andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

use secrets for certs and passwords

pull/539/head
Jacob Payne 2020-08-12 13:47:38 -07:00
parent a2b2ebcaff
commit 4f4e7dce5d
7 changed files with 76 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
packages/rancher-logging/overlay/templates/outputs/elasticsearch/output.yaml
View File

@ -12,32 +12,32 @@ spec:
{{- if .Values.elasticsearch.user }}
user: {{ .Values.elasticsearch.user }}
{{- end}}
{{- if .Values.elasticsearch.password }}
{{- if .Values.elasticsearch.password.secret_name }}
password:
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-elasticsearch
key: "password"
{{- end}}
{{- if .Values.elasticsearch.client_cert }}
name: {{ .Values.elasticsearch.password.secret_name }}
key: {{ .Values.elasticsearch.password.key }}
{{- end}}
{{- if .Values.elasticsearch.client_cert.secret_name }}
client_cert:
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-elasticsearch
key: "client_cert"
{{- end}}
{{- if .Values.elasticsearch.client_key }}
name: {{ .Values.elasticsearch.client_cert.secret_name }}
key: {{ .Values.elasticsearch.client_cert.key }}
{{- end}}
{{- if .Values.elasticsearch.client_key.secret_name }}
client_key:
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-elasticsearch
key: "client_key"
{{- end}}
{{- if .Values.elasticsearch.client_key_pass }}
name: {{ .Values.elasticsearch.client_key.secret_name }}
key: {{ .Values.elasticsearch.client_key.key }}
{{- end}}
{{- if .Values.elasticsearch.client_key_pass.secret_name }}
client_key_pass:
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-elasticsearch
key: "client_key_pass"
{{- end}}
{{- end }}
name: {{ .Values.elasticsearch.client_key_pass.secret_name }}
key: {{ .Values.elasticsearch.client_key_pass.key }}
{{- end}}
{{- end }}

14
packages/rancher-logging/overlay/templates/outputs/elasticsearch/secret.yaml
View File

@ -1,14 +0,0 @@
{{- if .Values.elasticsearch.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Name }}-elasticsearch
labels:
{{ include "logging-operator.labels" . | indent 4 }}
type: Opaque
data:
password: {{ .Values.elasticsearch.password | b64enc | quote }}
client_cert: {{ .Values.elasticsearch.client_cert | b64enc | quote }}
client_key: {{ .Values.elasticsearch.client_key | b64enc | quote }}
client_key_pass: {{ .Values.elasticsearch.client_key_pass | b64enc | quote }}
{{- end }}

36
packages/rancher-logging/overlay/templates/outputs/kafka/output.yaml
View File

@ -12,46 +12,46 @@ spec:
format:
type: json
{{- if .Values.kakfa.username }}
{{- if .Values.kakfa.username.secret_name }}
username:
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-kafka
key: "username"
name: {{ .Values.kakfa.username.secret_name }}
key: {{ .Values.kakfa.username.key }}
{{- end }}
{{- if .Values.kakfa.password }}
{{- if .Values.kakfa.password.secret_name }}
password:
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-kafka
key: "password"
name: {{ .Values.kakfa.password.secret_name }}
key: {{ .Values.kakfa.password.key }}
{{- end }}
{{- if .Values.kakfa.ssl_ca_cert }}
{{- if .Values.kakfa.ssl_ca_cert.secret_name }}
ssl_ca_cert:
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-kafka
key: "ssl_ca_cert"
name: {{ .Values.kakfa.ssl_ca_cert.secret_name }}
key: {{ .Values.kakfa.ssl_ca_cert.key }}
{{- end }}
{{- if .Values.kakfa.ssl_client_cert }}
{{- if .Values.kakfa.ssl_client_cert.secret_name }}
ssl_client_cert:
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-kafka
key: "ssl_client_cert"
name: {{ .Values.kakfa.ssl_client_cert.secret_name }}
key: {{ .Values.kakfa.ssl_client_cert.key }}
{{- end }}
{{- if .Values.kakfa.ssl_client_cert_chain }}
{{- if .Values.kakfa.ssl_client_cert_chain.secret_name }}
ssl_client_cert_chain:
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-kafka
key: "ssl_client_cert_chain"
name: {{ .Values.kakfa.ssl_client_cert_chain.secret_name }}
key: {{ .Values.kakfa.ssl_client_cert_chain.key }}
{{- end }}
{{- if .Values.kakfa.ssl_client_cert_key }}
{{- if .Values.kakfa.ssl_client_cert_key.secret_name }}
ssl_client_cert_key:
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-kafka
key: "ssl_client_cert_key"
name: {{ .Values.kakfa.ssl_client_cert_key.secret_name }}
key: {{ .Values.kakfa.ssl_client_cert_key.key }}
{{- end }}
{{- end }}

28
packages/rancher-logging/overlay/templates/outputs/kafka/secret.yaml
View File

@ -1,28 +0,0 @@
{{- if .Values.kafka.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Name }}-kafka
labels:
{{ include "logging-operator.labels" . | indent 4 }}
type: Opaque
data:
{{- if .Values.kafka.username }}
username: {{ .Values.kafka.username }}
{{- end }}
{{- if .Values.kafka.password }}
password: {{ .Values.kafka.password }}
{{- end }}
{{- if .Values.kafka.ssl_ca_cert }}
ssl_ca_cert: {{ .Values.kafka.ssl_ca_cert }}
{{- end }}
{{- if .Values.kafka.ssl_client_cert }}
ssl_client_cert: {{ .Values.kafka.ssl_client_cert }}
{{- end }}
{{- if .Values.kafka.ssl_client_cert_chain }}
ssl_client_cert_chain: {{ .Values.kafka.ssl_client_cert_chain }}
{{- end }}
{{- if .Values.kafka.ssl_client_cert_key }}
ssl_client_cert_key: {{ .Values.kafka.ssl_client_cert_key }}
{{- end }}
{{- end }}

6
packages/rancher-logging/overlay/templates/outputs/splunk/output.yaml
View File

@ -8,12 +8,12 @@ spec:
hec_host: {{ .Values.splunk.host }}
hec_port: {{ .Values.splunk.port }}
protocol: {{ .Values.splunk.protocol }}
{{- if .Values.splunk.index }}
{{- if .Values.splunk.token.secret_name }}
hec_token:
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-splunk
key: "hec_token"
name: {{ .Values.splunk.token.secret_name }}
key: {{ .Values.splunk.token.key }}
{{- end }}
{{- if .Values.splunk.index }}
index: {{ .Values.splunk.index }}

11
packages/rancher-logging/overlay/templates/outputs/splunk/secret.yaml
View File

@ -1,11 +0,0 @@
{{- if .Values.splunk.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Name }}-splunk
labels:
{{ include "logging-operator.labels" . | indent 4 }}
type: Opaque
data:
hec_token: {{ .Values.splunk.token | b64enc | quote }}
{{- end }}

50
packages/rancher-logging/rancher-logging.patch
View File

@ -31,7 +31,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-logging/charts-original/values
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
@@ -76,4 +76,48 @@
@@ -76,4 +76,70 @@
monitoring:
# Create a Prometheus Operator ServiceMonitor object
serviceMonitor:
@ -44,10 +44,22 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-logging/charts-original/values
+ index_name: fluentd
+ scheme: http
+ user: ""
+ password: ""
+ client_cert: ""
+ client_key: ""
+ client_key_pass: ""
+ password:
+ secret_name: ""
+ key: "password"
+ ca_file:
+ secret_name: ""
+ key: "ca_file"
+ client_cert:
+ secret_name: ""
+ key: "client_cert"
+ client_key:
+ secret_name: ""
+ key: "client_key"
+ client_key_pass:
+ secret_name: ""
+ key: "client_key_pass"
+
+
+kafka:
+ enabled: false
@ -55,12 +67,24 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-logging/charts-original/values
+ default_topic: "fluentd"
+ sasl_over_ssl: false
+ scram_mechanism: "PLAIN"
+ username: ""
+ password: ""
+ ssl_ca_cert: ""
+ ssl_client_cert: ""
+ ssl_client_cert_chain: ""
+ ssl_client_cert_key: ""
+ username:
+ secret_name: ""
+ key: "username"
+ password:
+ secret_name: ""
+ key: "password"
+ ssl_ca_cert:
+ secret_name: ""
+ key: "ssl_ca_cert"
+ ssl_client_cert:
+ secret_name: ""
+ key: "ssl_client_cert"
+ ssl_client_cert_chain:
+ secret_name: ""
+ key: "ssl_client_cert_chain"
+ ssl_client_cert_key:
+ secret_name: ""
+ key: "ssl_client_cert_key"
+
+splunk:
+ enabled: false
@ -68,7 +92,9 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-logging/charts-original/values
+ port: 8088
+ protocol: http
+ index: rancher
+ token: ""
+ token:
+ secret_name: ""
+ key: "token"
+ client_cert: ""
+ client_key: ""
+ insecure_ssl: false