diff --git a/services/finance-service/base/deployment.yaml b/services/finance-service/base/deployment.yaml index 8eabd7e..b1de485 100644 --- a/services/finance-service/base/deployment.yaml +++ b/services/finance-service/base/deployment.yaml @@ -102,6 +102,30 @@ spec: value: "true" - name: JAEGER_ENDPOINT value: "jaeger-collector.observability.svc.cluster.local:4317" + # MinIO storage — used by GetExportDownloadURL to issue presigned + # download URLs for rm_cost_export artifacts. The presign client + # MUST be built against the same public endpoint browsers will + # reach because AWS SigV4 binds the signature to the Host header. + - name: MINIO_ENDPOINT + value: "minio.minio.svc.cluster.local:9000" + - name: MINIO_BUCKET + value: "goapps-staging" # overridden per environment via kustomize + - name: MINIO_USE_SSL + value: "true" + - name: MINIO_INSECURE_SKIP_VERIFY + value: "true" # self-signed certs in cluster + - name: MINIO_PUBLIC_URL + value: "" # overridden per environment via kustomize + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: minio-secret + key: MINIO_ROOT_USER + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: minio-secret + key: MINIO_ROOT_PASSWORD resources: requests: memory: "128Mi" diff --git a/services/finance-service/overlays/production/kustomization.yaml b/services/finance-service/overlays/production/kustomization.yaml index 1df8a9a..e12d3bf 100644 --- a/services/finance-service/overlays/production/kustomization.yaml +++ b/services/finance-service/overlays/production/kustomization.yaml @@ -8,6 +8,7 @@ patches: - path: patches/resources.yaml - path: patches/ingress-host.yaml - path: patches/env-cors.yaml +- path: patches/env-storage.yaml images: - name: ghcr.io/mutugading/finance-service newTag: 88bd656 diff --git a/services/finance-service/overlays/production/patches/env-storage.yaml b/services/finance-service/overlays/production/patches/env-storage.yaml new file mode 100644 index 0000000..a9d8981 --- /dev/null +++ b/services/finance-service/overlays/production/patches/env-storage.yaml @@ -0,0 +1,16 @@ +# Per-environment overrides: MinIO bucket + public URL for production. +# Credentials and other connection settings come from the base deployment. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: finance-service +spec: + template: + spec: + containers: + - name: finance-service + env: + - name: MINIO_BUCKET + value: "goapps-production" + - name: MINIO_PUBLIC_URL + value: "https://goapps.mutugading.com:30091" diff --git a/services/finance-service/overlays/staging/kustomization.yaml b/services/finance-service/overlays/staging/kustomization.yaml index 1d39bf8..60202fd 100644 --- a/services/finance-service/overlays/staging/kustomization.yaml +++ b/services/finance-service/overlays/staging/kustomization.yaml @@ -8,6 +8,7 @@ patches: - path: patches/resources.yaml - path: patches/ingress-host.yaml - path: patches/env-cors.yaml +- path: patches/env-storage.yaml images: - name: ghcr.io/mutugading/finance-service newTag: 88bd656 diff --git a/services/finance-service/overlays/staging/patches/env-storage.yaml b/services/finance-service/overlays/staging/patches/env-storage.yaml new file mode 100644 index 0000000..15accd8 --- /dev/null +++ b/services/finance-service/overlays/staging/patches/env-storage.yaml @@ -0,0 +1,16 @@ +# Per-environment overrides: MinIO bucket + public URL for staging. +# Credentials and other connection settings come from the base deployment. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: finance-service +spec: + template: + spec: + containers: + - name: finance-service + env: + - name: MINIO_BUCKET + value: "goapps-staging" + - name: MINIO_PUBLIC_URL + value: "https://staging-goapps.mutugading.com:30091"