From d8b8b94fb97ce4627c50e00d0c7a9e660179eefc Mon Sep 17 00:00:00 2001 From: Chad Roberts Date: Thu, 1 Apr 2021 00:25:24 -0400 Subject: [PATCH] Use secret param in JH DB for postgres pass (#362) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Václav Pavlín --- jupyterhub/README.md | 4 ++++ jupyterhub/jupyterhub/base/jupyterhub-db-dc.yaml | 7 ++----- jupyterhub/jupyterhub/base/jupyterhub-dc.yaml | 4 ++-- jupyterhub/jupyterhub/base/jupyterhub-secret.yaml | 1 - jupyterhub/jupyterhub/base/params.yaml | 2 ++ 5 files changed, 10 insertions(+), 8 deletions(-) diff --git a/jupyterhub/README.md b/jupyterhub/README.md index abe72cfb9..b77094d2e 100644 --- a/jupyterhub/README.md +++ b/jupyterhub/README.md @@ -25,6 +25,10 @@ Name of the storage class to be used for PVCs created by JupyterHub component. T A ConfigMap containing comma separated lists of groups which would be used as Admin and User groups for JupyterHub. The default ConfgiMap can be found [here](jupyterhub/base/jupyterhub-groups-configmap.yaml). +#### jupyterhub_secret + +A Secret containing configuration values like JupyterHub DB password or COOKIE_SECRET. The default Secret can be found [here](jupyterhub/base/jupyterhub-secret.yaml). + ##### Examples ``` diff --git a/jupyterhub/jupyterhub/base/jupyterhub-db-dc.yaml b/jupyterhub/jupyterhub/base/jupyterhub-db-dc.yaml index 42852b29e..69a973b25 100644 --- a/jupyterhub/jupyterhub/base/jupyterhub-db-dc.yaml +++ b/jupyterhub/jupyterhub/base/jupyterhub-db-dc.yaml @@ -25,14 +25,11 @@ spec: - image: registry.redhat.io/rhel8/postgresql-96 env: - name: POSTGRESQL_USER - valueFrom: - secretKeyRef: - name: jupyterhub - key: POSTGRESQL_USER + value: jupyterhub - name: POSTGRESQL_PASSWORD valueFrom: secretKeyRef: - name: jupyterhub + name: $(jupyterhub_secret) key: POSTGRESQL_PASSWORD - name: POSTGRESQL_DATABASE value: jupyterhub diff --git a/jupyterhub/jupyterhub/base/jupyterhub-dc.yaml b/jupyterhub/jupyterhub/base/jupyterhub-dc.yaml index b61ac12f2..08fc41463 100644 --- a/jupyterhub/jupyterhub/base/jupyterhub-dc.yaml +++ b/jupyterhub/jupyterhub/base/jupyterhub-dc.yaml @@ -32,7 +32,7 @@ spec: - name: JUPYTERHUB_DATABASE_PASSWORD valueFrom: secretKeyRef: - name: jupyterhub + name: $(jupyterhub_secret) key: POSTGRESQL_PASSWORD - name: JUPYTERHUB_DATABASE_HOST value: jupyterhub-db @@ -101,7 +101,7 @@ spec: - name: JUPYTERHUB_DATABASE_PASSWORD valueFrom: secretKeyRef: - name: jupyterhub + name: $(jupyterhub_secret) key: POSTGRESQL_PASSWORD - name: JUPYTERHUB_DATABASE_HOST value: jupyterhub-db diff --git a/jupyterhub/jupyterhub/base/jupyterhub-secret.yaml b/jupyterhub/jupyterhub/base/jupyterhub-secret.yaml index 579423f51..aa855504d 100644 --- a/jupyterhub/jupyterhub/base/jupyterhub-secret.yaml +++ b/jupyterhub/jupyterhub/base/jupyterhub-secret.yaml @@ -6,7 +6,6 @@ metadata: label: app: jupyterhub data: - POSTGRESQL_USER: anVweXRlcmh1Yg== # "jupyterhub" POSTGRESQL_PASSWORD: c2VjcmV0cGFzc3dvcmQ= # "secretpassword" PROMETHEUS_API_TOKEN: ZDE2ZGMwZDFhY2YyMTMxMzY3ZmZmM2E3MjQzNmZhOTFlZTEzYjcxODgwY2JhZjZlMjMxMWZlNmZkZDU2NTM4NA== # "openssl rand -hex 32 | base64" CONFIGPROXY_AUTH_TOKEN: M2MxNTVjZTczNDQ1NzNhOTRiMjA5YmM4NzVjMmE3NDliN2ZhZGVhMDdlOTQyMGFhYzQyZGJjZjYyYWIwODMxZQ== # "openssl rand -hex 32 | base64" diff --git a/jupyterhub/jupyterhub/base/params.yaml b/jupyterhub/jupyterhub/base/params.yaml index 10af3d6e6..d41972057 100644 --- a/jupyterhub/jupyterhub/base/params.yaml +++ b/jupyterhub/jupyterhub/base/params.yaml @@ -10,3 +10,5 @@ varReference: kind: DeploymentConfig - path: spec/template/spec/containers/env/valueFrom/secretKeyRef/name kind: DeploymentConfig +- path: spec/template/spec/initContainers/env/valueFrom/secretKeyRef/name + kind: DeploymentConfig