From 7d73fbd2a8c275c732dc7707a754623635e29e1f Mon Sep 17 00:00:00 2001 From: jupierce Date: Tue, 29 Nov 2016 11:18:16 -0500 Subject: [PATCH] Moving credentials into secrets --- .../templates/nodejs-mongodb-persistent.json | 61 +++++++++++-- openshift/templates/nodejs-mongodb.json | 91 ++++++++++++++----- openshift/templates/nodejs.json | 43 --------- 3 files changed, 123 insertions(+), 72 deletions(-) diff --git a/openshift/templates/nodejs-mongodb-persistent.json b/openshift/templates/nodejs-mongodb-persistent.json index e427678..b061c60 100644 --- a/openshift/templates/nodejs-mongodb-persistent.json +++ b/openshift/templates/nodejs-mongodb-persistent.json @@ -15,6 +15,18 @@ "template": "nodejs-mongo-persistent" }, "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData": { + "databaseUser": "${DATABASE_USER}", + "databasePassword": "${DATABASE_PASSWORD}", + "databaseAdminPassword" : "${DATABASE_ADMIN_PASSWORD}" + } + }, { "kind": "Service", "apiVersion": "v1", @@ -186,11 +198,21 @@ }, { "name": "MONGODB_USER", - "value": "${DATABASE_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } }, { "name": "MONGODB_PASSWORD", - "value": "${DATABASE_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } }, { "name": "MONGODB_DATABASE", @@ -198,7 +220,12 @@ }, { "name": "MONGODB_ADMIN_PASSWORD", - "value": "${DATABASE_ADMIN_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseAdminPassword" + } + } } ], "readinessProbe": { @@ -323,11 +350,21 @@ "env": [ { "name": "MONGODB_USER", - "value": "${DATABASE_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } }, { "name": "MONGODB_PASSWORD", - "value": "${DATABASE_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } }, { "name": "MONGODB_DATABASE", @@ -335,14 +372,24 @@ }, { "name": "MONGODB_ADMIN_PASSWORD", - "value": "${DATABASE_ADMIN_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseAdminPassword" + } + } } ], "readinessProbe": { "timeoutSeconds": 1, "initialDelaySeconds": 3, "exec": { - "command": [ "/bin/sh", "-i", "-c", "mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD --eval=\"quit()\""] + "command": [ + "/bin/sh", + "-i", + "-c", + "mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD --eval=\"quit()\"" + ] } }, "livenessProbe": { diff --git a/openshift/templates/nodejs-mongodb.json b/openshift/templates/nodejs-mongodb.json index d4b4add..91f9ec7 100644 --- a/openshift/templates/nodejs-mongodb.json +++ b/openshift/templates/nodejs-mongodb.json @@ -15,6 +15,18 @@ "template": "nodejs-mongodb-example" }, "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData": { + "databaseUser": "${DATABASE_USER}", + "databasePassword": "${DATABASE_PASSWORD}", + "databaseAdminPassword" : "${DATABASE_ADMIN_PASSWORD}" + } + }, { "kind": "Service", "apiVersion": "v1", @@ -88,10 +100,10 @@ "namespace": "${NAMESPACE}", "name": "nodejs:4" }, - "env": [ + "env": [ { - "name": "NPM_MIRROR", - "value": "${NPM_MIRROR}" + "name": "NPM_MIRROR", + "value": "${NPM_MIRROR}" } ] } @@ -186,11 +198,21 @@ }, { "name": "MONGODB_USER", - "value": "${DATABASE_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } }, { "name": "MONGODB_PASSWORD", - "value": "${DATABASE_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } }, { "name": "MONGODB_DATABASE", @@ -198,7 +220,12 @@ }, { "name": "MONGODB_ADMIN_PASSWORD", - "value": "${DATABASE_ADMIN_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseAdminPassword" + } + } } ], "readinessProbe": { @@ -210,17 +237,17 @@ } }, "livenessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 30, - "httpGet": { - "path": "/pagecount", - "port": 8080 - } + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/pagecount", + "port": 8080 + } }, "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } + "limits": { + "memory": "${MEMORY_LIMIT}" + } } } ] @@ -306,11 +333,21 @@ "env": [ { "name": "MONGODB_USER", - "value": "${DATABASE_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } }, { "name": "MONGODB_PASSWORD", - "value": "${DATABASE_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } }, { "name": "MONGODB_DATABASE", @@ -318,14 +355,24 @@ }, { "name": "MONGODB_ADMIN_PASSWORD", - "value": "${DATABASE_ADMIN_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseAdminPassword" + } + } } ], "readinessProbe": { "timeoutSeconds": 1, "initialDelaySeconds": 3, "exec": { - "command": [ "/bin/sh", "-i", "-c", "mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD --eval=\"quit()\""] + "command": [ + "/bin/sh", + "-i", + "-c", + "mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD --eval=\"quit()\"" + ] } }, "livenessProbe": { @@ -336,9 +383,9 @@ } }, "resources": { - "limits": { - "memory": "${MEMORY_MONGODB_LIMIT}" - } + "limits": { + "memory": "${MEMORY_MONGODB_LIMIT}" + } }, "volumeMounts": [ { diff --git a/openshift/templates/nodejs.json b/openshift/templates/nodejs.json index de82552..297c815 100644 --- a/openshift/templates/nodejs.json +++ b/openshift/templates/nodejs.json @@ -200,26 +200,6 @@ } }, "env": [ - { - "name": "DATABASE_SERVICE_NAME", - "value": "${DATABASE_SERVICE_NAME}" - }, - { - "name": "MONGODB_USER", - "value": "${MONGODB_USER}" - }, - { - "name": "MONGODB_PASSWORD", - "value": "${MONGODB_PASSWORD}" - }, - { - "name": "MONGODB_DATABASE", - "value": "${MONGODB_DATABASE}" - }, - { - "name": "MONGODB_ADMIN_PASSWORD", - "value": "${MONGODB_ADMIN_PASSWORD}" - } ], "resources": { "limits": { @@ -292,29 +272,6 @@ "generate": "expression", "from": "[a-zA-Z0-9]{40}" }, - { - "name": "DATABASE_SERVICE_NAME", - "displayName": "Database Service Name" - }, - { - "name": "MONGODB_USER", - "displayName": "MongoDB Username", - "description": "Username for MongoDB user that will be used for accessing the database." - }, - { - "name": "MONGODB_PASSWORD", - "displayName": "MongoDB Password", - "description": "Password for the MongoDB user." - }, - { - "name": "MONGODB_DATABASE", - "displayName": "Database Name" - }, - { - "name": "MONGODB_ADMIN_PASSWORD", - "displayName": "Database Administrator Password", - "description": "Password for the database admin user." - }, { "name": "NPM_MIRROR", "displayName": "Custom NPM Mirror URL",