7a63135d26
DatabaseAdminController's active-queries and kill-query endpoints could
expose SQL text from other tenants sharing the same PostgreSQL instance.
Added ApplicationName=tenant_{id} to the JDBC URL and filter
pg_stat_activity by application_name so each tenant only sees its own
connections.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
56 lines
1.5 KiB
YAML
56 lines
1.5 KiB
YAML
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
kind: Kustomization
|
|
namespace: cameleer
|
|
resources:
|
|
- ../../base
|
|
patches:
|
|
# Server Service: NodePort 30081
|
|
- target:
|
|
kind: Service
|
|
name: cameleer3-server
|
|
patch: |
|
|
- op: replace
|
|
path: /spec/type
|
|
value: NodePort
|
|
- op: add
|
|
path: /spec/ports/0/nodePort
|
|
value: 30081
|
|
# UI Service: NodePort 30090
|
|
- target:
|
|
kind: Service
|
|
name: cameleer3-ui
|
|
patch: |
|
|
- op: replace
|
|
path: /spec/type
|
|
value: NodePort
|
|
- op: add
|
|
path: /spec/ports/0/nodePort
|
|
value: 30090
|
|
# Server Deployment: same-namespace DNS + production UI origin
|
|
- patch: |
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: cameleer3-server
|
|
spec:
|
|
template:
|
|
spec:
|
|
containers:
|
|
- name: server
|
|
env:
|
|
- name: CAMELEER_SERVER_SECURITY_UIORIGIN
|
|
value: "http://192.168.50.86:30090"
|
|
- name: SPRING_DATASOURCE_URL
|
|
value: "jdbc:postgresql://cameleer-postgres:5432/cameleer3?currentSchema=public&ApplicationName=tenant_default"
|
|
# UI ConfigMap: production API URL
|
|
- target:
|
|
kind: ConfigMap
|
|
name: cameleer3-ui-config
|
|
patch: |
|
|
- op: replace
|
|
path: /data/config.js
|
|
value: |
|
|
window.__CAMELEER_CONFIG__ = {
|
|
apiBaseUrl: 'http://192.168.50.86:30081/api/v1',
|
|
};
|