added secrets

.github/workflows/stripe-to-invoice.yml

@@ -112,6 +112,30 @@ jobs:
             --namespace $NAMESPACE \
             --from-literal=DATABASE_URL="$DATABASE_URL" \
             --dry-run=client -o yaml | kubectl apply -f -
+  
+      - name: Apply Stripe secrets
+        run: |
+          set -e
+          set -a
+          source stripe_to_invoice/deployment/secrets/.env
+          set +a
+
+          if [[ "$ENV" == "prod" ]]; then
+            STRIPE_SECRET_KEY="$PROD_STRIPE_SECRET_KEY"
+            STRIPE_CLIENT_ID="$PROD_STRIPE_CLIENT_ID"
+          else
+            STRIPE_SECRET_KEY="$DEV_STRIPE_SECRET_KEY"
+            STRIPE_CLIENT_ID="$DEV_STRIPE_CLIENT_ID"
+          fi
+
+          : "${STRIPE_SECRET_KEY:?missing STRIPE_SECRET_KEY}"
+          : "${STRIPE_CLIENT_ID:?missing STRIPE_CLIENT_ID}"
+          : "${NAMESPACE:?missing NAMESPACE}"
+
+          export STRIPE_SECRET_KEY STRIPE_CLIENT_ID NAMESPACE
+
+          envsubst < stripe_to_invoice/deployment/stripe-secrets.yaml \
+            | kubectl apply -f -
 
   # --------------------------------------------------
   # DEPLOY APP

db/k8s/postgres/postgres-dev-stripe-to-invoice.yaml

@@ -1,100 +0,0 @@
-# --------------------------------------------------
-# PersistentVolume (local disk on mist)
-# --------------------------------------------------
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: postgres-dev-pv
-spec:
-  capacity:
-    storage: 20Gi
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: local-storage
-  hostPath:
-    path: /home/kimjunte/k8s_storage/postgres/stripe_invoice_dev
-
----
-# --------------------------------------------------
-# PersistentVolumeClaim
-# --------------------------------------------------
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: postgres-pvc
-  namespace: dev
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 20Gi
-  storageClassName: local-storage
-
----
-# --------------------------------------------------
-# PostgreSQL Deployment
-# --------------------------------------------------
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: postgres-dev
-  namespace: dev
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: postgres-dev
-  template:
-    metadata:
-      labels:
-        app: postgres-dev
-    spec:
-      containers:
-        - name: postgres
-          image: postgres:16
-          ports:
-            - containerPort: 5432
-          envFrom:
-            - secretRef:
-                name: postgres-secret
-          volumeMounts:
-            - name: postgres-data
-              mountPath: /var/lib/postgresql/data
-      volumes:
-        - name: postgres-data
-          persistentVolumeClaim:
-            claimName: postgres-pvc
-
----
-# --------------------------------------------------
-# PostgreSQL Service (internal only)
-# --------------------------------------------------
-apiVersion: v1
-kind: Service
-metadata:
-  name: postgres-dev
-  namespace: dev
-spec:
-  type: ClusterIP
-  selector:
-    app: postgres-dev
-  ports:
-    - port: 5432
-      targetPort: 5432
-
----
-# --------------------------------------------------
-# Secret
-# --------------------------------------------------
-apiVersion: v1
-kind: Secret
-metadata:
-  name: postgres-secret
-  namespace: dev
-type: Opaque
-stringData:
-  POSTGRES_USER: postgres
-  POSTGRES_PASSWORD: averysecretpasswordPersonAppleWinter938
-  POSTGRES_DB: stripe_invoice

db/k8s/postgres/postgres-prod-stripe-to-invoice.yaml

@@ -1,111 +0,0 @@
-# --------------------------------------------------
-# PersistentVolume (local disk on mist) — PROD
-# --------------------------------------------------
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: postgres-prod-pv
-spec:
-  capacity:
-    storage: 20Gi
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: local-storage
-  hostPath:
-    path: /home/kimjunte/k8s_storage/postgres/stripe_invoice_prod
-
----
-# --------------------------------------------------
-# PersistentVolumeClaim — PROD
-# --------------------------------------------------
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: postgres-prod-pvc
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 20Gi
-  storageClassName: local-storage
-
----
-# --------------------------------------------------
-# PostgreSQL Secret — PROD
-# (DO NOT COMMIT real values)
-# --------------------------------------------------
-apiVersion: v1
-kind: Secret
-metadata:
-  name: postgres-prod-secret
-  namespace: default
-type: Opaque
-stringData:
-  POSTGRES_USER: stripe_invoice_prod
-  POSTGRES_PASSWORD: productionPassword1142M@ke!tH@rd2Br3akWith$ymb0ls
-  POSTGRES_DB: stripe_invoice_prod
-
----
-# --------------------------------------------------
-# PostgreSQL Deployment — PROD
-# --------------------------------------------------
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: postgres-prod
-  namespace: default
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: postgres-prod
-  template:
-    metadata:
-      labels:
-        app: postgres-prod
-    spec:
-      containers:
-        - name: postgres
-          image: postgres:16
-          ports:
-            - containerPort: 5432
-          envFrom:
-            - secretRef:
-                name: postgres-prod-secret
-          volumeMounts:
-            - name: postgres-data
-              mountPath: /var/lib/postgresql/data
-          readinessProbe:
-            tcpSocket:
-              port: 5432
-            initialDelaySeconds: 10
-            periodSeconds: 5
-          livenessProbe:
-            tcpSocket:
-              port: 5432
-            initialDelaySeconds: 30
-            periodSeconds: 10
-      volumes:
-        - name: postgres-data
-          persistentVolumeClaim:
-            claimName: postgres-prod-pvc
-
----
-# --------------------------------------------------
-# PostgreSQL Service (cluster-internal only) — PROD
-# --------------------------------------------------
-apiVersion: v1
-kind: Service
-metadata:
-  name: postgres-prod
-  namespace: default
-spec:
-  type: ClusterIP
-  selector:
-    app: postgres-prod
-  ports:
-    - port: 5432
-      targetPort: 5432

stripe_to_invoice/deployment/secrets/.env

@@ -0,0 +1,6 @@
+# Test mode for deployment
+DEV_STRIPE_SECRET_KEY=sk_test_51Mo6PnBUc0gyz8XqrZqvWQWRQSUQbjt7zxP56lhdqgIG4qxn5zDuistUJJq8Chl7AxmyCy8xMRAh1Zf25jK0lYCb00QsQqNEsc
+DEV_STRIPE_CLIENT_ID=ca_NZFa6CNybMItWKir9Uk6ojevnYcP7Rbz
+
+PROD_STRIPE_SECRET_KEY=sk_test_51Mo6PnBUc0gyz8XqrZqvWQWRQSUQbjt7zxP56lhdqgIG4qxn5zDuistUJJq8Chl7AxmyCy8xMRAh1Zf25jK0lYCb00QsQqNEsc
+PROD_STRIPE_CLIENT_ID=ca_NZFa6CNybMItWKir9Uk6ojevnYcP7Rbz

stripe_to_invoice/deployment/secrets/stipe-secrets.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: stripe-secrets
+  namespace: ${NAMESPACE}
+type: Opaque
+stringData:
+  STRIPE_SECRET_KEY: ${STRIPE_SECRET_KEY}
+  STRIPE_CLIENT_ID: ${STRIPE_CLIENT_ID}

traefik/docker-registry-credentials/docker-credentials.yml

@@ -6,3 +6,13 @@ metadata:
 data:
   .dockerconfigjson: ewoJImF1dGhzIjogewoJCSJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CgkJCSJhdXRoIjogImEybHRhblZ1ZEdVNlpHTnJjbDl3WVhSZmJVdFNibkJ0TVZselJVOHRSRU5PVnpNelQwcG5hVGQ0WkdkQiIKCQl9Cgl9Cn0= 
 type: kubernetes.io/dockerconfigjson
+
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: registrypullsecret
+  namespace: dev
+data:
+  .dockerconfigjson: ewoJImF1dGhzIjogewoJCSJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CgkJCSJhdXRoIjogImEybHRhblZ1ZEdVNlpHTnJjbDl3WVhSZmJVdFNibkJ0TVZselJVOHRSRU5PVnpNelQwcG5hVGQ0WkdkQiIKCQl9Cgl9Cn0= 
+type: kubernetes.io/dockerconfigjson