fix(official-bots): mount JWT public key from ncs-jwt-keys (#413)
The official-bots rollout never mounted the ncs-jwt-keys secret nor set JWT_PUBLIC_KEY_PATH, so the service fell back to the image-baked public.pem, which does not match the deployed signing key. Every token failed RS256 verification -> 401. Mount ncs-jwt-keys at /secrets/jwt and point JWT_PUBLIC_KEY_PATH there, mirroring account/core/tournament. Verify-only, no private key. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Reviewed-on: #413
This commit was merged in pull request #413.
This commit is contained in:
@@ -441,6 +441,12 @@ spec:
|
||||
key: INTERNAL_SECRET
|
||||
- name: ACCOUNT_SERVICE_URL
|
||||
value: http://nowchess-account:8083
|
||||
- name: JWT_PUBLIC_KEY_PATH
|
||||
value: /secrets/jwt/public.pem
|
||||
volumeMounts:
|
||||
- name: jwt-keys
|
||||
mountPath: /secrets/jwt
|
||||
readOnly: true
|
||||
ports:
|
||||
- containerPort: 8088
|
||||
protocol: TCP
|
||||
@@ -463,6 +469,10 @@ spec:
|
||||
limits:
|
||||
cpu: "500m"
|
||||
memory: "256Mi"
|
||||
volumes:
|
||||
- name: jwt-keys
|
||||
secret:
|
||||
secretName: ncs-jwt-keys
|
||||
rollbackWindow:
|
||||
revisions: 3
|
||||
strategy:
|
||||
|
||||
Reference in New Issue
Block a user