set secrets
-        uses: azure/k8s-create-secret@v4
-        with:
-          namespace: 'discord-bots'
-          secret-name: 'baby-botto'
-          secret-type: 'Opaque'
-          string-data: '{"MOTTOBOTTO_DISCORD_TOKEN":"${{ secrets.DISCORD_TOKEN }}", "MOTTOBOTTO_AIRTABLE_BASE": "${{ secrets.AIRTABLE_BASE }}", "MOTTOBOTTO_AIRTABLE_KEY": "${{ secrets.AIRTABLE_KEY }}"}'
-
       - name: Substitute env into templates
         run: |
           cat kubernetes/babybotto-config.tpl.yaml | envsubst > kubernetes/babybotto-config.yaml &&
@@ -165,6 +157,7 @@ jobs:
           MOTTOBOTTO_WAVE_ON_TAG: ${{ vars.WAVE_ON_TAG }}
           MOTTOBOTTO_RANDOM_MOTTO_SOURCE_VIEW: ${{ vars.RANDOM_MOTTO_SOURCE_VIEW }}
           MOTTOBOTTO_MAINTAINER_IDS: ${{ vars.MAINTAINER_IDS }}
+          AIRTABLE_BASE: ${{ vars.AIRTABLE_BASE }}
           MOTTOBOTTO_VERSION: ${{ env.RELEASE_VERSION }}
           IMAGE_NAME: ${{ env.IMAGE_NAME }}
 
diff --git a/kubernetes/babybotto-config.tpl.yaml b/kubernetes/babybotto-config.tpl.yaml
index dcbc5f9..8a456e6 100644
--- a/kubernetes/babybotto-config.tpl.yaml
+++ b/kubernetes/babybotto-config.tpl.yaml
@@ -13,4 +13,5 @@ data:
   MOTTOBOTTO_MINIMUM_RANDOM_INTERVAL_MINUTES_PER_USER: "${MOTTOBOTTO_MINIMUM_RANDOM_INTERVAL_MINUTES_PER_USER}"
   MOTTOBOTTO_WAVE_ON_TAG: "${MOTTOBOTTO_WAVE_ON_TAG}"
   MOTTOBOTTO_RANDOM_MOTTO_SOURCE_VIEW: "${MOTTOBOTTO_RANDOM_MOTTO_SOURCE_VIEW}"
-  MOTTOBOTTO_MAINTAINER_IDS: "${MOTTOBOTTO_MAINTAINER_IDS}"
\ No newline at end of file
+  MOTTOBOTTO_MAINTAINER_IDS: "${MOTTOBOTTO_MAINTAINER_IDS}"
+  MOTTOBOTTO_AIRTABLE_BASE: "${AIRTABLE_BASE}"
\ No newline at end of file
diff --git a/kubernetes/deployment.tpl.yaml b/kubernetes/deployment.tpl.yaml
index ac14866..39c1e74 100644
--- a/kubernetes/deployment.tpl.yaml
+++ b/kubernetes/deployment.tpl.yaml
@@ -7,6 +7,10 @@ metadata:
     app.kubernetes.io/name: MottoBotto
     app.kubernetes.io/instance: BabyBotto
     app.kubernetes.io/version: ${MOTTOBOTTO_VERSION}
+  annotations:
+    operator.1password.io/item-path: "vaults/du4s3tc4ab7wnrijmb5fxjpbse/items/BabyBotto Credentials"
+    operator.1password.io/item-name: "babybotto-credentials"
+    operator.1password.io/auto-restart: "true"
 spec:
   replicas: 1
   selector:
@@ -27,7 +31,7 @@ spec:
           - configMapRef:
               name: baby-botto
           - secretRef:
-              name: baby-botto
+              name: babybotto-credentials
         env:
           - name: MOTTOBOTTO_VERSION
             value: ${MOTTOBOTTO_VERSION}