hackerspace kustomize

+ move static env to dockerfile + doorboy-direct refactor
2025-08-08 03:07:21 +03:00
parent c29de936af
commit 9ef252c8ec
7 changed files with 125 additions and 129 deletions
--- a/hackerspace/inventory.yaml
+++ b/hackerspace/inventory.yaml
@@ -20,36 +20,12 @@ spec:
      - image: harbor.k-space.ee/k-space/inventory-app:latest
        imagePullPolicy: Always
        env:
-        - name: ENVIRONMENT_TYPE
-          value: PROD
-        - name: PYTHONUNBUFFERED
-          value: "1"
        - name: INVENTORY_ASSETS_BASE_URL
          value: https://external.minio-clusters.k-space.ee/hackerspace-701d9303-0f27-4829-a2be-b1084021ad91/
        - name: MACADDRESS_OUTLINK_BASEURL
          value: https://grafana.k-space.ee/d/ddwyidbtbc16oa/ip-usage?orgId=1&from=now-2y&to=now&timezone=browser&var-Filters=mac%7C%3D%7C
        - name: OIDC_USERS_NAMESPACE
          value: passmower
-        - name: SECRET_KEY
-          valueFrom:
-            secretKeyRef:
-              key: SECRET_KEY
-              name: inventory-secrets
-        - name: INVENTORY_API_KEY
-          valueFrom:
-            secretKeyRef:
-              key: INVENTORY_API_KEY
-              name: inventory-api-key
-        - name: SLACK_DOORLOG_CALLBACK
-          valueFrom:
-            secretKeyRef:
-              key: SLACK_DOORLOG_CALLBACK
-              name: slack-secrets
-        - name: SLACK_VERIFICATION_TOKEN
-          valueFrom:
-            secretKeyRef:
-              key: SLACK_VERIFICATION_TOKEN
-              name: slack-secrets
        envFrom:
        - secretRef:
            name: miniobucket-inventory-external-owner-secrets
@@ -122,59 +98,3 @@ spec:
  tls:
  - hosts:
    - "*.k-space.ee"
---
-apiVersion: codemowers.cloud/v1beta1
-kind: OIDCClient
-metadata:
-  name: inventory-app
-spec:
-  uri: 'https://inventory.k-space.ee'
-  redirectUris:
-    - 'https://inventory.k-space.ee/login-callback'
-  grantTypes:
-    - 'authorization_code'
-    - 'refresh_token'
-  responseTypes:
-    - 'code'
-  availableScopes:
-    - 'openid'
-    - 'profile'
-    - 'groups'
-    - 'offline_access'
-  tokenEndpointAuthMethod: 'client_secret_basic'
-  pkce: false
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: inventory-role
-  namespace: hackerspace
-rules:
-  - verbs:
-      - get
-      - list
-      - watch
-    apiGroups:
-      - codemowers.cloud
-    resources:
-      - oidcusers
-      - oidcusers/status
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: inventory-roles
-  namespace: hackerspace
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: inventory-role
-subjects:
-  - kind: ServiceAccount
-    name: inventory-svcacc
-    namespace: hackerspace
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: inventory-svcacc