Skip to content

Commit a53a57d

Browse files
eformateformat
authored
Merge pull request #172 from burigolucas/crc-openshift-v4.17.0
🔒make gitlab credentials idempotent 🔒
2 parents 689113d + ef609bc commit a53a57d

11 files changed

+210
-111
lines changed

tooling/charts/tl500-base/Chart.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ apiVersion: v2
22
name: tl500-base
33
description: A Helm chart for Kubernetes
44
type: application
5-
version: 0.0.1
5+
version: 0.0.2
66
appVersion: 0.0.1
77
maintainers:
88
- name: eformat

tooling/charts/tl500-base/templates/_helpers.tpl

Lines changed: 36 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -92,17 +92,49 @@
9292
{{- end -}}
9393

9494
{{- define "gitlab.root_password" -}}
95-
{{- print (randAlphaNum 10) -}}
95+
{{- $secretName := (printf "%v-credentials" .Values.gitlab.app_name) -}}
96+
{{- $password := default (randAlphaNum 10) .Values.gitlab.credentials.root_password }}
97+
{{- if not .Values.gitlab.credentials.root_password }}
98+
{{- $existingSecret := (lookup "v1" "Secret" .Values.gitlab.namespace $secretName) }}
99+
{{- if $existingSecret }}
100+
{{- $password = index $existingSecret.data "root_password" | b64dec }}
101+
{{- end -}}
102+
{{- end -}}
103+
{{- print $password -}}
96104
{{- end -}}
97105

98106
{{- define "gitlab.postgres.user" -}}
99-
{{- print (randAlphaNum 10) -}}
107+
{{- $secretName := (printf "%v-credentials" .Values.gitlab.app_name) -}}
108+
{{- $username := default (randAlphaNum 10) .Values.gitlab.credentials.postgres_user }}
109+
{{- if not .Values.gitlab.credentials.postgres_user }}
110+
{{- $existingSecret := (lookup "v1" "Secret" .Values.gitlab.namespace $secretName) }}
111+
{{- if $existingSecret }}
112+
{{- $username = index $existingSecret.data "postgres_user" | b64dec }}
113+
{{- end -}}
114+
{{- end -}}
115+
{{- print $username -}}
100116
{{- end -}}
101117

102118
{{- define "gitlab.postgres.password" -}}
103-
{{- print (randAlphaNum 10) -}}
119+
{{- $secretName := (printf "%v-credentials" .Values.gitlab.app_name) -}}
120+
{{- $password := default (randAlphaNum 10) .Values.gitlab.credentials.postgres_password }}
121+
{{- if not .Values.gitlab.credentials.postgres_password }}
122+
{{- $existingSecret := (lookup "v1" "Secret" .Values.gitlab.namespace $secretName) }}
123+
{{- if $existingSecret }}
124+
{{- $password = index $existingSecret.data "postgres_password" | b64dec }}
125+
{{- end -}}
126+
{{- end -}}
127+
{{- print $password -}}
104128
{{- end -}}
105129

106130
{{- define "gitlab.postgres.admin_password" -}}
107-
{{- print (randAlphaNum 10) -}}
131+
{{- $secretName := (printf "%v-credentials" .Values.gitlab.app_name) -}}
132+
{{- $password := default (randAlphaNum 10) .Values.gitlab.credentials.postgres_admin_password }}
133+
{{- if not .Values.gitlab.credentials.postgres_admin_password }}
134+
{{- $existingSecret := (lookup "v1" "Secret" .Values.gitlab.namespace $secretName) }}
135+
{{- if $existingSecret }}
136+
{{- $password = index $existingSecret.data "postgres_admin_password" | b64dec }}
137+
{{- end -}}
138+
{{- end -}}
139+
{{- print $password -}}
108140
{{- end -}}

tooling/charts/tl500-base/templates/gitlab/anyuid-scc.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,13 +2,13 @@
22
apiVersion: rbac.authorization.k8s.io/v1
33
kind: ClusterRoleBinding
44
metadata:
5-
name: system:openshift:scc:anyuid
5+
name: system:openshift:scc:anyuid-{{ .Values.gitlab.app_name }}
66
roleRef:
77
apiGroup: rbac.authorization.k8s.io
88
kind: ClusterRole
99
name: system:openshift:scc:anyuid
1010
subjects:
1111
- kind: ServiceAccount
12-
name: {{ .Values.gitlab_app_name }}-user
12+
name: {{ .Values.gitlab.app_name }}-user
1313
namespace: {{ .Values.gitlab.namespace }}
1414
{{- end }}

0 commit comments

Comments
 (0)