Skip to content

Commit

Permalink
Merge pull request #208 from KoppulaRajender/5.3
Browse files Browse the repository at this point in the history 
5.3 | fix | loading db passwords from secrets
  • Loading branch information
@rshmiel
rshmiel committed Mar 3, 2021
2 parents b3804ec + efcc555 commit 6e4087b
Show file tree
Hide file tree
Showing 7 changed files with 58 additions and 49 deletions.
28 changes: 14 additions & 14 deletions server/templates/db-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,12 +31,12 @@ spec:
initContainers:
- name: {{ .Release.Name }}-db-init
env:
{{- if .Values.db.passwordSecret }}
{{- if .Values.db.passwordFromSecret.enabled }}
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.dbPasswordName }}
key: {{ .Values.db.dbPasswordKey }}
name: {{ .Values.db.passwordFromSecret.dbPasswordName }}
key: {{ .Values.db.passwordFromSecret.dbPasswordKey }}
{{- else }}
- name: POSTGRES_PASSWORD
valueFrom:
Expand All @@ -60,12 +60,12 @@ spec:
image: "{{ .Values.imageCredentials.repositoryUriPrefix }}/{{ .Values.db.image.repository }}:{{ .Values.db.image.tag }}"
imagePullPolicy: "{{ .Values.db.image.pullPolicy }}"
env:
{{- if .Values.db.passwordSecret }}
{{- if .Values.db.passwordFromSecret.enabled }}
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.dbPasswordName }}
key: {{ .Values.db.dbPasswordKey }}
name: {{ .Values.db.passwordFromSecret.dbPasswordName }}
key: {{ .Values.db.passwordFromSecret.dbPasswordKey }}
{{- else }}
- name: POSTGRES_PASSWORD
valueFrom:
Expand Down Expand Up @@ -141,20 +141,20 @@ spec:
{{- end }}
serviceAccount: {{ .Release.Namespace }}-sa
initContainers:
- name: {{ .Release.Name }}-db-init
- name: {{ .Release.Name }}-auditdb-init
env:
{{- if .Values.db.passwordSecret }}
{{- if .Values.db.passwordFromSecret.enabled }}
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.dbPasswordName }}
key: {{ .Values.db.dbPasswordKey }}
name: {{ .Values.db.passwordFromSecret.dbAuditPasswordName }}
key: {{ .Values.db.passwordFromSecret.dbAuditPasswordKey }}
{{- else }}
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-database-password
key: db-password
key: audit-password
{{- end }}
- name: PGDATA
value: "/var/lib/postgresql/data/db-files"
Expand All @@ -172,12 +172,12 @@ spec:
image: "{{ .Values.imageCredentials.repositoryUriPrefix }}/{{ .Values.db.image.repository }}:{{ .Values.db.image.tag }}"
imagePullPolicy: "{{ .Values.db.image.pullPolicy }}"
env:
{{- if .Values.db.passwordSecret }}
{{- if .Values.db.passwordFromSecret.enabled }}
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.dbPasswordName }}
key: {{ .Values.db.dbPasswordKey }}
name: {{ .Values.db.passwordFromSecret.dbAuditPasswordName }}
key: {{ .Values.db.passwordFromSecret.dbAuditPasswordKey }}
{{- else }}
- name: POSTGRES_PASSWORD
valueFrom:
Expand Down
2 changes: 1 addition & 1 deletion server/templates/db-password-secret.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@

{{- if not .Values.db.passwordSecret }}
{{- if not .Values.db.passwordFromSecret.enabled }}
{{- if .Values.db.external.enabled }}
---
apiVersion: v1
Expand Down
28 changes: 16 additions & 12 deletions server/templates/gate-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,12 +46,12 @@ spec:
value: "0.0.0.0:8082"
- name: SCALOCK_DBUSER
value: {{ .Values.db.external.enabled | ternary .Values.db.external.user "postgres" }}
{{- if .Values.db.passwordSecret }}
{{- if .Values.db.passwordFromSecret.enabled }}
- name: SCALOCK_DBPASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.dbPasswordName }}
key: {{ .Values.db.dbPasswordKey }}
name: {{ .Values.db.passwordFromSecret.dbPasswordName }}
key: {{ .Values.db.passwordFromSecret.dbPasswordKey }}
{{- else }}
- name: SCALOCK_DBPASSWORD
valueFrom:
Expand All @@ -71,14 +71,13 @@ spec:
value: {{ .Values.db.external.enabled | ternary .Values.db.external.port "5432" | quote }}
- name: SCALOCK_AUDIT_DBUSER
value: {{ .Values.db.external.enabled | ternary .Values.db.external.auditUser "postgres" }}
{{- if .Values.db.passwordSecret }}
- name: SCALOCK_AUDIT_DBPASSWORD
{{- if .Values.db.passwordFromSecret.enabled }}
valueFrom:
secretKeyRef:
name: {{ .Values.db.dbAuditPasswordName }}
key: {{ .Values.db.dbAuditPasswordKey }}
{{- else }}
- name: SCALOCK_AUDIT_DBPASSWORD
name: {{ .Values.db.passwordFromSecret.dbAuditPasswordName }}
key: {{ .Values.db.passwordFromSecret.dbAuditPasswordKey }}
{{- else if and ( not .Values.db.passwordFromSecret.enabled ) ( .Values.db.external.enabled ) }}
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-database-password
Expand All @@ -87,6 +86,11 @@ spec:
{{- else }}
key: db-password
{{- end }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-database-password
key: audit-password
{{- end }}
- name: SCALOCK_AUDIT_DBNAME
value: {{ .Values.db.external.enabled | ternary .Values.db.external.auditName "slk_audit" }}
Expand All @@ -101,12 +105,12 @@ spec:
{{- if .Values.activeactive }}
- name: AQUA_PUBSUB_DBUSER
value: {{ .Values.db.external.enabled | ternary .Values.db.external.pubsubUser "postgres" }}
{{- if .Values.db.passwordSecret }}
{{- if .Values.db.passwordFromSecret.enabled }}
- name: AQUA_PUBSUB_DBPASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.dbPubsubPasswordName }}
key: {{ .Values.db.dbPubsubPasswordKey }}
name: {{ .Values.db.passwordFromSecret.dbPubsubPasswordName }}
key: {{ .Values.db.passwordFromSecret.dbPubsubPasswordKey }}
{{- else }}
- name: AQUA_PUBSUB_DBPASSWORD
valueFrom:
Expand All @@ -117,7 +121,7 @@ spec:
{{- else }}
key: db-password
{{- end }}
{{- end }}
{{- end }}
- name: AQUA_PUBSUB_DBNAME
value: {{ .Values.db.external.enabled | ternary .Values.db.external.pubsubName "aqua_pubsub" }}
- name: AQUA_PUBSUB_DBHOST
Expand Down
26 changes: 15 additions & 11 deletions server/templates/web-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,12 +41,12 @@ spec:
value: {{ .Values.web.logLevel | default "INFO" }}
- name: SCALOCK_DBUSER
value: {{ .Values.db.external.enabled | ternary .Values.db.external.user "postgres" }}
{{- if .Values.db.passwordSecret }}
{{- if .Values.db.passwordFromSecret.enabled }}
- name: SCALOCK_DBPASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.dbPasswordName }}
key: {{ .Values.db.dbPasswordKey }}
name: {{ .Values.db.passwordFromSecret.dbPasswordName }}
key: {{ .Values.db.passwordFromSecret.dbPasswordKey }}
{{- else }}
- name: SCALOCK_DBPASSWORD
valueFrom:
Expand All @@ -67,14 +67,13 @@ spec:
value: {{ .Values.db.external.enabled | ternary .Values.db.external.port "5432" | quote }}
- name: SCALOCK_AUDIT_DBUSER
value: {{ .Values.db.external.enabled | ternary .Values.db.external.auditUser "postgres" }}
{{- if .Values.db.passwordSecret }}
- name: SCALOCK_AUDIT_DBPASSWORD
{{- if .Values.db.passwordFromSecret.enabled }}
valueFrom:
secretKeyRef:
name: {{ .Values.db.dbAuditPasswordName }}
key: {{ .Values.db.dbAuditPasswordKey }}
{{- else }}
- name: SCALOCK_AUDIT_DBPASSWORD
name: {{ .Values.db.passwordFromSecret.dbAuditPasswordName }}
key: {{ .Values.db.passwordFromSecret.dbAuditPasswordKey }}
{{- else if and ( not .Values.db.passwordFromSecret.enabled ) ( .Values.db.external.enabled ) }}
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-database-password
Expand All @@ -83,6 +82,11 @@ spec:
{{- else }}
key: db-password
{{- end }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-database-password
key: audit-password
{{- end }}
- name: SCALOCK_AUDIT_DBNAME
value: {{ .Values.db.external.enabled | ternary .Values.db.external.auditName "slk_audit" }}
Expand All @@ -97,12 +101,12 @@ spec:
{{- if .Values.activeactive }}
- name: AQUA_PUBSUB_DBUSER
value: {{ .Values.db.external.enabled | ternary .Values.db.external.pubsubUser "postgres" }}
{{- if .Values.db.passwordSecret }}
{{- if .Values.db.passwordFromSecret.enabled }}
- name: AQUA_PUBSUB_DBPASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.db.dbPubsubPasswordName }}
key: {{ .Values.db.dbPubsubPasswordKey }}
name: {{ .Values.db.passwordFromSecret.dbPubsubPasswordName }}
key: {{ .Values.db.passwordFromSecret.dbPubsubPasswordKey }}
{{- else }}
- name: AQUA_PUBSUB_DBPASSWORD
valueFrom:
Expand Down
2 changes: 1 addition & 1 deletion server/templates/web-ingress.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{{- if .Values.web.ingress.enabled -}}
{{- $fullname := .Release.Name -}}
{{- $servicePort := .Values.web.service.externalPort -}}
{{- $servicePort := .Values.web.ingress.externalPort -}}
---
{{- if (semverCompare ">= 1.14" .Capabilities.KubeVersion.GitVersion) }}
apiVersion: networking.k8s.io/v1beta1
Expand Down
2 changes: 0 additions & 2 deletions server/templates/web-secrets.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,6 @@ metadata:
chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
metadata:
name: {{ .Release.Name }}-console-secrets
type: Opaque
data:
{{- if .Values.admin.password }}
Expand Down
19 changes: 11 additions & 8 deletions server/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,19 +42,21 @@ db:
auditHost:
auditPort:
auditUser:
auditPassword: true
auditPassword:
pubsubName:
pubsubHost:
pubsubPort:
pubsubUser:
pubsubPassword:
passwordSecret:
dbPasswordName:
dbPasswordKey:
dbAuditPasswordName:
dbAuditPasswordKey:
dbPubsubPasswordName:
dbPubsubPasswordKey:

passwordFromSecret:
enabled: false #Enable if loading passwords for db and audit-db from secret
dbPasswordName: #Specify the Password Secret name used for db password
dbPasswordKey: #Specify the db password key name stored in the #dbPasswordName secret
dbAuditPasswordName: #Specify the Password Secret name used for audit db password
dbAuditPasswordKey: #Specify the audit db password key name stored in the #dbAuditPasswordName secret
dbPubsubPasswordName: #Specify the Password Secret name used for pubsub db password
dbPubsubPasswordKey: #Specify the pubsub db password key name stored in the #PubsubPasswordName secret
ssl: false
auditssl: false
securityContext:
Expand Down Expand Up @@ -213,6 +215,7 @@ web:
protocol: TCP
ingress:
enabled: false
externalPort:
annotations: {}
# kubernetes.io/ingress.class: nginx
hosts: #REQUIRED
Expand Down

0 comments on commit 6e4087b

Please sign in to comment.