Skip to content

Commit

Permalink
move-storage-config-to-secret
Browse files Browse the repository at this point in the history
Signed-off-by: zhongjun.li <[email protected]>
  • Loading branch information
learner0810 committed Mar 13, 2024
1 parent 90b2fff commit 712dbdc
Show file tree
Hide file tree
Showing 7 changed files with 76 additions and 115 deletions.
2 changes: 1 addition & 1 deletion charts/clusterpedia/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 2.2.0
version: 3.0.0

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
Expand Down
12 changes: 6 additions & 6 deletions charts/clusterpedia/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -171,22 +171,22 @@ Return the proper Docker Image Registry Secret Names
{{- define "clusterpedia.storage.password" -}}
{{- if eq .Values.storageInstallMode "external" }}
{{- if empty (include "clusterpedia.storage.dsn" .) -}}
{{- required "Please set correct storage password!" .Values.externalStorage.password | toString | b64enc -}}
{{- required "Please set correct storage password!" .Values.externalStorage.password | toString -}}
{{- else -}}
{{- .Values.externalStorage.password | toString | b64enc -}}
{{- .Values.externalStorage.password | toString -}}
{{- end -}}
{{- else -}}
{{- if eq (include "clusterpedia.storage.type" .) "postgres" }}
{{- if not (empty .Values.global.postgresql.auth.username) -}}
{{- .Values.global.postgresql.auth.password | toString | b64enc -}}
{{- .Values.global.postgresql.auth.password | toString -}}
{{- else -}}
{{- .Values.global.postgresql.auth.postgresPassword | toString | b64enc -}}
{{- .Values.global.postgresql.auth.postgresPassword | toString -}}
{{- end -}}
{{- else if eq (include "clusterpedia.storage.type" .) "mysql" -}}
{{- if not (empty .Values.mysql.auth.username) -}}
{{- .Values.mysql.auth.password | toString | b64enc -}}
{{- .Values.mysql.auth.password | toString -}}
{{- else -}}
{{- .Values.mysql.auth.rootPassword | toString | b64enc -}}
{{- .Values.mysql.auth.rootPassword | toString -}}
{{- end -}}
{{- end -}}
{{- end -}}
Expand Down
55 changes: 21 additions & 34 deletions charts/clusterpedia/templates/apiserver-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -39,33 +39,30 @@ spec:
{{- if eq (include "clusterpedia.storage.type" .) "postgres" }}
- |
# Load YAML data into a Bash variable
source /opt/scripts/parse-yaml.sh;
create_variables /etc/clusterpedia/storage/internalstorage-config.yaml;
until psql -U ${user} -h ${host} -p ${port} postgres -c "SELECT 1 FROM pg_database WHERE datname = ${database}" | grep -q 1 || psql -U ${user} -h ${host} -p ${port} postgres -c "CREATE DATABASE ${database} owner ${user} " -c "GRANT ALL PRIVILEGES ON DATABASE ${database} to ${user}"; do
if [ -n ${DB_DSN} ]; then source /opt/scripts/parse-yaml.sh; create_variables ${DB_DSN}; fi;
until psql -U ${DB_USER} -h ${DB_HOST} -p ${DB_PORT} postgres -c "SELECT 1 FROM pg_database WHERE datname = ${DB_DATABASE}" | grep -q 1 || psql -U ${DB_USER} -h ${DB_HOST} -p ${DB_PORT} postgres -c "CREATE DATABASE ${DB_DATABASE} owner ${DB_USER} " -c "GRANT ALL PRIVILEGES ON DATABASE ${DB_DATABASE} to ${DB_USER}"; do
echo waiting for database check && sleep 1;
done;
echo 'DataBase OK ✓'
{{- else if eq (include "clusterpedia.storage.type" .) "mysql" }}
- |
# Load YAML data into a Bash variable
source /opt/scripts/parse-yaml.sh;
create_variables /etc/clusterpedia/storage/internalstorage-config.yaml;
if [ -z $password ]; then password=${DB_PASSWORD}; fi;
until mysql -u${user} -p${password} --host=${host} --port=${port} -e "CREATE DATABASE IF NOT EXISTS ${database}"; do
if [ -n ${DB_DSN} ]; then source /opt/scripts/parse-yaml.sh; create_variables ${DB_DSN}; fi;
until mysql -u${DB_USER} -p${DB_PASSWORD} --host=${DB_HOST} --port=${DB_PORT} -e "CREATE DATABASE IF NOT EXISTS ${DB_DATABASE}"; do
echo waiting for database check && sleep 1;
done;
echo 'DataBase OK ✓'
{{- end }}
envFrom:
- secretRef:
name: {{ include "clusterpedia.internalstorage.fullname" . }}
env:
- name: {{ include "clusterpedia.storage.password.envKey" . }}
valueFrom:
secretKeyRef:
name: {{ include "clusterpedia.internalstorage.fullname" . }}
key: password
key: DB_PASSWORD
volumeMounts:
- name: internalstorage-config
mountPath: /etc/clusterpedia/storage
readOnly: true
- name: scripts
mountPath: /opt/scripts
readOnly: true
Expand All @@ -78,35 +75,24 @@ spec:
{{- if eq (include "clusterpedia.storage.type" .) "postgres" }}
- |
# Load YAML data into a Bash variable
source /opt/scripts/parse-yaml.sh;
create_variables /etc/clusterpedia/storage/internalstorage-config.yaml;
until pg_isready -U ${user} -d "dbname=${database}" -h ${host} -p ${port}; do
if [ -n ${DB_DSN} ]; then source /opt/scripts/parse-yaml.sh; create_variables ${DB_DSN}; fi;
until pg_isready -U ${DB_USER} -d "dbname=${DB_DATABASE}" -h ${DB_HOST} -p ${DB_PORT}; do
echo waiting for database check && sleep 1;
done;
echo 'DataBase OK ✓'
{{- else if eq (include "clusterpedia.storage.type" .) "mysql" }}
- |
# Load YAML data into a Bash variable
source /opt/scripts/parse-yaml.sh;
create_variables /etc/clusterpedia/storage/internalstorage-config.yaml;
if [ -z $password ]; then password=${DB_PASSWORD}; fi;
until mysqladmin status -u${user} -p${password} --host=${host} --port=${port}; do
if [ -n ${DB_DSN} ]; then source /opt/scripts/parse-yaml.sh; create_variables ${DB_DSN}; fi;
until mysqladmin status -u${DB_USER} -p${DB_PASSWORD} --host=${DB_HOST} --port=${DB_PORT}; do
echo waiting for database check && sleep 1;
done;
echo 'DataBase OK ✓'
{{- end }}
{{- if eq (include "clusterpedia.storage.type" .) "mysql" }}
env:
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "clusterpedia.internalstorage.fullname" . }}
key: password
{{- end }}
envFrom:
- secretRef:
name: {{ include "clusterpedia.internalstorage.fullname" . }}
volumeMounts:
- name: internalstorage-config
mountPath: /etc/clusterpedia/storage
readOnly: true
- name: scripts
mountPath: /opt/scripts
readOnly: true
Expand All @@ -129,12 +115,10 @@ spec:
{{- if .Values.apiserver.resources }}
resources: {{- toYaml .Values.apiserver.resources | nindent 12 }}
{{- end }}
env:
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
envFrom:
- secretRef:
name: {{ include "clusterpedia.internalstorage.fullname" . }}
key: password
env:
{{- include "clusterpedia.apiserver.tracing.env" . | nindent 8 }}
{{- if .Values.apiserver.enableSHA1Cert }}
- name: GODEBUG
Expand Down Expand Up @@ -163,6 +147,9 @@ spec:
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.apiserver.tolerations "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: internalstorage-connection-config
secret:
secretName: {{ include "clusterpedia.internalstorage.fullname" . }}
- name: internalstorage-config
configMap:
name: {{ include "clusterpedia.internalstorage.fullname" . }}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,33 +39,30 @@ spec:
{{- if eq (include "clusterpedia.storage.type" .) "postgres" }}
- |
# Load YAML data into a Bash variable
source /opt/scripts/parse-yaml.sh;
create_variables /etc/clusterpedia/storage/internalstorage-config.yaml;
until psql -U ${user} -h ${host} -p ${port} postgres -c "SELECT 1 FROM pg_database WHERE datname = '{{ include "clusterpedia.storage.database" . }}'" | grep -q 1 || psql -U ${user} -h ${host} -p ${port} postgres -c "CREATE DATABASE {{ include "clusterpedia.storage.database" . }} owner ${user} " -c "GRANT ALL PRIVILEGES ON DATABASE {{ include "clusterpedia.storage.database" . }} to ${user} "; do
if [ -n ${DB_DSN} ]; then source /opt/scripts/parse-yaml.sh; create_variables ${DB_DSN}; fi;
until psql -U ${DB_USER} -h ${DB_HOST} -p ${DB_PORT} postgres -c "SELECT 1 FROM pg_database WHERE datname = '{{ include "clusterpedia.storage.database" . }}'" | grep -q 1 || psql -U ${DB_USER} -h ${DB_HOST} -p ${DB_PORT} postgres -c "CREATE DATABASE {{ include "clusterpedia.storage.database" . }} owner ${DB_USER} " -c "GRANT ALL PRIVILEGES ON DATABASE {{ include "clusterpedia.storage.database" . }} to ${DB_USER} "; do
echo waiting for database check && sleep 1;
done;
echo 'DataBase OK ✓'
{{- else if eq (include "clusterpedia.storage.type" .) "mysql" }}
- |
# Load YAML data into a Bash variable
source /opt/scripts/parse-yaml.sh;
create_variables /etc/clusterpedia/storage/internalstorage-config.yaml;
if [ -z $password ]; then password=${DB_PASSWORD}; fi;
until mysql -u${user} -p${password} --host=${host} --port=${port} -e 'CREATE DATABASE IF NOT EXISTS {{ include "clusterpedia.storage.database" . }}'; do
if [ -n ${DB_DSN} ]; then source /opt/scripts/parse-yaml.sh; create_variables ${DB_DSN}; fi;
until mysql -u${DB_USER} -p${DB_PASSWORD} --host=${DB_HOST} --port=${DB_PORT} -e 'CREATE DATABASE IF NOT EXISTS {{ include "clusterpedia.storage.database" . }}'; do
echo waiting for database check && sleep 1;
done;
echo 'DataBase OK ✓'
{{- end }}
envFrom:
- secretRef:
name: {{ include "clusterpedia.internalstorage.fullname" . }}
env:
- name: {{ include "clusterpedia.storage.password.envKey" . }}
valueFrom:
secretKeyRef:
name: {{ include "clusterpedia.internalstorage.fullname" . }}
key: password
key: DB_PASSWORD
volumeMounts:
- name: internalstorage-config
mountPath: /etc/clusterpedia/storage
readOnly: true
- name: scripts
mountPath: /opt/scripts
readOnly: true
Expand All @@ -78,35 +75,24 @@ spec:
{{- if eq (include "clusterpedia.storage.type" .) "postgres" }}
- |
# Load YAML data into a Bash variable
source /opt/scripts/parse-yaml.sh;
create_variables /etc/clusterpedia/storage/internalstorage-config.yaml;
until pg_isready -U ${user} -d "dbname=${database}" -h ${host} -p ${port}; do
if [ -n ${DB_DSN} ]; then source /opt/scripts/parse-yaml.sh; create_variables ${DB_DSN}; fi;
until pg_isready -U ${DB_USER} -d "dbname=${DB_DATABASE}" -h ${DB_HOST} -p ${DB_PORT}; do
echo waiting for database check && sleep 1;
done;
echo 'DataBase OK ✓'
{{- else if eq (include "clusterpedia.storage.type" .) "mysql" }}
- |
# Load YAML data into a Bash variable
source /opt/scripts/parse-yaml.sh;
create_variables /etc/clusterpedia/storage/internalstorage-config.yaml;
if [ -z $password ]; then password=${DB_PASSWORD}; fi;
until mysqladmin status -u${user} -p${password} --host=${host} --port=${port}; do
if [ -n ${DB_DSN} ]; then source /opt/scripts/parse-yaml.sh; create_variables ${DB_DSN}; fi;
until mysqladmin status -u${DB_USER} -p${DB_PASSWORD} --host=${DB_HOST} --port=${DB_PORT}; do
echo waiting for database check && sleep 1;
done;
echo 'DataBase OK ✓'
{{- end }}
{{- if eq (include "clusterpedia.storage.type" .) "mysql" }}
env:
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "clusterpedia.internalstorage.fullname" . }}
key: password
{{- end }}
envFrom:
- secretRef:
name: {{ include "clusterpedia.internalstorage.fullname" . }}
volumeMounts:
- name: internalstorage-config
mountPath: /etc/clusterpedia/storage
readOnly: true
- name: scripts
mountPath: /opt/scripts
readOnly: true
Expand All @@ -133,12 +119,10 @@ spec:
{{- if .Values.clustersynchroManager.resources }}
resources: {{- toYaml .Values.clustersynchroManager.resources | nindent 12 }}
{{- end }}
envFrom:
- secretRef:
name: {{ include "clusterpedia.internalstorage.fullname" . }}
env:
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "clusterpedia.internalstorage.fullname" . }}
key: password
- name: GODEBUG
value: netdns=go
volumeMounts:
Expand All @@ -156,6 +140,9 @@ spec:
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.clustersynchroManager.tolerations "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: internalstorage-connection-config
secret:
secretName: {{ include "clusterpedia.internalstorage.fullname" . }}
- name: internalstorage-config
configMap:
name: {{ include "clusterpedia.internalstorage.fullname" . }}
Expand Down
6 changes: 0 additions & 6 deletions charts/clusterpedia/templates/internalstorage-configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,6 @@ metadata:
labels: {{- include "common.labels.standard" . | nindent 4 }}
data:
internalstorage-config.yaml: |-
type: {{ include "clusterpedia.storage.type" . | quote }}
dsn: {{ include "clusterpedia.storage.dsn" . | quote }}
host: {{ include "clusterpedia.storage.host" . | quote }}
port: {{ include "clusterpedia.storage.port" . }}
user: {{ include "clusterpedia.storage.user" . }}
database: {{ include "clusterpedia.storage.database" . }}
{{ if .Values.storageConfig.log.enabled }}
log:
stdout: {{ .Values.storageConfig.log.stdout }}
Expand Down
11 changes: 10 additions & 1 deletion charts/clusterpedia/templates/internalstorage-secret.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,13 @@ metadata:
app: {{ include "clusterpedia.internalstorage.fullname" . }}
internalstorage.clusterpedia.io/type: {{ include "clusterpedia.storage.type" . }}
data:
password: {{ include "clusterpedia.storage.password" . }}
DB_TYPE: {{ include "clusterpedia.storage.type" . | b64enc | quote}}
{{- if empty (include "clusterpedia.storage.dsn" .) }}
DB_HOST: {{ include "clusterpedia.storage.host" . | b64enc }}
DB_PORT: "{{ include "clusterpedia.storage.port" . | b64enc }}"
DB_USER: "{{ include "clusterpedia.storage.user" . | b64enc }}"
DB_DATABASE: {{ include "clusterpedia.storage.database" . | b64enc }}
DB_PASSWORD: {{ include "clusterpedia.storage.password" . | b64enc }}
{{- else }}
DB_DSN: {{ include "clusterpedia.storage.dsn" . | b64enc | quote}}
{{- end }}
50 changes: 17 additions & 33 deletions charts/clusterpedia/templates/scripts-configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,23 +6,6 @@ metadata:
labels: {{- include "common.labels.standard" . | nindent 4 }}
data:
parse-yaml.sh: |
function parse_yaml() {
local prefix=$2
local s='[[:space:]]*' w='[a-zA-Z0-9_]*' fs=$(echo @|tr @ '\034')
sed -ne "s|^\($s\):|\1|" \
-e "s|^\($s\)\($w\)$s:$s[\"']\(.*\)[\"']$s\$|\1$fs\2$fs\3|p" \
-e "s|^\($s\)\($w\)$s:$s\(.*\)$s\$|\1$fs\2$fs\3|p" $1 |
awk -F$fs '{
indent = length($1)/2;
vname[indent] = $2;
for (i in vname) {if (i > indent) {delete vname[i]}}
if (length($3) > 0) {
vn=""; for (i=0; i<indent; i++) {vn=(vn)(vname[i])("_")}
printf("%s%s%s=\"%s\"\n", "'$prefix'",vn, $2, $3);
}
}'
}
function parse_mysql_dsn() {
local dsn=$1
if [ -z $dsn ]
Expand All @@ -41,11 +24,11 @@ data:
IFS=':' read -r -a address <<< $address; host=${address[0]}; port=${address[1]}
fi
echo "database=\"$database\""
echo "host=\"$host\""
echo "port=\"$port\""
echo "user=\"$user\""
echo "password=\"$password\""
echo "DB_DATABASE=\"$database\""
echo "DB_HOST=\"$host\""
echo "DB_PORT=\"$port\""
echo "DB_USER=\"$user\""
echo "DB_PASSWORD=\"$password\""
}
function parse_postgres_dsn() {
Expand All @@ -63,6 +46,9 @@ data:
if [[ $kv == "user"* ]]; then
IFS='=' read -r -a _kv <<< $kv; user=${_kv[1]}
fi
if [[ $kv == "password"* ]]; then
IFS='=' read -r -a _kv <<< $kv; password=${_kv[1]}
fi
if [[ $kv == "port"* ]]; then
IFS='=' read -r -a _kv <<< $kv; port=${_kv[1]}
fi
Expand All @@ -71,23 +57,21 @@ data:
fi
done
echo "database=\"$database\""
echo "host=\"$host\""
echo "port=\"$port\""
echo "user=\"$user\""
echo "DB_DATABASE=\"$database\""
echo "DB_HOST=\"$host\""
echo "DB_PORT=\"$port\""
echo "DB_USER=\"$user\""
echo "PGPASSWORD=\"$password\""
}
function create_variables() {
local yaml_file="$1"
eval "$(parse_yaml "$yaml_file")"
if [ $type == "mysql" ]
if [ $DB_TYPE == "mysql" ]
then
eval $(parse_mysql_dsn "$dsn")
eval $(parse_mysql_dsn "$DB_DSN")
fi
if [ $type == "postgres" ]
if [ $DB_TYPE == "postgres" ]
then
eval $(parse_postgres_dsn "$dsn")
eval $(parse_postgres_dsn "$DB_DSN")
fi
}

0 comments on commit 712dbdc

Please sign in to comment.