External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-11 11:27:36 -02:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3563 from shanemcd/secret-secret

Browse Source 
Move secret key from configmap to secret

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
This commit is contained in:
softwarefactory-project-zuul[bot]
2019-03-29 19:47:26 +00:00
committed by GitHub
parent 71718ee2eb 298eaa0b32
commit 21e5179a84
4 changed files with 38 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
installer/roles/kubernetes/templates/configmap.yml.j2
View File

@@ -4,7 +4,6 @@ metadata:
name: {{ kubernetes_deployment_name }}-config name: {{ kubernetes_deployment_name }}-config
namespace: {{ kubernetes_namespace }} namespace: {{ kubernetes_namespace }}
data: data:
secret_key: {{ secret_key }}
{{ kubernetes_deployment_name }}_settings: | {{ kubernetes_deployment_name }}_settings: |
import os import os
import socket import socket

29
installer/roles/kubernetes/templates/deployment.yml.j2
View File

@@ -142,12 +142,19 @@ spec:
- containerPort: 8052 - containerPort: 8052
volumeMounts: volumeMounts:
- name: {{ kubernetes_deployment_name }}-application-config - name: {{ kubernetes_deployment_name }}-application-config
mountPath: "/etc/tower" mountPath: "/etc/tower/settings.py"
subPath: settings.py
readOnly: true readOnly: true
- name: "{{ kubernetes_deployment_name }}-application-credentials" - name: "{{ kubernetes_deployment_name }}-application-credentials"
mountPath: "/etc/tower/conf.d/" mountPath: "/etc/tower/conf.d/"
readOnly: true readOnly: true
- name: {{ kubernetes_deployment_name }}-secret-key
mountPath: "/etc/tower/SECRET_KEY"
subPath: SECRET_KEY
readOnly: true
resources: resources:
requests: requests:
memory: "{{ web_mem_request }}Gi" memory: "{{ web_mem_request }}Gi"
@@ -170,12 +177,21 @@ spec:
imagePullPolicy: Always imagePullPolicy: Always
volumeMounts: volumeMounts:
- name: {{ kubernetes_deployment_name }}-application-config - name: {{ kubernetes_deployment_name }}-application-config
mountPath: "/etc/tower" mountPath: "/etc/tower/settings.py"
subPath: settings.py
readOnly: true readOnly: true
- name: "{{ kubernetes_deployment_name }}-application-credentials" - name: "{{ kubernetes_deployment_name }}-application-credentials"
mountPath: "/etc/tower/conf.d/" mountPath: "/etc/tower/conf.d/"
readOnly: true readOnly: true
- name: {{ kubernetes_deployment_name }}-secret-key
mountPath: "/etc/tower/SECRET_KEY"
subPath: SECRET_KEY
readOnly: true
env:
- name: AWX_SKIP_MIGRATIONS
value: "1"
resources: resources:
requests: requests:
memory: "{{ task_mem_request }}Gi" memory: "{{ task_mem_request }}Gi"
@@ -264,8 +280,6 @@ spec:
items: items:
- key: {{ kubernetes_deployment_name }}_settings - key: {{ kubernetes_deployment_name }}_settings
path: settings.py path: settings.py
- key: secret_key
path: SECRET_KEY
- name: "{{ kubernetes_deployment_name }}-application-credentials" - name: "{{ kubernetes_deployment_name }}-application-credentials"
secret: secret:
@@ -276,6 +290,13 @@ spec:
- key: environment_sh - key: environment_sh
path: 'environment.sh' path: 'environment.sh'
- name: {{ kubernetes_deployment_name }}-secret-key
secret:
secretName: "{{ kubernetes_deployment_name }}-secrets"
items:
- key: secret_key
path: SECRET_KEY
- name: rabbitmq-config - name: rabbitmq-config
configMap: configMap:
name: rabbitmq-config name: rabbitmq-config

13
installer/roles/kubernetes/templates/management-pod.yml.j2
View File

@@ -11,12 +11,18 @@ spec:
command: ["sleep", "infinity"] command: ["sleep", "infinity"]
volumeMounts: volumeMounts:
- name: {{ kubernetes_deployment_name }}-application-config - name: {{ kubernetes_deployment_name }}-application-config
mountPath: "/etc/tower" mountPath: "/etc/tower/settings.py"
subPath: settings.py
readOnly: true readOnly: true
- name: "{{ kubernetes_deployment_name }}-application-credentials" - name: "{{ kubernetes_deployment_name }}-application-credentials"
mountPath: "/etc/tower/conf.d/" mountPath: "/etc/tower/conf.d/"
readOnly: true readOnly: true
- name: {{ kubernetes_deployment_name }}-secret-key
mountPath: "/etc/tower/SECRET_KEY"
subPath: SECRET_KEY
readOnly: true
resources: resources:
{% if management_mem_limit is defined or management_cpu_limit is defined %} {% if management_mem_limit is defined or management_cpu_limit is defined %}
limits: limits:
@@ -34,6 +40,11 @@ spec:
items: items:
- key: {{ kubernetes_deployment_name }}_settings - key: {{ kubernetes_deployment_name }}_settings
path: settings.py path: settings.py
- name: {{ kubernetes_deployment_name }}-secret-key
secret:
secretName: "{{ kubernetes_deployment_name }}-secrets"
items:
- key: secret_key - key: secret_key
path: SECRET_KEY path: SECRET_KEY

1
installer/roles/kubernetes/templates/secret.yml.j2
View File

@@ -6,6 +6,7 @@ metadata:
name: "{{ kubernetes_deployment_name }}-secrets" name: "{{ kubernetes_deployment_name }}-secrets"
type: Opaque type: Opaque
data: data:
secret_key: "{{ secret_key | b64encode }}"
admin_password: "{{ admin_password | b64encode }}" admin_password: "{{ admin_password | b64encode }}"
pg_password: "{{ pg_password | b64encode }}" pg_password: "{{ pg_password | b64encode }}"
rabbitmq_password: "{{ rabbitmq_password | b64encode }}" rabbitmq_password: "{{ rabbitmq_password | b64encode }}"