-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Add postgres management option (create/delete branch specific databases) for dev and enable it
- 33.2.0
- 33.1.2
- 33.1.1
- 33.1.0
- 33.0.1
- 33.0.0
- 32.51.0
- 32.50.100
- 32.50.3
- 32.50.2
- 32.50.1
- 32.50.0
- 32.49.5
- 32.49.4
- 32.49.3
- 32.49.2
- 32.49.1
- 32.49.0
- 32.48.1
- 32.48.0
- 32.47.5
- 32.47.4
- 32.47.3
- 32.47.2
- 32.47.1
- 32.47.0
- 32.46.2
- 32.46.1
- 32.46.0
- 32.45.0
- 32.44.3
- 32.44.2
- 32.44.1
- 32.44.0
- 32.43.6
- 32.43.5
- 32.43.4
- 32.43.3
- 32.43.2
- 32.43.1
- 32.43.0
- 32.42.0
- 32.41.3
- 32.41.2
- 32.41.1
- 32.41.0
- 32.40.4
- 32.40.3
- 32.40.2
- 32.40.1
- 32.40.0
- 32.39.1
- 32.39.0
- 32.38.0
- 32.37.1
- 32.37.0
- 32.36.1
- 32.36.0
- 32.35.2
- 32.35.1
- 32.35.0
1 parent
4376964
commit e44c85e
Showing
32 changed files
with
462 additions
and
48 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
POSTGRES_MANAGEMENT_PREFIX: "" | ||
POSTGRES_MANAGEMENT_PORT: 5432 | ||
POSTGRES_MANAGEMENT_JOB_IMAGE: "quay.io/schulcloudverbund/infra-tools:4.1" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
POSTGRES_MANAGEMENT_PREFIX: "{{ (NAMESPACE | replace('-','_'))[:40] }}__" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
WITH_DATABASES: true | ||
WITH_MONGO_DATABASES: true | ||
WITH_SCHULCLOUD_INIT: true | ||
WITH_CALENDAR_INIT: true | ||
WITH_STORAGE: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,5 @@ | ||
WITH_DATABASES: true | ||
WITH_MONGO_DATABASES: true | ||
WITH_POSTGRES_DATABASES: true | ||
WITH_SCHULCLOUD_INIT: true | ||
WITH_CALENDAR_INIT: true | ||
WITH_STORAGE: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
POSTGRES_MANAGEMENT_HOST: "pg-4ifot8r4h0ksummi.postgresql.de-txl.ionos.com" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
POSTGRES_MANAGEMENT_HOST: "pg-0em2c6d51cp7s177.postgresql.de-txl.ionos.com" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
POSTGRES_MANAGEMENT_HOST: "pg-d2n03p780atcj0fk.postgresql.de-txl.ionos.com" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
POSTGRES_MANAGEMENT_HOST: "pg-15bkj89e4fo00bve.postgresql.de-txl.ionos.com" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
galaxy_info: | ||
role_name: dof_postgresql_management | ||
author: Schul-Cloud Verbund | ||
description: Helper role for creating postgres clsuter secret and deleting branch specific postgres databases | ||
company: Schul-Cloud Verbund | ||
license: license (AGPLv3) | ||
min_ansible_version: 2.8 | ||
galaxy_tags: [] | ||
dependencies: [] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
- name: Add or Update Postgres Cluster Secret by 1Password | ||
kubernetes.core.k8s: | ||
kubeconfig: ~/.kube/config | ||
namespace: "{{ NAMESPACE }}" | ||
template: onepassword-pg-cluster.yml.j2 | ||
when: WITH_BRANCH_POSTGRES_DB_MANAGEMENT and ONEPASSWORD_OPERATOR is defined and ONEPASSWORD_OPERATOR|bool | ||
|
||
- name: Create ConfigMap with Script for database deletion | ||
kubernetes.core.k8s: | ||
kubeconfig: ~/.kube/config | ||
namespace: "{{ NAMESPACE }}" | ||
template: configmap-database-deletion.yml.j2 | ||
apply: yes | ||
when: WITH_BRANCH_POSTGRES_DB_MANAGEMENT | ||
|
||
- name: Create suspended Job for database deletion | ||
kubernetes.core.k8s: | ||
kubeconfig: ~/.kube/config | ||
namespace: "{{ NAMESPACE }}" | ||
template: job-database-deletion.yml.j2 | ||
apply: yes | ||
when: WITH_BRANCH_POSTGRES_DB_MANAGEMENT |
19 changes: 19 additions & 0 deletions
19
ansible/roles/dof_postgresql_management/templates/configmap-database-deletion.yml.j2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: pg-configmap-deletion | ||
namespace: {{ NAMESPACE }} | ||
labels: | ||
app: postgres-management | ||
data: | ||
config_script.sh: | | ||
#!/bin/bash | ||
DB_PREFIX="{{ POSTGRES_MANAGEMENT_PREFIX }}" | ||
if [[ {{ '${#DB_PREFIX}' }} -le 5 ]]; then | ||
echo "Postgres prefix \"{{ POSTGRES_MANAGEMENT_PREFIX }}\" seems too short. Dropping all matching databases could be dangerous. Aborting." | ||
exit 1 | ||
fi | ||
echo "Delete databases starting with {{ POSTGRES_MANAGEMENT_PREFIX }}" | ||
echo "SELECT 'DROP DATABASE ' || quote_ident(datname) || ' WITH (FORCE);' FROM pg_database WHERE datname LIKE '{{ POSTGRES_MANAGEMENT_PREFIX | replace('_','#_')}}%' ESCAPE '#' \gexec" | psql -d postgres -w | ||
echo "Delete users starting with {{ POSTGRES_MANAGEMENT_PREFIX }}" | ||
echo "SELECT 'DROP USER ' || quote_ident(usename) || ';' FROM pg_catalog.pg_user WHERE usename LIKE '{{ POSTGRES_MANAGEMENT_PREFIX | replace('_','#_')}}%' ESCAPE '#' \gexec" | psql -d postgres -w |
59 changes: 59 additions & 0 deletions
59
ansible/roles/dof_postgresql_management/templates/job-database-deletion.yml.j2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
apiVersion: batch/v1 | ||
kind: Job | ||
metadata: | ||
name: pg-deletion-job | ||
namespace: {{ NAMESPACE }} | ||
labels: | ||
app: postgres-management | ||
app.kubernetes.io/part-of: schulcloud-verbund | ||
app.kubernetes.io/name: postgres-management | ||
app.kubernetes.io/component: database | ||
app.kubernetes.io/managed-by: ansible | ||
git.branch: {{ DOF_APP_DEPLOY_BRANCH_NAME }} | ||
git.repo: {{ DOF_APP_DEPLOY_REPO_NAME }} | ||
spec: | ||
template: | ||
metadata: | ||
labels: | ||
app: postgres | ||
spec: | ||
volumes: | ||
- name: config-script | ||
configMap: | ||
name: pg-configmap-deletion | ||
# 711 in decimal is 457 | ||
defaultMode: 457 | ||
containers: | ||
- name: psql-config | ||
image: {{ POSTGRES_MANAGEMENT_JOB_IMAGE }} | ||
command: | ||
- /bin/bash | ||
- -c | ||
args: | ||
- /scripts/config_script.sh | ||
resources: | ||
limits: | ||
cpu: 1000m | ||
memory: 1Gi | ||
requests: | ||
cpu: 100m | ||
memory: 200Mi | ||
volumeMounts: | ||
- name: config-script | ||
mountPath: /scripts/ | ||
env: | ||
- name: PGHOST | ||
value: {{ POSTGRES_MANAGEMENT_HOST }} | ||
- name: PGUSER | ||
valueFrom: | ||
secretKeyRef: | ||
name: pg-cluster-secret | ||
key: username | ||
- name: PGPASSWORD | ||
valueFrom: | ||
secretKeyRef: | ||
name: pg-cluster-secret | ||
key: password | ||
restartPolicy: Never | ||
suspend: true | ||
ttlSecondsAfterFinished: 0 |
9 changes: 9 additions & 0 deletions
9
ansible/roles/dof_postgresql_management/templates/onepassword-pg-cluster.yml.j2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
apiVersion: onepassword.com/v1 | ||
kind: OnePasswordItem | ||
metadata: | ||
name: pg-cluster-secret | ||
namespace: {{ NAMESPACE }} | ||
labels: | ||
app: postgres-management | ||
spec: | ||
itemPath: "vaults/{{ ONEPASSWORD_OPERATOR_VAULT }}/items/pg-cluster-schulcloud" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
19 changes: 19 additions & 0 deletions
19
ansible/roles/erwin-idm/templates/configmap-database-init.yml.j2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: pg-erwinidm-configmap-init | ||
namespace: {{ NAMESPACE }} | ||
labels: | ||
app: postgres | ||
data: | ||
config_script.sh: | | ||
#!/bin/bash | ||
echo "Create owner of the DB" | ||
echo "SELECT 'CREATE USER $DB_USER' WHERE NOT EXISTS (SELECT FROM pg_user WHERE usename = '$DB_USER')\gexec" | psql -d postgres -w | ||
echo "GRANT $DB_USER TO $PGUSER;" | psql -d postgres -w | ||
echo "Set/update password for user $DB_USER" | ||
echo "ALTER USER $DB_USER WITH ENCRYPTED PASSWORD '$DB_USER_PASSWORD';" | psql -d postgres -w | ||
echo "Create database" | ||
echo "SELECT 'CREATE DATABASE $DB_NAME OWNER $DB_USER' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '$DB_NAME')\gexec" | psql -d postgres -w | ||
echo "Revoke permissions for public role" | ||
echo "REVOKE ALL ON DATABASE $DB_NAME FROM PUBLIC;" | psql -d postgres -w |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
67 changes: 67 additions & 0 deletions
67
ansible/roles/erwin-idm/templates/job-database-init.yml.j2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
apiVersion: batch/v1 | ||
kind: Job | ||
metadata: | ||
name: pg-erwinidm-init-job-{{ 1000000 | random | hash('md5') }} | ||
namespace: {{ NAMESPACE }} | ||
labels: | ||
app: erwinidm-postgres-init | ||
app.kubernetes.io/part-of: schulcloud-verbund | ||
app.kubernetes.io/name: erwinidm-postgres-init | ||
app.kubernetes.io/component: idm | ||
app.kubernetes.io/managed-by: ansible | ||
git.branch: {{ DOF_APP_DEPLOY_BRANCH_NAME }} | ||
git.repo: {{ DOF_APP_DEPLOY_REPO_NAME }} | ||
spec: | ||
template: | ||
metadata: | ||
labels: | ||
app: erwinidm-postgres-init | ||
app.kubernetes.io/part-of: schulcloud-verbund | ||
app.kubernetes.io/name: erwinidm-postgres-init | ||
app.kubernetes.io/component: idm | ||
app.kubernetes.io/managed-by: ansible | ||
git.branch: {{ DOF_APP_DEPLOY_BRANCH_NAME }} | ||
git.repo: {{ DOF_APP_DEPLOY_REPO_NAME }} | ||
spec: | ||
volumes: | ||
- name: config-script | ||
configMap: | ||
name: pg-erwinidm-configmap-init | ||
# 711 in decimal is 457 | ||
defaultMode: 457 | ||
containers: | ||
- name: psql-erwinidm-config | ||
image: {{ POSTGRES_MANAGEMENT_JOB_IMAGE }} | ||
command: | ||
- /bin/bash | ||
- -c | ||
args: | ||
- /scripts/config_script.sh | ||
resources: | ||
limits: | ||
cpu: 1000m | ||
memory: 1Gi | ||
requests: | ||
cpu: 100m | ||
memory: 200Mi | ||
volumeMounts: | ||
- name: config-script | ||
mountPath: /scripts/ | ||
envFrom: | ||
- secretRef: | ||
name: pg-erwinidm-secret | ||
env: | ||
- name: PGHOST | ||
value: {{ POSTGRES_MANAGEMENT_HOST }} | ||
- name: PGUSER | ||
valueFrom: | ||
secretKeyRef: | ||
name: pg-cluster-secret | ||
key: username | ||
- name: PGPASSWORD | ||
valueFrom: | ||
secretKeyRef: | ||
name: pg-cluster-secret | ||
key: password | ||
restartPolicy: Never | ||
ttlSecondsAfterFinished: 1800 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: pg-erwinidm-secret | ||
namespace: {{ NAMESPACE }} | ||
labels: | ||
app: erwinidm-postgres-init | ||
type: Opaque | ||
data: | ||
DB_USER: "{{ (POSTGRES_MANAGEMENT_PREFIX + 'erwinidm') | b64encode }}" | ||
DB_USER_PASSWORD: "{{ lookup('ansible.builtin.password', '/dev/null') | b64encode }}" | ||
DB_NAME: "{{ (POSTGRES_MANAGEMENT_PREFIX + 'erwinidm') | b64encode }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
19 changes: 19 additions & 0 deletions
19
ansible/roles/hydra/templates/configmap-database-init.yml.j2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: pg-hydra-configmap-init | ||
namespace: {{ NAMESPACE }} | ||
labels: | ||
app: hydra-postgres-init | ||
data: | ||
config_script.sh: | | ||
#!/bin/bash | ||
echo "Create owner of the DB" | ||
echo "SELECT 'CREATE USER $DB_USER' WHERE NOT EXISTS (SELECT FROM pg_user WHERE usename = '$DB_USER')\gexec" | psql -d postgres -w | ||
echo "GRANT $DB_USER TO $PGUSER;" | psql -d postgres -w | ||
echo "Set/update password for user $DB_USER" | ||
echo "ALTER USER $DB_USER WITH ENCRYPTED PASSWORD '$DB_USER_PASSWORD';" | psql -d postgres -w | ||
echo "Create database" | ||
echo "SELECT 'CREATE DATABASE $DB_NAME OWNER $DB_USER' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '$DB_NAME')\gexec" | psql -d postgres -w | ||
echo "Revoke permissions for public role" | ||
echo "REVOKE ALL ON DATABASE $DB_NAME FROM PUBLIC;" | psql -d postgres -w |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
apiVersion: batch/v1 | ||
kind: Job | ||
metadata: | ||
name: pg-hydra-init-job-{{ 1000000 | random | hash('md5') }} | ||
namespace: {{ NAMESPACE }} | ||
labels: | ||
app: hydra-postgres-init | ||
app.kubernetes.io/part-of: schulcloud-verbund | ||
app.kubernetes.io/name: hydra-postgres-init | ||
app.kubernetes.io/component: oauth | ||
app.kubernetes.io/managed-by: ansible | ||
git.branch: {{ DOF_APP_DEPLOY_BRANCH_NAME }} | ||
git.repo: {{ DOF_APP_DEPLOY_REPO_NAME }} | ||
spec: | ||
template: | ||
metadata: | ||
labels: | ||
app: hydra-postgres-init | ||
app.kubernetes.io/part-of: schulcloud-verbund | ||
app.kubernetes.io/name: hydra-postgres-init | ||
app.kubernetes.io/component: oauth | ||
app.kubernetes.io/managed-by: ansible | ||
git.branch: {{ DOF_APP_DEPLOY_BRANCH_NAME }} | ||
git.repo: {{ DOF_APP_DEPLOY_REPO_NAME }} | ||
spec: | ||
volumes: | ||
- name: config-script | ||
configMap: | ||
name: pg-hydra-configmap-init | ||
# 711 in decimal is 457 | ||
defaultMode: 457 | ||
containers: | ||
- name: psql-hydra-config | ||
image: {{ POSTGRES_MANAGEMENT_JOB_IMAGE }} | ||
command: | ||
- /bin/bash | ||
- -c | ||
args: | ||
- /scripts/config_script.sh | ||
resources: | ||
limits: | ||
cpu: 1000m | ||
memory: 1Gi | ||
requests: | ||
cpu: 100m | ||
memory: 200Mi | ||
volumeMounts: | ||
- name: config-script | ||
mountPath: /scripts/ | ||
envFrom: | ||
- secretRef: | ||
name: pg-hydra-secret | ||
env: | ||
- name: PGHOST | ||
value: {{ POSTGRES_MANAGEMENT_HOST }} | ||
- name: PGUSER | ||
valueFrom: | ||
secretKeyRef: | ||
name: pg-cluster-secret | ||
key: username | ||
- name: PGPASSWORD | ||
valueFrom: | ||
secretKeyRef: | ||
name: pg-cluster-secret | ||
key: password | ||
restartPolicy: Never | ||
ttlSecondsAfterFinished: 1800 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: pg-hydra-secret | ||
namespace: {{ NAMESPACE }} | ||
labels: | ||
app: hydra-postgres-init | ||
type: Opaque | ||
data: | ||
DB_USER: "{{ (POSTGRES_MANAGEMENT_PREFIX + 'hydra') | b64encode }}" | ||
DB_USER_PASSWORD: "{{ lookup('ansible.builtin.password', '/dev/null') | b64encode }}" | ||
DB_NAME: "{{ (POSTGRES_MANAGEMENT_PREFIX + 'hydra') | b64encode }}" |