[indico-web] Configure secrets and env vars
- From: Bartłomiej Piotrowski <bpiotrowski src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [indico-web] Configure secrets and env vars
- Date: Fri, 29 Nov 2019 11:52:27 +0000 (UTC)
commit 96ec663efb1229795d638c7be8afeb0cb90ad21f
Author: Bartłomiej Piotrowski <bpiotrowski gnome org>
Date: Fri Nov 29 12:52:18 2019 +0100
Configure secrets and env vars
oscp.yml | 273 +++++++++++++++++++++++++++++----------------------------------
1 file changed, 124 insertions(+), 149 deletions(-)
---
diff --git a/oscp.yml b/oscp.yml
index e6386c2..d37ea96 100644
--- a/oscp.yml
+++ b/oscp.yml
@@ -7,11 +7,72 @@ metadata:
tags: "events, conferences"
parameters:
- - name: USE_EXTERNAL_DB
- description: Whether an external DB will be used ('y' or 'n').
- value: "y"
+ - name: SERVICE_HOSTNAME
+ displayName: Domain
+ description: Domain used to serve Indico
+ value: indico.openshift.gnome.org
+
+ - name: SERVICE_PROTOCOL
+ displayName: Protocol
+ description: Protocol used to serve Indico
+ value: https
+
+ - name: SERVICE_PORT
+ displayName: Port
+ description: Port used to serve Indico
+ value: 443
+
+ - name: INDICO_DEFAULT_TIMEZONE
+ displayName: Default timezone
+ value: UTC
+
+ - name: INDICO_DEFAULT_LOCALE
+ displayName: Language
+ value: en_US
+
+ - name: PGPORT
+ displayName: PostgreSQL port
+ value: 5432
+
+ - name: PGHOST
+ displayName: PostgreSQL hostname
+ value: postgres
+ required: true
+
+ - name: PGUSER
+ displayName: PostgreSQL user
+ required: true
+
+ - name: PGPASSWORD
+ displayName: PostgreSQL password
+ required: true
+
+ - name: PGDATABASE
+ displayName: PostgreSQL database
+ required: true
+
+ - name: SECRET_KEY
+ displayName: Secret key
+ required: true
objects:
+- kind: Secret
+ apiVersion: v1
+ metadata:
+ name: indico-secrets
+ annotations:
+ template.openshift.io/expose-pghost: "{.data['pghost']}"
+ template.openshift.io/expose-pguser: "{.data['pguser']}"
+ template.openshift.io/expose-pgpassword: "{.data['pgpassword']}"
+ template.openshift.io/expose-pgdatabase: "{.data['pgdatabase']}"
+ template.openshift.io/expose-secret_key: "{.data['secret_key']}"
+ stringData:
+ pghost: "${PGHOST}"
+ pguser: "${PGUSER}"
+ pgpassword: "${PGPASSWORD}"
+ pgdatabase: "${PGDATABASE}"
+ secret_key: "${SECRET_KEY}"
+
- apiVersion: v1
kind: BuildConfig
metadata:
@@ -147,89 +208,46 @@ objects:
timeoutSeconds: 20
env:
- name: SERVICE_PROTOCOL
- valueFrom:
- configMapKeyRef:
- key: serviceprotocol
- name: settings
+ value: "${SERVICE_PROTOCOL}"
- name: SERVICE_HOSTNAME
- valueFrom:
- configMapKeyRef:
- key: servicehost
- name: settings
+ value: "${SERVICE_HOSTNAME}"
- name: SERVICE_PORT
- valueFrom:
- configMapKeyRef:
- key: serviceport
- name: settings
- - name: PGHOST
- valueFrom:
- configMapKeyRef:
- key: pghost
- name: settings
- - name: PGUSER
- valueFrom:
- configMapKeyRef:
- key: pguser
- name: settings
- - name: PGPASSWORD
- valueFrom:
- configMapKeyRef:
- key: pgpassword
- name: settings
- - name: PGDATABASE
- valueFrom:
- configMapKeyRef:
- key: pgdatabase
- name: settings
- - name: PGPORT
- valueFrom:
- configMapKeyRef:
- key: pgport
- name: settings
- - name: SENTRY_DSN
- valueFrom:
- configMapKeyRef:
- key: sentrydsn
- name: settings
- - name: SECRET_KEY
- valueFrom:
- configMapKeyRef:
- key: secretkey
- name: settings
- - name: INDICO_STORAGE_DICT
- valueFrom:
- configMapKeyRef:
- key: storage
- name: settings
- - name: ATTACHMENT_STORAGE
- valueFrom:
- configMapKeyRef:
- key: attachmentstorage
- name: settings
- - name: SMTP_SERVER
- - name: SMTP_PORT
- - name: SMTP_LOGIN
- - name: SMTP_PASSWORD
- - name: SMTP_USE_TLS
- - name: INDICO_SUPPORT_EMAIL
- - name: INDICO_PUBLIC_SUPPORT_EMAIL
- - name: INDICO_NO_REPLY_EMAIL
+ value: "${SERVICE_PORT}"
- name: INDICO_DEFAULT_TIMEZONE
+ value: "${INDICO_DEFAULT_TIMEZONE}"
- name: INDICO_DEFAULT_LOCALE
- - name: INDICO_ROUTE_OLD_URLS
- - name: INDICO_CHECKIN_APP_CLIENT_ID
- - name: INDICO_CUSTOMIZATION_DIR
- - name: INDICO_CUSTOMIZATION_DEBUG
- - name: INDICO_LOGO_URL
+ value: "${INDICO_DEFAULT_LOCALE}"
- name: REDIS_CACHE_URL
value: redis://indico-redis:6379/1
- name: CELERY_BROKER
value: redis://indico-redis:6379/0
- - name: SQLALCHEMY_DATABASE_URI
- name: C_FORCE_ROOT
value: "true"
- - name: USE_EXTERNAL_DB
- value: ${USE_EXTERNAL_DB}
+ - name: pghost
+ valueFrom:
+ secretKeyRef:
+ name: indico-secrets
+ key: pghost
+ - name: pguser
+ valueFrom:
+ secretKeyRef:
+ name: indico-secrets
+ key: pguser
+ - name: pgpassword
+ valueFrom:
+ secretKeyRef:
+ name: indico-secrets
+ key: pgpassword
+ - name: pgdatabase
+ valueFrom:
+ secretKeyRef:
+ name: indico-secrets
+ key: pgdatabase
+ - name: secret_key
+ valueFrom:
+ secretKeyRef:
+ name: indico-secrets
+ key: secret_key
ports:
- containerPort: 59999
resources:
@@ -284,89 +302,46 @@ objects:
- ./opt/indico/run_celery.sh
env:
- name: SERVICE_PROTOCOL
- valueFrom:
- configMapKeyRef:
- key: serviceprotocol
- name: settings
+ value: "${SERVICE_PROTOCOL}"
- name: SERVICE_HOSTNAME
- valueFrom:
- configMapKeyRef:
- key: servicehost
- name: settings
+ value: "${SERVICE_HOSTNAME}"
- name: SERVICE_PORT
- valueFrom:
- configMapKeyRef:
- key: serviceport
- name: settings
- - name: PGHOST
- valueFrom:
- configMapKeyRef:
- key: pghost
- name: settings
- - name: PGUSER
- valueFrom:
- configMapKeyRef:
- key: pguser
- name: settings
- - name: PGPASSWORD
- valueFrom:
- configMapKeyRef:
- key: pgpassword
- name: settings
- - name: PGDATABASE
- valueFrom:
- configMapKeyRef:
- key: pgdatabase
- name: settings
- - name: PGPORT
- valueFrom:
- configMapKeyRef:
- key: pgport
- name: settings
- - name: SENTRY_DSN
- valueFrom:
- configMapKeyRef:
- key: sentrydsn
- name: settings
- - name: SECRET_KEY
- valueFrom:
- configMapKeyRef:
- key: secretkey
- name: settings
- - name: AUTH_PROVIDERS
- valueFrom:
- configMapKeyRef:
- key: authproviders
- name: settings
- - name: IDENTITY_PROVIDERS
- valueFrom:
- configMapKeyRef:
- key: identityproviders
- name: settings
- - name: LOCAL_IDENTITIES
- valueFrom:
- configMapKeyRef:
- key: localidentities
- name: settings
- - name: SMTP_SERVER
- - name: SMTP_PORT
- - name: SMTP_LOGIN
- - name: SMTP_PASSWORD
- - name: SMTP_USE_TLS
+ value: "${SERVICE_PORT}"
- name: INDICO_DEFAULT_TIMEZONE
+ value: "${INDICO_DEFAULT_TIMEZONE}"
- name: INDICO_DEFAULT_LOCALE
- - name: INDICO_ROUTE_OLD_URLS
- - name: INDICO_CHECKIN_APP_CLIENT_ID
- - name: INDICO_CUSTOMIZATION_DIR
- - name: INDICO_CUSTOMIZATION_DEBUG
- - name: INDICO_LOGO_URL
+ value: "${INDICO_DEFAULT_LOCALE}"
- name: REDIS_CACHE_URL
value: redis://indico-redis:6379/1
- name: CELERY_BROKER
value: redis://indico-redis:6379/0
- - name: SQLALCHEMY_DATABASE_URI
- name: C_FORCE_ROOT
value: "true"
+ - name: pghost
+ valueFrom:
+ secretKeyRef:
+ name: indico-secrets
+ key: pghost
+ - name: pguser
+ valueFrom:
+ secretKeyRef:
+ name: indico-secrets
+ key: pguser
+ - name: pgpassword
+ valueFrom:
+ secretKeyRef:
+ name: indico-secrets
+ key: pgpassword
+ - name: pgdatabase
+ valueFrom:
+ secretKeyRef:
+ name: indico-secrets
+ key: pgdatabase
+ - name: secret_key
+ valueFrom:
+ secretKeyRef:
+ name: indico-secrets
+ key: secret_key
image: ' '
name: indico-celery
resources:
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]