Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Deploy postgres db using kubernetes secret for configuration.
* Update CRD to consume a secret for the db configuration * Update playbook for default settings configuration * Update postgres role to check for secret or create one based on the CR * Postgres will be deployed specific to CR * Pulp deployments updated to reference the db secret as a volume mount closes #8289 https://pulp.plan.io/issues/8289
- Loading branch information
1 parent
e015fe0
commit 5e4982f
Showing
20 changed files
with
253 additions
and
136 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Deploy postgres database using a secret to store configuration instead of it existing in the custom resource; allows credentials to be kept secret. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
--- | ||
deployment_type: pulp | ||
|
||
postgres_image: postgres:12 | ||
postgres_resource_requirements: | ||
requests: | ||
storage: 8Gi | ||
postgres_storage_class: '' | ||
postgres_data_path: '/var/lib/postgresql/data/pgdata' | ||
|
||
# Secret to lookup that provide the PostgreSQL configuration | ||
postgres_configuration_secret: '' | ||
|
||
postgres_initdb_args: '--auth-host=scram-sha-256' | ||
postgres_host_auth_method: 'scram-sha-256' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,21 +1,53 @@ | ||
--- | ||
- name: postgres persistent volume claim | ||
community.kubernetes.k8s: | ||
state: "{{ deployment_state }}" | ||
definition: "{{ lookup('template', 'templates/' + item + '.pvc.yaml.j2') | from_yaml }}" | ||
with_items: | ||
- postgres | ||
|
||
- name: postgres service | ||
community.kubernetes.k8s: | ||
state: "{{ deployment_state }}" | ||
definition: "{{ lookup('template', 'templates/' + item + '.service.yaml.j2') | from_yaml }}" | ||
with_items: | ||
- postgres | ||
|
||
- name: postgres deployment | ||
community.kubernetes.k8s: | ||
state: "{{ deployment_state }}" | ||
definition: "{{ lookup('template', 'templates/' + item + '.deployment.yaml.j2') | from_yaml }}" | ||
with_items: | ||
- postgres | ||
- name: Check for specified PostgreSQL configuration | ||
k8s_info: | ||
kind: Secret | ||
namespace: '{{ meta.namespace }}' | ||
name: '{{ postgres_configuration_secret }}' | ||
register: _custom_pg_config_resources | ||
when: postgres_configuration_secret | length | ||
|
||
- name: Check for default PostgreSQL configuration | ||
k8s_info: | ||
kind: Secret | ||
namespace: '{{ meta.namespace }}' | ||
name: '{{ meta.name }}-postgres-configuration' | ||
register: _default_pg_config_resources | ||
|
||
- name: Set PostgreSQL configuration | ||
set_fact: | ||
_pg_config: '{{ _custom_pg_config_resources["resources"] | default([]) | length | ternary(_custom_pg_config_resources, _default_pg_config_resources) }}' | ||
|
||
- block: | ||
- name: Create Database configuration | ||
k8s: | ||
apply: true | ||
definition: "{{ lookup('template', 'postgres.secret.yaml.j2') }}" | ||
|
||
- name: Read Database Configuration | ||
k8s_info: | ||
kind: Secret | ||
namespace: '{{ meta.namespace }}' | ||
name: '{{ meta.name }}-postgres-configuration' | ||
register: _generated_pg_config_resources | ||
|
||
when: not _pg_config['resources'] | default([]) | length | ||
|
||
- name: Set PostgreSQL Configuration | ||
set_fact: | ||
pg_config: '{{ _generated_pg_config_resources["resources"] | default([]) | length | ternary(_generated_pg_config_resources, _pg_config) }}' | ||
|
||
- name: Create Database if no database is specified | ||
k8s: | ||
apply: true | ||
definition: "{{ lookup('template', 'postgres.yaml.j2') }}" | ||
when: | ||
- pg_config['resources'][0]['data']['type'] | default('') | b64decode == 'managed' | ||
|
||
- name: Store Database Configuration | ||
set_fact: | ||
postgres_user: "{{ pg_config['resources'][0]['data']['username'] | b64decode }}" | ||
postgres_pass: "{{ pg_config['resources'][0]['data']['password'] | b64decode }}" | ||
postgres_database: "{{ pg_config['resources'][0]['data']['database'] | b64decode }}" | ||
postgres_port: "{{ pg_config['resources'][0]['data']['port'] | b64decode }}" | ||
postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}" |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
# Postgres Secret. | ||
--- | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: '{{ meta.name }}-postgres-configuration' | ||
namespace: '{{ meta.namespace }}' | ||
stringData: | ||
password: '{{ lookup('password', 'p' + meta.name + 'pg length=32 chars=ascii_letters,digits') }}' | ||
username: '{{ deployment_type }}' | ||
database: '{{ deployment_type }}' | ||
port: '5432' | ||
host: {{ meta.name }}-postgres | ||
type: 'managed' |
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.