This commit is contained in:
root
@@ -0,0 +1,55 @@
|
||||
{{/*
|
||||
This template generates a random password and ensures it persists across updates/edits to the chart
|
||||
*/}}
|
||||
{{- define "tc.v1.common.dependencies.clickhouse.secret" -}}
|
||||
|
||||
{{- if .Values.clickhouse.enabled -}}
|
||||
{{/* Initialize variables */}}
|
||||
{{- $fetchname := printf "%s-clickhousecreds" .Release.Name -}}
|
||||
{{- $dbprevious := lookup "v1" "Secret" .Release.Namespace $fetchname -}}
|
||||
{{- $dbpreviousold := lookup "v1" "Secret" .Release.Namespace "clickhousecreds" -}}
|
||||
{{- $dbPass := randAlphaNum 50 -}}
|
||||
|
||||
{{/* If there are previous secrets, fetch values and decrypt them */}}
|
||||
{{- if $dbprevious -}}
|
||||
{{- $dbPass = (index $dbprevious.data "clickhouse-password") | b64dec -}}
|
||||
{{- else if $dbpreviousold -}}
|
||||
{{- $dbPass = (index $dbpreviousold.data "clickhouse-password") | b64dec -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Prepare data */}}
|
||||
{{- $dbHost := printf "%v-%v" .Release.Name "clickhouse" -}}
|
||||
{{- $portHost := printf "%v:8123" $dbHost -}}
|
||||
{{- $ping := printf "http://%v/ping" $portHost -}}
|
||||
{{- $url := printf "http://%v:%v@%v/%v" .Values.clickhouse.clickhouseUsername $dbPass $portHost .Values.clickhouse.clickhouseDatabase -}}
|
||||
{{- $jdbc := printf "jdbc:ch://%v/%v" $portHost -}}
|
||||
|
||||
{{/* Append some values to clickhouse.creds, so apps using the dep, can use them */}}
|
||||
{{- $_ := set .Values.clickhouse.creds "plain" ($dbHost | quote) -}}
|
||||
{{- $_ := set .Values.clickhouse.creds "plainhost" ($dbHost | quote) -}}
|
||||
{{- $_ := set .Values.clickhouse.creds "clickhousePassword" ($dbPass | quote) -}}
|
||||
{{- $_ := set .Values.clickhouse.creds "plainport" ($portHost | quote) -}}
|
||||
{{- $_ := set .Values.clickhouse.creds "plainporthost" ($portHost | quote) -}}
|
||||
{{- $_ := set .Values.clickhouse.creds "ping" ($ping | quote) -}}
|
||||
{{- $_ := set .Values.clickhouse.creds "complete" ($url | quote) -}}
|
||||
{{- $_ := set .Values.clickhouse.creds "jdbc" ($jdbc | quote) -}}
|
||||
|
||||
{{/* Create the secret (Comment also plays a role on correct formatting) */}}
|
||||
enabled: true
|
||||
expandObjectName: false
|
||||
data:
|
||||
clickhouse-password: {{ $dbPass }}
|
||||
plainhost: {{ $dbHost }}
|
||||
plainporthost: {{ $portHost }}
|
||||
ping: {{ $ping }}
|
||||
url: {{ $url }}
|
||||
jdbc: {{ $jdbc }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "tc.v1.common.dependencies.clickhouse.injector" -}}
|
||||
{{- $secret := include "tc.v1.common.dependencies.clickhouse.secret" . | fromYaml -}}
|
||||
{{- if $secret -}}
|
||||
{{- $_ := set .Values.secret ( printf "%s-%s" .Release.Name "clickhousecreds" ) $secret -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,387 @@
|
||||
{{- define "tc.v1.common.lib.deps.wait" -}}
|
||||
{{- if .Values.redis.enabled -}}
|
||||
{{- $container := include "tc.v1.common.lib.deps.wait.redis" $ | fromYaml -}}
|
||||
{{- if $container -}}
|
||||
{{- range .Values.workload -}}
|
||||
{{- if not (hasKey .podSpec "initContainers") -}}
|
||||
{{- $_ := set .podSpec "initContainers" dict -}}
|
||||
{{- end -}}
|
||||
{{- $_ := set .podSpec.initContainers "redis-wait" $container -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if .Values.mariadb.enabled -}}
|
||||
{{- $container := include "tc.v1.common.lib.deps.wait.mariadb" $ | fromYaml -}}
|
||||
{{- if $container -}}
|
||||
{{- range .Values.workload -}}
|
||||
{{- if not (hasKey .podSpec "initContainers") -}}
|
||||
{{- $_ := set .podSpec "initContainers" dict -}}
|
||||
{{- end -}}
|
||||
{{- $_ := set .podSpec.initContainers "mariadb-wait" $container -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if .Values.mongodb.enabled -}}
|
||||
{{- $container := include "tc.v1.common.lib.deps.wait.mongodb" $ | fromYaml -}}
|
||||
{{- if $container -}}
|
||||
{{- range .Values.workload -}}
|
||||
{{- if not (hasKey .podSpec "initContainers") -}}
|
||||
{{- $_ := set .podSpec "initContainers" dict -}}
|
||||
{{- end -}}
|
||||
{{- $_ := set .podSpec.initContainers "mongodb-wait" $container -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if .Values.clickhouse.enabled -}}
|
||||
{{- $container := include "tc.v1.common.lib.deps.wait.clickhouse" $ | fromYaml -}}
|
||||
{{- if $container -}}
|
||||
{{- range .Values.workload -}}
|
||||
{{- if not (hasKey .podSpec "initContainers") -}}
|
||||
{{- $_ := set .podSpec "initContainers" dict -}}
|
||||
{{- end -}}
|
||||
{{- $_ := set .podSpec.initContainers "clickhouse-wait" $container -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if .Values.solr.enabled -}}
|
||||
{{- $container := include "tc.v1.common.lib.deps.wait.solr" $ | fromYaml -}}
|
||||
{{- if $container -}}
|
||||
{{- range .Values.workload -}}
|
||||
{{- if not (hasKey .podSpec "initContainers") -}}
|
||||
{{- $_ := set .podSpec "initContainers" dict -}}
|
||||
{{- end -}}
|
||||
{{- $_ := set .podSpec.initContainers "solr-wait" $container -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $result := false -}}
|
||||
{{- range .Values.cnpg -}}
|
||||
{{- if .enabled -}}
|
||||
{{- $result = true -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if $result -}}
|
||||
{{- $container := include "tc.v1.common.lib.deps.wait.cnpg" $ | fromYaml -}}
|
||||
{{- if $container -}}
|
||||
{{- range $.Values.workload -}}
|
||||
{{- if not (hasKey .podSpec "initContainers") -}}
|
||||
{{- $_ := set .podSpec "initContainers" dict -}}
|
||||
{{- end -}}
|
||||
{{- $_ := set .podSpec.initContainers "cnpg-wait" $container -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "tc.v1.common.lib.deps.wait.redis" -}}
|
||||
enabled: true
|
||||
type: system
|
||||
imageSelector: redisClientImage
|
||||
securityContext:
|
||||
runAsUser: 568
|
||||
runAsGroup: 568
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
privileged: false
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
capabilities:
|
||||
add: []
|
||||
drop:
|
||||
- ALL
|
||||
env:
|
||||
REDIS_HOST:
|
||||
secretKeyRef:
|
||||
expandObjectName: false
|
||||
name: '{{ printf "%s-%s" .Release.Name "rediscreds" }}'
|
||||
key: plainhost
|
||||
REDIS_PASSWORD:
|
||||
secretKeyRef:
|
||||
expandObjectName: false
|
||||
name: '{{ printf "%s-%s" .Release.Name "rediscreds" }}'
|
||||
key: redis-password
|
||||
REDIS_PORT: "6379"
|
||||
command:
|
||||
- "/bin/sh"
|
||||
- "-c"
|
||||
- |
|
||||
/bin/bash <<'EOF'
|
||||
echo "Executing DB waits..."
|
||||
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD";
|
||||
export LIVE=false;
|
||||
until "$LIVE";
|
||||
do
|
||||
response=$(
|
||||
timeout -s 3 2 \
|
||||
redis-cli \
|
||||
-h "$REDIS_HOST" \
|
||||
-p "$REDIS_PORT" \
|
||||
ping
|
||||
)
|
||||
if [ "$response" == "PONG" ] || [ "$response" == "LOADING Redis is loading the dataset in memory" ]; then
|
||||
LIVE=true
|
||||
echo "$response"
|
||||
echo "Redis Responded, ending initcontainer and starting main container(s)..."
|
||||
else
|
||||
echo "$response"
|
||||
echo "Redis not responding... Sleeping for 10 sec..."
|
||||
sleep 10
|
||||
fi;
|
||||
done
|
||||
EOF
|
||||
{{- end -}}
|
||||
|
||||
{{- define "tc.v1.common.lib.deps.wait.mariadb" -}}
|
||||
enabled: true
|
||||
type: system
|
||||
imageSelector: mariadbClientImage
|
||||
securityContext:
|
||||
runAsUser: 568
|
||||
runAsGroup: 568
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
privileged: false
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
capabilities:
|
||||
add: []
|
||||
drop:
|
||||
- ALL
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 50Mi
|
||||
limits:
|
||||
cpu: 4000m
|
||||
memory: 8Gi
|
||||
env:
|
||||
MARIADB_HOST:
|
||||
secretKeyRef:
|
||||
expandObjectName: false
|
||||
name: '{{ printf "%s-%s" .Release.Name "mariadbcreds" }}'
|
||||
key: plainhost
|
||||
MARIADB_ROOT_PASSWORD:
|
||||
secretKeyRef:
|
||||
expandObjectName: false
|
||||
name: '{{ printf "%s-%s" .Release.Name "mariadbcreds" }}'
|
||||
key: mariadb-root-password
|
||||
command:
|
||||
- "/bin/sh"
|
||||
- "-c"
|
||||
- |
|
||||
/bin/bash <<'EOF'
|
||||
echo "Executing DB waits..."
|
||||
until
|
||||
mysqladmin -uroot -h"${MARIADB_HOST}" -p"${MARIADB_ROOT_PASSWORD}" ping \
|
||||
&& mysqladmin -uroot -h"${MARIADB_HOST}" -p"${MARIADB_ROOT_PASSWORD}" status;
|
||||
do sleep 2;
|
||||
done
|
||||
EOF
|
||||
{{- end -}}
|
||||
|
||||
{{- define "tc.v1.common.lib.deps.wait.mongodb" -}}
|
||||
enabled: true
|
||||
type: system
|
||||
imageSelector: mongodbClientImage
|
||||
securityContext:
|
||||
runAsUser: 568
|
||||
runAsGroup: 568
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
privileged: false
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
capabilities:
|
||||
add: []
|
||||
drop:
|
||||
- ALL
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 50Mi
|
||||
limits:
|
||||
cpu: 4000m
|
||||
memory: 8Gi
|
||||
env:
|
||||
MONGODB_HOST:
|
||||
secretKeyRef:
|
||||
expandObjectName: false
|
||||
name: '{{ printf "%s-%s" .Release.Name "mongodbcreds" }}'
|
||||
key: plainhost
|
||||
MONGODB_DATABASE: "{{ .Values.mongodb.mongodbDatabase }}"
|
||||
command:
|
||||
- "/bin/sh"
|
||||
- "-c"
|
||||
- |
|
||||
/bin/bash <<'EOF'
|
||||
echo "Executing DB waits..."
|
||||
until
|
||||
HOME=/config && echo "db.runCommand(\"ping\")" | mongosh --host ${MONGODB_HOST} --port 27017 ${MONGODB_DATABASE} --quiet;
|
||||
do sleep 2;
|
||||
done
|
||||
EOF
|
||||
{{- end -}}
|
||||
|
||||
{{- define "tc.v1.common.lib.deps.wait.clickhouse" -}}
|
||||
enabled: true
|
||||
type: system
|
||||
imageSelector: wgetImage
|
||||
securityContext:
|
||||
runAsUser: 568
|
||||
runAsGroup: 568
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
privileged: false
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
capabilities:
|
||||
add: []
|
||||
drop:
|
||||
- ALL
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 50Mi
|
||||
limits:
|
||||
cpu: 4000m
|
||||
memory: 8Gi
|
||||
env:
|
||||
CLICKHOUSE_PING:
|
||||
secretKeyRef:
|
||||
expandObjectName: false
|
||||
name: '{{ printf "%s-%s" .Release.Name "clickhousecreds" }}'
|
||||
key: ping
|
||||
command:
|
||||
- "/bin/sh"
|
||||
args:
|
||||
- "-c"
|
||||
- |
|
||||
echo "Executing DB waits..."
|
||||
until wget --quiet --tries=1 --spider "${CLICKHOUSE_PING}"; do
|
||||
echo "ClickHouse - no response. Sleeping 2 seconds..."
|
||||
sleep 2
|
||||
done
|
||||
echo "ClickHouse - accepting connections"
|
||||
{{- end -}}
|
||||
|
||||
{{- define "tc.v1.common.lib.deps.wait.solr" -}}
|
||||
enabled: true
|
||||
type: system
|
||||
imageSelector: wgetImage
|
||||
securityContext:
|
||||
runAsUser: 568
|
||||
runAsGroup: 568
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
privileged: false
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
capabilities:
|
||||
add: []
|
||||
drop:
|
||||
- ALL
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 50Mi
|
||||
limits:
|
||||
cpu: 4000m
|
||||
memory: 8Gi
|
||||
env:
|
||||
SOLR_HOST:
|
||||
secretKeyRef:
|
||||
expandObjectName: false
|
||||
name: '{{ printf "%s-%s" .Release.Name "solrcreds" }}'
|
||||
key: plainhost
|
||||
SOLR_CORES: "{{ .Values.solr.solrCores }}"
|
||||
SOLR_ENABLE_AUTHENTICATION: "{{ .Values.solr.solrEnableAuthentication }}"
|
||||
SOLR_ADMIN_USERNAME: "{{ .Values.solr.solrUsername }}"
|
||||
SOLR_ADMIN_PASSWORD:
|
||||
secretKeyRef:
|
||||
expandObjectName: false
|
||||
name: '{{ printf "%s-%s" .Release.Name "solrcreds" }}'
|
||||
key: solr-password
|
||||
|
||||
command:
|
||||
- "/bin/sh"
|
||||
args:
|
||||
- "-c"
|
||||
- |
|
||||
echo "Executing DB waits..."
|
||||
if [ "$SOLR_ENABLE_AUTHENTICATION" == "yes" ]; then
|
||||
until curl --fail --user "${SOLR_ADMIN_USERNAME}":"${SOLR_ADMIN_PASSWORD}" "${SOLR_HOST}":8983/solr/"${SOLR_CORES}"/admin/ping; do
|
||||
echo "Solr is not responding... Sleeping 2 seconds..."
|
||||
sleep 2
|
||||
done
|
||||
else
|
||||
until curl --fail "${SOLR_HOST}":8983/solr/"${SOLR_CORES}"/admin/ping; do
|
||||
echo "Solr is not responding... Sleeping 2 seconds..."
|
||||
sleep 2
|
||||
done
|
||||
fi
|
||||
{{- end -}}
|
||||
|
||||
{{- define "tc.v1.common.lib.deps.wait.cnpg" -}}
|
||||
enabled: true
|
||||
type: system
|
||||
imageSelector: postgresClientImage
|
||||
securityContext:
|
||||
runAsUser: 568
|
||||
runAsGroup: 568
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
privileged: false
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
capabilities:
|
||||
add: []
|
||||
drop:
|
||||
- ALL
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 50Mi
|
||||
limits:
|
||||
cpu: 4000m
|
||||
memory: 8Gi
|
||||
command:
|
||||
- "/bin/sh"
|
||||
- "-c"
|
||||
- |
|
||||
/bin/sh <<'EOF'
|
||||
{{ range $name, $cnpg := .Values.cnpg }}
|
||||
{{ if $cnpg.enabled }}
|
||||
echo "Executing DB waits..."
|
||||
{{ $cnpgName := include "tc.v1.common.lib.chart.names.fullname" $ }}
|
||||
{{ $cnpgName = printf "%v-cnpg-%v" $cnpgName $name }}
|
||||
echo "Detected RW pooler, testing RW pooler availability..."
|
||||
until
|
||||
echo "Testing database on url: {{ $cnpgName }}-rw"
|
||||
pg_isready -U {{ .user }} -d {{ .database }} -h {{ $cnpgName }}-rw
|
||||
do sleep 5
|
||||
done
|
||||
{{ if $cnpg.acceptRO }}
|
||||
echo "Detected RO pooler, testing RO pooler availability..."
|
||||
until
|
||||
echo "Testing database on url: {{ $cnpgName }}-ro"
|
||||
pg_isready -U {{ .user }} -d {{ .database }} -h {{ $cnpgName }}-ro
|
||||
do sleep 5
|
||||
done
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
sleep 5
|
||||
EOF
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,66 @@
|
||||
{{/*
|
||||
This template generates a random password and ensures it persists across updates/edits to the chart
|
||||
*/}}
|
||||
{{- define "tc.v1.common.dependencies.mariadb.secret" -}}
|
||||
|
||||
{{- if .Values.mariadb.enabled -}}
|
||||
{{/* Initialize variables */}}
|
||||
{{- $fetchname := printf "%s-mariadbcreds" .Release.Name -}}
|
||||
{{- $dbprevious := lookup "v1" "Secret" .Release.Namespace $fetchname -}}
|
||||
{{- $dbpreviousold := lookup "v1" "Secret" .Release.Namespace "mariadbcreds" -}}
|
||||
{{- $dbPass := randAlphaNum 50 -}}
|
||||
{{- $rootPass := randAlphaNum 50 -}}
|
||||
|
||||
{{/* If there are previous secrets, fetch values and decrypt them */}}
|
||||
{{- if $dbprevious -}}
|
||||
{{- $dbPass = (index $dbprevious.data "mariadb-password") | b64dec -}}
|
||||
{{- $rootPass = (index $dbprevious.data "mariadb-root-password") | b64dec -}}
|
||||
{{- else if $dbpreviousold -}}
|
||||
{{- $dbPass = (index $dbpreviousold.data "mariadb-password") | b64dec -}}
|
||||
{{- $rootPass = (index $dbpreviousold.data "mariadb-root-password") | b64dec -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Prepare data */}}
|
||||
{{- $dbhost := printf "%v-%v" .Release.Name "mariadb" -}}
|
||||
{{- $portHost := printf "%v:3306" $dbhost -}}
|
||||
{{- $complete := printf "sql://%v:%v@%v/%v" .Values.mariadb.mariadbUsername $dbPass $portHost .Values.mariadb.mariadbDatabase -}}
|
||||
{{- $urlnossl := printf "sql://%v:%v@%v/%v?sslmode=disable" .Values.mariadb.mariadbUsername $dbPass $portHost .Values.mariadb.mariadbDatabase -}}
|
||||
{{- $jdbc := printf "jdbc:sqlserver://%v/%v" $portHost .Values.mariadb.mariadbDatabase -}}
|
||||
{{- $jdbcMySQL := printf "jdbc:mysql://%v/%v" $portHost .Values.mariadb.mariadbDatabase -}}
|
||||
{{- $jdbcMariaDB := printf "jdbc:mariadb://%v/%v" $portHost .Values.mariadb.mariadbDatabase -}}
|
||||
|
||||
{{/* Append some values to mariadb.creds, so apps using the dep, can use them */}}
|
||||
{{- $_ := set .Values.mariadb.creds "mariadbPassword" ($dbPass | quote) -}}
|
||||
{{- $_ := set .Values.mariadb.creds "mariadbRootPassword" ($rootPass | quote) -}}
|
||||
{{- $_ := set .Values.mariadb.creds "plain" ($dbhost | quote) -}}
|
||||
{{- $_ := set .Values.mariadb.creds "plainhost" ($dbhost | quote) -}}
|
||||
{{- $_ := set .Values.mariadb.creds "plainport" ($portHost | quote) -}}
|
||||
{{- $_ := set .Values.mariadb.creds "plainporthost" ($portHost | quote) -}}
|
||||
{{- $_ := set .Values.mariadb.creds "complete" ($complete | quote) -}}
|
||||
{{- $_ := set .Values.mariadb.creds "urlnossl" ($urlnossl | quote) -}}
|
||||
{{- $_ := set .Values.mariadb.creds "jdbc" ($jdbc | quote) -}}
|
||||
{{- $_ := set .Values.mariadb.creds "jdbcmysql" ($jdbcMySQL | quote) -}}
|
||||
{{- $_ := set .Values.mariadb.creds "jdbcmariadb" ($jdbcMariaDB | quote) -}}
|
||||
|
||||
{{/* Create the secret (Comment also plays a role on correct formatting) */}}
|
||||
enabled: true
|
||||
expandObjectName: false
|
||||
data:
|
||||
mariadb-password: {{ $dbPass }}
|
||||
mariadb-root-password: {{ $rootPass }}
|
||||
url: {{ $complete }}
|
||||
urlnossl: {{ $urlnossl }}
|
||||
plainporthost: {{ $portHost }}
|
||||
plainhost: {{ $dbhost }}
|
||||
jdbc: {{ $jdbc }}
|
||||
jdbc-mysql: {{ $jdbcMySQL }}
|
||||
jdbc-mariadb: {{ $jdbcMariaDB }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "tc.v1.common.dependencies.mariadb.injector" -}}
|
||||
{{- $secret := include "tc.v1.common.dependencies.mariadb.secret" . | fromYaml -}}
|
||||
{{- if $secret -}}
|
||||
{{- $_ := set .Values.secret (printf "%s-%s" .Release.Name "mariadbcreds") $secret -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,63 @@
|
||||
{{/*
|
||||
This template generates a random password and ensures it persists across updates/edits to the chart
|
||||
*/}}
|
||||
{{- define "tc.v1.common.dependencies.mongodb.secret" -}}
|
||||
|
||||
{{- if .Values.mongodb.enabled -}}
|
||||
{{/* Initialize variables */}}
|
||||
{{- $fetchname := printf "%s-mongodbcreds" .Release.Name -}}
|
||||
{{- $dbprevious := lookup "v1" "Secret" .Release.Namespace $fetchname -}}
|
||||
{{- $dbpreviousold := lookup "v1" "Secret" .Release.Namespace "mongodbcreds" -}}
|
||||
{{- $dbPass := randAlphaNum 50 -}}
|
||||
{{- $rootPass := randAlphaNum 50 -}}
|
||||
|
||||
{{/* If there are previous secrets, fetch values and decrypt them */}}
|
||||
{{- if $dbprevious -}}
|
||||
{{- $dbPass = (index $dbprevious.data "mongodb-password") | b64dec -}}
|
||||
{{- $rootPass = (index $dbprevious.data "mongodb-root-password") | b64dec -}}
|
||||
{{- else if $dbpreviousold -}}
|
||||
{{- $dbPass = (index $dbpreviousold.data "mongodb-password") | b64dec -}}
|
||||
{{- $rootPass = (index $dbpreviousold.data "mongodb-root-password") | b64dec -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Prepare data */}}
|
||||
{{- $dbhost := printf "%v-%v" .Release.Name "mongodb" -}}
|
||||
{{- $portHost := printf "%v:27017" $dbhost -}}
|
||||
{{- $jdbc := printf "jdbc:mongodb://%v/%v" $portHost .Values.mongodb.mongodbDatabase -}}
|
||||
{{- $url := printf "mongodb://%v:%v@%v/%v" .Values.mongodb.mongodbUsername $dbPass $portHost .Values.mongodb.mongodbDatabase -}}
|
||||
{{- $urlssl := printf "%v?ssl=true" $url -}}
|
||||
{{- $urltls := printf "%v?tls=true" $url -}}
|
||||
|
||||
{{/* Append some values to mongodb.creds, so apps using the dep, can use them */}}
|
||||
{{- $_ := set .Values.mongodb.creds "mongodbPassword" ($dbPass | quote) -}}
|
||||
{{- $_ := set .Values.mongodb.creds "mongodbRootPassword" ($rootPass | quote) -}}
|
||||
{{- $_ := set .Values.mongodb.creds "plain" ($dbhost | quote) -}}
|
||||
{{- $_ := set .Values.mongodb.creds "plainhost" ($dbhost | quote) -}}
|
||||
{{- $_ := set .Values.mongodb.creds "plainport" ($portHost | quote) -}}
|
||||
{{- $_ := set .Values.mongodb.creds "plainporthost" ($portHost | quote) -}}
|
||||
{{- $_ := set .Values.mongodb.creds "complete" ($url | quote) -}}
|
||||
{{- $_ := set .Values.mongodb.creds "urlssl" ($urlssl | quote) -}}
|
||||
{{- $_ := set .Values.mongodb.creds "urltls" ($urltls | quote) -}}
|
||||
{{- $_ := set .Values.mongodb.creds "jdbc" ($jdbc | quote) -}}
|
||||
|
||||
{{/* Create the secret (Comment also plays a role on correct formatting) */}}
|
||||
enabled: true
|
||||
expandObjectName: false
|
||||
data:
|
||||
mongodb-password: {{ $dbPass }}
|
||||
mongodb-root-password: {{ $rootPass }}
|
||||
url: {{ $url }}
|
||||
urlssl: {{ $urlssl }}
|
||||
urltls: {{ $urltls }}
|
||||
jdbc: {{ $jdbc }}
|
||||
plainhost: {{ $dbhost }}
|
||||
plainporthost: {{ $portHost }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "tc.v1.common.dependencies.mongodb.injector" -}}
|
||||
{{- $secret := include "tc.v1.common.dependencies.mongodb.secret" . | fromYaml -}}
|
||||
{{- if $secret -}}
|
||||
{{- $_ := set .Values.secret (printf "%s-%s" .Release.Name "mongodbcreds") $secret -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,55 @@
|
||||
{{/*
|
||||
This template generates a random password and ensures it persists across updates/edits to the chart
|
||||
*/}}
|
||||
{{- define "tc.v1.common.dependencies.redis.secret" -}}
|
||||
|
||||
{{- if .Values.redis.enabled -}}
|
||||
{{/* Initialize variables */}}
|
||||
{{- $fetchname := printf "%s-rediscreds" .Release.Name -}}
|
||||
{{- $dbprevious := lookup "v1" "Secret" .Release.Namespace $fetchname -}}
|
||||
{{- $dbPass := randAlphaNum 50 -}}
|
||||
{{- $dbIndex := .Values.redis.redisDatabase | default "0" -}}
|
||||
|
||||
{{/* If there are previous secrets, fetch values and decrypt them */}}
|
||||
{{- if $dbprevious -}}
|
||||
{{- $dbPass = (index $dbprevious.data "redis-password") | b64dec -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $redisUser := .Values.redis.redisUsername -}}
|
||||
{{- if not $redisUser -}}{{/* If you try to print a nil value it will print as <nil> */}}
|
||||
{{- $redisUser = "" -}}
|
||||
{{- end -}}
|
||||
{{/* Prepare data */}}
|
||||
{{- $dbHost := printf "%v-%v" .Release.Name "redis" -}}
|
||||
{{- $portHost := printf "%v:6379" $dbHost -}}
|
||||
{{- $url := printf "redis://%v:%v@%v/%v" $redisUser $dbPass $portHost $dbIndex -}}
|
||||
{{- $hostPass := printf "%v:%v@%v" $redisUser $dbPass $dbHost -}}
|
||||
|
||||
{{/* Append some values to redis.creds, so apps using the dep, can use them */}}
|
||||
{{- $_ := set .Values.redis.creds "redisPassword" ($dbPass | quote) -}}
|
||||
{{- $_ := set .Values.redis.creds "plain" ($dbHost | quote) -}}
|
||||
{{- $_ := set .Values.redis.creds "plainhost" ($dbHost | quote) -}}
|
||||
{{- $_ := set .Values.redis.creds "plainport" ($portHost | quote) -}}
|
||||
{{- $_ := set .Values.redis.creds "plainporthost" ($portHost | quote) -}}
|
||||
{{- $_ := set .Values.redis.creds "plainhostpass" ($hostPass | quote) -}}
|
||||
{{- $_ := set .Values.redis.creds "url" ($url | quote) -}}
|
||||
|
||||
{{/* Create the secret (Comment also plays a role on correct formatting) */}}
|
||||
enabled: true
|
||||
expandObjectName: false
|
||||
data:
|
||||
redis-password: {{ $dbPass }}
|
||||
plain: {{ $dbHost }}
|
||||
url: {{ $url }}
|
||||
plainhostpass: {{ $hostPass }}
|
||||
plainporthost: {{ $portHost }}
|
||||
plainhost: {{ $dbHost }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "tc.v1.common.dependencies.redis.injector" -}}
|
||||
{{- $secret := include "tc.v1.common.dependencies.redis.secret" . | fromYaml -}}
|
||||
{{- if $secret -}}
|
||||
{{- $_ := set .Values.secret (printf "%s-%s" .Release.Name "rediscreds") $secret -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,47 @@
|
||||
{{/*
|
||||
This template generates a random password and ensures it persists across updates/edits to the chart
|
||||
*/}}
|
||||
{{- define "tc.v1.common.dependencies.solr.secret" -}}
|
||||
|
||||
{{- if .Values.solr.enabled -}}
|
||||
{{/* Initialize variables */}}
|
||||
{{- $fetchname := printf "%s-solrcreds" .Release.Name -}}
|
||||
{{- $solrprevious := lookup "v1" "Secret" .Release.Namespace $fetchname -}}
|
||||
{{- $solrpreviousold := lookup "v1" "Secret" .Release.Namespace "solrcreds" -}}
|
||||
{{- $solrPass := randAlphaNum 50 -}}
|
||||
|
||||
{{/* If there are previous secrets, fetch values and decrypt them */}}
|
||||
{{- if $solrprevious -}}
|
||||
{{- $solrPass = (index $solrprevious.data "solr-password") | b64dec -}}
|
||||
{{- else if $solrpreviousold -}}
|
||||
{{- $solrPass = (index $solrpreviousold.data "solr-password") | b64dec -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Prepare data */}}
|
||||
{{- $dbHost := printf "%v-%v" .Release.Name "solr" -}}
|
||||
{{- $portHost := printf "%v:8983" $dbHost -}}
|
||||
{{- $url := printf "http://%v:%v@%v/url/%v" .Values.solr.solrUsername $solrPass $portHost .Values.solr.solrCores -}}
|
||||
|
||||
{{/* Append some values to solr.creds, so apps using the dep, can use them */}}
|
||||
{{- $_ := set .Values.solr.creds "solrPassword" ($solrPass | quote) -}}
|
||||
{{- $_ := set .Values.solr.creds "plain" ($dbHost | quote) -}}
|
||||
{{- $_ := set .Values.solr.creds "plainhost" ($dbHost | quote) -}}
|
||||
{{- $_ := set .Values.solr.creds "portHost" ($portHost | quote) -}}
|
||||
{{- $_ := set .Values.solr.creds "url" ($url | quote) -}}
|
||||
|
||||
{{/* Create the secret (Comment also plays a role on correct formatting) */}}
|
||||
enabled: true
|
||||
expandObjectName: false
|
||||
data:
|
||||
solr-password: {{ $solrPass }}
|
||||
url: {{ $url }}
|
||||
plainhost: {{ $dbHost }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "tc.v1.common.dependencies.solr.injector" -}}
|
||||
{{- $secret := include "tc.v1.common.dependencies.solr.secret" . | fromYaml -}}
|
||||
{{- if $secret -}}
|
||||
{{- $_ := set .Values.secret (printf "%s-%s" .Release.Name "solrcreds") $secret -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
Reference in New Issue
Block a user