add secrets helm template

2020-06-02 21:12:56 -04:00
parent 5fa5f5e5c1
commit ac450483b3
5 changed files with 34 additions and 31 deletions
--- a/README.md
+++ b/README.md
@@ -8,54 +8,37 @@ docker-compose up

 Navigate to <http://pgadmin.local>

-## Pre-deploy
-
-### Secrets
-
-```bash
-kubectl create secret generic postgres --from-literal=POSTGRES_USER=postgres --from-literal=POSTGRES_PASSWORD=$(python -c "import secrets; print(secrets.token_urlsafe(64))")
-
-kubectl create secret generic pgadmin --from-literal=PGADMIN_DEFAULT_EMAIL=postgres --from-literal=PGADMIN_DEFAULT_PASSWORD=$(python -c "import secrets; print(secrets.token_urlsafe(64))")
-```
-
 ## Deploy Postgres

-### Test
-
 ```bash
-helm template postgres ./postgres | kubectl --context test-casepipeline apply -f -
-```
+# first time set the secrets flag
+helm install postgres ./postgres --set secrets=true

-### Prod
-
-```bash
-helm template postgres ./postgres | kubectl --context prod-casepipeline apply -f -
+# To redeploy or upgrade
+helm upgrade postgres ./postgres
 ```

 ### Get Password

 ```bash
-kubectl get secret postgres --output=jsonpath='{.data.POSTGRES_PASSWORD}' | base64 --decode
+echo $(kubectl get secret postgres --output=jsonpath='{.data.POSTGRES_PASSWORD}' | base64 --decode)
 ```

 ## Deploy PG Admin

-### Test
-
-```bash
-prefix=<custom prefix>
-helm template pgadmin ./pgadmin --set host=$prefix-pgadmin.apps-test.aws.e1.nwie.net | kubectl --context test-casepipeline apply -f -
-```
-
 ### Prod

 ```bash
 prefix=<custom prefix>
-helm template pgadmin ./pgadmin --set host=$prefix-pgadmin.apps.aws.e1.nwie.net | kubectl --context prod-casepipeline apply -f -
+# first time set the secrets flag
+helm template pgadmin ./pgadmin --set host=$prefix"pgadmin.apps.aws.e1.nwie.net" --set secrets=true | kubectl apply -f -
+
+# To redeploy or upgrade
+helm template pgadmin ./pgadmin --set host=$prefix"pgadmin.apps.aws.e1.nwie.net" | kubectl apply -f -
 ```

 ### Login

 ```bash
-kubectl get secret pgadmin --output=jsonpath='{.data.PGADMIN_DEFAULT_PASSWORD}' | base64 --decode
+echo $(kubectl get secret pgadmin --output=jsonpath='{.data.PGADMIN_DEFAULT_PASSWORD}' | base64 --decode)
 ```
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -25,7 +25,7 @@ services:
    labels:
      - "traefik.http.routers.traefik.rule=Host(`traefik.localhost`)"
      - "traefik.http.services.traefik-service.loadbalancer.server.port=8080"
-    command: --api.insecure=true --providers.docker --log.level=ERROR --accesslog=true
+    command: --api.insecure=true --providers.docker --log.level=DEBUG --accesslog=true
    ports:
      - "80:80"
    volumes:
--- a/pgadmin/templates/ingress.yaml
+++ b/pgadmin/templates/ingress.yaml
@@ -7,9 +7,9 @@ metadata:
 spec:
  tls:
    - hosts:
-      - {{ .Values.host }}
+      - {{ required "A valid .Values.host entry required!" .Values.host }}
  rules:
-  - host: {{ .Values.host }}
+  - host: {{ required "A valid .Values.host entry required!" .Values.host }}
    http:
      paths:
      - backend:
--- a/pgadmin/templates/secret.yaml
+++ b/pgadmin/templates/secret.yaml
@@ -0,0 +1,10 @@
+{{ if .Values.secrets }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: pgadmin
+type: generic
+data:
+  PGADMIN_DEFAULT_EMAIL: {{ "postgres" | b64enc | quote }}
+  PGADMIN_DEFAULT_PASSWORD: {{ randAlphaNum 64 | b64enc | quote }}
+{{ end }}
--- a/postgres/templates/secret.yaml
+++ b/postgres/templates/secret.yaml
@@ -0,0 +1,10 @@
+{{ if .Values.secrets }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: postgres
+type: generic
+data:
+  POSTGRES_USER: {{ "postgres" | b64enc | quote }}
+  POSTGRES_PASSWORD: {{ randAlphaNum 64 | b64enc | quote }}
+{{ end }}