External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-17 12:41:19 -03:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3563 from shanemcd/secret-secret

Browse Source 
Move secret key from configmap to secret

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
This commit is contained in:
softwarefactory-project-zuul[bot] 2019-03-29 19:47:26 +00:00 committed by GitHub
commit 21e5179a84
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 38 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
installer/roles/kubernetes/templates/configmap.yml.j2
View File

@ -4,7 +4,6 @@ metadata:
name: {{ kubernetes_deployment_name }}-config
namespace: {{ kubernetes_namespace }}
data:
secret_key: {{ secret_key }}
{{ kubernetes_deployment_name }}_settings: |
import os
import socket

29
installer/roles/kubernetes/templates/deployment.yml.j2
View File

@ -142,12 +142,19 @@ spec:
- containerPort: 8052
volumeMounts:
- name: {{ kubernetes_deployment_name }}-application-config
mountPath: "/etc/tower"
mountPath: "/etc/tower/settings.py"
subPath: settings.py
readOnly: true
- name: "{{ kubernetes_deployment_name }}-application-credentials"
mountPath: "/etc/tower/conf.d/"
readOnly: true
- name: {{ kubernetes_deployment_name }}-secret-key
mountPath: "/etc/tower/SECRET_KEY"
subPath: SECRET_KEY
readOnly: true
resources:
requests:
memory: "{{ web_mem_request }}Gi"
@ -170,12 +177,21 @@ spec:
imagePullPolicy: Always
volumeMounts:
- name: {{ kubernetes_deployment_name }}-application-config
mountPath: "/etc/tower"
mountPath: "/etc/tower/settings.py"
subPath: settings.py
readOnly: true
- name: "{{ kubernetes_deployment_name }}-application-credentials"
mountPath: "/etc/tower/conf.d/"
readOnly: true
- name: {{ kubernetes_deployment_name }}-secret-key
mountPath: "/etc/tower/SECRET_KEY"
subPath: SECRET_KEY
readOnly: true
env:
- name: AWX_SKIP_MIGRATIONS
value: "1"
resources:
requests:
memory: "{{ task_mem_request }}Gi"
@ -264,8 +280,6 @@ spec:
items:
- key: {{ kubernetes_deployment_name }}_settings
path: settings.py
- key: secret_key
path: SECRET_KEY
- name: "{{ kubernetes_deployment_name }}-application-credentials"
secret:
@ -276,6 +290,13 @@ spec:
- key: environment_sh
path: 'environment.sh'
- name: {{ kubernetes_deployment_name }}-secret-key
secret:
secretName: "{{ kubernetes_deployment_name }}-secrets"
items:
- key: secret_key
path: SECRET_KEY
- name: rabbitmq-config
configMap:
name: rabbitmq-config

13
installer/roles/kubernetes/templates/management-pod.yml.j2
View File

@ -11,12 +11,18 @@ spec:
command: ["sleep", "infinity"]
volumeMounts:
- name: {{ kubernetes_deployment_name }}-application-config
mountPath: "/etc/tower"
mountPath: "/etc/tower/settings.py"
subPath: settings.py
readOnly: true
- name: "{{ kubernetes_deployment_name }}-application-credentials"
mountPath: "/etc/tower/conf.d/"
readOnly: true
- name: {{ kubernetes_deployment_name }}-secret-key
mountPath: "/etc/tower/SECRET_KEY"
subPath: SECRET_KEY
readOnly: true
resources:
{% if management_mem_limit is defined or management_cpu_limit is defined %}
limits:
@ -34,6 +40,11 @@ spec:
items:
- key: {{ kubernetes_deployment_name }}_settings
path: settings.py
- name: {{ kubernetes_deployment_name }}-secret-key
secret:
secretName: "{{ kubernetes_deployment_name }}-secrets"
items:
- key: secret_key
path: SECRET_KEY

1
installer/roles/kubernetes/templates/secret.yml.j2
View File

@ -6,6 +6,7 @@ metadata:
name: "{{ kubernetes_deployment_name }}-secrets"
type: Opaque
data:
secret_key: "{{ secret_key | b64encode }}"
admin_password: "{{ admin_password | b64encode }}"
pg_password: "{{ pg_password | b64encode }}"
rabbitmq_password: "{{ rabbitmq_password | b64encode }}"