notes(feishu): lark-cli config 从 secret cp 到 PVC 子目录,可读可写 + 重启保留
deploy notes / build-and-deploy (push) Successful in 1m50s
deploy notes / build-and-deploy (push) Successful in 1m50s
initContainer cp /secrets/lark-cli/config.json → /data/lark-cli/config.json (已存在不覆盖,保留运行时 refresh 过的 token);feishu sidecar 主容器 subPath mount data PVC 的 lark-cli/ 到 /root/.lark-cli,lark-cli 写 cache、 refresh 都落 PVC。
This commit is contained in:
Fam Zheng
+27
-3
@@ -36,6 +36,30 @@ spec:
|
||||
spec:
|
||||
imagePullSecrets:
|
||||
- name: registry-creds
|
||||
initContainers:
|
||||
# secret volume 是只读的,但 lark-cli 跑时要写 cache / refresh token。
|
||||
# 启动时把 secret 里的 config.json 复制到 PVC 子目录 lark-cli/,主容器再挂这个子目录到 ~/.lark-cli。
|
||||
# 已存在不覆盖(保留运行时刷新过的 token)。
|
||||
- name: lark-config-init
|
||||
image: busybox:1.36
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
mkdir -p /data/lark-cli
|
||||
if [ ! -f /data/lark-cli/config.json ]; then
|
||||
cp /secrets/lark-cli/config.json /data/lark-cli/config.json
|
||||
chmod 600 /data/lark-cli/config.json
|
||||
echo "seeded lark-cli config from secret"
|
||||
else
|
||||
echo "lark-cli config already present in PVC, leaving alone"
|
||||
fi
|
||||
volumeMounts:
|
||||
- name: lark-cli-secret
|
||||
mountPath: /secrets/lark-cli
|
||||
readOnly: true
|
||||
- name: data
|
||||
mountPath: /data
|
||||
containers:
|
||||
- name: notes
|
||||
image: registry.famzheng.me/mochi/notes:latest
|
||||
@@ -105,14 +129,14 @@ spec:
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
- name: lark-cli-config
|
||||
- name: data
|
||||
mountPath: /root/.lark-cli
|
||||
readOnly: false
|
||||
subPath: lark-cli
|
||||
volumes:
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: notes-data
|
||||
- name: lark-cli-config
|
||||
- name: lark-cli-secret
|
||||
secret:
|
||||
secretName: lark-cli-creds
|
||||
items:
|
||||
|
||||
Reference in New Issue
Block a user