cameleer/cameleer-server
1
0
Fork 0
Code Issues 42 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7a63135d26e5baecfc1c7f96134cda99a59c0a0c
cameleer-server/deploy/overlays/feature/kustomization.yaml
hsiegeln 7a63135d26
Some checks failed
CI / cleanup-branch (push) Has been skipped
Details
CI / build (push) Failing after 36s
Details
CI / docker (push) Has been skipped
Details
CI / deploy (push) Has been skipped
Details
CI / deploy-feature (push) Has been skipped
Details
fix: scope pg_stat_activity queries by ApplicationName for tenant isolation 
DatabaseAdminController's active-queries and kill-query endpoints could
expose SQL text from other tenants sharing the same PostgreSQL instance.
Added ApplicationName=tenant_{id} to the JDBC URL and filter
pg_stat_activity by application_name so each tenant only sees its own
connections.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-14 23:51:13 +02:00

41 lines
1.2 KiB
YAML
Raw Blame History

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: BRANCH_NAMESPACE
resources:
- ../../base
- ingress.yaml
- init-job.yaml
images:
- name: gitea.siegeln.net/cameleer/cameleer3-server
newTag: BRANCH_SHA
- name: gitea.siegeln.net/cameleer/cameleer3-server-ui
newTag: BRANCH_SHA
patches:
# Server Deployment: branch-specific schema, index prefix, UI origin
- patch: |
apiVersion: apps/v1
kind: Deployment
metadata:
name: cameleer3-server
spec:
template:
spec:
containers:
- name: server
env:
- name: SPRING_DATASOURCE_URL
value: "jdbc:postgresql://cameleer-postgres.cameleer.svc.cluster.local:5432/cameleer3?currentSchema=BRANCH_SCHEMA&ApplicationName=BRANCH_SCHEMA"
- name: CAMELEER_SERVER_SECURITY_UIORIGIN
value: "http://BRANCH_SLUG.cameleer.siegeln.net"
# UI ConfigMap: branch-specific API URL
- target:
kind: ConfigMap
name: cameleer3-ui-config
patch: |
- op: replace
path: /data/config.js
value: |
window.__CAMELEER_CONFIG__ = {
apiBaseUrl: '/api/v1',
};
Reference in New Issue View Git Blame Copy Permalink