diff options
| author |   Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-02-04 21:16:50 +0100 |
|---|---|---|
| committer | Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-02-07 17:11:24 +0100 |
| commit | f1f945b51303ad1ace8c2268b0a0f39bcb549d0b (patch) | |
| tree | 5ca0c9c8f97379a01b97af6b6a703ef11ddcef37 /kubernetes/common | |
| parent | ac651828821791f9475d997e1f55658b3662c184 (diff) | |
[COMMON] Use common secret template in postgres
Use common secret template for storing DB credentials
Issue-ID: OOM-2250
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ic640bba21a368cf3dd7d3a712abd13907b86a217
Diffstat (limited to 'kubernetes/common')
| -rw-r--r-- | kubernetes/common/common/templates/_postgres.tpl | 65 | ||||
| -rw-r--r-- | kubernetes/common/postgres/templates/_deployment.tpl | 17 | ||||
| -rw-r--r-- | kubernetes/common/postgres/templates/secrets.yaml | 17 | ||||
| -rw-r--r-- | kubernetes/common/postgres/values.yaml | 18 |
4 files changed, 88 insertions, 29 deletions
diff --git a/kubernetes/common/common/templates/_postgres.tpl b/kubernetes/common/common/templates/_postgres.tpl new file mode 100644 index 0000000000..45d903e574 --- /dev/null +++ b/kubernetes/common/common/templates/_postgres.tpl @@ -0,0 +1,65 @@ +{{/* +# Copyright © 2019 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{/* + UID of postgres root password +*/}} +{{- define "common.postgres.secret.rootPassUID" -}} + {{- printf "db-root-password" }} +{{- end -}} + +{{/* + Name of postgres secret +*/}} +{{- define "common.postgres.secret._secretName" -}} + {{- $global := .dot }} + {{- $chartName := tpl .chartName $global -}} + {{- include "common.secret.genName" (dict "global" $global "uid" (include .uidTemplate $global) "chartName" $chartName) }} +{{- end -}} + +{{/* + Name of postgres root password secret +*/}} +{{- define "common.postgres.secret.rootPassSecretName" -}} + {{- include "common.postgres.secret._secretName" (set . "uidTemplate" "common.postgres.secret.rootPassUID") }} +{{- end -}} + +{{/* + UID of postgres user credentials +*/}} +{{- define "common.postgres.secret.userCredentialsUID" -}} + {{- printf "db-user-credentials" }} +{{- end -}} + +{{/* + Name of postgres user credentials secret +*/}} +{{- define "common.postgres.secret.userCredentialsSecretName" -}} + {{- include "common.postgres.secret._secretName" (set . "uidTemplate" "common.postgres.secret.userCredentialsUID") }} +{{- end -}} + +{{/* + UID of postgres primary password +*/}} +{{- define "common.postgres.secret.primaryPasswordUID" -}} + {{- printf "primary-password" }} +{{- end -}} + +{{/* + Name of postgres user credentials secret +*/}} +{{- define "common.postgres.secret.primaryPasswordSecretName" -}} + {{- include "common.postgres.secret._secretName" (set . "uidTemplate" "common.postgres.secret.primaryPasswordUID") }} +{{- end -}} diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl index 9766cb3fca..3777c1b2e4 100644 --- a/kubernetes/common/postgres/templates/_deployment.tpl +++ b/kubernetes/common/postgres/templates/_deployment.tpl @@ -88,24 +88,15 @@ spec: - name: PG_PRIMARY_PORT value: "{{ $dot.Values.service.internalPort }}" - name: PG_PRIMARY_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" $dot }} - key: pg-primary-password + {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }} - name: PG_USER - value: "{{ $dot.Values.config.pgUserName }}" + {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }} - name: PG_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" $dot }} - key: pg-user-password + {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }} - name: PG_DATABASE value: "{{ $dot.Values.config.pgDatabase }}" - name: PG_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" $dot }} - key: pg-root-password + {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }} volumeMounts: - name: pool-hba-conf mountPath: /pgconf/pool_hba.conf diff --git a/kubernetes/common/postgres/templates/secrets.yaml b/kubernetes/common/postgres/templates/secrets.yaml index db1bc5bb15..4c68015528 100644 --- a/kubernetes/common/postgres/templates/secrets.yaml +++ b/kubernetes/common/postgres/templates/secrets.yaml @@ -13,19 +13,4 @@ # # See the License for the specific language governing permissions and # # limitations under the License. */}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - pg-primary-password: {{ .Values.config.pgPrimaryPassword | b64enc | quote }} - pg-user-password: {{ .Values.config.pgUserPassword | b64enc | quote }} - pg-root-password: {{ .Values.config.pgRootPassword | b64enc | quote }} - +{{ include "common.secret" . }} diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml index 3104ee79d2..9fc25b43c9 100644 --- a/kubernetes/common/postgres/values.yaml +++ b/kubernetes/common/postgres/values.yaml @@ -22,6 +22,24 @@ global: readinessImage: readiness-check:2.0.0 ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: '{{ include "common.postgres.secret.rootPassUID" . }}' + type: password + externalSecret: '{{ tpl (default "" .Values.config.pgRootPasswordExternalSecret) . }}' + password: '{{ .Values.config.pgRootPassword }}' + - uid: '{{ include "common.postgres.secret.userCredentialsUID" . }}' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.pgUserExternalSecret) . }}' + login: '{{ .Values.config.pgUserName }}' + password: '{{ .Values.config.pgUserPassword }}' + - uid: '{{ include "common.postgres.secret.primaryPasswordUID" . }}' + type: password + externalSecret: '{{ tpl (default "" .Values.config.pgPrimaryPasswordExternalSecret) . }}' + password: '{{ .Values.config.pgPrimaryPassword }}' + +################################################################# # Application configuration defaults. ################################################################# |