Use PVCs for fernet-keys
Depends-On: Icf3d4708f63b84c132fa6c8399562277c896775d Change-Id: I78b5bbc9a6088705338e5c2946107d53bd3f4bee
This commit is contained in:
parent
01ac3256c7
commit
a85ff917a6
|
@ -98,6 +98,22 @@
|
||||||
service_name: 'keystone'
|
service_name: 'keystone'
|
||||||
database_name: 'keystone'
|
database_name: 'keystone'
|
||||||
|
|
||||||
|
# NOTE(flaper87): Requesting a PVC should probably not be the default, explore
|
||||||
|
# using secrets for the fernet keys
|
||||||
|
- name: Create keystone PVC
|
||||||
|
k8s_v1_persistent_volume_claim:
|
||||||
|
host: "{{coe_host}}"
|
||||||
|
context: "{{coe_config_context}}"
|
||||||
|
kubeconfig: "{{coe_config_file}}"
|
||||||
|
name: keystone-fernet
|
||||||
|
namespace: "{{namespace}}"
|
||||||
|
state: present
|
||||||
|
spec_access_modes:
|
||||||
|
- ReadWriteMany
|
||||||
|
spec_storage_class_name: slow
|
||||||
|
spec_resources_requests:
|
||||||
|
storage: 1Gi
|
||||||
|
|
||||||
- name: Create keystone job
|
- name: Create keystone job
|
||||||
k8s_v1_job:
|
k8s_v1_job:
|
||||||
host: "{{coe_host}}"
|
host: "{{coe_host}}"
|
||||||
|
@ -125,9 +141,8 @@
|
||||||
config_map:
|
config_map:
|
||||||
name: keystone
|
name: keystone
|
||||||
- name: keystone-fernet
|
- name: keystone-fernet
|
||||||
hostPath:
|
persistentVolumeClaim:
|
||||||
# directory location on host
|
claimName: keystone-fernet
|
||||||
path: /tmp/keystone-fernet
|
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Keystone fernet bootstrap
|
- name: Keystone fernet bootstrap
|
||||||
|
@ -156,9 +171,8 @@
|
||||||
config_map:
|
config_map:
|
||||||
name: keystone
|
name: keystone
|
||||||
- name: keystone-fernet
|
- name: keystone-fernet
|
||||||
hostPath:
|
persistentVolumeClaim:
|
||||||
# directory location on host
|
claimName: keystone-fernet
|
||||||
path: /tmp/keystone-fernet
|
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Keystone bootstrap
|
- name: Keystone bootstrap
|
||||||
|
@ -212,9 +226,8 @@
|
||||||
config_map:
|
config_map:
|
||||||
name: keystone
|
name: keystone
|
||||||
- name: keystone-fernet
|
- name: keystone-fernet
|
||||||
hostPath:
|
persistentVolumeClaim:
|
||||||
# directory location on host
|
claimName: keystone-fernet
|
||||||
path: /tmp/keystone-fernet
|
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
|
|
||||||
|
@ -270,9 +283,8 @@
|
||||||
config_map:
|
config_map:
|
||||||
name: keystone
|
name: keystone
|
||||||
- name: keystone-fernet
|
- name: keystone-fernet
|
||||||
hostPath:
|
persistentVolumeClaim:
|
||||||
# directory location on host
|
claimName: keystone-fernet
|
||||||
path: /tmp/keystone-fernet
|
|
||||||
state: present
|
state: present
|
||||||
register: create_service
|
register: create_service
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue