feat(frontstage): move clerk key to kube secrets

Author: ramchaik

k8s/frontstage.yaml

@@ -28,6 +28,24 @@ spec:
               value: "http://launchpad-service"
             - name: LOGS_BACKEND_API_HOST
               value: "http://logify-service"
+            - name: NEXT_PUBLIC_CLERK_SIGN_IN_URL
+              value: "/sign-in"
+            - name: NEXT_PUBLIC_CLERK_SIGN_UP_URL
+              value: "/sign-up"
+            - name: NEXT_PUBLIC_CLERK_AFTER_SIGN_IN_URL
+              value: "/dashboard"
+            - name: NEXT_PUBLIC_CLERK_AFTER_SIGN_UP_URL
+              value: "/dashboard"
+            - name: NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: clerk-keys
+                  key: NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY
+            - name: CLERK_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: clerk-keys
+                  key: CLERK_SECRET_KEY
           resources:
             limits:
               cpu: 500m

src/forge/cmd/worker/main.go

@@ -11,7 +11,6 @@ import (
 )
 
 func main() {
-
 	appEnv := os.Getenv("APP_ENV")
 	if appEnv == "local" {
 		if err := godotenv.Load(); err != nil {

src/frontstage/Dockerfile

@@ -25,7 +25,6 @@ COPY --from=builder /app/public ./public
 COPY --from=builder /app/package.json ./package.json
 COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
 COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
-COPY .env.local ./
 
 USER nextjs
 

tf/main.tf

@@ -163,6 +163,18 @@ resource "kubernetes_secret" "aws_credentials" {
   }
 }
 
+resource "kubernetes_secret" "clerk_keys" {
+  metadata {
+    name      = "clerk-keys"
+    namespace = "aether"
+  }
+
+  data = {
+    NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY = base64encode(var.next_public_clerk_publishable_key)
+    CLERK_SECRET_KEY                  = base64encode(var.clerk_secret_key)
+  }
+}
+
 resource "null_resource" "delete_eks_resources" {
   triggers = {
     cluster_name = aws_eks_cluster.main.name

tf/variables.tf

@@ -106,3 +106,13 @@ variable "aws_session_token" {
   type      = string
   sensitive = true
 }
+
+variable "next_public_clerk_publishable_key" {
+  description = "Publishable key for Clerk"
+  type        = string
+}
+
+variable "clerk_secret_key" {
+  description = "Secret key for Clerk"
+  type        = string
+}