Skip to content

GitLab

Commit 79aeb966 authored by Fabio Luchetti's avatar Fabio Luchetti Committed by Enrico Bocchi
Browse files

Inject default eos.keytab from k8s secret

parent 9940de17
Pipeline #2728250 failed with stage
in 30 seconds
Hide whitespace changes
Inline Side-by-side
.gitignore 0 → 100644
View file @ 79aeb966
*.tgz
**/charts/*.tgz
.gitignoredir/
common/Chart.yaml 0 → 100644
View file @ 79aeb966
apiVersion: v2
#
name: common
type: application
version: 0.0.1
appVersion: 0.0.1
#
description: commons for eos-chart
icon: https://eos-web.web.cern.ch/eos-web/img/logos/EOS_logo1.svg
common/eos.keytab.ro 0 → 100644
View file @ 79aeb966
0 u:daemon g:daemon n:eos-test+ N:6927582626958016513 c:1612953522 e:0 f:0 k:4d6faa5829d44b32a19c74e2915d94dd86125bfe7dfffb7c2badcb000f9a8327
\ No newline at end of file
common/templates/secrets.yaml 0 → 100644
View file @ 79aeb966
apiVersion: v1
kind: Secret
metadata:
name: common-secret-eoskeytab
type: Opaque
data:
{{ (.Files.Glob "eos.keytab.ro").AsSecrets }}
immutable: false
\ No newline at end of file
fst/.gitignore 0 → 100644
View file @ 79aeb966
Chart.lock
charts/
fst/templates/configmap-fst-init.yaml
View file @ 79aeb966
......@@ -33,6 +33,13 @@ data:
done
}
#### @note Until https://github.com/kubernetes/kubernetes/issues/81089 is merged
echo "INFO: making /etc/eos.keytab 0400 and owned by daemon:daemon ..."
cp /etc/eos.keytab.ro /etc/eos.keytab || exit 1
chown daemon:daemon /etc/eos.keytab || exit 1
chmod 0400 /etc/eos.keytab || exit 1
echo "INFO: /etc/eos.keytab is 0400 and owned by daemon:daemon"
#### @note Until https://github.com/kubernetes/kubernetes/issues/81089 is merged
# Check the MGM is online before registering the node and the filesystem
echo "INFO: Checking the MGM is online..."
......
fst/templates/statefulset.yaml
View file @ 79aeb966
......@@ -75,6 +75,9 @@ spec:
subPath: fst_init.sh
{{- end }}
{{- end }}
- name: eoskeytab
mountPath: /etc/eos.keytab.ro
subPath: eos.keytab.ro
containers:
- name: eos-fst
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
......@@ -111,6 +114,9 @@ spec:
mountPath: /fst_storage
- name: fst-logs
mountPath: /var/log/eos
- name: eoskeytab
mountPath: /etc/eos.keytab.ro
subPath: eos.keytab.ro
volumes:
- name: fst-cfgmap-xrd-cf-fst
configMap:
......@@ -122,6 +128,10 @@ spec:
defaultMode: 0755
- name: fst-logs
emptyDir: {}
- name: eoskeytab
secret:
secretName: common-secret-eoskeytab
defaultMode: 0400
{{- if eq ( include "persistence" . ) "disabled" }}
- name: fst-storage
emptyDir: {}
......
mgm/.gitignore 0 → 100644
View file @ 79aeb966
Chart.lock
charts/
mgm/templates/configmap.yaml
View file @ 79aeb966
......@@ -119,6 +119,14 @@ data:
done
}
#### @note Until https://github.com/kubernetes/kubernetes/issues/81089 is merged
echo "INFO: making /etc/eos.keytab 0400 and owned by daemon:daemon ..."
cp /etc/eos.keytab.ro /etc/eos.keytab || exit 1
chown daemon:daemon /etc/eos.keytab || exit 1
chmod 0400 /etc/eos.keytab || exit 1
echo "INFO: /etc/eos.keytab is 0400 and owned by daemon:daemon"
#### @note Until https://github.com/kubernetes/kubernetes/issues/81089 is merged
# Check QDB backend is running
echo "INFO: Checking QDB is running..."
init_probe redis-cli -h {{ include "qdbcluster.hostname" . }}.{{ .Release.Namespace }}.svc.cluster.local -p 7777 ping
......
mgm/templates/statefulset.yaml
View file @ 79aeb966
......@@ -64,6 +64,9 @@ spec:
- name: mgm-cfgmap-mgm-init
mountPath: /root/mgm_init.sh
subPath: mgm_init.sh
- name: eoskeytab
mountPath: /etc/eos.keytab.ro
subPath: eos.keytab.ro
containers:
- name: eos-mgm
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
......@@ -102,6 +105,9 @@ spec:
mountPath: /var/eos
- name: mgm-logs
mountPath: /var/log/eos
- name: eoskeytab
mountPath: /etc/eos.keytab.ro
subPath: eos.keytab.ro
{{- if .Values.ldapBindUsers.enable }}
- name: nslcd
{{- with .Values.ldapBindUsers.nslcd.image }}
......@@ -155,6 +161,10 @@ spec:
defaultMode: 0755
- name: mgm-logs
emptyDir: {}
- name: eoskeytab
secret:
secretName: common-secret-eoskeytab
defaultMode: 0400
{{- if eq ( include "persistence" . ) "disabled" }}
- name: mgm-data
emptyDir: {}
......@@ -165,7 +175,7 @@ spec:
path: {{ dig "hostPath" "path" (printf "/var/eos/%s" (include "mgm.fullname" . )) .Values.persistence }}
type: {{ dig "hostPath" "type" "DirectoryOrCreate" .Values.persistence }}
{{- end }}
{{- if eq ( include "persistence" . ) "pvc" }}
{{- if eq ( include "persistence" . ) "pvc" }}
volumeClaimTemplates:
- metadata:
name: mgm-data
......
mq/.gitignore 0 → 100644
View file @ 79aeb966
Chart.lock
charts/
mq/templates/configmap.yaml
View file @ 79aeb966
......@@ -42,3 +42,23 @@ data:
mq.qdbcluster {{ include "qdbcluster.hostname" . }}.{{ .Release.Namespace }}.svc.cluster.local:7777
mq.qdbpassword_file /etc/eos.keytab
###########################################################
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "mq.fullname" . }}-cfgmap-mq-init
labels:
{{- include "mq.labels" . | nindent 4 }}
data:
mq_init.sh: |
#!/bin/bash
set -x
#### @note Until https://github.com/kubernetes/kubernetes/issues/81089 is merged
echo "INFO: making /etc/eos.keytab 0400 and owned by daemon:daemon ..."
cp /etc/eos.keytab.ro /etc/eos.keytab || exit 1
chown daemon:daemon /etc/eos.keytab || exit 1
chmod 0400 /etc/eos.keytab || exit 1
echo "INFO: /etc/eos.keytab is 0400 and owned by daemon:daemon"
#### @note Until https://github.com/kubernetes/kubernetes/issues/81089 is merged
mq/templates/statefulset.yaml
View file @ 79aeb966
......@@ -48,6 +48,18 @@ spec:
topologyKey: "kubernetes.io/hostname"
{{- end }}
{{- end }}
initContainers:
- name: eos-m1-init-mq-init
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["/bin/bash", "/root/mq_init.sh"]
volumeMounts:
- name: mq-cfgmap-mq-init
mountPath: /root/mq_init.sh
subPath: mq_init.sh
- name: eoskeytab
mountPath: /etc/eos.keytab.ro
subPath: eos.keytab.ro
containers:
- name: eos-mq
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
......@@ -75,6 +87,12 @@ spec:
subPath: xrd.cf.mq
- name: mq-logs
mountPath: /var/log/eos
- name: mq-cfgmap-mq-init
mountPath: /root/mq_init.sh
subPath: mq_init.sh
- name: eoskeytab
mountPath: /etc/eos.keytab.ro
subPath: eos.keytab.ro
volumes:
- name: mq-cfgmap-xrd-cf-mq
configMap:
......@@ -82,4 +100,12 @@ spec:
defaultMode: 0644
- name: mq-logs
emptyDir: {}
- name: mq-cfgmap-mq-init
configMap:
name: {{ include "mq.fullname" . }}-cfgmap-mq-init
defaultMode: 0755
- name: eoskeytab
secret:
secretName: common-secret-eoskeytab
defaultMode: 0400
qdb/.gitignore 0 → 100644
View file @ 79aeb966
Chart.lock
charts/
qdb/templates/configmap.yaml
View file @ 79aeb966
......@@ -27,6 +27,14 @@ data:
#!/bin/bash
set -x
#### @note Until https://github.com/kubernetes/kubernetes/issues/81089 is merged
echo "INFO: making /etc/eos.keytab 0400 and owned by daemon:daemon ..."
cp /etc/eos.keytab.ro /etc/eos.keytab || exit 1
chown daemon:daemon /etc/eos.keytab || exit 1
chmod 0400 /etc/eos.keytab || exit 1
echo "INFO: /etc/eos.keytab is 0400 and owned by daemon:daemon"
#### @note Until https://github.com/kubernetes/kubernetes/issues/81089 is merged
# Number of replicas of QuarkDB
# Determines whether it should run in stanalone mode or as part of a raft cluster.
# This is set by Helm in values.yaml
......
qdb/templates/statefulset.yaml
View file @ 79aeb966
......@@ -52,6 +52,9 @@ spec:
subPath: xrd.cf.quarkdb.partial
- name: quarkdb-cfgmap-xrd-cf-quarkdb-final
mountPath: /root/qdb-config/output
- name: eoskeytab
mountPath: /etc/eos.keytab.ro
subPath: eos.keytab.ro
containers:
- name: eos-qdb
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
......@@ -79,6 +82,9 @@ spec:
mountPath: /var/quarkdb
- name: quarkdb-logs
mountPath: /var/log/eos
- name: eoskeytab
mountPath: /etc/eos.keytab.ro
subPath: eos.keytab.ro
volumes:
- name: quarkdb-cfgmap-qdb-create
configMap:
......@@ -91,6 +97,10 @@ spec:
emptyDir: {}
- name: quarkdb-logs
emptyDir: {}
- name: eoskeytab
secret:
secretName: common-secret-eoskeytab
defaultMode: 0400
{{- if eq ( include "persistence" . ) "disabled" }}
- name: quarkdb-data
emptyDir: {}
......
server/Chart.yaml
View file @ 79aeb966
......@@ -21,3 +21,6 @@ dependencies:
- name: fst
version: 0.0.5
repository: "https://registry.cern.ch/chartrepo/eos"
- name: common
version: 0.0.1
repository: "https://registry.cern.ch/chartrepo/eos"
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment