Fixing key access rights

.github/workflows/build-and-deploy.yml

@@ -150,12 +150,12 @@ jobs:
       - uses: rlespinasse/github-slug-action@3.1.0
 
       - name: Write certificate
-        run: echo "${CERTS_PRIVATE_KEY}" > secret.key
+        run: echo "${CERTS_PRIVATE_KEY}" > secret.key && chmod 0600 secret.key
         env:
           CERTS_PRIVATE_KEY: ${{ secrets.CERTS_PRIVATE_KEY }}
 
       - name: Download certificate
-        run: mkdir secrets && scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i secret.key ubuntu@cert.workadventu.re:./config/live/workadventu.re/* secrets/ && chmod 0600 secrets/*
+        run: mkdir secrets && scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i secret.key ubuntu@cert.workadventu.re:./config/live/workadventu.re/* secrets/*
 
       - name: Install certificates in namespace
         uses: steebchen/kubectl@v1.0.0

deeployer.libsonnet

@@ -11,8 +11,7 @@
      "back1": {
        "image": "thecodingmachine/workadventure-back:"+tag,
        "host": {
-         "url": "api1."+url,
+         "url": "api1-"+url,
-         "https": "enable",
          "containerPort": 8080
        },
        "ports": [8080, 50051],
@@ -30,8 +29,7 @@
      "back2": {
             "image": "thecodingmachine/workadventure-back:"+tag,
             "host": {
-              "url": "api2."+url,
+              "url": "api2-"+url,
-              "https": "enable",
               "containerPort": 8080
             },
             "ports": [8080, 50051],
@@ -50,8 +48,7 @@
             "replicas": 2,
             "image": "thecodingmachine/workadventure-pusher:"+tag,
             "host": {
-              "url": "pusher."+url,
+              "url": "pusher-"+url,
-              "https": "enable"
             },
             "ports": [8080],
             "env": {
@@ -68,27 +65,25 @@
     "front": {
       "image": "thecodingmachine/workadventure-front:"+tag,
       "host": {
-        "url": "play."+url,
+        "url": "play-"+url,
-        "https": "enable"
       },
       "ports": [80],
       "env": {
-        "PUSHER_URL": "//pusher."+url,
+        "PUSHER_URL": "//pusher-"+url,
-        "UPLOADER_URL": "//uploader."+url,
+        "UPLOADER_URL": "//uploader-"+url,
         "ADMIN_URL": "//"+url,
         "JITSI_URL": env.JITSI_URL,
         "SECRET_JITSI_KEY": env.SECRET_JITSI_KEY,
         "TURN_SERVER": "turn:coturn.workadventu.re:443,turns:coturn.workadventu.re:443",
         "JITSI_PRIVATE_MODE": if env.SECRET_JITSI_KEY != '' then "true" else "false",
-        "START_ROOM_URL": "/_/global/maps."+url+"/Floor0/floor0.json"
+        "START_ROOM_URL": "/_/global/maps-"+url+"/Floor0/floor0.json"
         //"GA_TRACKING_ID": "UA-10196481-11"
       }
     },
     "uploader": {
            "image": "thecodingmachine/workadventure-uploader:"+tag,
            "host": {
-             "url": "uploader."+url,
+             "url": "uploader-"+url,
-             "https": "enable",
              "containerPort": 8080
            },
            "ports": [8080],
@@ -98,16 +93,12 @@
     "maps": {
       "image": "thecodingmachine/workadventure-maps:"+tag,
       "host": {
-        "url": "maps."+url,
+        "url": "maps-"+url
-        "https": "enable"
       },
       "ports": [80]
     },
   },
   "config": {
-    "https": {
-      "mail": "d.negrier@thecodingmachine.com"
-    },
     k8sextension(k8sConf)::
         k8sConf + {
           back1+: {
@@ -122,6 +113,14 @@
                   }
                 }
               }
+            },
+            ingress+: {
+              spec+: {
+                tls+: [{
+                  hosts: ["api1-"+url],
+                  secretName: "certificate-tls"
+                }]
+              }
             }
           },
           back2+: {