Deploy postgres db using kubernetes secret for configuration. #84
Conversation
|
Attached issue: https://pulp.plan.io/issues/8289 |
|
Here you can see the created secret: Here you can see the deployed postgres based on the custom resource name: Here you can see the All items are up and running as expected: |
| database_connection: | ||
| username: pulp | ||
| password: pulp | ||
| admin_password: pulp |
| postgres_configuration_secret: | ||
| description: Secret where the database configuration can be found |
roles/postgres/defaults/main.yml
Outdated
| deployment_type: pulp | ||
|
|
||
| #postgres_image: postgres:12 | ||
| postgres_image: docker.io/centos/postgresql-96-centos7:9.6 |
There was a problem hiding this comment.
postgres 9.6 uses md5, we are upgrading it to 10 on pulp_installer so we can use scram-sha-256.
Could you please make postgres 10 the default?
There was a problem hiding this comment.
There was a problem hiding this comment.
I've made this postgres:12 to align with awx-operator
I also set vars to use scram-sha-256:
postgres_initdb_args: '--auth-host=scram-sha-256'
postgres_host_auth_method: 'scram-sha-256'
There was a problem hiding this comment.
Is it just about having the ability to use scram-sha-256 (so I shouldn't set it) or should this be the default?
I can expose the option via the CRD as necessary.
There was a problem hiding this comment.
I was thinking about the ability, but I like it as default
There was a problem hiding this comment.
Yeah, I agree with us setting it as the default.
chambridge
force-pushed
the
8289-use-db-secret
branch
from
53f7cf7
to
9f68963
Compare
There was a problem hiding this comment.
Thank you!
I'm approving but I think @mikedep333 needs to review it
| - ReadWriteMany | ||
| - ReadWriteOnce |
There was a problem hiding this comment.
I actually prefer your indentation style, but the default yamllint rules (spaces, indent-sequences) are for the the 2 spaces in the beginning. So that is what we have been using.
| # password: pulp | ||
| # Password for db admin user 'postgres'. | ||
| # admin_password: | ||
| # PostrgreSQL container settings |
roles/postgres/defaults/main.yml
Outdated
| deployment_type: pulp | ||
|
|
||
| #postgres_image: postgres:12 | ||
| postgres_image: docker.io/centos/postgresql-96-centos7:9.6 |
There was a problem hiding this comment.
Yeah, I agree with us setting it as the default.
* Update CRD to consume a secret for the db configuration * Update playbook for default settings configuration * Update postgres role to check for secret or create one based on the CR * Postgres will be deployed specific to CR * Pulp deployments updated to reference the db secret as a volume mount closes #8289 https://pulp.plan.io/issues/8289
chambridge
force-pushed
the
8289-use-db-secret
branch
from
9f68963
to
5e4982f
Compare
closes #8289
https://pulp.plan.io/issues/8289