From 0c2170ab9506b1776a77e4763203924cdb3ed8d8 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Thu, 1 Aug 2024 20:52:27 -0700 Subject: [PATCH 1/3] Split out secrets for sync, drop port secret --- common/openshift.init.yml | 13 +++++++++---- oracle-api/openshift.deploy.yml | 13 +++++-------- sync/openshift.deploy.yml | 17 +++++++---------- 3 files changed, 21 insertions(+), 22 deletions(-) diff --git a/common/openshift.init.yml b/common/openshift.init.yml index f7a63dacc..07a583213 100644 --- a/common/openshift.init.yml +++ b/common/openshift.init.yml @@ -12,9 +12,6 @@ parameters: - name: ORACLE_HOST description: Oracle database host value: nrcdb03.bcgov - - name: ORACLE_PORT - description: Oracle database port - value: "1543" - name: ORACLE_SERVICE description: Oracle service name value: dbq01.nrs.bcgov @@ -43,10 +40,18 @@ objects: stringData: oracle-host: ${ORACLE_HOST} oracle-password: ${ORACLE_PASSWORD} - oracle-port: ${ORACLE_PORT} oracle-service: ${ORACLE_SERVICE} oracle-user: ${ORACLE_USER} oracle-secret: ${ORACLE_CERT_SECRET} + - apiVersion: v1 + kind: Secret + metadata: + name: ${NAME}-${ZONE}-sync + labels: + app: ${NAME}-${ZONE} + stringData: + oracle-host: ${ORACLE_HOST} + oracle-service: ${ORACLE_SERVICE} oracle-sync-password: ${ORACLE_SYNC_PASSWORD} oracle-sync-user: ${ORACLE_SYNC_USER} - apiVersion: v1 diff --git a/oracle-api/openshift.deploy.yml b/oracle-api/openshift.deploy.yml index 29be71b47..a6033b7e6 100644 --- a/oracle-api/openshift.deploy.yml +++ b/oracle-api/openshift.deploy.yml @@ -44,6 +44,9 @@ parameters: description: Oracle API environment for OpenSearch. # One of: development, test, production required: false value: development + - name: DATABASE_PORT + description: Oracle database port + value: "1543" - name: ORACLEDB_KEYSTORE description: Keystore location path - name: AWS_COGNITO_ISSUER_URI @@ -105,10 +108,7 @@ objects: name: ${NAME}-${ZONE}-${COMPONENT} key: oracle-secret - name: DATABASE_PORT - valueFrom: - secretKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: oracle-port + value: ${DATABASE_PORT} volumeMounts: - name: ${NAME}-${ZONE}-${COMPONENT}-certs mountPath: /cert @@ -136,10 +136,7 @@ objects: name: ${NAME}-${ZONE}-${COMPONENT} key: oracle-host - name: DATABASE_PORT - valueFrom: - secretKeyRef: - name: ${NAME}-${ZONE}-${COMPONENT} - key: oracle-port + value: ${DATABASE_PORT} - name: SERVICE_NAME valueFrom: secretKeyRef: diff --git a/sync/openshift.deploy.yml b/sync/openshift.deploy.yml index 4aa5d7eac..32bca02ab 100644 --- a/sync/openshift.deploy.yml +++ b/sync/openshift.deploy.yml @@ -13,6 +13,9 @@ parameters: - name: APP description: Application/component name value: sync + - name: DATABASE_PORT + description: Oracle database port + value: "1543" - name: EXECUTION_ID description: Process execution ID for running ETL Tool value: "100" @@ -90,11 +93,8 @@ objects: secretKeyRef: name: ${REPO}-${ZONE}-oracle-api key: oracle-sync-password - - name: ORACLE_PORT - valueFrom: - secretKeyRef: - name: ${REPO}-${ZONE}-oracle-api - key: oracle-port + - name: DATABASE_PORT + value: ${DATABASE_PORT} - name: ORACLE_SERVICE valueFrom: secretKeyRef: @@ -117,11 +117,8 @@ objects: secretKeyRef: name: ${REPO}-${ZONE}-database key: database-password - - name: POSTGRES_PORT - valueFrom: - secretKeyRef: - name: ${REPO}-${ZONE}-database - key: database-port + - name: DATABASE_PORT + value: ${DATABASE_PORT} - name: POSTGRES_USER valueFrom: secretKeyRef: From 15610ba4dc2e53d7a4cb54fdea070def90281b32 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Thu, 1 Aug 2024 20:53:46 -0700 Subject: [PATCH 2/3] Consume new secret --- sync/openshift.deploy.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sync/openshift.deploy.yml b/sync/openshift.deploy.yml index 32bca02ab..a7e78c164 100644 --- a/sync/openshift.deploy.yml +++ b/sync/openshift.deploy.yml @@ -86,24 +86,24 @@ objects: - name: ORACLE_HOST valueFrom: secretKeyRef: - name: ${REPO}-${ZONE}-oracle-api + name: ${REPO}-${ZONE}-sync key: oracle-host - name: ORACLE_SYNC_PASSWORD valueFrom: secretKeyRef: - name: ${REPO}-${ZONE}-oracle-api + name: ${REPO}-${ZONE}-sync key: oracle-sync-password - name: DATABASE_PORT value: ${DATABASE_PORT} - name: ORACLE_SERVICE valueFrom: secretKeyRef: - name: ${REPO}-${ZONE}-oracle-api + name: ${REPO}-${ZONE}-sync key: oracle-service - name: ORACLE_SYNC_USER valueFrom: secretKeyRef: - name: ${REPO}-${ZONE}-oracle-api + name: ${REPO}-${ZONE}-sync key: oracle-sync-user - name: POSTGRES_HOST value: ${REPO}-${ZONE}-database From 5d55ffc19db7521756ab3acccc7409d5172ffa5c Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Thu, 1 Aug 2024 21:23:04 -0700 Subject: [PATCH 3/3] Fix ORACLE_PORT --- sync/openshift.deploy.yml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/sync/openshift.deploy.yml b/sync/openshift.deploy.yml index a7e78c164..5f6277d3a 100644 --- a/sync/openshift.deploy.yml +++ b/sync/openshift.deploy.yml @@ -13,7 +13,7 @@ parameters: - name: APP description: Application/component name value: sync - - name: DATABASE_PORT + - name: ORACLE_PORT description: Oracle database port value: "1543" - name: EXECUTION_ID @@ -93,8 +93,8 @@ objects: secretKeyRef: name: ${REPO}-${ZONE}-sync key: oracle-sync-password - - name: DATABASE_PORT - value: ${DATABASE_PORT} + - name: ORACLE_PORT + value: ${ORACLE_PORT} - name: ORACLE_SERVICE valueFrom: secretKeyRef: @@ -117,8 +117,11 @@ objects: secretKeyRef: name: ${REPO}-${ZONE}-database key: database-password - - name: DATABASE_PORT - value: ${DATABASE_PORT} + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + name: ${REPO}-${ZONE}-database + key: database-port - name: POSTGRES_USER valueFrom: secretKeyRef: