feat: Discord/Gmail 알림 기능 추가
Some checks failed
Build and Push Images / build-backend (push) Has been cancelled
Some checks failed
Build and Push Images / build-backend (push) Has been cancelled
This commit is contained in:
qorgh529
@@ -13,6 +13,7 @@ spec:
|
||||
labels:
|
||||
app: backend
|
||||
spec:
|
||||
serviceAccountName: portal-backend-sa
|
||||
imagePullSecrets:
|
||||
- name: gitea-registry-secret
|
||||
containers:
|
||||
@@ -40,6 +41,30 @@ spec:
|
||||
secretKeyRef:
|
||||
name: portal-secrets
|
||||
key: jwt-secret
|
||||
- name: DISCORD_WEBHOOK_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: notify-secrets
|
||||
key: discord-webhook-url
|
||||
- name: GMAIL_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: notify-secrets
|
||||
key: gmail-user
|
||||
- name: GMAIL_APP_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: notify-secrets
|
||||
key: gmail-app-password
|
||||
- name: ALERT_EMAIL_TO
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: notify-secrets
|
||||
key: alert-email-to
|
||||
- name: NAMESPACE
|
||||
value: web-portal
|
||||
- name: ALERT_CERT_DAYS
|
||||
value: "30"
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
|
||||
59
k8s/12-monitor-rbac.yaml
Executable file
59
k8s/12-monitor-rbac.yaml
Executable file
@@ -0,0 +1,59 @@
|
||||
# 백엔드 Pod가 K8s API에서 Pod/Certificate 정보를 읽을 수 있도록 권한 부여
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: portal-backend-sa
|
||||
namespace: web-portal
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: portal-monitor-role
|
||||
namespace: web-portal
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["pods"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: ["cert-manager.io"]
|
||||
resources: ["certificates"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: portal-monitor-rolebinding
|
||||
namespace: web-portal
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: portal-backend-sa
|
||||
namespace: web-portal
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: portal-monitor-role
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
# gitea, argocd 네임스페이스 인증서 읽기 권한
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: portal-cert-reader
|
||||
rules:
|
||||
- apiGroups: ["cert-manager.io"]
|
||||
resources: ["certificates"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: [""]
|
||||
resources: ["pods"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: portal-cert-reader-binding
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: portal-backend-sa
|
||||
namespace: web-portal
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: portal-cert-reader
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
Reference in New Issue
Block a user