You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by om...@apache.org on 2019/07/26 13:40:14 UTC
[incubator-dlab] branch DLAB-terraform updated: [DLAB-942]: Added
secrets creation
This is an automated email from the ASF dual-hosted git repository.
omartushevskyi pushed a commit to branch DLAB-terraform
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
The following commit(s) were added to refs/heads/DLAB-terraform by this push:
new 5bc2118 [DLAB-942]: Added secrets creation
5bc2118 is described below
commit 5bc2118467a734933adc5c063ee0417fb218386e
Author: Oleh Martushevskyi <Ol...@epam.com>
AuthorDate: Fri Jul 26 16:40:02 2019 +0300
[DLAB-942]: Added secrets creation
---
.../templates/configmap-billing-conf.yaml | 4 +-
.../dlab-billing-chart/templates/deployment.yaml | 6 ++
.../main/dlab-billing-chart/values.yaml | 1 -
.../aws/ssn-helm-charts/main/dlab-billing.tf | 3 +-
.../dlab-ui-chart/templates/configmap-ui-conf.yaml | 2 +-
.../main/dlab-ui-chart/templates/deployment.yaml | 6 ++
.../ssn-helm-charts/main/dlab-ui-chart/values.yaml | 1 -
.../terraform/aws/ssn-helm-charts/main/dlab-ui.tf | 3 +-
.../terraform/aws/ssn-helm-charts/main/keycloak.tf | 8 +-
.../terraform/aws/ssn-helm-charts/main/main.tf | 2 +-
.../terraform/aws/ssn-helm-charts/main/mongo.tf | 7 +-
.../terraform/aws/ssn-helm-charts/main/mysql.tf | 5 +-
.../terraform/aws/ssn-helm-charts/main/nginx.tf | 16 ----
.../terraform/aws/ssn-helm-charts/main/secrets.tf | 101 +++++++++++++++++++++
.../aws/ssn-helm-charts/main/variables.tf | 23 -----
15 files changed, 130 insertions(+), 58 deletions(-)
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/templates/configmap-billing-conf.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/templates/configmap-billing-conf.yaml
index bbf423b..28e8282 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/templates/configmap-billing-conf.yaml
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/templates/configmap-billing-conf.yaml
@@ -37,7 +37,7 @@ data:
host: {{ .Values.billing.mongo.host }}
port: {{ .Values.billing.mongo.port }}
username: {{ .Values.billing.mongo.username }}
- password: {{ .Values.billing.mongo.password }}
+ password: ${MONGO_DB_PASSWORD}
database: {{ .Values.billing.mongo.db_name }}
scheduler:
@@ -60,7 +60,7 @@ data:
host: {{ .Values.billing.mongo.host }}
port: {{ .Values.billing.mongo.port }}
username: {{ .Values.billing.mongo.username }}
- password: {{ .Values.billing.mongo.password }}
+ password: ${MONGO_DB_PASSWORD}
database: {{ .Values.billing.mongo.db_name }}
# bufferSize: 10000
upsert: true
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/templates/deployment.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/templates/deployment.yaml
index fcd2785..975cd65 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/templates/deployment.yaml
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/templates/deployment.yaml
@@ -47,6 +47,12 @@ spec:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
+ env:
+ - name: MONGO_DB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: mongo-db-password
+ key: password
ports:
- name: mongo
containerPort: 21017
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/values.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/values.yaml
index 57e98ef..9482a36 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/values.yaml
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing-chart/values.yaml
@@ -58,5 +58,4 @@ billing:
host: ${mongo_service_name}
port: ${mongo_port}
username: ${mongo_user}
- password: ${mongo_db_password}
db_name: ${mongo_db_name}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing.tf
index 7546f6b..4b42232 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing.tf
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-billing.tf
@@ -23,7 +23,6 @@ data "template_file" "dlab_billing_values" {
template = file("./dlab-billing-chart/values.yaml")
vars = {
mongo_db_name = var.mongo_dbname
- mongo_db_password = var.mongo_db_pwd
mongo_user = var.mongo_db_username
mongo_port = var.mongo_service_port
mongo_service_name = var.mongo_service_name
@@ -33,7 +32,7 @@ data "template_file" "dlab_billing_values" {
resource "helm_release" "dlab-billing" {
name = "dlab-billing"
chart = "./dlab-billing-chart"
- depends_on = [helm_release.mongodb]
+ depends_on = [helm_release.mongodb, kubernetes_secret.mongo_db_password_secret]
wait = true
values = [
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/configmap-ui-conf.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/configmap-ui-conf.yaml
index 96be2af..a4f43bb 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/configmap-ui-conf.yaml
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/configmap-ui-conf.yaml
@@ -46,7 +46,7 @@ data:
host: {{ .Values.dlab_ui.mongo.host }}
port: {{ .Values.dlab_ui.mongo.port }}
username: {{ .Values.dlab_ui.mongo.username }}
- password: {{ .Values.dlab_ui.mongo.password }}
+ password: ${MONGO_DB_PASSWORD}
database: {{ .Values.dlab_ui.mongo.db_name }}
selfService:
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/deployment.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/deployment.yaml
index 06df0ef..f4c202c 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/deployment.yaml
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/templates/deployment.yaml
@@ -47,6 +47,12 @@ spec:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
+ env:
+ - name: MONGO_DB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: mongo-db-password
+ key: password
ports:
# - name: https
# containerPort: 443
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/values.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/values.yaml
index 377861b..da77154 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/values.yaml
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui-chart/values.yaml
@@ -53,5 +53,4 @@ dlab_ui:
host: ${mongo_service_name}
port: ${mongo_port}
username: ${mongo_user}
- password: ${mongo_db_password}
db_name: ${mongo_db_name}
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui.tf
index 8671c6a..5ba4abc 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui.tf
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/dlab-ui.tf
@@ -23,7 +23,6 @@ data "template_file" "dlab_ui_values" {
template = file("./dlab-ui-chart/values.yaml")
vars = {
mongo_db_name = var.mongo_dbname
- mongo_db_password = var.mongo_db_pwd
mongo_user = var.mongo_db_username
mongo_port = var.mongo_service_port
mongo_service_name = var.mongo_service_name
@@ -34,7 +33,7 @@ data "template_file" "dlab_ui_values" {
resource "helm_release" "dlab_ui" {
name = "dlab-ui"
chart = "./dlab-ui-chart"
- depends_on = [helm_release.mongodb]
+ depends_on = [helm_release.mongodb, kubernetes_secret.mongo_db_password_secret]
wait = true
values = [
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/keycloak.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/keycloak.tf
index 2a400f9..ec8887a 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/keycloak.tf
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/keycloak.tf
@@ -24,7 +24,7 @@ data "template_file" "configure_keycloak" {
vars = {
ssn_k8s_alb_dns_name = var.ssn_k8s_alb_dns_name
keycloak_user = var.keycloak_user
- keycloak_passowrd = var.keycloak_password
+ keycloak_passowrd = random_string.keycloak_password.result
ldap_usernameAttr = var.ldap_usernameAttr
ldap_rdnAttr = var.ldap_rdnAttr
ldap_uuidAttr = var.ldap_uuidAttr
@@ -39,12 +39,12 @@ data "template_file" "keycloak_values" {
template = file("./files/keycloak_values.yaml")
vars = {
keycloak_user = var.keycloak_user
- keycloak_password = var.keycloak_password
+ keycloak_password = random_string.keycloak_password.result
ssn_k8s_alb_dns_name = var.ssn_k8s_alb_dns_name
configure_keycloak_file = data.template_file.configure_keycloak.rendered
mysql_db_name = var.mysql_db_name
mysql_user = var.mysql_user
- mysql_user_password = var.mysql_user_password
+ mysql_user_password = random_string.mysql_user_password.result
replicas_count = var.ssn_k8s_workers_count > 3 ? 3 : var.ssn_k8s_workers_count
}
}
@@ -64,5 +64,5 @@ resource "helm_release" "keycloak" {
values = [
data.template_file.keycloak_values.rendered
]
- depends_on = [helm_release.keycloak-mysql]
+ depends_on = [helm_release.keycloak-mysql, kubernetes_secret.keycloak_password_secret]
}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/main.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/main.tf
index 9ecbe1d..b8f4471 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/main.tf
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/main.tf
@@ -26,5 +26,5 @@ provider "helm" {
}
output "mongo_password" {
- value = var.mongo_db_pwd
+ value = random_string.mongo_db_password.result
}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/mongo.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/mongo.tf
index 442f1e9..3eccb93 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/mongo.tf
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/mongo.tf
@@ -22,10 +22,10 @@
data "template_file" "mongo_values" {
template = file("./files/mongo_values.yaml")
vars = {
- mongo_root_pwd = var.mongo_root_pwd
+ mongo_root_pwd = random_string.mongo_root_password.result
mongo_db_username = var.mongo_db_username
mongo_dbname = var.mongo_dbname
- mongo_db_pwd = var.mongo_db_pwd
+ mongo_db_pwd = random_string.mongo_db_password.result
mongo_image_tag = var.mongo_image_tag
mongo_service_port = var.mongo_service_port
mongo_node_port = var.mongo_node_port
@@ -39,5 +39,6 @@ resource "helm_release" "mongodb" {
values = [
data.template_file.mongo_values.rendered
]
- depends_on = [helm_release.nginx]
+ depends_on = [helm_release.nginx, kubernetes_secret.mongo_db_password_secret,
+ kubernetes_secret.mongo_root_password_secret]
}
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/mysql.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/mysql.tf
index 940ef44..98cb238 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/mysql.tf
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/mysql.tf
@@ -22,9 +22,9 @@
data "template_file" "mysql_values" {
template = file("./files/mysql_values.yaml")
vars = {
- mysql_root_password = var.mysql_root_password
+ mysql_root_password = random_string.mysql_root_password.result
mysql_user = var.mysql_user
- mysql_user_password = var.mysql_user_password
+ mysql_user_password = random_string.mysql_user_password.result
mysql_db_name = var.mysql_db_name
mysql_volume_claim = kubernetes_persistent_volume_claim.example.metadata.0.name
}
@@ -37,6 +37,7 @@ resource "helm_release" "keycloak-mysql" {
values = [
data.template_file.mysql_values.rendered
]
+ depends_on = [kubernetes_secret.mysql_root_password_secret, kubernetes_secret.mysql_user_password_secret]
}
provider "kubernetes" {}
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/nginx.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/nginx.tf
index 59cd32b..541b961 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/nginx.tf
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/nginx.tf
@@ -27,20 +27,4 @@ resource "helm_release" "nginx" {
values = [
file("files/nginx_values.yaml")
]
-
-// set {
-// name = "controller.service.nodePorts.http"
-// value = "${var.nginx_http_port}"
-// }
-//
-// set {
-// name = "controller.service.nodePorts.https"
-// value = "${var.nginx_https_port}"
-// }
-//
-// set {
-// name = "controller.service.type"
-// value = "NodePort"
-// }
-
}
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/secrets.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/secrets.tf
new file mode 100644
index 0000000..0d8f912
--- /dev/null
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/secrets.tf
@@ -0,0 +1,101 @@
+# *****************************************************************************
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# ******************************************************************************
+
+resource "random_string" "keycloak_password" {
+ length = 16
+ special = true
+ override_special = "/@\" "
+}
+
+
+resource "kubernetes_secret" "keycloak_password_secret" {
+ metadata {
+ name = "keycloak-password"
+ }
+
+ data = {
+ password = random_string.keycloak_password.result
+ }
+}
+
+resource "random_string" "mongo_root_password" {
+ length = 16
+ special = true
+ override_special = "/@\" "
+}
+
+resource "kubernetes_secret" "mongo_root_password_secret" {
+ metadata {
+ name = "mongo-root-password"
+ }
+
+ data = {
+ password = random_string.mongo_root_password
+ }
+}
+
+resource "random_string" "mongo_db_password" {
+ length = 16
+ special = true
+ override_special = "/@\" "
+}
+
+resource "kubernetes_secret" "mongo_db_password_secret" {
+ metadata {
+ name = "mongo-db-password"
+ }
+
+ data = {
+ password = random_string.mongo_db_password
+ }
+}
+
+resource "random_string" "mysql_root_password" {
+ length = 16
+ special = true
+ override_special = "/@\" "
+}
+
+resource "kubernetes_secret" "mysql_root_password_secret" {
+ metadata {
+ name = "mysql-root-password"
+ }
+
+ data = {
+ password = random_string.mysql_root_password
+ }
+}
+
+resource "random_string" "mysql_user_password" {
+ length = 16
+ special = true
+ override_special = "/@\" "
+}
+
+resource "kubernetes_secret" "mysql_user_password_secret" {
+ metadata {
+ name = "mysql-user-password"
+ }
+
+ data = {
+ password = random_string.mysql_user_password
+ }
+}
\ No newline at end of file
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/variables.tf b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/variables.tf
index 3f3da65..3d84931 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/variables.tf
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/variables.tf
@@ -27,22 +27,10 @@ variable "keycloak_user" {
default = "dlab-admin"
}
-variable "keycloak_password" {
- default = "keycloak123"
-}
-
-variable "mysql_root_password" {
- default = "mysqlroot123"
-}
-
variable "mysql_user" {
default = "keycloak"
}
-variable "mysql_user_password" {
- default = "keycloak123"
-}
-
variable "mysql_db_name" {
default = "keycloak"
}
@@ -75,23 +63,12 @@ variable "ldap_connection_url" {
default = ""
}
-variable "mongo_root_pwd" {
- default = "$tr0ng_r00T-passworI)"
- description = "Password for MongoDB root user"
-}
variable "mongo_db_username" {
default = "admin"
- description = "Password for MongoDB root user"
}
variable "mongo_dbname" {
default = "dlabdb"
- description = "Password for MongoDB root user"
-}
-
-variable "mongo_db_pwd" {
- default = "$tr0ng_N0N=r00T-passworI)"
- description = "Password for MongoDB root user"
}
variable "mongo_image_tag" {
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org