From d72873dacf45405fb4014af699f6dbc289e115bd Mon Sep 17 00:00:00 2001 From: emelinda Date: Tue, 14 Apr 2026 15:02:36 +0300 Subject: [PATCH] Replace static S3 credentials with secret-based environment variables in attachments app deployment configuration --- apps/attachments/base/deployment.yaml | 41 ++++++++++++++++++++++----- 1 file changed, 34 insertions(+), 7 deletions(-) diff --git a/apps/attachments/base/deployment.yaml b/apps/attachments/base/deployment.yaml index 1193576..5a1533f 100644 --- a/apps/attachments/base/deployment.yaml +++ b/apps/attachments/base/deployment.yaml @@ -29,16 +29,43 @@ spec: value: "10" - name: API_ADDRESS value: 0.0.0.0:8000 - - name: YANDEX_S3_ACCOUNT_PATH - value: /etc/sarex/yc-s3-storage/yc-s3-service-account.json + - name: YANDEX_S3_ENDPOINT_URL + valueFrom: + secretKeyRef: + name: s3-secret + key: endpoint + - name: YANDEX_S3_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: s3-secret + key: login + - name: YANDEX_S3_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: s3-secret + key: password + - name: YANDEX_S3_USE_SSL + valueFrom: + secretKeyRef: + name: s3-secret + key: use_ssl + - name: YANDEX_S3_REGION + valueFrom: + secretKeyRef: + name: s3-secret + key: region + - name: YANDEX_S3_VERIFY + valueFrom: + secretKeyRef: + name: s3-secret + key: verify - name: BUCKET_NAME - value: attachments-storage + valueFrom: + secretKeyRef: + name: s3-secret + key: bucket - name: DATABASE_SSL_MODE value: disable - - name: YANDEX_S3_VERIFY - value: "false" - - name: YANDEX_S3_USE_SSL - value: "false" - name: DATABASE_HOST value: "postgresql.attachments" - name: DATABASE_PORT