[indico-web] Configure secrets and env vars



commit 96ec663efb1229795d638c7be8afeb0cb90ad21f
Author: Bartłomiej Piotrowski <bpiotrowski gnome org>
Date:   Fri Nov 29 12:52:18 2019 +0100

    Configure secrets and env vars

 oscp.yml | 273 +++++++++++++++++++++++++++++----------------------------------
 1 file changed, 124 insertions(+), 149 deletions(-)
---
diff --git a/oscp.yml b/oscp.yml
index e6386c2..d37ea96 100644
--- a/oscp.yml
+++ b/oscp.yml
@@ -7,11 +7,72 @@ metadata:
     tags: "events, conferences"
 
 parameters:
-  - name: USE_EXTERNAL_DB
-    description: Whether an external DB will be used ('y' or 'n').
-    value: "y"
+  - name: SERVICE_HOSTNAME
+    displayName: Domain
+    description: Domain used to serve Indico
+    value: indico.openshift.gnome.org
+
+  - name: SERVICE_PROTOCOL
+    displayName: Protocol
+    description: Protocol used to serve Indico
+    value: https
+
+  - name: SERVICE_PORT
+    displayName: Port
+    description: Port used to serve Indico
+    value: 443
+
+  - name: INDICO_DEFAULT_TIMEZONE
+    displayName: Default timezone
+    value: UTC
+
+  - name: INDICO_DEFAULT_LOCALE
+    displayName: Language
+    value: en_US
+
+  - name: PGPORT
+    displayName: PostgreSQL port
+    value: 5432
+
+  - name: PGHOST
+    displayName: PostgreSQL hostname
+    value: postgres
+    required: true
+
+  - name: PGUSER
+    displayName: PostgreSQL user
+    required: true
+
+  - name: PGPASSWORD
+    displayName: PostgreSQL password
+    required: true
+
+  - name: PGDATABASE
+    displayName: PostgreSQL database
+    required: true
+
+  - name: SECRET_KEY
+    displayName: Secret key
+    required: true
 
 objects:
+- kind: Secret
+  apiVersion: v1
+  metadata:
+    name: indico-secrets
+    annotations:
+      template.openshift.io/expose-pghost: "{.data['pghost']}"
+      template.openshift.io/expose-pguser: "{.data['pguser']}"
+      template.openshift.io/expose-pgpassword: "{.data['pgpassword']}"
+      template.openshift.io/expose-pgdatabase: "{.data['pgdatabase']}"
+      template.openshift.io/expose-secret_key: "{.data['secret_key']}"
+  stringData:
+    pghost: "${PGHOST}"
+    pguser: "${PGUSER}"
+    pgpassword: "${PGPASSWORD}"
+    pgdatabase: "${PGDATABASE}"
+    secret_key: "${SECRET_KEY}"
+
 - apiVersion: v1
   kind: BuildConfig
   metadata:
@@ -147,89 +208,46 @@ objects:
             timeoutSeconds: 20
           env:
           - name: SERVICE_PROTOCOL
-            valueFrom:
-              configMapKeyRef:
-                key: serviceprotocol
-                name: settings
+            value: "${SERVICE_PROTOCOL}"
           - name: SERVICE_HOSTNAME
-            valueFrom:
-              configMapKeyRef:
-                key: servicehost
-                name: settings
+            value: "${SERVICE_HOSTNAME}"
           - name: SERVICE_PORT
-            valueFrom:
-              configMapKeyRef:
-                key: serviceport
-                name: settings
-          - name: PGHOST
-            valueFrom:
-              configMapKeyRef:
-                key: pghost
-                name: settings
-          - name: PGUSER
-            valueFrom:
-              configMapKeyRef:
-                key: pguser
-                name: settings
-          - name: PGPASSWORD
-            valueFrom:
-              configMapKeyRef:
-                key: pgpassword
-                name: settings
-          - name: PGDATABASE
-            valueFrom:
-              configMapKeyRef:
-                key: pgdatabase
-                name: settings
-          - name: PGPORT
-            valueFrom:
-              configMapKeyRef:
-                key: pgport
-                name: settings
-          - name: SENTRY_DSN
-            valueFrom:
-              configMapKeyRef:
-                key: sentrydsn
-                name: settings
-          - name: SECRET_KEY
-            valueFrom:
-              configMapKeyRef:
-                key: secretkey
-                name: settings
-          - name: INDICO_STORAGE_DICT
-            valueFrom:
-                configMapKeyRef:
-                  key: storage
-                  name: settings
-          - name: ATTACHMENT_STORAGE
-            valueFrom:
-                configMapKeyRef:
-                  key: attachmentstorage
-                  name: settings
-          - name: SMTP_SERVER
-          - name: SMTP_PORT
-          - name: SMTP_LOGIN
-          - name: SMTP_PASSWORD
-          - name: SMTP_USE_TLS
-          - name: INDICO_SUPPORT_EMAIL
-          - name: INDICO_PUBLIC_SUPPORT_EMAIL
-          - name: INDICO_NO_REPLY_EMAIL
+            value: "${SERVICE_PORT}"
           - name: INDICO_DEFAULT_TIMEZONE
+            value: "${INDICO_DEFAULT_TIMEZONE}"
           - name: INDICO_DEFAULT_LOCALE
-          - name: INDICO_ROUTE_OLD_URLS
-          - name: INDICO_CHECKIN_APP_CLIENT_ID
-          - name: INDICO_CUSTOMIZATION_DIR
-          - name: INDICO_CUSTOMIZATION_DEBUG
-          - name: INDICO_LOGO_URL
+            value: "${INDICO_DEFAULT_LOCALE}"
           - name: REDIS_CACHE_URL
             value: redis://indico-redis:6379/1
           - name: CELERY_BROKER
             value: redis://indico-redis:6379/0
-          - name: SQLALCHEMY_DATABASE_URI
           - name: C_FORCE_ROOT
             value: "true"
-          - name: USE_EXTERNAL_DB
-            value: ${USE_EXTERNAL_DB}
+          - name: pghost
+            valueFrom:
+              secretKeyRef:
+                name: indico-secrets
+                key: pghost
+          - name: pguser
+            valueFrom:
+              secretKeyRef:
+                name: indico-secrets
+                key: pguser
+          - name: pgpassword
+            valueFrom:
+              secretKeyRef:
+                name: indico-secrets
+                key: pgpassword
+          - name: pgdatabase
+              valueFrom:
+                secretKeyRef:
+                  name: indico-secrets
+                  key: pgdatabase
+          - name: secret_key
+            valueFrom:
+              secretKeyRef:
+                name: indico-secrets
+                key: secret_key
           ports:
           - containerPort: 59999
           resources:
@@ -284,89 +302,46 @@ objects:
           - ./opt/indico/run_celery.sh
           env:
           - name: SERVICE_PROTOCOL
-            valueFrom:
-              configMapKeyRef:
-                key: serviceprotocol
-                name: settings
+            value: "${SERVICE_PROTOCOL}"
           - name: SERVICE_HOSTNAME
-            valueFrom:
-              configMapKeyRef:
-                key: servicehost
-                name: settings
+            value: "${SERVICE_HOSTNAME}"
           - name: SERVICE_PORT
-            valueFrom:
-              configMapKeyRef:
-                key: serviceport
-                name: settings
-          - name: PGHOST
-            valueFrom:
-              configMapKeyRef:
-                key: pghost
-                name: settings
-          - name: PGUSER
-            valueFrom:
-              configMapKeyRef:
-                key: pguser
-                name: settings
-          - name: PGPASSWORD
-            valueFrom:
-              configMapKeyRef:
-                key: pgpassword
-                name: settings
-          - name: PGDATABASE
-            valueFrom:
-              configMapKeyRef:
-                key: pgdatabase
-                name: settings
-          - name: PGPORT
-            valueFrom:
-              configMapKeyRef:
-                key: pgport
-                name: settings
-          - name: SENTRY_DSN
-            valueFrom:
-              configMapKeyRef:
-                key: sentrydsn
-                name: settings
-          - name: SECRET_KEY
-            valueFrom:
-              configMapKeyRef:
-                key: secretkey
-                name: settings
-          - name: AUTH_PROVIDERS
-            valueFrom:
-                configMapKeyRef:
-                  key: authproviders
-                  name: settings
-          - name: IDENTITY_PROVIDERS
-            valueFrom:
-                configMapKeyRef:
-                  key: identityproviders
-                  name: settings
-          - name: LOCAL_IDENTITIES
-            valueFrom:
-                configMapKeyRef:
-                  key: localidentities
-                  name: settings
-          - name: SMTP_SERVER
-          - name: SMTP_PORT
-          - name: SMTP_LOGIN
-          - name: SMTP_PASSWORD
-          - name: SMTP_USE_TLS
+            value: "${SERVICE_PORT}"
           - name: INDICO_DEFAULT_TIMEZONE
+            value: "${INDICO_DEFAULT_TIMEZONE}"
           - name: INDICO_DEFAULT_LOCALE
-          - name: INDICO_ROUTE_OLD_URLS
-          - name: INDICO_CHECKIN_APP_CLIENT_ID
-          - name: INDICO_CUSTOMIZATION_DIR
-          - name: INDICO_CUSTOMIZATION_DEBUG
-          - name: INDICO_LOGO_URL
+            value: "${INDICO_DEFAULT_LOCALE}"
           - name: REDIS_CACHE_URL
             value: redis://indico-redis:6379/1
           - name: CELERY_BROKER
             value: redis://indico-redis:6379/0
-          - name: SQLALCHEMY_DATABASE_URI
           - name: C_FORCE_ROOT
             value: "true"
+          - name: pghost
+            valueFrom:
+              secretKeyRef:
+                name: indico-secrets
+                key: pghost
+          - name: pguser
+            valueFrom:
+              secretKeyRef:
+                name: indico-secrets
+                key: pguser
+          - name: pgpassword
+            valueFrom:
+              secretKeyRef:
+                name: indico-secrets
+                key: pgpassword
+          - name: pgdatabase
+              valueFrom:
+                secretKeyRef:
+                  name: indico-secrets
+                  key: pgdatabase
+          - name: secret_key
+            valueFrom:
+              secretKeyRef:
+                name: indico-secrets
+                key: secret_key
           image: ' '
           name: indico-celery
           resources:


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]