Fixing key access rights

2021-06-11 14:25:02 +02:00 · 2021-06-11 14:25:02 +02:00 · 83089f1197
commit 83089f1197
parent c07d54f4c3
2 changed files with 19 additions and 20 deletions
--- a/.github/workflows/build-and-deploy.yml
+++ b/.github/workflows/build-and-deploy.yml
@ -150,12 +150,12 @@ jobs:
      - uses: rlespinasse/github-slug-action@3.1.0

      - name: Write certificate
-        run: echo "${CERTS_PRIVATE_KEY}" > secret.key
+        run: echo "${CERTS_PRIVATE_KEY}" > secret.key && chmod 0600 secret.key
        env:
          CERTS_PRIVATE_KEY: ${{ secrets.CERTS_PRIVATE_KEY }}

      - name: Download certificate
-        run: mkdir secrets && scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i secret.key ubuntu@cert.workadventu.re:./config/live/workadventu.re/* secrets/ && chmod 0600 secrets/*
+        run: mkdir secrets && scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i secret.key ubuntu@cert.workadventu.re:./config/live/workadventu.re/* secrets/*

      - name: Install certificates in namespace
        uses: steebchen/kubectl@v1.0.0
--- a/deeployer.libsonnet
+++ b/deeployer.libsonnet
@ -11,8 +11,7 @@
     "back1": {
       "image": "thecodingmachine/workadventure-back:"+tag,
       "host": {
-         "url": "api1."+url,
-         "https": "enable",
+         "url": "api1-"+url,
         "containerPort": 8080
       },
       "ports": [8080, 50051],
@ -30,8 +29,7 @@
     "back2": {
            "image": "thecodingmachine/workadventure-back:"+tag,
            "host": {
-              "url": "api2."+url,
-              "https": "enable",
+              "url": "api2-"+url,
              "containerPort": 8080
            },
            "ports": [8080, 50051],
@ -50,8 +48,7 @@
            "replicas": 2,
            "image": "thecodingmachine/workadventure-pusher:"+tag,
            "host": {
-              "url": "pusher."+url,
-              "https": "enable"
+              "url": "pusher-"+url,
            },
            "ports": [8080],
            "env": {
@ -68,27 +65,25 @@
    "front": {
      "image": "thecodingmachine/workadventure-front:"+tag,
      "host": {
-        "url": "play."+url,
-        "https": "enable"
+        "url": "play-"+url,
      },
      "ports": [80],
      "env": {
-        "PUSHER_URL": "//pusher."+url,
-        "UPLOADER_URL": "//uploader."+url,
+        "PUSHER_URL": "//pusher-"+url,
+        "UPLOADER_URL": "//uploader-"+url,
        "ADMIN_URL": "//"+url,
        "JITSI_URL": env.JITSI_URL,
        "SECRET_JITSI_KEY": env.SECRET_JITSI_KEY,
        "TURN_SERVER": "turn:coturn.workadventu.re:443,turns:coturn.workadventu.re:443",
        "JITSI_PRIVATE_MODE": if env.SECRET_JITSI_KEY != '' then "true" else "false",
-        "START_ROOM_URL": "/_/global/maps."+url+"/Floor0/floor0.json"
+        "START_ROOM_URL": "/_/global/maps-"+url+"/Floor0/floor0.json"
        //"GA_TRACKING_ID": "UA-10196481-11"
      }
    },
    "uploader": {
           "image": "thecodingmachine/workadventure-uploader:"+tag,
           "host": {
-             "url": "uploader."+url,
-             "https": "enable",
+             "url": "uploader-"+url,
             "containerPort": 8080
           },
           "ports": [8080],
@ -98,16 +93,12 @@
    "maps": {
      "image": "thecodingmachine/workadventure-maps:"+tag,
      "host": {
-        "url": "maps."+url,
-        "https": "enable"
+        "url": "maps-"+url
      },
      "ports": [80]
    },
  },
  "config": {
-    "https": {
-      "mail": "d.negrier@thecodingmachine.com"
-    },
    k8sextension(k8sConf)::
        k8sConf + {
          back1+: {
@ -122,6 +113,14 @@
                  }
                }
              }
+            },
+            ingress+: {
+              spec+: {
+                tls+: [{
+                  hosts: ["api1-"+url],
+                  secretName: "certificate-tls"
+                }]
+              }
            }
          },
          back2+: {