From 712dbdc8897122ece2b565b063674f20873410cd Mon Sep 17 00:00:00 2001 From: "zhongjun.li" Date: Fri, 8 Mar 2024 15:23:41 +0800 Subject: [PATCH] move-storage-config-to-secret Signed-off-by: zhongjun.li --- charts/clusterpedia/Chart.yaml | 2 +- charts/clusterpedia/templates/_helpers.tpl | 12 ++-- .../templates/apiserver-deployment.yaml | 55 +++++++------------ .../clustersynchro-manager-deployment.yaml | 55 +++++++------------ .../templates/internalstorage-configmap.yaml | 6 -- .../templates/internalstorage-secret.yaml | 11 +++- .../templates/scripts-configmap.yaml | 50 ++++++----------- 7 files changed, 76 insertions(+), 115 deletions(-) diff --git a/charts/clusterpedia/Chart.yaml b/charts/clusterpedia/Chart.yaml index bc101a6..dd1775d 100644 --- a/charts/clusterpedia/Chart.yaml +++ b/charts/clusterpedia/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 2.2.0 +version: 3.0.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/clusterpedia/templates/_helpers.tpl b/charts/clusterpedia/templates/_helpers.tpl index 40b0fed..f197452 100644 --- a/charts/clusterpedia/templates/_helpers.tpl +++ b/charts/clusterpedia/templates/_helpers.tpl @@ -171,22 +171,22 @@ Return the proper Docker Image Registry Secret Names {{- define "clusterpedia.storage.password" -}} {{- if eq .Values.storageInstallMode "external" }} {{- if empty (include "clusterpedia.storage.dsn" .) -}} - {{- required "Please set correct storage password!" .Values.externalStorage.password | toString | b64enc -}} + {{- required "Please set correct storage password!" .Values.externalStorage.password | toString -}} {{- else -}} - {{- .Values.externalStorage.password | toString | b64enc -}} + {{- .Values.externalStorage.password | toString -}} {{- end -}} {{- else -}} {{- if eq (include "clusterpedia.storage.type" .) "postgres" }} {{- if not (empty .Values.global.postgresql.auth.username) -}} - {{- .Values.global.postgresql.auth.password | toString | b64enc -}} + {{- .Values.global.postgresql.auth.password | toString -}} {{- else -}} - {{- .Values.global.postgresql.auth.postgresPassword | toString | b64enc -}} + {{- .Values.global.postgresql.auth.postgresPassword | toString -}} {{- end -}} {{- else if eq (include "clusterpedia.storage.type" .) "mysql" -}} {{- if not (empty .Values.mysql.auth.username) -}} - {{- .Values.mysql.auth.password | toString | b64enc -}} + {{- .Values.mysql.auth.password | toString -}} {{- else -}} - {{- .Values.mysql.auth.rootPassword | toString | b64enc -}} + {{- .Values.mysql.auth.rootPassword | toString -}} {{- end -}} {{- end -}} {{- end -}} diff --git a/charts/clusterpedia/templates/apiserver-deployment.yaml b/charts/clusterpedia/templates/apiserver-deployment.yaml index 062f881..c2bf6e5 100644 --- a/charts/clusterpedia/templates/apiserver-deployment.yaml +++ b/charts/clusterpedia/templates/apiserver-deployment.yaml @@ -39,33 +39,30 @@ spec: {{- if eq (include "clusterpedia.storage.type" .) "postgres" }} - | # Load YAML data into a Bash variable - source /opt/scripts/parse-yaml.sh; - create_variables /etc/clusterpedia/storage/internalstorage-config.yaml; - until psql -U ${user} -h ${host} -p ${port} postgres -c "SELECT 1 FROM pg_database WHERE datname = ${database}" | grep -q 1 || psql -U ${user} -h ${host} -p ${port} postgres -c "CREATE DATABASE ${database} owner ${user} " -c "GRANT ALL PRIVILEGES ON DATABASE ${database} to ${user}"; do + if [ -n ${DB_DSN} ]; then source /opt/scripts/parse-yaml.sh; create_variables ${DB_DSN}; fi; + until psql -U ${DB_USER} -h ${DB_HOST} -p ${DB_PORT} postgres -c "SELECT 1 FROM pg_database WHERE datname = ${DB_DATABASE}" | grep -q 1 || psql -U ${DB_USER} -h ${DB_HOST} -p ${DB_PORT} postgres -c "CREATE DATABASE ${DB_DATABASE} owner ${DB_USER} " -c "GRANT ALL PRIVILEGES ON DATABASE ${DB_DATABASE} to ${DB_USER}"; do echo waiting for database check && sleep 1; done; echo 'DataBase OK ✓' {{- else if eq (include "clusterpedia.storage.type" .) "mysql" }} - | # Load YAML data into a Bash variable - source /opt/scripts/parse-yaml.sh; - create_variables /etc/clusterpedia/storage/internalstorage-config.yaml; - if [ -z $password ]; then password=${DB_PASSWORD}; fi; - until mysql -u${user} -p${password} --host=${host} --port=${port} -e "CREATE DATABASE IF NOT EXISTS ${database}"; do + if [ -n ${DB_DSN} ]; then source /opt/scripts/parse-yaml.sh; create_variables ${DB_DSN}; fi; + until mysql -u${DB_USER} -p${DB_PASSWORD} --host=${DB_HOST} --port=${DB_PORT} -e "CREATE DATABASE IF NOT EXISTS ${DB_DATABASE}"; do echo waiting for database check && sleep 1; done; echo 'DataBase OK ✓' {{- end }} + envFrom: + - secretRef: + name: {{ include "clusterpedia.internalstorage.fullname" . }} env: - name: {{ include "clusterpedia.storage.password.envKey" . }} valueFrom: secretKeyRef: name: {{ include "clusterpedia.internalstorage.fullname" . }} - key: password + key: DB_PASSWORD volumeMounts: - - name: internalstorage-config - mountPath: /etc/clusterpedia/storage - readOnly: true - name: scripts mountPath: /opt/scripts readOnly: true @@ -78,35 +75,24 @@ spec: {{- if eq (include "clusterpedia.storage.type" .) "postgres" }} - | # Load YAML data into a Bash variable - source /opt/scripts/parse-yaml.sh; - create_variables /etc/clusterpedia/storage/internalstorage-config.yaml; - until pg_isready -U ${user} -d "dbname=${database}" -h ${host} -p ${port}; do + if [ -n ${DB_DSN} ]; then source /opt/scripts/parse-yaml.sh; create_variables ${DB_DSN}; fi; + until pg_isready -U ${DB_USER} -d "dbname=${DB_DATABASE}" -h ${DB_HOST} -p ${DB_PORT}; do echo waiting for database check && sleep 1; done; echo 'DataBase OK ✓' {{- else if eq (include "clusterpedia.storage.type" .) "mysql" }} - | # Load YAML data into a Bash variable - source /opt/scripts/parse-yaml.sh; - create_variables /etc/clusterpedia/storage/internalstorage-config.yaml; - if [ -z $password ]; then password=${DB_PASSWORD}; fi; - until mysqladmin status -u${user} -p${password} --host=${host} --port=${port}; do + if [ -n ${DB_DSN} ]; then source /opt/scripts/parse-yaml.sh; create_variables ${DB_DSN}; fi; + until mysqladmin status -u${DB_USER} -p${DB_PASSWORD} --host=${DB_HOST} --port=${DB_PORT}; do echo waiting for database check && sleep 1; done; echo 'DataBase OK ✓' {{- end }} - {{- if eq (include "clusterpedia.storage.type" .) "mysql" }} - env: - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "clusterpedia.internalstorage.fullname" . }} - key: password - {{- end }} + envFrom: + - secretRef: + name: {{ include "clusterpedia.internalstorage.fullname" . }} volumeMounts: - - name: internalstorage-config - mountPath: /etc/clusterpedia/storage - readOnly: true - name: scripts mountPath: /opt/scripts readOnly: true @@ -129,12 +115,10 @@ spec: {{- if .Values.apiserver.resources }} resources: {{- toYaml .Values.apiserver.resources | nindent 12 }} {{- end }} - env: - - name: DB_PASSWORD - valueFrom: - secretKeyRef: + envFrom: + - secretRef: name: {{ include "clusterpedia.internalstorage.fullname" . }} - key: password + env: {{- include "clusterpedia.apiserver.tracing.env" . | nindent 8 }} {{- if .Values.apiserver.enableSHA1Cert }} - name: GODEBUG @@ -163,6 +147,9 @@ spec: tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.apiserver.tolerations "context" $) | nindent 8 }} {{- end }} volumes: + - name: internalstorage-connection-config + secret: + secretName: {{ include "clusterpedia.internalstorage.fullname" . }} - name: internalstorage-config configMap: name: {{ include "clusterpedia.internalstorage.fullname" . }} diff --git a/charts/clusterpedia/templates/clustersynchro-manager-deployment.yaml b/charts/clusterpedia/templates/clustersynchro-manager-deployment.yaml index 8a3c5a7..bbc162e 100644 --- a/charts/clusterpedia/templates/clustersynchro-manager-deployment.yaml +++ b/charts/clusterpedia/templates/clustersynchro-manager-deployment.yaml @@ -39,33 +39,30 @@ spec: {{- if eq (include "clusterpedia.storage.type" .) "postgres" }} - | # Load YAML data into a Bash variable - source /opt/scripts/parse-yaml.sh; - create_variables /etc/clusterpedia/storage/internalstorage-config.yaml; - until psql -U ${user} -h ${host} -p ${port} postgres -c "SELECT 1 FROM pg_database WHERE datname = '{{ include "clusterpedia.storage.database" . }}'" | grep -q 1 || psql -U ${user} -h ${host} -p ${port} postgres -c "CREATE DATABASE {{ include "clusterpedia.storage.database" . }} owner ${user} " -c "GRANT ALL PRIVILEGES ON DATABASE {{ include "clusterpedia.storage.database" . }} to ${user} "; do + if [ -n ${DB_DSN} ]; then source /opt/scripts/parse-yaml.sh; create_variables ${DB_DSN}; fi; + until psql -U ${DB_USER} -h ${DB_HOST} -p ${DB_PORT} postgres -c "SELECT 1 FROM pg_database WHERE datname = '{{ include "clusterpedia.storage.database" . }}'" | grep -q 1 || psql -U ${DB_USER} -h ${DB_HOST} -p ${DB_PORT} postgres -c "CREATE DATABASE {{ include "clusterpedia.storage.database" . }} owner ${DB_USER} " -c "GRANT ALL PRIVILEGES ON DATABASE {{ include "clusterpedia.storage.database" . }} to ${DB_USER} "; do echo waiting for database check && sleep 1; done; echo 'DataBase OK ✓' {{- else if eq (include "clusterpedia.storage.type" .) "mysql" }} - | # Load YAML data into a Bash variable - source /opt/scripts/parse-yaml.sh; - create_variables /etc/clusterpedia/storage/internalstorage-config.yaml; - if [ -z $password ]; then password=${DB_PASSWORD}; fi; - until mysql -u${user} -p${password} --host=${host} --port=${port} -e 'CREATE DATABASE IF NOT EXISTS {{ include "clusterpedia.storage.database" . }}'; do + if [ -n ${DB_DSN} ]; then source /opt/scripts/parse-yaml.sh; create_variables ${DB_DSN}; fi; + until mysql -u${DB_USER} -p${DB_PASSWORD} --host=${DB_HOST} --port=${DB_PORT} -e 'CREATE DATABASE IF NOT EXISTS {{ include "clusterpedia.storage.database" . }}'; do echo waiting for database check && sleep 1; done; echo 'DataBase OK ✓' {{- end }} + envFrom: + - secretRef: + name: {{ include "clusterpedia.internalstorage.fullname" . }} env: - name: {{ include "clusterpedia.storage.password.envKey" . }} valueFrom: secretKeyRef: name: {{ include "clusterpedia.internalstorage.fullname" . }} - key: password + key: DB_PASSWORD volumeMounts: - - name: internalstorage-config - mountPath: /etc/clusterpedia/storage - readOnly: true - name: scripts mountPath: /opt/scripts readOnly: true @@ -78,35 +75,24 @@ spec: {{- if eq (include "clusterpedia.storage.type" .) "postgres" }} - | # Load YAML data into a Bash variable - source /opt/scripts/parse-yaml.sh; - create_variables /etc/clusterpedia/storage/internalstorage-config.yaml; - until pg_isready -U ${user} -d "dbname=${database}" -h ${host} -p ${port}; do + if [ -n ${DB_DSN} ]; then source /opt/scripts/parse-yaml.sh; create_variables ${DB_DSN}; fi; + until pg_isready -U ${DB_USER} -d "dbname=${DB_DATABASE}" -h ${DB_HOST} -p ${DB_PORT}; do echo waiting for database check && sleep 1; done; echo 'DataBase OK ✓' {{- else if eq (include "clusterpedia.storage.type" .) "mysql" }} - | # Load YAML data into a Bash variable - source /opt/scripts/parse-yaml.sh; - create_variables /etc/clusterpedia/storage/internalstorage-config.yaml; - if [ -z $password ]; then password=${DB_PASSWORD}; fi; - until mysqladmin status -u${user} -p${password} --host=${host} --port=${port}; do + if [ -n ${DB_DSN} ]; then source /opt/scripts/parse-yaml.sh; create_variables ${DB_DSN}; fi; + until mysqladmin status -u${DB_USER} -p${DB_PASSWORD} --host=${DB_HOST} --port=${DB_PORT}; do echo waiting for database check && sleep 1; done; echo 'DataBase OK ✓' {{- end }} - {{- if eq (include "clusterpedia.storage.type" .) "mysql" }} - env: - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "clusterpedia.internalstorage.fullname" . }} - key: password - {{- end }} + envFrom: + - secretRef: + name: {{ include "clusterpedia.internalstorage.fullname" . }} volumeMounts: - - name: internalstorage-config - mountPath: /etc/clusterpedia/storage - readOnly: true - name: scripts mountPath: /opt/scripts readOnly: true @@ -133,12 +119,10 @@ spec: {{- if .Values.clustersynchroManager.resources }} resources: {{- toYaml .Values.clustersynchroManager.resources | nindent 12 }} {{- end }} + envFrom: + - secretRef: + name: {{ include "clusterpedia.internalstorage.fullname" . }} env: - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "clusterpedia.internalstorage.fullname" . }} - key: password - name: GODEBUG value: netdns=go volumeMounts: @@ -156,6 +140,9 @@ spec: tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.clustersynchroManager.tolerations "context" $) | nindent 8 }} {{- end }} volumes: + - name: internalstorage-connection-config + secret: + secretName: {{ include "clusterpedia.internalstorage.fullname" . }} - name: internalstorage-config configMap: name: {{ include "clusterpedia.internalstorage.fullname" . }} diff --git a/charts/clusterpedia/templates/internalstorage-configmap.yaml b/charts/clusterpedia/templates/internalstorage-configmap.yaml index 3929be6..f6d4215 100644 --- a/charts/clusterpedia/templates/internalstorage-configmap.yaml +++ b/charts/clusterpedia/templates/internalstorage-configmap.yaml @@ -6,12 +6,6 @@ metadata: labels: {{- include "common.labels.standard" . | nindent 4 }} data: internalstorage-config.yaml: |- - type: {{ include "clusterpedia.storage.type" . | quote }} - dsn: {{ include "clusterpedia.storage.dsn" . | quote }} - host: {{ include "clusterpedia.storage.host" . | quote }} - port: {{ include "clusterpedia.storage.port" . }} - user: {{ include "clusterpedia.storage.user" . }} - database: {{ include "clusterpedia.storage.database" . }} {{ if .Values.storageConfig.log.enabled }} log: stdout: {{ .Values.storageConfig.log.stdout }} diff --git a/charts/clusterpedia/templates/internalstorage-secret.yaml b/charts/clusterpedia/templates/internalstorage-secret.yaml index 0a89e1c..d1e8c67 100644 --- a/charts/clusterpedia/templates/internalstorage-secret.yaml +++ b/charts/clusterpedia/templates/internalstorage-secret.yaml @@ -7,4 +7,13 @@ metadata: app: {{ include "clusterpedia.internalstorage.fullname" . }} internalstorage.clusterpedia.io/type: {{ include "clusterpedia.storage.type" . }} data: - password: {{ include "clusterpedia.storage.password" . }} + DB_TYPE: {{ include "clusterpedia.storage.type" . | b64enc | quote}} +{{- if empty (include "clusterpedia.storage.dsn" .) }} + DB_HOST: {{ include "clusterpedia.storage.host" . | b64enc }} + DB_PORT: "{{ include "clusterpedia.storage.port" . | b64enc }}" + DB_USER: "{{ include "clusterpedia.storage.user" . | b64enc }}" + DB_DATABASE: {{ include "clusterpedia.storage.database" . | b64enc }} + DB_PASSWORD: {{ include "clusterpedia.storage.password" . | b64enc }} +{{- else }} + DB_DSN: {{ include "clusterpedia.storage.dsn" . | b64enc | quote}} +{{- end }} \ No newline at end of file diff --git a/charts/clusterpedia/templates/scripts-configmap.yaml b/charts/clusterpedia/templates/scripts-configmap.yaml index a811ec6..51a6221 100644 --- a/charts/clusterpedia/templates/scripts-configmap.yaml +++ b/charts/clusterpedia/templates/scripts-configmap.yaml @@ -6,23 +6,6 @@ metadata: labels: {{- include "common.labels.standard" . | nindent 4 }} data: parse-yaml.sh: | - function parse_yaml() { - local prefix=$2 - local s='[[:space:]]*' w='[a-zA-Z0-9_]*' fs=$(echo @|tr @ '\034') - sed -ne "s|^\($s\):|\1|" \ - -e "s|^\($s\)\($w\)$s:$s[\"']\(.*\)[\"']$s\$|\1$fs\2$fs\3|p" \ - -e "s|^\($s\)\($w\)$s:$s\(.*\)$s\$|\1$fs\2$fs\3|p" $1 | - awk -F$fs '{ - indent = length($1)/2; - vname[indent] = $2; - for (i in vname) {if (i > indent) {delete vname[i]}} - if (length($3) > 0) { - vn=""; for (i=0; i