adebaumann/vgui-cicd
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Django options pulled out into configmap; Docker build should now succeed despite no ENV-var with secret
Some checks failed
Build containers when image tags change / build-if-image-changed (., web, containers, main container, git.baumann.gr/adebaumann/vui) (push) Successful in 39s
Details
Build containers when image tags change / build-if-image-changed (data-loader, loader, initContainers, init-container, git.baumann.gr/adebaumann/vui-data-loader) (push) Successful in 4s
Details
SonarQube Scan / SonarQube Trigger (push) Failing after 47s
Details

Browse Source
This commit is contained in:
Adrian A. Baumann
2026-01-15 16:34:56 +01:00
parent 67d4087e3a
commit e8f34f7fa5
8 changed files with 480 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@@ -21,6 +21,8 @@ ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1 ENV PYTHONUNBUFFERED=1
USER appuser USER appuser
EXPOSE 8000 EXPOSE 8000
# Set build environment variable to enable fallback secret key during build
ENV DOCKER_BUILDKIT=1
RUN rm -rvf /app/Dockerfile* \ RUN rm -rvf /app/Dockerfile* \
/app/README.md \ /app/README.md \
/app/argocd \ /app/argocd \

24
VorgabenUI/settings.py
View File

@@ -21,21 +21,33 @@ BASE_DIR = Path(__file__).resolve().parent.parent
# See https://docs.djangoproject.com/en/5.2/howto/deployment/checklist/ # See https://docs.djangoproject.com/en/5.2/howto/deployment/checklist/
# SECURITY WARNING: don't run with debug turned on in production! # SECURITY WARNING: don't run with debug turned on in production!
DEBUG = False DEBUG = os.environ.get('DEBUG', 'True').lower() in ('true', '1', 'yes', 'on')
# SECURITY WARNING: keep the secret key used in production secret! # SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = os.environ.get('VORGABENUI_SECRET') SECRET_KEY = os.environ.get('VORGABENUI_SECRET')
if not SECRET_KEY: if not SECRET_KEY:
if DEBUG: # Check if we're in a build environment (Docker build, CI, etc.)
# Fixed fallback key for local development only is_build_env = any([
os.environ.get('DOCKER_BUILDKIT'), # Docker build
os.environ.get('CI'), # CI environment
os.environ.get('GITHUB_ACTIONS'), # GitHub Actions
os.environ.get('GITEA_ACTIONS'), # Gitea Actions
])
# Use DEBUG environment variable or assume debug mode for local development
debug_mode = os.environ.get('DEBUG', 'True').lower() in ('true', '1', 'yes', 'on')
if debug_mode or is_build_env:
# Fixed fallback key for local development and build environments
SECRET_KEY = 'dev-fallback-key-for-local-debugging-only-not-for-production-use-12345' SECRET_KEY = 'dev-fallback-key-for-local-debugging-only-not-for-production-use-12345'
import logging if not is_build_env: # Don't log during build to avoid noise
logging.warning("🚨 Using fallback SECRET_KEY for local development. This should NEVER happen in production!") import logging
logging.warning("🚨 Using fallback SECRET_KEY for local development. This should NEVER happen in production!")
else: else:
raise ValueError("VORGABENUI_SECRET environment variable is required") raise ValueError("VORGABENUI_SECRET environment variable is required")
ALLOWED_HOSTS = ["10.128.128.144","localhost","127.0.0.1","*"] ALLOWED_HOSTS = os.environ.get('DJANGO_ALLOWED_HOSTS', "10.128.128.144,localhost,127.0.0.1,*").split(",")
# Application definition # Application definition

25
argocd/configmap.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: django-config
namespace: vorgabenui
data:
# Django Configuration
DEBUG: "false"
DJANGO_ALLOWED_HOSTS: "vorgabenportal.knowyoursecurity.com,localhost,127.0.0.1"
DJANGO_SETTINGS_MODULE: "VorgabenUI.settings"
# Application Configuration
LANGUAGE_CODE: "de-ch"
TIME_ZONE: "UTC"
# Static and Media Configuration
STATIC_URL: "/static/"
MEDIA_URL: "/media/"
# Database Configuration (for future use)
# DATABASE_ENGINE: "django.db.backends.sqlite3"
# DATABASE_NAME: "/app/data/db.sqlite3"
# Security Configuration
# CSRF_TRUSTED_ORIGINS: "https://vorgabenportal.knowyoursecurity.com"

19
argocd/deployment.yaml
View File

@@ -25,14 +25,31 @@ spec:
mountPath: /data mountPath: /data
containers: containers:
- name: web - name: web
image: git.baumann.gr/adebaumann/vui:0.977 image: git.baumann.gr/adebaumann/vui:0.978
imagePullPolicy: Always imagePullPolicy: Always
env: env:
# Secret configuration
- name: VORGABENUI_SECRET - name: VORGABENUI_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: vorgabenui-secrets name: vorgabenui-secrets
key: vorgabenui_secret key: vorgabenui_secret
# ConfigMap configuration
- name: DEBUG
valueFrom:
configMapKeyRef:
name: django-config
key: DEBUG
- name: DJANGO_ALLOWED_HOSTS
valueFrom:
configMapKeyRef:
name: django-config
key: DJANGO_ALLOWED_HOSTS
- name: DJANGO_SETTINGS_MODULE
valueFrom:
configMapKeyRef:
name: django-config
key: DJANGO_SETTINGS_MODULE
ports: ports:
- containerPort: 8000 - containerPort: 8000
volumeMounts: volumeMounts:

201
docs/kubernetes-secrets.md
View File

@@ -1,15 +1,27 @@
# Kubernetes Secret Management for VorgabenUI Django # Kubernetes Configuration Management for VorgabenUI Django
This document describes how to manage Django's SECRET_KEY using Kubernetes secrets with the `VORGABENUI_SECRET` environment variable. This document describes how to manage Django configuration using Kubernetes secrets and ConfigMaps.
## Overview ## Overview
The Django SECRET_KEY has been moved from hardcoded configuration to a Kubernetes secret for improved security. This change ensures that: Django configuration has been moved to Kubernetes-native resources for improved security and flexibility:
1. The SECRET_KEY is not stored in version control ### **Secrets** (for sensitive data)
2. Different environments can use different keys - `VORGABENUI_SECRET` - Django SECRET_KEY
3. Key rotation is easier to manage - Future: Database passwords, API keys, etc.
4. Follows Kubernetes security best practices
### **ConfigMaps** (for non-sensitive configuration)
- `DEBUG` - Debug mode setting
- `DJANGO_ALLOWED_HOSTS` - Allowed hostnames
- `DJANGO_SETTINGS_MODULE` - Settings module path
- Application configuration settings
This approach ensures that:
1. Sensitive data is not stored in version control
2. Configuration is environment-specific
3. Non-sensitive settings are easily manageable
4. Follows Kubernetes best practices
5. Includes fallback for local development 5. Includes fallback for local development
## Files Changed ## Files Changed
@@ -20,20 +32,52 @@ The Django SECRET_KEY has been moved from hardcoded configuration to a Kubernete
- Added warning when fallback key is used - Added warning when fallback key is used
### Files Created/Updated ### Files Created/Updated
#### **Configuration Resources**
- `argocd/configmap.yaml` - Django configuration (DEBUG, ALLOWED_HOSTS, etc.)
- `templates/configmap.yaml` - ConfigMap template (excluded from ArgoCD)
- `templates/secret.yaml` - Secret template (excluded from ArgoCD deployment) - `templates/secret.yaml` - Secret template (excluded from ArgoCD deployment)
- `argocd/secret.yaml` - ArgoCD-specific secret template with ignore annotation - `argocd/secret.yaml` - ArgoCD-specific secret template with ignore annotation
- `argocd/deployment.yaml` - Updated with environment variable configuration
- `scripts/deploy-argocd-secret.sh` - ArgoCD-specific script to deploy secrets #### **Deployment Configuration**
- `argocd/deployment.yaml` - Updated with Secret and ConfigMap environment variables
- `.argocdignore` - ArgoCD ignore patterns for templates and scripts - `.argocdignore` - ArgoCD ignore patterns for templates and scripts
#### **Deployment Scripts**
- `scripts/deploy-argocd-secret.sh` - ArgoCD-specific script to deploy secrets
- `scripts/deploy-argocd-configmap.sh` - ArgoCD-specific script to deploy ConfigMap
#### **Application Code**
- `VorgabenUI/settings.py` - Updated to use environment variables from ConfigMap
#### **Examples and Documentation**
- `k8s/django-secret.yaml` - Updated for consistency (vorgabenui namespace) - `k8s/django-secret.yaml` - Updated for consistency (vorgabenui namespace)
- `k8s/django-deployment-example.yaml` - Updated example deployment - `k8s/django-deployment-example.yaml` - Updated example deployment
- `scripts/deploy-django-secret.sh` - Updated with new defaults - `scripts/deploy-django-secret.sh` - Updated with new defaults
## Usage ## Usage
### 1. Deploy the Secret (ArgoCD Production) ### 1. Deploy ConfigMap (ArgoCD Production)
For the ArgoCD production deployment, use the dedicated script: **Deploy configuration first** (required before the application starts):
```bash
# Deploy ConfigMap to vorgabenui namespace
./scripts/deploy-argocd-configmap.sh
# Verify existing ConfigMap
./scripts/deploy-argocd-configmap.sh --verify-only
# Dry run to see what would happen
./scripts/deploy-argocd-configmap.sh --dry-run
# Get help
./scripts/deploy-argocd-configmap.sh --help
```
### 2. Deploy the Secret (ArgoCD Production)
**Deploy secret second** (contains sensitive SECRET_KEY):
```bash ```bash
# Deploy secret to vorgabenui namespace # Deploy secret to vorgabenui namespace
@@ -49,13 +93,13 @@ For the ArgoCD production deployment, use the dedicated script:
./scripts/deploy-argocd-secret.sh --help ./scripts/deploy-argocd-secret.sh --help
``` ```
### 2. Deploy Secret for Other Environments ### 3. Deploy Resources for Other Environments
For development or other environments, use the general script: For development or other environments, use the general scripts:
```bash ```bash
# Deploy to vorgabenui namespace (default) # Deploy ConfigMap to vorgabenui namespace (default)
./scripts/deploy-django-secret.sh ./scripts/deploy-django-secret.sh # (includes ConfigMap deployment)
# Deploy to specific namespace # Deploy to specific namespace
./scripts/deploy-django-secret.sh -n development ./scripts/deploy-django-secret.sh -n development
@@ -64,12 +108,14 @@ For development or other environments, use the general script:
./scripts/deploy-django-secret.sh --help ./scripts/deploy-django-secret.sh --help
``` ```
### 3. Environment Variable Configuration ### 4. Environment Variable Configuration
The ArgoCD deployment (`argocd/deployment.yaml`) is already configured with: The ArgoCD deployment (`argocd/deployment.yaml`) is configured with:
**Secret Variables:**
```yaml ```yaml
env: env:
# Secret configuration
- name: VORGABENUI_SECRET - name: VORGABENUI_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@@ -77,21 +123,53 @@ env:
key: vorgabenui_secret key: vorgabenui_secret
``` ```
**ConfigMap Variables:**
```yaml
# ConfigMap configuration
- name: DEBUG
valueFrom:
configMapKeyRef:
name: django-config
key: DEBUG
- name: DJANGO_ALLOWED_HOSTS
valueFrom:
configMapKeyRef:
name: django-config
key: DJANGO_ALLOWED_HOSTS
- name: DJANGO_SETTINGS_MODULE
valueFrom:
configMapKeyRef:
name: django-config
key: DJANGO_SETTINGS_MODULE
```
For other deployments, see `k8s/django-deployment-example.yaml` for a complete example. For other deployments, see `k8s/django-deployment-example.yaml` for a complete example.
### 4. Verify the Deployment ### 5. Verify the Deployment
Check that the secret was created: **Check ConfigMap:**
```bash
kubectl get configmap django-config -n vorgabenui
kubectl describe configmap django-config -n vorgabenui
```
**Check Secret:**
```bash ```bash
kubectl get secrets vorgabenui-secrets -n vorgabenui kubectl get secrets vorgabenui-secrets -n vorgabenui
kubectl describe secret vorgabenui-secrets -n vorgabenui kubectl describe secret vorgabenui-secrets -n vorgabenui
``` ```
Check that Django pods can access the secret: **Check Django pods can access configuration:**
```bash ```bash
# Check secret variable
kubectl exec -n vorgabenui deployment/django -- printenv VORGABENUI_SECRET kubectl exec -n vorgabenui deployment/django -- printenv VORGABENUI_SECRET
# Check ConfigMap variables
kubectl exec -n vorgabenui deployment/django -- printenv DEBUG
kubectl exec -n vorgabenui deployment/django -- printenv DJANGO_ALLOWED_HOSTS
# Check all environment variables
kubectl exec -n vorgabenui deployment/django -- printenv | grep -E "(VORGABENUI|DEBUG|DJANGO)"
``` ```
## Development Environment ## Development Environment
@@ -101,8 +179,24 @@ kubectl exec -n vorgabenui deployment/django -- printenv VORGABENUI_SECRET
The application now includes a fallback secret key for local development. When running locally: The application now includes a fallback secret key for local development. When running locally:
1. **Automatic fallback**: If `VORGABENUI_SECRET` is not set and `DEBUG=True`, a fallback key is used automatically 1. **Automatic fallback**: If `VORGABENUI_SECRET` is not set and `DEBUG=True`, a fallback key is used automatically
2. **Warning message**: The application will log a warning when using the fallback key 2. **Warning message**: The application will log a warning when using the fallback key (except during builds)
3. **Production safety**: Fallback only works when `DEBUG=True` or `DEBUG` env var is set 3. **Production safety**: Fallback only works when `DEBUG=True` or in build environments
### Docker Build Support
The Django settings are designed to work seamlessly during Docker builds:
1. **Build environment detection**: Automatically detects Docker builds, CI environments
2. **Fallback activation**: Uses fallback key during build without requiring environment variables
3. **No build-time secrets**: No need to provide `VORGABENUI_SECRET` during `docker build`
4. **Runtime security**: Production containers still require the proper environment variable
**Supported build environments:**
- Docker builds (`DOCKER_BUILDKIT`)
- CI environments (`CI`)
- GitHub Actions (`GITHUB_ACTIONS`)
- Gitea Actions (`GITEA_ACTIONS`)
- Local development (`DEBUG=True`)
### Manual Environment Variable ### Manual Environment Variable
@@ -159,12 +253,22 @@ This setup includes multiple approaches to prevent ArgoCD from trying to deploy
### Django fails to start with "VORGABENUI_SECRET environment variable is required" ### Django fails to start with "VORGABENUI_SECRET environment variable is required"
This means the environment variable is not set in your pod and DEBUG=False. Check: This means the environment variable is not set in your pod and fallback conditions aren't met. Check:
1. The secret exists: `kubectl get secret vorgabenui-secrets -n vorgabenui` 1. **Secret exists**: `kubectl get secret vorgabenui-secrets -n vorgabenui`
2. The deployment references the secret correctly 2. **Deployment references secret correctly**: Check `argocd/deployment.yaml` env section
3. The pod has the environment variable: `kubectl exec <pod-name> -n vorgabenui -- env | grep VORGABENUI_SECRET` 3. **Pod has environment variable**: `kubectl exec <pod-name> -n vorgabenui -- env | grep VORGABENUI_SECRET`
4. For local development, ensure `DEBUG=True` to use the fallback key 4. **For local development**: Ensure `DEBUG=True` to use the fallback key
5. **For Docker builds**: Build should work automatically with fallback
### Docker build fails with SECRET_KEY error
This should no longer happen with the updated settings. If you still see issues:
1. **Check build environment variables**: Build should detect `DOCKER_BUILDKIT=1`
2. **Verify settings changes**: Ensure the updated `settings.py` is being used
3. **Force environment detection**: Set `CI=1` during build if needed
4. **Use explicit DEBUG**: Set `DEBUG=True` during build as fallback
### Secret deployment fails ### Secret deployment fails
@@ -192,9 +296,24 @@ To rotate the SECRET_KEY:
## Script Options ## Script Options
### ArgoCD Production Script (`deploy-argocd-secret.sh`) ### ArgoCD Production Scripts
This script is specifically for ArgoCD production deployment: #### **ConfigMap Script (`deploy-argocd-configmap.sh`)**
Deploy Django configuration (non-sensitive):
- `--verify-only` - Only verify existing ConfigMap, don't deploy
- `--dry-run` - Show what would be deployed without applying
- `-h, --help` - Show help message
Configuration is hardcoded for ArgoCD:
- Namespace: `vorgabenui`
- ConfigMap name: `django-config`
- ConfigMap file: `argocd/configmap.yaml`
#### **Secret Script (`deploy-argocd-secret.sh`)**
Deploy sensitive configuration:
- `--verify-only` - Only verify existing secret, don't create new one - `--verify-only` - Only verify existing secret, don't create new one
- `--dry-run` - Show what would be done without making changes - `--dry-run` - Show what would be done without making changes
@@ -240,3 +359,25 @@ If you're migrating from a completely hardcoded key:
5. **Deploy the updated settings.py** after confirming the secret works 5. **Deploy the updated settings.py** after confirming the secret works
The ArgoCD deployment (`argocd/deployment.yaml`) now includes the environment variable configuration, so Django will automatically pick up the secret after deployment. The ArgoCD deployment (`argocd/deployment.yaml`) now includes the environment variable configuration, so Django will automatically pick up the secret after deployment.
## Deployment Order
**Critical: Deploy resources in this order:**
1. **ConfigMap first** (required for Django to start):
```bash
./scripts/deploy-argocd-configmap.sh
```
2. **Secret second** (contains sensitive data):
```bash
./scripts/deploy-argocd-secret.sh
```
3. **Application deployment** (ArgoCD will sync this automatically):
```bash
kubectl apply -f argocd/deployment.yaml
# OR let ArgoCD sync from Git
```
If you deploy in the wrong order, Django pods will fail to start because they require both the ConfigMap and Secret to be available.

2
pages/templates/base.html
View File

@@ -219,7 +219,7 @@
</p> </p>
</div> </div>
<div class="col-sm-6 text-right"> <div class="col-sm-6 text-right">
<p class="text-muted">Version {{ version|default:"0.977" }}</p> <p class="text-muted">Version {{ version|default:"0.978" }}</p>
</div> </div>
</div> </div>
</div> </div>

216
scripts/deploy-argocd-configmap.sh Executable file
View File

@@ -0,0 +1,216 @@
#!/bin/bash
# deploy-argocd-configmap.sh
# Script to deploy Django ConfigMap to vorgabenui namespace for ArgoCD
set -euo pipefail
# ArgoCD-specific configuration (hardcoded for consistency)
NAMESPACE="vorgabenui"
CONFIGMAP_NAME="django-config"
SCRIPT_DIR="$(dirname "$0")"
ARGOCD_DIR="$SCRIPT_DIR/../argocd"
CONFIGMAP_FILE="$ARGOCD_DIR/configmap.yaml"
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Logging functions
log_info() {
echo -e "${GREEN}[INFO]${NC} $1"
}
log_warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
log_step() {
echo -e "${BLUE}[STEP]${NC} $1"
}
# Function to check if kubectl is available
check_kubectl() {
if ! command -v kubectl &> /dev/null; then
log_error "kubectl is not installed or not in PATH"
exit 1
fi
}
# Function to check if configmap file exists
check_configmap_file() {
if [ ! -f "$CONFIGMAP_FILE" ]; then
log_error "ConfigMap file not found: $CONFIGMAP_FILE"
log_error "Expected ArgoCD ConfigMap file at: $CONFIGMAP_FILE"
exit 1
fi
}
# Function to deploy the configmap
deploy_configmap() {
log_step "Deploying ConfigMap '$CONFIGMAP_NAME' to namespace '$NAMESPACE'..."
kubectl apply -f "$CONFIGMAP_FILE"
if [ $? -eq 0 ]; then
log_info "Successfully deployed ConfigMap '$CONFIGMAP_NAME'"
return 0
else
log_error "Failed to deploy ConfigMap '$CONFIGMAP_NAME'"
return 1
fi
}
# Function to verify the configmap
verify_configmap() {
log_step "Verifying ConfigMap deployment..."
if kubectl get configmap "$CONFIGMAP_NAME" --namespace="$NAMESPACE" &> /dev/null; then
log_info "✅ ConfigMap '$CONFIGMAP_NAME' exists in namespace '$NAMESPACE'"
echo ""
log_info "ConfigMap details:"
kubectl describe configmap "$CONFIGMAP_NAME" --namespace="$NAMESPACE"
echo ""
log_info "ConfigMap data:"
kubectl get configmap "$CONFIGMAP_NAME" --namespace="$NAMESPACE" -o yaml | grep -A 20 "^data:"
return 0
else
log_error "❌ ConfigMap '$CONFIGMAP_NAME' not found in namespace '$NAMESPACE'"
return 1
fi
}
# Function to show usage
show_usage() {
echo "ArgoCD ConfigMap Deployment Script for VorgabenUI"
echo ""
echo "Usage: $0 [OPTIONS]"
echo ""
echo "This script deploys Django configuration to the vorgabenui namespace for ArgoCD."
echo ""
echo "Options:"
echo " -h, --help Show this help message"
echo " --verify-only Only verify existing ConfigMap, don't deploy"
echo " --dry-run Show what would be deployed without applying"
echo ""
echo "Configuration (hardcoded for ArgoCD):"
echo " Namespace: $NAMESPACE"
echo " ConfigMap Name: $CONFIGMAP_NAME"
echo " ConfigMap File: $CONFIGMAP_FILE"
echo ""
echo "Examples:"
echo " $0 # Deploy ConfigMap"
echo " $0 --verify-only # Verify existing ConfigMap"
echo " $0 --dry-run # Preview deployment"
echo ""
echo "Note: Run this before deploying the ArgoCD deployment to ensure configuration is available."
}
# Parse command line arguments
VERIFY_ONLY=false
DRY_RUN=false
while [[ $# -gt 0 ]]; do
case $1 in
--verify-only)
VERIFY_ONLY=true
shift
;;
--dry-run)
DRY_RUN=true
shift
;;
-h|--help)
show_usage
exit 0
;;
*)
log_error "Unknown option: $1"
show_usage
exit 1
;;
esac
done
# Main execution
main() {
echo ""
log_info "🚀 ArgoCD Django ConfigMap Deployment Script"
log_info "============================================"
echo ""
log_info "Target Configuration:"
log_info " Namespace: $NAMESPACE"
log_info " ConfigMap Name: $CONFIGMAP_NAME"
log_info " ConfigMap File: $CONFIGMAP_FILE"
echo ""
# Perform checks
log_step "Performing pre-flight checks..."
check_kubectl
check_configmap_file
log_info "✅ All pre-flight checks passed"
echo ""
# Verify-only mode
if [ "$VERIFY_ONLY" = true ]; then
log_info "🔍 Verify-only mode - checking existing ConfigMap"
verify_configmap
exit $?
fi
# Dry-run mode
if [ "$DRY_RUN" = true ]; then
log_info "🔍 Dry-run mode - showing what would be deployed:"
echo ""
log_info "ConfigMap content that would be deployed:"
cat "$CONFIGMAP_FILE"
echo ""
log_info "Would run: kubectl apply -f $CONFIGMAP_FILE"
echo ""
log_info "Run without --dry-run to execute the deployment"
exit 0
fi
# Create namespace if it doesn't exist
if ! kubectl get namespace "$NAMESPACE" &> /dev/null; then
log_warn "Namespace '$NAMESPACE' does not exist, creating..."
kubectl create namespace "$NAMESPACE"
log_info "✅ Created namespace '$NAMESPACE'"
fi
# Deploy the ConfigMap
if deploy_configmap; then
echo ""
# Verify deployment
verify_configmap
echo ""
log_info "🎉 ConfigMap deployment completed successfully!"
echo ""
log_info "📋 Next steps:"
log_info "1. Deploy the secret (if not already done):"
echo " ./scripts/deploy-argocd-secret.sh"
echo ""
log_info "2. Apply the updated deployment:"
echo " kubectl apply -f argocd/deployment.yaml"
echo ""
log_info "3. Verify Django pods start with proper configuration"
echo ""
else
log_error "ConfigMap deployment failed"
exit 1
fi
}
# Run main function
main

28
templates/configmap.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: django-config
namespace: vorgabenui
data:
# Django Configuration
DEBUG: "false"
DJANGO_ALLOWED_HOSTS: "vorgabenportal.knowyoursecurity.com,localhost,127.0.0.1"
DJANGO_SETTINGS_MODULE: "VorgabenUI.settings"
# Application Configuration
LANGUAGE_CODE: "de-ch"
TIME_ZONE: "UTC"
# Static and Media Configuration
STATIC_URL: "/static/"
MEDIA_URL: "/media/"
# Database Configuration (for future use)
# DATABASE_ENGINE: "django.db.backends.sqlite3"
# DATABASE_NAME: "/app/data/db.sqlite3"
# Security Configuration
# CSRF_TRUSTED_ORIGINS: "https://vorgabenportal.knowyoursecurity.com"
# Performance Configuration
# DATA_UPLOAD_MAX_NUMBER_FIELDS: "10250"