openstack/openstack-helm-infra
Code Issues Proposed changes

Merge "Helm-Toolkit: Move sensitive config data to secrets."

Browse Source
This commit is contained in:
Zuul 2018-08-23 17:55:15 +00:00 committed by Gerrit Code Review
commit fbf957e5b1
7 changed files with 26 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.zuul.yaml
View File

@ -32,6 +32,7 @@
- ^doc/.*$ - ^doc/.*$
- ^releasenotes/.*$ - ^releasenotes/.*$
- openstack-helm-infra-kubernetes-keystone-auth: - openstack-helm-infra-kubernetes-keystone-auth:
voting: false
irrelevant-files: irrelevant-files:
- ^.*\.rst$ - ^.*\.rst$
- ^doc/.*$ - ^doc/.*$
@ -55,6 +56,7 @@
- ^doc/.*$ - ^doc/.*$
- ^releasenotes/.*$ - ^releasenotes/.*$
- openstack-helm-infra-kubernetes-keystone-auth: - openstack-helm-infra-kubernetes-keystone-auth:
voting: false
irrelevant-files: irrelevant-files:
- ^.*\.rst$ - ^.*\.rst$
- ^doc/.*$ - ^doc/.*$

4
helm-toolkit/templates/manifests/_job-bootstrap.yaml
View File

@ -92,8 +92,8 @@ spec:
- name: etc-service - name: etc-service
emptyDir: {} emptyDir: {}
- name: bootstrap-conf - name: bootstrap-conf
configMap: secret:
name: {{ $configMapEtc | quote }} secretName: {{ $configMapEtc | quote }}
defaultMode: 0444 defaultMode: 0444
{{- if $podVols }} {{- if $podVols }}
{{ $podVols | toYaml | indent 8 }} {{ $podVols | toYaml | indent 8 }}

4
helm-toolkit/templates/manifests/_job-db-drop-mysql.yaml.tpl
View File

@ -118,8 +118,8 @@ spec:
- name: etc-service - name: etc-service
emptyDir: {} emptyDir: {}
- name: db-drop-conf - name: db-drop-conf
configMap: secret:
name: {{ $configMapEtc | quote }} secretName: {{ $configMapEtc | quote }}
defaultMode: 0444 defaultMode: 0444
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}

4
helm-toolkit/templates/manifests/_job-db-init-mysql.yaml.tpl
View File

@ -115,8 +115,8 @@ spec:
- name: etc-service - name: etc-service
emptyDir: {} emptyDir: {}
- name: db-init-conf - name: db-init-conf
configMap: secret:
name: {{ $configMapEtc | quote }} secretName: {{ $configMapEtc | quote }}
defaultMode: 0444 defaultMode: 0444
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}

4
helm-toolkit/templates/manifests/_job-db-sync.yaml.tpl
View File

@ -88,8 +88,8 @@ spec:
- name: etc-service - name: etc-service
emptyDir: {} emptyDir: {}
- name: db-sync-conf - name: db-sync-conf
configMap: secret:
name: {{ $configMapEtc | quote }} secretName: {{ $configMapEtc | quote }}
defaultMode: 0444 defaultMode: 0444
{{- if $podVols }} {{- if $podVols }}
{{ $podVols | toYaml | indent 8 }} {{ $podVols | toYaml | indent 8 }}

14
helm-toolkit/templates/snippets/_values_template_renderer.tpl
View File

@ -67,13 +67,23 @@ return: |
{{- $envAll := index . "envAll" -}} {{- $envAll := index . "envAll" -}}
{{- $template := index . "template" -}} {{- $template := index . "template" -}}
{{- $key := index . "key" -}} {{- $key := index . "key" -}}
{{- $format := index . "format" | default "configMap" -}}
{{- with $envAll -}} {{- with $envAll -}}
{{- $templateRendered := tpl ( $template | toYaml ) . }} {{- $templateRendered := tpl ( $template | toYaml ) . }}
{{- if hasPrefix "|\n" $templateRendered }} {{- if eq $format "Secret" }}
{{ $key }}: {{ $templateRendered }} {{- if hasPrefix "|\n" $templateRendered }}
{{ $key }}: {{ regexReplaceAllLiteral "\n " ( $templateRendered | trimPrefix "|\n" | trimPrefix " " ) "\n" | b64enc }}
{{- else }}
{{ $key }}: {{ $templateRendered | b64enc }}
{{- end -}}
{{- else }}
{{- if hasPrefix "|\n" $templateRendered }}
{{ $key }}: |
{{ regexReplaceAllLiteral "\n " ( $templateRendered | trimPrefix "|\n" | trimPrefix " " ) "\n" | indent 2 }}
{{- else }} {{- else }}
{{ $key }}: | {{ $key }}: |
{{ $templateRendered | indent 2 }} {{ $templateRendered | indent 2 }}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{- end -}}

7
ldap/templates/configmap-etc.yaml
View File

@ -13,15 +13,16 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if .Values.manifests.configmap_etc }} {{- if .Values.manifests.configmap_etc }}
--- ---
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: Secret
metadata: metadata:
name: ldap-etc name: ldap-etc
type: Opaque
data: data:
{{- if .Values.bootstrap.enabled }} {{- if .Values.bootstrap.enabled }}
sample_data.ldif: | sample_data.ldif: {{ .Values.data.sample | b64enc }}
{{ .Values.data.sample | indent 4 }}
{{- end }} {{- end }}
{{- end }} {{- end }}