add secrets to postgrs
This commit is contained in:
parent
ded683b8ee
commit
a4e034a529
8 changed files with 88 additions and 17 deletions
14
src/main/clj/dda/k8s_keycloak/base64.clj
Normal file
14
src/main/clj/dda/k8s_keycloak/base64.clj
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
(ns dda.k8s-keycloak.base64
|
||||
(:import (java.util Base64)))
|
||||
|
||||
(defn encode
|
||||
[string]
|
||||
(.encodeToString
|
||||
(Base64/getEncoder)
|
||||
(.getBytes string)))
|
||||
|
||||
(defn decode
|
||||
[string]
|
||||
(String.
|
||||
(.decode (Base64/getDecoder) string)
|
||||
"UTF-8"))
|
||||
|
|
@ -21,11 +21,21 @@
|
|||
(clojure.walk/postwalk #(if (and (map? %)
|
||||
(= name (:name %)))
|
||||
{:name name :value value}
|
||||
%) coll))
|
||||
%)
|
||||
coll))
|
||||
|
||||
(defn replace-key-value
|
||||
[coll key value]
|
||||
(clojure.walk/postwalk #(if (and (map? %)
|
||||
(contains? % key))
|
||||
(assoc % key value)
|
||||
%)
|
||||
coll))
|
||||
|
||||
(defn replace-all-matching-values-by-new-value
|
||||
[coll value-to-match value-to-replace]
|
||||
(clojure.walk/postwalk #(if (and (= (type value-to-match) (type %))
|
||||
(= value-to-match %))
|
||||
value-to-replace
|
||||
%) coll))
|
||||
%)
|
||||
coll))
|
||||
|
|
|
|||
|
|
@ -62,10 +62,12 @@
|
|||
my-auth auth?]
|
||||
(cs/join "\n"
|
||||
[(yaml/to-string (pg/generate-config))
|
||||
"---"
|
||||
(yaml/to-string (pg/generate-secret my-auth))
|
||||
"---"
|
||||
(yaml/to-string (pg/generate-service))
|
||||
"---"
|
||||
(yaml/to-string (pg/generate-deployment my-auth))
|
||||
(yaml/to-string (pg/generate-deployment))
|
||||
"---"
|
||||
(yaml/to-string (generate-config my-config my-auth))
|
||||
"---"
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
(:require
|
||||
[clojure.spec.alpha :as s]
|
||||
[dda.k8s-keycloak.yaml :as yaml]
|
||||
[dda.k8s-keycloak.base64 :as b64]
|
||||
[dda.k8s-keycloak.common :as cm]))
|
||||
|
||||
(s/def ::postgres-db-user cm/bash-env-string?)
|
||||
|
|
@ -10,12 +11,15 @@
|
|||
(defn generate-config []
|
||||
(yaml/from-string (yaml/load-resource "postgres/config.yaml")))
|
||||
|
||||
(defn generate-deployment [my-auth]
|
||||
(defn generate-secret [my-auth]
|
||||
(let [{:keys [postgres-db-user postgres-db-password]} my-auth]
|
||||
(->
|
||||
(yaml/from-string (yaml/load-resource "postgres/deployment.yaml"))
|
||||
(cm/replace-named-value "POSTGRES_USER" postgres-db-user)
|
||||
(cm/replace-named-value "POSTGRES_PASSWORD" postgres-db-password))))
|
||||
(yaml/from-string (yaml/load-resource "postgres/secret.yaml"))
|
||||
(cm/replace-key-value :postgres-user (b64/encode postgres-db-user))
|
||||
(cm/replace-key-value :postgres-password (b64/encode postgres-db-password)))))
|
||||
|
||||
(defn generate-deployment []
|
||||
(yaml/from-string (yaml/load-resource "postgres/deployment.yaml")))
|
||||
|
||||
(defn generate-service []
|
||||
(yaml/from-string (yaml/load-resource "postgres/service.yaml")))
|
||||
|
|
|
|||
9
src/main/cljs/dda/k8s_keycloak/base64.cljs
Normal file
9
src/main/cljs/dda/k8s_keycloak/base64.cljs
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
(ns dda.k8s-keycloak.base64)
|
||||
|
||||
(defn encode
|
||||
[string]
|
||||
(.btoa js/window string))
|
||||
|
||||
(defn decode
|
||||
[string]
|
||||
(.atob js/window string))
|
||||
|
|
@ -18,14 +18,20 @@ spec:
|
|||
name: postgresql
|
||||
env:
|
||||
- name: POSTGRES_USER
|
||||
value: "psql-user"
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-secret
|
||||
key: postgres-user
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-secret
|
||||
key: postgres-password
|
||||
- name: POSTGRES_DB
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: postgres-config
|
||||
key: postgres-db
|
||||
- name: POSTGRES_PASSWORD
|
||||
value: "psql-pw"
|
||||
key: postgres-db
|
||||
ports:
|
||||
- containerPort: 5432
|
||||
name: postgresql
|
||||
|
|
|
|||
8
src/main/resources/postgres/secret.yaml
Normal file
8
src/main/resources/postgres/secret.yaml
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: postgres-secret
|
||||
type: Opaque
|
||||
data:
|
||||
postgres-user: "psql-user"
|
||||
postgres-password: "psql-pw"
|
||||
|
|
@ -4,6 +4,16 @@
|
|||
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
|
||||
[dda.k8s-keycloak.postgres :as cut]))
|
||||
|
||||
(deftest should-generate-secret
|
||||
(is (= {:apiVersion "v1"
|
||||
:kind "Secret"
|
||||
:metadata {:name "postgres-secret"}
|
||||
:type "Opaque"
|
||||
:data
|
||||
{:postgres-user "cHNxbHVzZXI="
|
||||
:postgres-password "dGVzdDEyMzQ="}}
|
||||
(cut/generate-secret {:postgres-db-user "psqluser" :postgres-db-password "test1234"}))))
|
||||
|
||||
(deftest should-generate-postgres-deployment
|
||||
(is (= {:apiVersion "apps/v1"
|
||||
:kind "Deployment"
|
||||
|
|
@ -18,11 +28,19 @@
|
|||
[{:image "postgres"
|
||||
:name "postgresql"
|
||||
:env
|
||||
[{:name "POSTGRES_USER", :value "psqluser"}
|
||||
{:name "POSTGRES_DB", :valueFrom
|
||||
{:configMapKeyRef
|
||||
{:name "postgres-config", :key "postgres-db"}}}
|
||||
{:name "POSTGRES_PASSWORD", :value "test1234"}]
|
||||
[{:name "POSTGRES_USER"
|
||||
:valueFrom
|
||||
{:secretKeyRef
|
||||
{:name "postgres-secret", :key "postgres-user"}}}
|
||||
{:valueFrom
|
||||
{:secretKeyRef
|
||||
{:name "postgres-secret"
|
||||
:key "postgres-password"}}
|
||||
:name "POSTGRES_PASSWORD"}
|
||||
{:valueFrom
|
||||
{:configMapKeyRef
|
||||
{:name "postgres-config", :key "postgres-db"}}
|
||||
:name "POSTGRES_DB"}]
|
||||
:ports [{:containerPort 5432, :name "postgresql"}]
|
||||
:volumeMounts
|
||||
[{:name "postgres-config-volume"
|
||||
|
|
@ -30,4 +48,4 @@
|
|||
:subPath "postgresql.conf"
|
||||
:readOnly true}]}]
|
||||
:volumes [{:name "postgres-config-volume", :configMap {:name "postgres-config"}}]}}}}
|
||||
(cut/generate-deployment {:postgres-db-user "psqluser" :postgres-db-password "test1234"}))))
|
||||
(cut/generate-deployment))))
|
||||
|
|
|
|||
Loading…
Reference in a new issue
