add secrets to postgrs
This commit is contained in:
parent
ded683b8ee
commit
a4e034a529
8 changed files with 88 additions and 17 deletions
14
src/main/clj/dda/k8s_keycloak/base64.clj
Normal file
14
src/main/clj/dda/k8s_keycloak/base64.clj
Normal file
|
|
@ -0,0 +1,14 @@
|
||||||
|
(ns dda.k8s-keycloak.base64
|
||||||
|
(:import (java.util Base64)))
|
||||||
|
|
||||||
|
(defn encode
|
||||||
|
[string]
|
||||||
|
(.encodeToString
|
||||||
|
(Base64/getEncoder)
|
||||||
|
(.getBytes string)))
|
||||||
|
|
||||||
|
(defn decode
|
||||||
|
[string]
|
||||||
|
(String.
|
||||||
|
(.decode (Base64/getDecoder) string)
|
||||||
|
"UTF-8"))
|
||||||
|
|
@ -21,11 +21,21 @@
|
||||||
(clojure.walk/postwalk #(if (and (map? %)
|
(clojure.walk/postwalk #(if (and (map? %)
|
||||||
(= name (:name %)))
|
(= name (:name %)))
|
||||||
{:name name :value value}
|
{:name name :value value}
|
||||||
%) coll))
|
%)
|
||||||
|
coll))
|
||||||
|
|
||||||
|
(defn replace-key-value
|
||||||
|
[coll key value]
|
||||||
|
(clojure.walk/postwalk #(if (and (map? %)
|
||||||
|
(contains? % key))
|
||||||
|
(assoc % key value)
|
||||||
|
%)
|
||||||
|
coll))
|
||||||
|
|
||||||
(defn replace-all-matching-values-by-new-value
|
(defn replace-all-matching-values-by-new-value
|
||||||
[coll value-to-match value-to-replace]
|
[coll value-to-match value-to-replace]
|
||||||
(clojure.walk/postwalk #(if (and (= (type value-to-match) (type %))
|
(clojure.walk/postwalk #(if (and (= (type value-to-match) (type %))
|
||||||
(= value-to-match %))
|
(= value-to-match %))
|
||||||
value-to-replace
|
value-to-replace
|
||||||
%) coll))
|
%)
|
||||||
|
coll))
|
||||||
|
|
|
||||||
|
|
@ -62,10 +62,12 @@
|
||||||
my-auth auth?]
|
my-auth auth?]
|
||||||
(cs/join "\n"
|
(cs/join "\n"
|
||||||
[(yaml/to-string (pg/generate-config))
|
[(yaml/to-string (pg/generate-config))
|
||||||
|
"---"
|
||||||
|
(yaml/to-string (pg/generate-secret my-auth))
|
||||||
"---"
|
"---"
|
||||||
(yaml/to-string (pg/generate-service))
|
(yaml/to-string (pg/generate-service))
|
||||||
"---"
|
"---"
|
||||||
(yaml/to-string (pg/generate-deployment my-auth))
|
(yaml/to-string (pg/generate-deployment))
|
||||||
"---"
|
"---"
|
||||||
(yaml/to-string (generate-config my-config my-auth))
|
(yaml/to-string (generate-config my-config my-auth))
|
||||||
"---"
|
"---"
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@
|
||||||
(:require
|
(:require
|
||||||
[clojure.spec.alpha :as s]
|
[clojure.spec.alpha :as s]
|
||||||
[dda.k8s-keycloak.yaml :as yaml]
|
[dda.k8s-keycloak.yaml :as yaml]
|
||||||
|
[dda.k8s-keycloak.base64 :as b64]
|
||||||
[dda.k8s-keycloak.common :as cm]))
|
[dda.k8s-keycloak.common :as cm]))
|
||||||
|
|
||||||
(s/def ::postgres-db-user cm/bash-env-string?)
|
(s/def ::postgres-db-user cm/bash-env-string?)
|
||||||
|
|
@ -10,12 +11,15 @@
|
||||||
(defn generate-config []
|
(defn generate-config []
|
||||||
(yaml/from-string (yaml/load-resource "postgres/config.yaml")))
|
(yaml/from-string (yaml/load-resource "postgres/config.yaml")))
|
||||||
|
|
||||||
(defn generate-deployment [my-auth]
|
(defn generate-secret [my-auth]
|
||||||
(let [{:keys [postgres-db-user postgres-db-password]} my-auth]
|
(let [{:keys [postgres-db-user postgres-db-password]} my-auth]
|
||||||
(->
|
(->
|
||||||
(yaml/from-string (yaml/load-resource "postgres/deployment.yaml"))
|
(yaml/from-string (yaml/load-resource "postgres/secret.yaml"))
|
||||||
(cm/replace-named-value "POSTGRES_USER" postgres-db-user)
|
(cm/replace-key-value :postgres-user (b64/encode postgres-db-user))
|
||||||
(cm/replace-named-value "POSTGRES_PASSWORD" postgres-db-password))))
|
(cm/replace-key-value :postgres-password (b64/encode postgres-db-password)))))
|
||||||
|
|
||||||
|
(defn generate-deployment []
|
||||||
|
(yaml/from-string (yaml/load-resource "postgres/deployment.yaml")))
|
||||||
|
|
||||||
(defn generate-service []
|
(defn generate-service []
|
||||||
(yaml/from-string (yaml/load-resource "postgres/service.yaml")))
|
(yaml/from-string (yaml/load-resource "postgres/service.yaml")))
|
||||||
|
|
|
||||||
9
src/main/cljs/dda/k8s_keycloak/base64.cljs
Normal file
9
src/main/cljs/dda/k8s_keycloak/base64.cljs
Normal file
|
|
@ -0,0 +1,9 @@
|
||||||
|
(ns dda.k8s-keycloak.base64)
|
||||||
|
|
||||||
|
(defn encode
|
||||||
|
[string]
|
||||||
|
(.btoa js/window string))
|
||||||
|
|
||||||
|
(defn decode
|
||||||
|
[string]
|
||||||
|
(.atob js/window string))
|
||||||
|
|
@ -18,14 +18,20 @@ spec:
|
||||||
name: postgresql
|
name: postgresql
|
||||||
env:
|
env:
|
||||||
- name: POSTGRES_USER
|
- name: POSTGRES_USER
|
||||||
value: "psql-user"
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: postgres-secret
|
||||||
|
key: postgres-user
|
||||||
|
- name: POSTGRES_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: postgres-secret
|
||||||
|
key: postgres-password
|
||||||
- name: POSTGRES_DB
|
- name: POSTGRES_DB
|
||||||
valueFrom:
|
valueFrom:
|
||||||
configMapKeyRef:
|
configMapKeyRef:
|
||||||
name: postgres-config
|
name: postgres-config
|
||||||
key: postgres-db
|
key: postgres-db
|
||||||
- name: POSTGRES_PASSWORD
|
|
||||||
value: "psql-pw"
|
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 5432
|
- containerPort: 5432
|
||||||
name: postgresql
|
name: postgresql
|
||||||
|
|
|
||||||
8
src/main/resources/postgres/secret.yaml
Normal file
8
src/main/resources/postgres/secret.yaml
Normal file
|
|
@ -0,0 +1,8 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: postgres-secret
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
postgres-user: "psql-user"
|
||||||
|
postgres-password: "psql-pw"
|
||||||
|
|
@ -4,6 +4,16 @@
|
||||||
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
|
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
|
||||||
[dda.k8s-keycloak.postgres :as cut]))
|
[dda.k8s-keycloak.postgres :as cut]))
|
||||||
|
|
||||||
|
(deftest should-generate-secret
|
||||||
|
(is (= {:apiVersion "v1"
|
||||||
|
:kind "Secret"
|
||||||
|
:metadata {:name "postgres-secret"}
|
||||||
|
:type "Opaque"
|
||||||
|
:data
|
||||||
|
{:postgres-user "cHNxbHVzZXI="
|
||||||
|
:postgres-password "dGVzdDEyMzQ="}}
|
||||||
|
(cut/generate-secret {:postgres-db-user "psqluser" :postgres-db-password "test1234"}))))
|
||||||
|
|
||||||
(deftest should-generate-postgres-deployment
|
(deftest should-generate-postgres-deployment
|
||||||
(is (= {:apiVersion "apps/v1"
|
(is (= {:apiVersion "apps/v1"
|
||||||
:kind "Deployment"
|
:kind "Deployment"
|
||||||
|
|
@ -18,11 +28,19 @@
|
||||||
[{:image "postgres"
|
[{:image "postgres"
|
||||||
:name "postgresql"
|
:name "postgresql"
|
||||||
:env
|
:env
|
||||||
[{:name "POSTGRES_USER", :value "psqluser"}
|
[{:name "POSTGRES_USER"
|
||||||
{:name "POSTGRES_DB", :valueFrom
|
:valueFrom
|
||||||
|
{:secretKeyRef
|
||||||
|
{:name "postgres-secret", :key "postgres-user"}}}
|
||||||
|
{:valueFrom
|
||||||
|
{:secretKeyRef
|
||||||
|
{:name "postgres-secret"
|
||||||
|
:key "postgres-password"}}
|
||||||
|
:name "POSTGRES_PASSWORD"}
|
||||||
|
{:valueFrom
|
||||||
{:configMapKeyRef
|
{:configMapKeyRef
|
||||||
{:name "postgres-config", :key "postgres-db"}}}
|
{:name "postgres-config", :key "postgres-db"}}
|
||||||
{:name "POSTGRES_PASSWORD", :value "test1234"}]
|
:name "POSTGRES_DB"}]
|
||||||
:ports [{:containerPort 5432, :name "postgresql"}]
|
:ports [{:containerPort 5432, :name "postgresql"}]
|
||||||
:volumeMounts
|
:volumeMounts
|
||||||
[{:name "postgres-config-volume"
|
[{:name "postgres-config-volume"
|
||||||
|
|
@ -30,4 +48,4 @@
|
||||||
:subPath "postgresql.conf"
|
:subPath "postgresql.conf"
|
||||||
:readOnly true}]}]
|
:readOnly true}]}]
|
||||||
:volumes [{:name "postgres-config-volume", :configMap {:name "postgres-config"}}]}}}}
|
:volumes [{:name "postgres-config-volume", :configMap {:name "postgres-config"}}]}}}}
|
||||||
(cut/generate-deployment {:postgres-db-user "psqluser" :postgres-db-password "test1234"}))))
|
(cut/generate-deployment))))
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue
