7 files changed, 72 insertions, 31 deletions

diff --git a/src/examples/elevate2018.yml b/src/examples/elevate2018.yml
index da750d1..bfa43ca 100644
--- a/src/examples/elevate2018.yml
+++ b/src/examples/elevate2018.yml
@@ -44,6 +44,10 @@ globals:
     emc-02: "http-public2*"
     emc-03: "http-public3*"
     emc-04: "http-public4*"
+  deployment:
+    type: kubernetes
+    parameter:
+      image_version: 12
 inputs:
   sdi-orig:
     type: decklink
@@ -91,14 +95,14 @@ streams:
      burst-on-connect: 5
      hostname: "elevate-live%i.spreadspace.org"
      repeater: True
-records:
-  av:
-    muxes:
-      avr: { format: rec, profile: rec }
-    directory: /srv/elevate2017/
-    filename: "av-orig %Y-%m-%d %H-%M-%S"
-  audio:
-    muxes:
-      audio-orig: { format: ogg, profile: high }
-    directory: /srv/elevate2017/
-    filename: "audio-orig %Y-%m-%d %H-%M-%S"
+# records:
+#   av:
+#     muxes:
+#       avr: { format: rec, profile: rec }
+#     directory: /srv/elevate2017/
+#     filename: "av-orig %Y-%m-%d %H-%M-%S"
+#   audio:
+#     muxes:
+#       audio-orig: { format: ogg, profile: high }
+#     directory: /srv/elevate2017/
+#     filename: "audio-orig %Y-%m-%d %H-%M-%S"
diff --git a/src/flufigut.py b/src/flufigut.py
index 2e2923d..0f8ae4a 100755
--- a/src/flufigut.py
+++ b/src/flufigut.py
@@ -33,8 +33,10 @@ import os
 import sys
 import yaml
 import jinja2
+import crypt
 import kubernetes
 import time
+import base64
 
 # helper functions ############################################
 #
@@ -564,6 +566,14 @@ class Planet:
         planet_xml = template.render(globals=self._desc.globals, atmosphere=self.atmosphere, flow=self.flow)
         return planet_xml + "\n"
 
+    def htpasswd(self):
+        salt = rand_string(6)
+        out = "%s:%s\n" % (self._desc.globals['admin']['username'], crypt.crypt(self._desc.globals['admin']['password'], salt))
+        for _, worker in self.workers.items():
+            salt = rand_string(6)
+            out += "%s:%s\n" % (worker['name'], crypt.crypt(worker['password'], salt))
+        return out.encode('utf-8')
+
 
 # kubernetes handling #############################
 #
@@ -608,6 +618,10 @@ class K8sDeployment:
         cm['data']['planet.xml'] = self._planet.toXML(template_dir)
         v1.create_namespaced_config_map(self._namespace, cm)
 
+        secret = self.__generate_object(tmpl_env, 'flumotion-manager-secret.yml')
+        secret['data']['htpasswd'] = base64.b64encode(self._planet.htpasswd()).decode('ascii')
+        v1.create_namespaced_secret(self._namespace, secret)
+
         deploy = self.__generate_object(tmpl_env, 'flumotion-manager-deploy.yml')
         appsV1.create_namespaced_deployment(self._namespace, deploy)
 
diff --git a/templates/default/flumotion/planet.xml.j2 b/templates/default/flumotion/planet.xml.j2
index 0a86b30..cac9fc0 100644
--- a/templates/default/flumotion/planet.xml.j2
+++ b/templates/default/flumotion/planet.xml.j2
@@ -2,15 +2,19 @@
 <planet name="{{ globals.name }}">
 
   <manager name="{{ globals.name }}">
-<!--    <host>{{ globals.manager.host }}</host> -->
+{%- if globals.deployment.type == "kubernetes" %}
     <host>0.0.0.0</host>
+{%- else %}
+    <host>{{ globals.manager.host }}</host>
+{%- endif %}
     <port>{{ globals.manager.port }}</port>
     <transport>{{ globals.manager.transport }}</transport>
     <component name="manager-bouncer" type="htpasswdcrypt-bouncer">
-<!--      <property name="filename">/etc/flumotion/{{ globals.name }}.passwd</property> -->
-      <property name="data">
-      user:PSfNpHTkpTx1M
-      </property>
+{%- if globals.deployment.type == "kubernetes" %}
+      <property name="filename">/srv/secret/htpasswd</property>
+{%- else %}
+      <property name="filename">/etc/flumotion/{{ globals.name }}.passwd</property>
+{%- endif %}
     </component>
   </manager>
 
diff --git a/templates/default/kubernetes/flumotion-manager-deploy.yml.j2 b/templates/default/kubernetes/flumotion-manager-deploy.yml.j2
index 04b36e4..b48b719 100644
--- a/templates/default/kubernetes/flumotion-manager-deploy.yml.j2
+++ b/templates/default/kubernetes/flumotion-manager-deploy.yml.j2
@@ -22,18 +22,23 @@ spec:
         type: manager
     spec:
       nodeName: {{ desc.globals.manager.machine }}
+      securityContext:
+        runAsUser: 998
+        fsGroup: 998
       containers:
       - name: flumotion
-        image: spreadspace/flumotion:manager
+        image: spreadspace/flumotion:manager-{{ desc.globals.deployment.parameter.image_version }}
         imagePullPolicy: Always
         args:
         - --verbose
-        - /etc/flumotion/planet.xml
+        - /srv/config/planet.xml
         volumeMounts:
         - name: home
           mountPath: /srv
         - name: planet-config
-          mountPath: /etc/flumotion
+          mountPath: /srv/config
+        - name: secret
+          mountPath: /srv/secret
       volumes:
       - name: home
         emptyDir:
@@ -41,3 +46,7 @@ spec:
       - name: planet-config
         configMap:
           name: flumotion-manager
+      - name: secret
+        secret:
+          secretName: flumotion-manager
+          defaultMode: 0400
diff --git a/templates/default/kubernetes/flumotion-manager-secret.yml.j2 b/templates/default/kubernetes/flumotion-manager-secret.yml.j2
new file mode 100644
index 0000000..0b64372
--- /dev/null
+++ b/templates/default/kubernetes/flumotion-manager-secret.yml.j2
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: {{ namespace }}
+  name: flumotion-manager
+  labels:
+    app: flumotion
+    type: manager
+type: Opaque
+data:
+  htpasswd: dXNlcjpQU2ZOcEhUa3BUeDFNCg==
diff --git a/templates/default/kubernetes/flumotion-manager-svc.yml.j2 b/templates/default/kubernetes/flumotion-manager-svc.yml.j2
index 5d0dac7..e7787bf 100644
--- a/templates/default/kubernetes/flumotion-manager-svc.yml.j2
+++ b/templates/default/kubernetes/flumotion-manager-svc.yml.j2
@@ -12,9 +12,5 @@ spec:
     type: manager
   clusterIP: {{ desc.globals.manager.host }}
   ports:
-  - name: ssl
-    port: 7531
-    protocol: TCP
-  - name: plain
-    port: 8642
-    protocol: TCP
+  - name: {{ desc.globals.manager.transport }}
+    port: {{ desc.globals.manager.port }}
diff --git a/templates/default/kubernetes/flumotion-worker-deploy.yml.j2 b/templates/default/kubernetes/flumotion-worker-deploy.yml.j2
index d184661..60a8ebe 100644
--- a/templates/default/kubernetes/flumotion-worker-deploy.yml.j2
+++ b/templates/default/kubernetes/flumotion-worker-deploy.yml.j2
@@ -22,19 +22,22 @@ spec:
         type: worker
     spec:
       nodeName: {{ worker.name }}
+      securityContext:
+        runAsUser: 998
+        fsGroup: 998
       containers:
 {% for subname, sub in worker.subs.items() %}
       - name: {{ subname }}
-        image: spreadspace/flumotion:worker
+        image: spreadspace/flumotion:worker-{{ desc.globals.deployment.parameter.image_version }}
         imagePullPolicy: Always
         args:
         - --verbose
-        - -H flumotion-manager
-        - -P 8642
-        - -T tcp
+        - -H {{ desc.globals.manager.host }}
+        - -P {{ desc.globals.manager.port }}
+        - -T {{ desc.globals.manager.transport }}
         - -n {{ sub.fullname }}
-        - -u user
-        - -p test
+        - -u {{ worker.name }}
+        - -p {{ worker.password }}
         - -F {{ 8000 + loop.index0 * 10 }}-{{ 8001 + loop.index0 * 10 }}
         volumeMounts:
         - name: home