From a2a8c79f2d0dcd23d688c8c1bef3b703c35b3c6f Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 4 Feb 2018 01:25:46 +0100 Subject: seperate paswords for each work --- .../default/kubernetes/flumotion-manager-deploy.yml.j2 | 15 ++++++++++++--- .../default/kubernetes/flumotion-manager-secret.yml.j2 | 11 +++++++++++ templates/default/kubernetes/flumotion-manager-svc.yml.j2 | 8 ++------ .../default/kubernetes/flumotion-worker-deploy.yml.j2 | 15 +++++++++------ 4 files changed, 34 insertions(+), 15 deletions(-) create mode 100644 templates/default/kubernetes/flumotion-manager-secret.yml.j2 (limited to 'templates/default/kubernetes') diff --git a/templates/default/kubernetes/flumotion-manager-deploy.yml.j2 b/templates/default/kubernetes/flumotion-manager-deploy.yml.j2 index 04b36e4..b48b719 100644 --- a/templates/default/kubernetes/flumotion-manager-deploy.yml.j2 +++ b/templates/default/kubernetes/flumotion-manager-deploy.yml.j2 @@ -22,18 +22,23 @@ spec: type: manager spec: nodeName: {{ desc.globals.manager.machine }} + securityContext: + runAsUser: 998 + fsGroup: 998 containers: - name: flumotion - image: spreadspace/flumotion:manager + image: spreadspace/flumotion:manager-{{ desc.globals.deployment.parameter.image_version }} imagePullPolicy: Always args: - --verbose - - /etc/flumotion/planet.xml + - /srv/config/planet.xml volumeMounts: - name: home mountPath: /srv - name: planet-config - mountPath: /etc/flumotion + mountPath: /srv/config + - name: secret + mountPath: /srv/secret volumes: - name: home emptyDir: @@ -41,3 +46,7 @@ spec: - name: planet-config configMap: name: flumotion-manager + - name: secret + secret: + secretName: flumotion-manager + defaultMode: 0400 diff --git a/templates/default/kubernetes/flumotion-manager-secret.yml.j2 b/templates/default/kubernetes/flumotion-manager-secret.yml.j2 new file mode 100644 index 0000000..0b64372 --- /dev/null +++ b/templates/default/kubernetes/flumotion-manager-secret.yml.j2 @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + namespace: {{ namespace }} + name: flumotion-manager + labels: + app: flumotion + type: manager +type: Opaque +data: + htpasswd: dXNlcjpQU2ZOcEhUa3BUeDFNCg== diff --git a/templates/default/kubernetes/flumotion-manager-svc.yml.j2 b/templates/default/kubernetes/flumotion-manager-svc.yml.j2 index 5d0dac7..e7787bf 100644 --- a/templates/default/kubernetes/flumotion-manager-svc.yml.j2 +++ b/templates/default/kubernetes/flumotion-manager-svc.yml.j2 @@ -12,9 +12,5 @@ spec: type: manager clusterIP: {{ desc.globals.manager.host }} ports: - - name: ssl - port: 7531 - protocol: TCP - - name: plain - port: 8642 - protocol: TCP + - name: {{ desc.globals.manager.transport }} + port: {{ desc.globals.manager.port }} diff --git a/templates/default/kubernetes/flumotion-worker-deploy.yml.j2 b/templates/default/kubernetes/flumotion-worker-deploy.yml.j2 index d184661..60a8ebe 100644 --- a/templates/default/kubernetes/flumotion-worker-deploy.yml.j2 +++ b/templates/default/kubernetes/flumotion-worker-deploy.yml.j2 @@ -22,19 +22,22 @@ spec: type: worker spec: nodeName: {{ worker.name }} + securityContext: + runAsUser: 998 + fsGroup: 998 containers: {% for subname, sub in worker.subs.items() %} - name: {{ subname }} - image: spreadspace/flumotion:worker + image: spreadspace/flumotion:worker-{{ desc.globals.deployment.parameter.image_version }} imagePullPolicy: Always args: - --verbose - - -H flumotion-manager - - -P 8642 - - -T tcp + - -H {{ desc.globals.manager.host }} + - -P {{ desc.globals.manager.port }} + - -T {{ desc.globals.manager.transport }} - -n {{ sub.fullname }} - - -u user - - -p test + - -u {{ worker.name }} + - -p {{ worker.password }} - -F {{ 8000 + loop.index0 * 10 }}-{{ 8001 + loop.index0 * 10 }} volumeMounts: - name: home -- cgit v1.2.3