Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

os-seeder: uses secret for os password #7881

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

os-seeder: uses secret for os password #7881

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
cb1066a
os-seeder: uses secret for os password
stefanhipfel Feb 11, 2025
7b6651e
fix: correct indentation in seeder environment template
stefanhipfel Feb 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 49 additions & 0 deletions openstack/openstack-seeder/templates/_utils.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
{{- define "seeder_environment" }}
- name: COMMAND
value: "bash /scripts/start"
- name: NAMESPACE
value: {{ .Release.Namespace }}
{{- if .Values.sentry.enabled }}
- name: SENTRY_DSN
{{- if .Values.sentry.dsn }}
value: {{ .Values.sentry.dsn | quote}}
{{ else }}
valueFrom:
secretKeyRef:
name: sentry
key: seeder.DSN
{{- end }}
{{- end }}
{{- if .Values.keystone.authUrl }}
- name: OS_AUTH_URL
value: {{ .Values.keystone.authUrl }}/v3
{{- else }}
- name: OS_AUTH_URL
value: {{include "keystone_url" .}}/v3
{{- end }}
- name: OS_AUTH_TYPE
value: v3password
- name: OS_AUTH_VERSION
value: '3'
- name: OS_IDENTITY_API_VERSION
value: '3'
- name: OS_INTERFACE
value: internal
- name: OS_PASSWORD
valueFrom:
secretKeyRef:
name: seeder-secret
key: service_user_password
- name: OS_PROJECT_DOMAIN_NAME
value: 'default'
- name: OS_PROJECT_NAME
value: 'admin'
- name: OS_REGION_NAME
value: {{ quote .Values.global.region }}
- name: OS_USER_DOMAIN_NAME
value: 'Default'
- name: OS_USERNAME
value: 'admin'
- name: OS_REGION
value: {{quote .Values.global.region}}
{{- end -}}
33 changes: 0 additions & 33 deletions openstack/openstack-seeder/templates/bin/_start.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,38 +3,5 @@
export http_proxy=
export all_proxy=

{{- if .Values.keystone.authUrl }}
URL_BASE={{ .Values.keystone.authUrl }}
{{- else }}
URL_BASE={{include "keystone_url" .}}
{{- end }}

export OS_AUTH_URL=${URL_BASE}/v3
export OS_AUTH_TYPE=v3password
export OS_USERNAME={{ .Values.keystone.username }}
export OS_PASSWORD={{ .Values.keystone.password }}
{{- if .Values.keystone.userDomainId }}
export OS_USER_DOMAIN_ID={{ .Values.keystone.userDomainId }}
{{- end }}
{{- if .Values.keystone.userDomainName }}
export OS_USER_DOMAIN_NAME={{ .Values.keystone.userDomainName }}
{{- end }}
{{- if .Values.keystone.projectName }}
export OS_PROJECT_NAME={{ .Values.keystone.projectName }}
{{- end }}
{{- if .Values.keystone.projectDomainId }}
export OS_PROJECT_DOMAIN_ID={{ .Values.keystone.projectDomainId }}
{{- end }}
{{- if .Values.keystone.projectDomainName }}
export OS_PROJECT_DOMAIN_NAME={{ .Values.keystone.projectDomainName }}
{{- end }}
{{- if .Values.keystone.domainName }}
export OS_DOMAIN_NAME={{ .Values.keystone.domainName }}
{{- end }}
{{- if .Values.keystone.domainId }}
export OS_DOMAIN_ID={{ .Values.keystone.domainId }}
{{- end }}
export OS_REGION={{.Values.global.region}}

echo "Starting openstack-seeder.."
/usr/local/bin/openstack-seeder --logtostderr --v {{ default 1 .Values.logLevel }} --resync {{ default "24h" .Values.resync | quote }} {{- if .Values.dryRun }} --dry-run{{- end }} {{- range (.Values.ignoreNamespace | splitList ",") }}{{- if . }} --ignorenamespace={{- . }}{{- end }}{{- end }} {{- range (.Values.onlyNamespace | splitList ",") }}{{- if . }} --onlynamespace={{- . }}{{- end }}{{- end }}
20 changes: 4 additions & 16 deletions openstack/openstack-seeder/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,22 +42,7 @@ spec:
{{- end }}
command:
- kubernetes-entrypoint
env:
- name: COMMAND
value: "bash /scripts/start"
- name: NAMESPACE
value: {{ .Release.Namespace }}
{{- if .Values.sentry.enabled }}
- name: SENTRY_DSN
{{- if .Values.sentry.dsn }}
value: {{ .Values.sentry.dsn | quote}}
{{ else }}
valueFrom:
secretKeyRef:
name: sentry
key: seeder.DSN
{{- end }}
{{- end }}
env: {{ include "seeder_environment" $ | indent 12 }}
resources:
{{ toYaml .Values.resources | indent 12 }}
volumeMounts:
Expand All @@ -67,3 +52,6 @@ spec:
- name: scripts
configMap:
name: openstack-seeder-bin
- name: seeder-secret
secret:
secretName: seeder-secret
7 changes: 7 additions & 0 deletions openstack/openstack-seeder/templates/secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
apiVersion: v1
kind: Secret
metadata:
name: seeder-secret
type: Opaque
data:
service_user_password: {{ .Values.keystone.password | b64enc }}
9 changes: 1 addition & 8 deletions openstack/openstack-seeder/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ owner-info:
helm-chart-url: "https://github.com/sapcc/helm-charts/tree/master/openstack/openstack-seeder"
maintainers:
- Stefan Hipfel
support-group: compute-storage-api
support-group: foundation
service: seeder

## Specify a imagePullPolicy
Expand All @@ -40,14 +40,7 @@ ignoreNamespace: "limes-global,monsoon3global"
onlyNamespace: ""

keystone:
#authUrl: http://identity.cluster.cloud.sap/v3
identityApiVersion: 3
username: admin
#password: secret
userDomainId: default
projectName: admin
projectDomainId: default
#domainId: default

resources:
limits:
Expand Down