diff --git a/deploy/indextool/deployment.yaml b/deploy/indextool/deployment.yaml index f0b9065fd566f808093a3aee8d085d4ad475d447..380483164414d9038634e765691a6a91cfa23d49 100644 --- a/deploy/indextool/deployment.yaml +++ b/deploy/indextool/deployment.yaml @@ -5,7 +5,7 @@ metadata: name: doc-search namespace: indextool spec: - replicas: 1 + replicas: 2 strategy: rollingUpdate: maxSurge: 1 @@ -16,9 +16,23 @@ spec: app: doc-search template: metadata: + annotations: + vault.hashicorp.com/agent-inject: 'true' + vault.hashicorp.com/role: 'search' + vault.hashicorp.com/agent-inject-secret-application.yml: 'internal/data/opengauss/search' + vault.hashicorp.com/agent-pre-populate-only: "true" + vault.hashicorp.com/agent-inject-perms-application.yml: "0600" + vault.hashicorp.com/agent-run-as-user: "1001" + vault.hashicorp.com/agent-inject-template-application.yml: | + {{- with secret "internal/data/opengauss/search" -}} + {{ .Data.data.application }} + {{- end }} labels: app: doc-search spec: + serviceAccount: search + imagePullSecrets: + - name: huawei-swr-image-pull-secret containers: - name: doc-search image: swr.cn-north-4.myhuaweicloud.com/opensourceway/opengauss/doc-search:3ec3f143b2cb567b5929d6e01a8147aa3befb8a3 @@ -46,76 +60,41 @@ spec: failureThreshold: 3 timeoutSeconds: 5 env: - - name: eshost - valueFrom: - secretKeyRef: - name: doc-search-secrets - key: host - - name: esusername - valueFrom: - secretKeyRef: - name: doc-search-secrets - key: username - - name: espassword - valueFrom: - secretKeyRef: - name: doc-search-secrets - key: password - - name: esport - valueFrom: - secretKeyRef: - name: doc-search-secrets - key: port - - name: searchsystem + - name: X_ARMOR_BACKEND_TENANT_ID valueFrom: secretKeyRef: name: doc-search-secrets - key: system - - name: depp + key: xarmor_tenant_id + - name: X_ARMOR_BACKEND_APP_ID valueFrom: secretKeyRef: name: doc-search-secrets - key: depp - - name: teshost + key: xarmor_app_id + - name: X_ARMOR_BACKEND_APP_TOKEN valueFrom: secretKeyRef: name: doc-search-secrets - key: teshost - - name: tesusername + key: xarmor_backend_app_token + - name: X_ARMOR_SECURITY_ENABLE valueFrom: secretKeyRef: name: doc-search-secrets - key: tesusername - - name: tespassword + key: xarmor_security_enable + - name: X_ARMOR_SECURITY_ROOT_PASSWORD_0 valueFrom: secretKeyRef: name: doc-search-secrets - key: tespassword - - name: tesport + key: xarmor_security_root_password + - name: X_ARMOR_SECURITY_WORK_PASSWORD_0 valueFrom: secretKeyRef: name: doc-search-secrets - key: tesport + key: xarmor_security_work_password - name: X_ARMOR_BACKEND_BACKEND_URL valueFrom: secretKeyRef: name: doc-search-secrets key: xarmor_backend_url - - name: X_ARMOR_BACKEND_TENANT_ID - valueFrom: - secretKeyRef: - name: doc-search-secrets - key: xarmor_tenant_id - - name: X_ARMOR_BACKEND_APP_ID - valueFrom: - secretKeyRef: - name: doc-search-secrets - key: xarmor_app_id - - name: X_ARMOR_BACKEND_APP_TOKEN - valueFrom: - secretKeyRef: - name: doc-search-secrets - key: xarmor_app_token - name: APPLICATION_PATH - value: "/home/easysearch/EaseSearch/target/classes/application.yml" + value: "/vault/secrets/application.yml" diff --git a/deploy/indextool/secret.yaml b/deploy/indextool/secret.yaml index d7d0c64c64e092451441ee3ffac62f6260600956..dff079e594909d21e362860125ed6915586014f5 100644 --- a/deploy/indextool/secret.yaml +++ b/deploy/indextool/secret.yaml @@ -25,36 +25,6 @@ metadata: spec: name: doc-search-secrets keysMap: - host: - path: secrets/data/opengauss/opengauss-indextool - key: host - username: - path: secrets/data/opengauss/opengauss-indextool - key: username - password: - path: secrets/data/opengauss/opengauss-indextool - key: password - port: - path: secrets/data/opengauss/opengauss-indextool - key: port - system: - path: secrets/data/opengauss/opengauss-indextool - key: system - depp: - path: secrets/data/opengauss/opengauss-indextool - key: depp - teshost: - path: secrets/data/opengauss/opengauss-indextool - key: teshost - tesusername: - path: secrets/data/opengauss/opengauss-indextool - key: tesusername - tespassword: - path: secrets/data/opengauss/opengauss-indextool - key: tespassword - tesport: - path: secrets/data/opengauss/opengauss-indextool - key: tesport xarmor_backend_url: path: secrets/data/opengauss/rasp_secret key: xarmor_backend_url @@ -64,6 +34,15 @@ spec: xarmor_app_id: path: secrets/data/opengauss/rasp_secret key: xarmor_app_id - xarmor_app_token: + xarmor_backend_app_token: path: secrets/data/opengauss/rasp_secret - key: xarmor_app_token \ No newline at end of file + key: xarmor_backend_app_token + xarmor_security_enable: + path: secrets/data/opengauss/rasp_secret + key: xarmor_security_enable + xarmor_security_root_password: + path: secrets/data/opengauss/rasp_secret + key: xarmor_security_root_password + xarmor_security_work_password: + path: secrets/data/opengauss/rasp_secret + key: xarmor_security_work_password \ No newline at end of file