andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

use secrets for certs and passwords

pull/539/head
Jacob Payne 2020-08-12 13:47:38 -07:00
parent a2b2ebcaff
commit 4f4e7dce5d
7 changed files with 76 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
packages/rancher-logging/overlay/templates/outputs/elasticsearch/output.yaml
View File

@ -12,32 +12,32 @@ spec:
{{- if .Values.elasticsearch.user }} {{- if .Values.elasticsearch.user }}
user: {{ .Values.elasticsearch.user }} user: {{ .Values.elasticsearch.user }}
{{- end}} {{- end}}
{{- if .Values.elasticsearch.password }} {{- if .Values.elasticsearch.password.secret_name }}
password: password:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Release.Name }}-elasticsearch name: {{ .Values.elasticsearch.password.secret_name }}
key: "password" key: {{ .Values.elasticsearch.password.key }}
{{- end}} {{- end}}
{{- if .Values.elasticsearch.client_cert }} {{- if .Values.elasticsearch.client_cert.secret_name }}
client_cert: client_cert:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Release.Name }}-elasticsearch name: {{ .Values.elasticsearch.client_cert.secret_name }}
key: "client_cert" key: {{ .Values.elasticsearch.client_cert.key }}
{{- end}} {{- end}}
{{- if .Values.elasticsearch.client_key }} {{- if .Values.elasticsearch.client_key.secret_name }}
client_key: client_key:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Release.Name }}-elasticsearch name: {{ .Values.elasticsearch.client_key.secret_name }}
key: "client_key" key: {{ .Values.elasticsearch.client_key.key }}
{{- end}} {{- end}}
{{- if .Values.elasticsearch.client_key_pass }} {{- if .Values.elasticsearch.client_key_pass.secret_name }}
client_key_pass: client_key_pass:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Release.Name }}-elasticsearch name: {{ .Values.elasticsearch.client_key_pass.secret_name }}
key: "client_key_pass" key: {{ .Values.elasticsearch.client_key_pass.key }}
{{- end}} {{- end}}
{{- end }} {{- end }}

14
packages/rancher-logging/overlay/templates/outputs/elasticsearch/secret.yaml
View File

@ -1,14 +0,0 @@
{{- if .Values.elasticsearch.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Name }}-elasticsearch
labels:
{{ include "logging-operator.labels" . | indent 4 }}
type: Opaque
data:
password: {{ .Values.elasticsearch.password | b64enc | quote }}
client_cert: {{ .Values.elasticsearch.client_cert | b64enc | quote }}
client_key: {{ .Values.elasticsearch.client_key | b64enc | quote }}
client_key_pass: {{ .Values.elasticsearch.client_key_pass | b64enc | quote }}
{{- end }}

36
packages/rancher-logging/overlay/templates/outputs/kafka/output.yaml
View File

@ -12,46 +12,46 @@ spec:
format: format:
type: json type: json
{{- if .Values.kakfa.username }} {{- if .Values.kakfa.username.secret_name }}
username: username:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Release.Name }}-kafka name: {{ .Values.kakfa.username.secret_name }}
key: "username" key: {{ .Values.kakfa.username.key }}
{{- end }} {{- end }}
{{- if .Values.kakfa.password }} {{- if .Values.kakfa.password.secret_name }}
password: password:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Release.Name }}-kafka name: {{ .Values.kakfa.password.secret_name }}
key: "password" key: {{ .Values.kakfa.password.key }}
{{- end }} {{- end }}
{{- if .Values.kakfa.ssl_ca_cert }} {{- if .Values.kakfa.ssl_ca_cert.secret_name }}
ssl_ca_cert: ssl_ca_cert:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Release.Name }}-kafka name: {{ .Values.kakfa.ssl_ca_cert.secret_name }}
key: "ssl_ca_cert" key: {{ .Values.kakfa.ssl_ca_cert.key }}
{{- end }} {{- end }}
{{- if .Values.kakfa.ssl_client_cert }} {{- if .Values.kakfa.ssl_client_cert.secret_name }}
ssl_client_cert: ssl_client_cert:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Release.Name }}-kafka name: {{ .Values.kakfa.ssl_client_cert.secret_name }}
key: "ssl_client_cert" key: {{ .Values.kakfa.ssl_client_cert.key }}
{{- end }} {{- end }}
{{- if .Values.kakfa.ssl_client_cert_chain }} {{- if .Values.kakfa.ssl_client_cert_chain.secret_name }}
ssl_client_cert_chain: ssl_client_cert_chain:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Release.Name }}-kafka name: {{ .Values.kakfa.ssl_client_cert_chain.secret_name }}
key: "ssl_client_cert_chain" key: {{ .Values.kakfa.ssl_client_cert_chain.key }}
{{- end }} {{- end }}
{{- if .Values.kakfa.ssl_client_cert_key }} {{- if .Values.kakfa.ssl_client_cert_key.secret_name }}
ssl_client_cert_key: ssl_client_cert_key:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Release.Name }}-kafka name: {{ .Values.kakfa.ssl_client_cert_key.secret_name }}
key: "ssl_client_cert_key" key: {{ .Values.kakfa.ssl_client_cert_key.key }}
{{- end }} {{- end }}
{{- end }} {{- end }}

28
packages/rancher-logging/overlay/templates/outputs/kafka/secret.yaml
View File

@ -1,28 +0,0 @@
{{- if .Values.kafka.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Name }}-kafka
labels:
{{ include "logging-operator.labels" . | indent 4 }}
type: Opaque
data:
{{- if .Values.kafka.username }}
username: {{ .Values.kafka.username }}
{{- end }}
{{- if .Values.kafka.password }}
password: {{ .Values.kafka.password }}
{{- end }}
{{- if .Values.kafka.ssl_ca_cert }}
ssl_ca_cert: {{ .Values.kafka.ssl_ca_cert }}
{{- end }}
{{- if .Values.kafka.ssl_client_cert }}
ssl_client_cert: {{ .Values.kafka.ssl_client_cert }}
{{- end }}
{{- if .Values.kafka.ssl_client_cert_chain }}
ssl_client_cert_chain: {{ .Values.kafka.ssl_client_cert_chain }}
{{- end }}
{{- if .Values.kafka.ssl_client_cert_key }}
ssl_client_cert_key: {{ .Values.kafka.ssl_client_cert_key }}
{{- end }}
{{- end }}

6
packages/rancher-logging/overlay/templates/outputs/splunk/output.yaml
View File

@ -8,12 +8,12 @@ spec:
hec_host: {{ .Values.splunk.host }} hec_host: {{ .Values.splunk.host }}
hec_port: {{ .Values.splunk.port }} hec_port: {{ .Values.splunk.port }}
protocol: {{ .Values.splunk.protocol }} protocol: {{ .Values.splunk.protocol }}
{{- if .Values.splunk.index }} {{- if .Values.splunk.token.secret_name }}
hec_token: hec_token:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Release.Name }}-splunk name: {{ .Values.splunk.token.secret_name }}
key: "hec_token" key: {{ .Values.splunk.token.key }}
{{- end }} {{- end }}
{{- if .Values.splunk.index }} {{- if .Values.splunk.index }}
index: {{ .Values.splunk.index }} index: {{ .Values.splunk.index }}

11
packages/rancher-logging/overlay/templates/outputs/splunk/secret.yaml
View File

@ -1,11 +0,0 @@
{{- if .Values.splunk.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Name }}-splunk
labels:
{{ include "logging-operator.labels" . | indent 4 }}
type: Opaque
data:
hec_token: {{ .Values.splunk.token | b64enc | quote }}
{{- end }}

50
packages/rancher-logging/rancher-logging.patch
View File

@ -31,7 +31,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-logging/charts-original/values
resources: {} resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious # We usually recommend not to specify default resources and to leave this as a conscious
@@ -76,4 +76,48 @@ @@ -76,4 +76,70 @@
monitoring: monitoring:
# Create a Prometheus Operator ServiceMonitor object # Create a Prometheus Operator ServiceMonitor object
serviceMonitor: serviceMonitor:
@ -44,10 +44,22 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-logging/charts-original/values
+ index_name: fluentd + index_name: fluentd
+ scheme: http + scheme: http
+ user: "" + user: ""
+ password: "" + password:
+ client_cert: "" + secret_name: ""
+ client_key: "" + key: "password"
+ client_key_pass: "" + ca_file:
+ secret_name: ""
+ key: "ca_file"
+ client_cert:
+ secret_name: ""
+ key: "client_cert"
+ client_key:
+ secret_name: ""
+ key: "client_key"
+ client_key_pass:
+ secret_name: ""
+ key: "client_key_pass"
+
+ +
+kafka: +kafka:
+ enabled: false + enabled: false
@ -55,12 +67,24 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-logging/charts-original/values
+ default_topic: "fluentd" + default_topic: "fluentd"
+ sasl_over_ssl: false + sasl_over_ssl: false
+ scram_mechanism: "PLAIN" + scram_mechanism: "PLAIN"
+ username: "" + username:
+ password: "" + secret_name: ""
+ ssl_ca_cert: "" + key: "username"
+ ssl_client_cert: "" + password:
+ ssl_client_cert_chain: "" + secret_name: ""
+ ssl_client_cert_key: "" + key: "password"
+ ssl_ca_cert:
+ secret_name: ""
+ key: "ssl_ca_cert"
+ ssl_client_cert:
+ secret_name: ""
+ key: "ssl_client_cert"
+ ssl_client_cert_chain:
+ secret_name: ""
+ key: "ssl_client_cert_chain"
+ ssl_client_cert_key:
+ secret_name: ""
+ key: "ssl_client_cert_key"
+ +
+splunk: +splunk:
+ enabled: false + enabled: false
@ -68,7 +92,9 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-logging/charts-original/values
+ port: 8088 + port: 8088
+ protocol: http + protocol: http
+ index: rancher + index: rancher
+ token: "" + token:
+ secret_name: ""
+ key: "token"
+ client_cert: "" + client_cert: ""
+ client_key: "" + client_key: ""
+ insecure_ssl: false + insecure_ssl: false