Skip to content

chore: Updates for aaw-prod-cc-00 #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

chore: Updates for aaw-prod-cc-00 #11

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 12 additions & 14 deletions deploy/deploy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,15 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: minio-credential-injector
namespace: daaas
namespace: daaas-system
labels:
apps.kubernetes.io/name: minio-credential-injector
---
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
name: minio-credential-injector-issuer
namespace: daaas
namespace: daaas-system
labels:
apps.kubernetes.io/name: minio-credential-injector
spec:
Expand All @@ -20,17 +20,17 @@ apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: minio-credential-injector
namespace: daaas
namespace: daaas-system
labels:
apps.kubernetes.io/name: minio-credential-injector
spec:
secretName: minio-credential-injector-tls
commonName: "minio-credential-injector.daaas.svc.cluster.local"
commonName: "minio-credential-injector.daaas-system.svc.cluster.local"
dnsNames:
- minio-credential-injector
- minio-credential-injector.daaas
- minio-credential-injector.daaas.svc
- minio-credential-injector.daaas.svc.cluster
- minio-credential-injector.daaas-system
- minio-credential-injector.daaas-system.svc
- minio-credential-injector.daaas-system.svc.cluster
isCA: true
duration: 8760h
issuerRef:
Expand All @@ -41,7 +41,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: minio-credential-injector
namespace: daaas
namespace: daaas-system
labels:
apps.kubernetes.io/name: minio-credential-injector
spec:
Expand All @@ -56,11 +56,9 @@ spec:
sidecar.istio.io/inject: 'false'
spec:
serviceAccountName: minio-credential-injector
imagePullSecrets:
- name: k8scc01covidacr-registry-connection
containers:
- name: minio-credential-injector
image: k8scc01covidacr.azurecr.io/minio-credential-injector:dd7e608149021e79ae97bac99f89dbaceb670e11
image: k8scc01covidacr.azurecr.io/minio-credential-injector:06981fe1fd26258fb319943237bb2e1ed76b5181
resources:
limits:
memory: "128Mi"
Expand All @@ -81,7 +79,7 @@ apiVersion: v1
kind: Service
metadata:
name: minio-credential-injector
namespace: daaas
namespace: daaas-system
labels:
apps.kubernetes.io/name: minio-credential-injector
spec:
Expand All @@ -96,7 +94,7 @@ apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: daaas/minio-credential-injector
cert-manager.io/inject-ca-from: daaas-system/minio-credential-injector
labels:
apps.kubernetes.io/name: minio-credential-injector
name: minio-credential-injector
Expand All @@ -106,7 +104,7 @@ webhooks:
clientConfig:
service:
name: minio-credential-injector
namespace: daaas
namespace: daaas-system
path: /mutate
port: 443
failurePolicy: Ignore
Expand Down
117 changes: 4 additions & 113 deletions mutate.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,6 @@ func mutate(request v1beta1.AdmissionRequest) (v1beta1.AdmissionResponse, error)
shouldInject = true
}


if shouldInject {
patch := v1beta1.PatchTypeJSONPatch
response.PatchType = &patch
Expand Down Expand Up @@ -80,114 +79,6 @@ func mutate(request v1beta1.AdmissionRequest) (v1beta1.AdmissionResponse, error)
"value": roleName,
},

{
"op": "add",
"path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-secret-minio-minimal-tenant1",
"value": "minio_minimal_tenant1/keys/" + roleName,
},

{
"op": "add",
"path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-template-minio-minimal-tenant1",
"value": fmt.Sprintf(`
{{- with secret "minio_minimal_tenant1/keys/%s" }}
export MINIO_URL="http://minimal-tenant1-minio.minio:9000"
export MINIO_ACCESS_KEY="{{ .Data.accessKeyId }}"
export MINIO_SECRET_KEY="{{ .Data.secretAccessKey }}"
export AWS_ACCESS_KEY_ID="{{ .Data.accessKeyId }}"
export AWS_SECRET_ACCESS_KEY="{{ .Data.secretAccessKey }}"
{{- end }}
`, roleName),
},

{
"op": "add",
"path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-secret-minio-minimal-tenant1.json",
"value": "minio_minimal_tenant1/keys/" + roleName,
},

{
"op": "add",
"path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-template-minio-minimal-tenant1.json",
"value": fmt.Sprintf(`
{{- with secret "minio_minimal_tenant1/keys/%s" }}
{"MINIO_URL":"http://minimal-tenant1-minio.minio:9000","MINIO_ACCESS_KEY":"{{ .Data.accessKeyId }}","MINIO_SECRET_KEY":"{{ .Data.secretAccessKey }}","AWS_ACCESS_KEY_ID":"{{ .Data.accessKeyId }}","AWS_SECRET_ACCESS_KEY":"{{ .Data.secretAccessKey }}"}
{{- end }}
`, roleName),
},

{
"op": "add",
"path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-secret-minio-pachyderm-tenant1",
"value": "minio_pachyderm_tenant1/keys/" + roleName,
},

{
"op": "add",
"path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-template-minio-pachyderm-tenant1",
"value": fmt.Sprintf(`
{{- with secret "minio_pachyderm_tenant1/keys/%s" }}
export MINIO_URL="http://pachyderm-tenant1-minio.minio:9000"
export MINIO_ACCESS_KEY="{{ .Data.accessKeyId }}"
export MINIO_SECRET_KEY="{{ .Data.secretAccessKey }}"
export AWS_ACCESS_KEY_ID="{{ .Data.accessKeyId }}"
export AWS_SECRET_ACCESS_KEY="{{ .Data.secretAccessKey }}"
{{- end }}
`, roleName),
},

{
"op": "add",
"path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-secret-minio-pachyderm-tenant1.json",
"value": "minio_pachyderm_tenant1/keys/" + roleName,
},

{
"op": "add",
"path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-template-minio-pachyderm-tenant1.json",
"value": fmt.Sprintf(`
{{- with secret "minio_pachyderm_tenant1/keys/%s" }}
{"MINIO_URL":"http://pachyderm-tenant1-minio.minio:9000","MINIO_ACCESS_KEY":"{{ .Data.accessKeyId }}","MINIO_SECRET_KEY":"{{ .Data.secretAccessKey }}","AWS_ACCESS_KEY_ID":"{{ .Data.accessKeyId }}","AWS_SECRET_ACCESS_KEY":"{{ .Data.secretAccessKey }}"}
{{- end }}
`, roleName),
},

{
"op": "add",
"path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-secret-minio-premium-tenant1",
"value": "minio_premium_tenant1/keys/" + roleName,
},

{
"op": "add",
"path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-template-minio-premium-tenant1",
"value": fmt.Sprintf(`
{{- with secret "minio_premium_tenant1/keys/%s" }}
export MINIO_URL="http://premium-tenant1-minio.minio:9000"
export MINIO_ACCESS_KEY="{{ .Data.accessKeyId }}"
export MINIO_SECRET_KEY="{{ .Data.secretAccessKey }}"
export AWS_ACCESS_KEY_ID="{{ .Data.accessKeyId }}"
export AWS_SECRET_ACCESS_KEY="{{ .Data.secretAccessKey }}"
{{- end }}
`, roleName),
},

{
"op": "add",
"path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-secret-minio-premium-tenant1.json",
"value": "minio_premium_tenant1/keys/" + roleName,
},

{
"op": "add",
"path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-template-minio-premium-tenant1.json",
"value": fmt.Sprintf(`
{{- with secret "minio_premium_tenant1/keys/%s" }}
{"MINIO_URL":"http://premium-tenant1-minio.minio:9000","MINIO_ACCESS_KEY":"{{ .Data.accessKeyId }}","MINIO_SECRET_KEY":"{{ .Data.secretAccessKey }}","AWS_ACCESS_KEY_ID":"{{ .Data.accessKeyId }}","AWS_SECRET_ACCESS_KEY":"{{ .Data.secretAccessKey }}"}
{{- end }}
`, roleName),
},

{
"op": "add",
"path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-secret-minio-premium-tenant-1",
Expand All @@ -199,7 +90,7 @@ export AWS_SECRET_ACCESS_KEY="{{ .Data.secretAccessKey }}"
"path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-template-minio-premium-tenant-1",
"value": fmt.Sprintf(`
{{- with secret "minio_premium_tenant_1/keys/%s" }}
export MINIO_URL="http://minio.minio-premium-tenant-1"
export MINIO_URL="https://minio-premium-tenant-1.covid.cloud.statcan.ca"
export MINIO_ACCESS_KEY="{{ .Data.accessKeyId }}"
export MINIO_SECRET_KEY="{{ .Data.secretAccessKey }}"
export AWS_ACCESS_KEY_ID="{{ .Data.accessKeyId }}"
Expand All @@ -219,7 +110,7 @@ export AWS_SECRET_ACCESS_KEY="{{ .Data.secretAccessKey }}"
"path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-template-minio-premium-tenant-1.json",
"value": fmt.Sprintf(`
{{- with secret "minio_premium_tenant_1/keys/%s" }}
{"MINIO_URL":"http://minio.minio-premium-tenant-1","MINIO_ACCESS_KEY":"{{ .Data.accessKeyId }}","MINIO_SECRET_KEY":"{{ .Data.secretAccessKey }}","AWS_ACCESS_KEY_ID":"{{ .Data.accessKeyId }}","AWS_SECRET_ACCESS_KEY":"{{ .Data.secretAccessKey }}"}
{"MINIO_URL":"https://minio-premium-tenant-1.covid.cloud.statcan.ca","MINIO_ACCESS_KEY":"{{ .Data.accessKeyId }}","MINIO_SECRET_KEY":"{{ .Data.secretAccessKey }}","AWS_ACCESS_KEY_ID":"{{ .Data.accessKeyId }}","AWS_SECRET_ACCESS_KEY":"{{ .Data.secretAccessKey }}"}
{{- end }}
`, roleName),
},
Expand All @@ -235,7 +126,7 @@ export AWS_SECRET_ACCESS_KEY="{{ .Data.secretAccessKey }}"
"path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-template-minio-standard-tenant-1",
"value": fmt.Sprintf(`
{{- with secret "minio_standard_tenant_1/keys/%s" }}
export MINIO_URL="http://minio.minio-standard-tenant-1"
export MINIO_URL="https://minio-standard-tenant-1.covid.cloud.statcan.ca"
export MINIO_ACCESS_KEY="{{ .Data.accessKeyId }}"
export MINIO_SECRET_KEY="{{ .Data.secretAccessKey }}"
export AWS_ACCESS_KEY_ID="{{ .Data.accessKeyId }}"
Expand All @@ -255,7 +146,7 @@ export AWS_SECRET_ACCESS_KEY="{{ .Data.secretAccessKey }}"
"path": "/metadata/annotations/vault.hashicorp.com~1agent-inject-template-minio-standard-tenant-1.json",
"value": fmt.Sprintf(`
{{- with secret "minio_standard_tenant_1/keys/%s" }}
{"MINIO_URL":"http://minio.minio-standard-tenant-1","MINIO_ACCESS_KEY":"{{ .Data.accessKeyId }}","MINIO_SECRET_KEY":"{{ .Data.secretAccessKey }}","AWS_ACCESS_KEY_ID":"{{ .Data.accessKeyId }}","AWS_SECRET_ACCESS_KEY":"{{ .Data.secretAccessKey }}"}
{"MINIO_URL":"https://minio-standard-tenant-1.covid.cloud.statcan.ca","MINIO_ACCESS_KEY":"{{ .Data.accessKeyId }}","MINIO_SECRET_KEY":"{{ .Data.secretAccessKey }}","AWS_ACCESS_KEY_ID":"{{ .Data.accessKeyId }}","AWS_SECRET_ACCESS_KEY":"{{ .Data.secretAccessKey }}"}
{{- end }}
`, roleName),
},
Expand Down