From 85b3ee1a7e87dbea977cb03cea6be98b462d27ff Mon Sep 17 00:00:00 2001 From: rajat verma Date: Sat, 17 Apr 2021 19:33:27 +0530 Subject: [PATCH 1/3] use secrets --- K8s/api-deployment.yaml | 12 +++++++++--- K8s/file-deployment.yaml | 12 +++++++++--- K8s/s3api-deployment.yaml | 12 +++++++++--- K8s/soda-secret.yaml | 24 ++++++++++++++++++++++++ 4 files changed, 51 insertions(+), 9 deletions(-) create mode 100644 K8s/soda-secret.yaml diff --git a/K8s/api-deployment.yaml b/K8s/api-deployment.yaml index 05c0c5751..df9ca2df5 100644 --- a/K8s/api-deployment.yaml +++ b/K8s/api-deployment.yaml @@ -57,12 +57,18 @@ spec: value: keystone - name: OS_AUTH_URL value: http://KEYSTONE_IP/identity + - name: OS_USERNAME + valueFrom: + secretKeyRef: + name: soda-secret + key: OS_USERNAME - name: OS_PASSWORD - value: opensds@123 + valueFrom: + secretKeyRef: + name: soda-secret + key: OS_PASSWORD - name: OS_PROJECT_NAME value: service - - name: OS_USERNAME - value: opensds - name: OS_USER_DOMIN_ID value: Default - name: SVC_FLAG diff --git a/K8s/file-deployment.yaml b/K8s/file-deployment.yaml index 0661348c3..c614611a1 100644 --- a/K8s/file-deployment.yaml +++ b/K8s/file-deployment.yaml @@ -60,12 +60,18 @@ spec: value: keystone - name: OS_AUTH_URL value: http://KEYSTONE_IP/identity - - name: OS_PASSWORD - value: opensds@123 - name: OS_PROJECT_NAME value: service - name: OS_USERNAME - value: opensds + valueFrom: + secretKeyRef: + name: soda-secret + key: OS_USERNAME + - name: OS_PASSWORD + valueFrom: + secretKeyRef: + name: soda-secret + key: OS_PASSWORD - name: OS_USER_DOMIN_ID value: Default image: sodafoundation/multi-cloud-file:RELEASE_VERSION diff --git a/K8s/s3api-deployment.yaml b/K8s/s3api-deployment.yaml index 70f43d840..8cb1acdc3 100644 --- a/K8s/s3api-deployment.yaml +++ b/K8s/s3api-deployment.yaml @@ -58,12 +58,18 @@ spec: value: keystone - name: OS_AUTH_URL value: http://KEYSTONE_IP/identity - - name: OS_PASSWORD - value: opensds@123 - name: OS_PROJECT_NAME value: service - name: OS_USERNAME - value: opensds + valueFrom: + secretKeyRef: + name: soda-secret + key: OS_USERNAME + - name: OS_PASSWORD + valueFrom: + secretKeyRef: + name: soda-secret + key: OS_PASSWORD - name: OS_USER_DOMIN_ID value: Default - name: SVC_FLAG diff --git a/K8s/soda-secret.yaml b/K8s/soda-secret.yaml new file mode 100644 index 000000000..78d14f03f --- /dev/null +++ b/K8s/soda-secret.yaml @@ -0,0 +1,24 @@ +# Copyright 2021 The SODA Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +apiVersion: v1 +kind: Secret +metadata: + namespace: soda-multi-cloud + name: soda-secret +type: Opaque +stringData: + OS_USERNAME: opensds + OS_PASSWORD: opensds@123 \ No newline at end of file From 6a6e92eaf0cb8573dabaa1f5f67ac0e33aa008ee Mon Sep 17 00:00:00 2001 From: rajat verma Date: Mon, 26 Apr 2021 12:53:21 +0530 Subject: [PATCH 2/3] update deployment file to use soda-secret --- K8s/k8s-deploy.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/K8s/k8s-deploy.sh b/K8s/k8s-deploy.sh index 8784c4c3d..27ed9645b 100644 --- a/K8s/k8s-deploy.sh +++ b/K8s/k8s-deploy.sh @@ -1,5 +1,6 @@ # Run this file from multi-cloud folder. kubectl apply -f rbac.yaml +kubectl apply -f soda-secret.yaml #1. Create all the config Maps from files. kubectl create configmap multicloud-config --from-file=../examples/multi-cloud.conf -n soda-multi-cloud From c286ebb155b7811b6364a40a7b02cfa6ac7cde33 Mon Sep 17 00:00:00 2001 From: rajat verma Date: Tue, 27 Apr 2021 23:23:48 +0530 Subject: [PATCH 3/3] add mongodb user passwd in secrets --- K8s/mongo-service-0.yaml | 10 ++++++++-- K8s/mongo-service-1.yaml | 10 ++++++++-- K8s/mongo-service-2.yaml | 10 ++++++++-- K8s/soda-secret.yaml | 5 ++++- 4 files changed, 28 insertions(+), 7 deletions(-) diff --git a/K8s/mongo-service-0.yaml b/K8s/mongo-service-0.yaml index 4266a0c5b..2910e86cf 100644 --- a/K8s/mongo-service-0.yaml +++ b/K8s/mongo-service-0.yaml @@ -75,9 +75,15 @@ spec: - name: "MONGO_CONFIGURE_REPLICA_SET" value: "true" - name: "MONGO_INITDB_ROOT_USERNAME" - value: "admin" + valueFrom: + secretKeyRef: + name: soda-secret + key: "MONGO_USER" - name: "MONGO_INITDB_ROOT_PASSWORD" - value: "mongo" + valueFrom: + secretKeyRef: + name: soda-secret + key: "MONGO_PASSWORD" - name: "MONGODB_ID" value: "mongo-0" livenessProbe: diff --git a/K8s/mongo-service-1.yaml b/K8s/mongo-service-1.yaml index 578282d49..91edc1c66 100644 --- a/K8s/mongo-service-1.yaml +++ b/K8s/mongo-service-1.yaml @@ -73,9 +73,15 @@ spec: memory: "2Gi" env: - name: "MONGO_INITDB_ROOT_USERNAME" - value: "admin" + valueFrom: + secretKeyRef: + name: soda-secret + key: "MONGO_USER" - name: "MONGO_INITDB_ROOT_PASSWORD" - value: "mongo" + valueFrom: + secretKeyRef: + name: soda-secret + key: "MONGO_PASSWORD" - name: "MONGODB_ID" value: "mongo-1" livenessProbe: diff --git a/K8s/mongo-service-2.yaml b/K8s/mongo-service-2.yaml index 9e413f146..ba12a88e2 100644 --- a/K8s/mongo-service-2.yaml +++ b/K8s/mongo-service-2.yaml @@ -73,9 +73,15 @@ spec: memory: "2Gi" env: - name: "MONGO_INITDB_ROOT_USERNAME" - value: "admin" + valueFrom: + secretKeyRef: + name: soda-secret + key: "MONGO_USER" - name: "MONGO_INITDB_ROOT_PASSWORD" - value: "mongo" + valueFrom: + secretKeyRef: + name: soda-secret + key: "MONGO_PASSWORD" - name: "MONGODB_ID" value: "mongo-2" livenessProbe: diff --git a/K8s/soda-secret.yaml b/K8s/soda-secret.yaml index 78d14f03f..305ccb2e0 100644 --- a/K8s/soda-secret.yaml +++ b/K8s/soda-secret.yaml @@ -21,4 +21,7 @@ metadata: type: Opaque stringData: OS_USERNAME: opensds - OS_PASSWORD: opensds@123 \ No newline at end of file + OS_PASSWORD: opensds@123 + MONGO_USER: admin + MONGO_PASSWORD: mongo + \ No newline at end of file