diff options
author | Christian Pointner <equinox@spreadspace.org> | 2018-02-04 02:06:04 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2018-02-04 02:06:04 +0100 |
commit | 2dcacdd2ef11b9da25636aa7f899e6afe6b05fdf (patch) | |
tree | f45e8da479a3721eac1155872f6364df428f6c60 | |
parent | seperate paswords for each work (diff) |
worker password are secrets now as well
-rwxr-xr-x | src/flufigut.py | 4 | ||||
-rw-r--r-- | templates/default/kubernetes/flumotion-worker-deploy.yml.j2 | 8 | ||||
-rw-r--r-- | templates/default/kubernetes/flumotion-worker-secret.yml.j2 | 11 |
3 files changed, 22 insertions, 1 deletions
diff --git a/src/flufigut.py b/src/flufigut.py index 0f8ae4a..77980d7 100755 --- a/src/flufigut.py +++ b/src/flufigut.py @@ -632,6 +632,10 @@ class K8sDeployment: 'flags': worker['flags'] } + secret = self.__generate_object(tmpl_env, 'flumotion-worker-secret.yml', worker) + secret['data']['password'] = base64.b64encode(worker['password'].encode('utf-8')).decode('ascii') + v1.create_namespaced_secret(self._namespace, secret) + deploy = self.__generate_object(tmpl_env, 'flumotion-worker-deploy.yml', worker) appsV1.create_namespaced_deployment(self._namespace, deploy) diff --git a/templates/default/kubernetes/flumotion-worker-deploy.yml.j2 b/templates/default/kubernetes/flumotion-worker-deploy.yml.j2 index 60a8ebe..9098866 100644 --- a/templates/default/kubernetes/flumotion-worker-deploy.yml.j2 +++ b/templates/default/kubernetes/flumotion-worker-deploy.yml.j2 @@ -30,6 +30,12 @@ spec: - name: {{ subname }} image: spreadspace/flumotion:worker-{{ desc.globals.deployment.parameter.image_version }} imagePullPolicy: Always + env: + - name: WORKER_PASSWORD + valueFrom: + secretKeyRef: + name: flumotion-worker-{{ worker.name }} + key: password args: - --verbose - -H {{ desc.globals.manager.host }} @@ -37,7 +43,7 @@ spec: - -T {{ desc.globals.manager.transport }} - -n {{ sub.fullname }} - -u {{ worker.name }} - - -p {{ worker.password }} + - -p $(WORKER_PASSWORD) - -F {{ 8000 + loop.index0 * 10 }}-{{ 8001 + loop.index0 * 10 }} volumeMounts: - name: home diff --git a/templates/default/kubernetes/flumotion-worker-secret.yml.j2 b/templates/default/kubernetes/flumotion-worker-secret.yml.j2 new file mode 100644 index 0000000..ec07df7 --- /dev/null +++ b/templates/default/kubernetes/flumotion-worker-secret.yml.j2 @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + namespace: {{ namespace }} + name: flumotion-worker-{{ worker.name }} + labels: + app: flumotion + type: worker +type: Opaque +data: + password: dGVzdAo= |