transfer key to secret

deployment/deploy-yml.tmpl

@@ -25,8 +25,9 @@ spec:
           volumeMounts:
             - name: bind-zones
               mountPath: /etc/named/zones
-            - name: bind-keys
+            - name: transfer-key-secret
               mountPath: /etc/named/keys
+              readOnly: true
           resources:
             requests:
               memory: "128Mi"
@@ -48,9 +49,9 @@ spec:
         - name: bind-zones
           persistentVolumeClaim:
             claimName: bind-hidden-primary-zones
-        - name: bind-keys
-          persistentVolumeClaim:
-            claimName: bind-hidden-primary-keys
+        - name: transfer-key-secret
+          secret:
+            secretName: transfer-key
 ---
 apiVersion: v1
 kind: Service
@@ -81,19 +82,6 @@ spec:
     - ReadWriteOnce
   resources:
     requests:
-      storage: 100Mi
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: bind-hidden-primary-keys
-  labels:
-    app: bind-hidden-primary
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 100Mi
+      storage: 1Gi
 
 

deployment/deploy.sh

@@ -12,11 +12,23 @@ DEPLOYMENT_DIR=$PWD/deployment
 
 pushd $DEPLOYMENT_DIR > /dev/null
 
+if [ ! -f transfer-key.conf ]; then
+  gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output transfer-key.conf transfer-key.conf.asc
+fi
+
 kubectl create namespace $NAMESPACE \
   --dry-run=client \
   -o yaml | \
   kubectl -f - apply
 
+# Create secret for transfer-key
+kubectl create secret generic transfer-key \
+  --from-file=transfer-key.conf=transfer-key.conf \
+  --namespace=$NAMESPACE \
+  --dry-run=client \
+  -o yaml | \
+  kubectl apply -f -
+
 
 cat $DEPLOYMENT_DIR/deploy-yml.tmpl | \
   sed -e 's,%IMAGE%,'$IMAGE_NAME':'$IMAGE_TAG','g | \