Move ClickHouse credentials to K8s Secret and add health probes

- ClickHouse user/password now injected via `clickhouse-credentials` Secret instead of hardcoded plaintext in deploy manifests (#33) - CI deploy step creates the secret idempotently from Gitea CI secrets - Added liveness/readiness probes: server uses /api/v1/health, ClickHouse uses /ping (#35) - Updated HOWTO.md and CLAUDE.md with new secrets and probe details Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-13 10:59:15 +01:00
parent d229365eaf
commit 9c2391e5d4
5 changed files with 59 additions and 6 deletions
--- a/deploy/server.yaml
+++ b/deploy/server.yaml
@@ -24,9 +24,15 @@ spec:
            - name: SPRING_DATASOURCE_URL
              value: "jdbc:ch://clickhouse:8123/cameleer3"
            - name: SPRING_DATASOURCE_USERNAME
-              value: "cameleer"
+              valueFrom:
+                secretKeyRef:
+                  name: clickhouse-credentials
+                  key: CLICKHOUSE_USER
            - name: SPRING_DATASOURCE_PASSWORD
-              value: "cameleer_dev"
+              valueFrom:
+                secretKeyRef:
+                  name: clickhouse-credentials
+                  key: CLICKHOUSE_PASSWORD
            - name: CAMELEER_AUTH_TOKEN
              valueFrom:
                secretKeyRef:
@@ -39,6 +45,22 @@ spec:
            limits:
              memory: "512Mi"
              cpu: "500m"
+          livenessProbe:
+            httpGet:
+              path: /api/v1/health
+              port: 8081
+            initialDelaySeconds: 30
+            periodSeconds: 10
+            timeoutSeconds: 3
+            failureThreshold: 3
+          readinessProbe:
+            httpGet:
+              path: /api/v1/health
+              port: 8081
+            initialDelaySeconds: 10
+            periodSeconds: 5
+            timeoutSeconds: 3
+            failureThreshold: 3
 ---
 apiVersion: v1
 kind: Service