Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AKS template for maestro #90

Merged
merged 2 commits into from
May 17, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 19 additions & 4 deletions templates/db-template.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,11 @@ parameters:
required: true
value: "postgres:14.2"

- name: DB_SECRET_NAME
displayName: Database Secret Name
description: Name of the secret containing database connection information
value: "maestro-db"

objects:

- apiVersion: v1
Expand Down Expand Up @@ -102,17 +107,17 @@ objects:
valueFrom:
secretKeyRef:
key: database-user
name: ${DATABASE_SERVICE_NAME}
name: ${DATABASE_SERVICE_NAME}-creds
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
key: database-password
name: ${DATABASE_SERVICE_NAME}
name: ${DATABASE_SERVICE_NAME}-creds
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
key: database-name
name: ${DATABASE_SERVICE_NAME}
name: ${DATABASE_SERVICE_NAME}-creds
- name: PGDATA
value: /var/lib/pgsql/data/pgdata
image: ${POSTGRES_IMAGE}
Expand Down Expand Up @@ -155,9 +160,19 @@ objects:
template.openshift.io/expose-database_name: "{.data['database-name']}"
template.openshift.io/expose-password: "{.data['database-password']}"
template.openshift.io/expose-username: "{.data['database-user']}"
name: ${DATABASE_SERVICE_NAME}
name: ${DATABASE_SERVICE_NAME}-creds
stringData:
database-name: ${DATABASE_NAME}
database-password: ${DATABASE_PASSWORD}
database-user: ${DATABASE_USER}

- apiVersion: v1
kind: Secret
metadata:
name: ${DB_SECRET_NAME}
stringData:
db.host: ${DATABASE_SERVICE_NAME}
db.port: "5432"
db.name: ${DATABASE_NAME}
db.user: ${DATABASE_USER}
db.password: ${DATABASE_PASSWORD}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is something we need to refactor the maestro server to get the db information from a secret instead of passing them one by one.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can do it in the future.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we will need to adapt to passwordless login anyways in the future.
we can talk about that during the next sync

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is correct for how RDS creates secrets. the keys are mounted as files and read.

how does passwordless work?

Loading
Loading