diff --git a/barbican/templates/configmap-etc.yaml b/barbican/templates/configmap-etc.yaml index b0bc11370f..18d5d37ca3 100644 --- a/barbican/templates/configmap-etc.yaml +++ b/barbican/templates/configmap-etc.yaml @@ -86,20 +86,15 @@ limitations under the License. {{- end -}} --- apiVersion: v1 -kind: ConfigMap +kind: Secret metadata: name: barbican-etc +type: Opaque data: - barbican.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.barbican | indent 4 }} - logging.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | indent 4 }} - barbican-api-paste.ini: | -{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }} - api_audit_map.conf: | -{{ include "helm-toolkit.utils.to_ini" .Values.conf.audit_map | indent 4 }} - policy.json: | -{{ toJson .Values.conf.policy | indent 4 }} - barbican-api.ini: | -{{ include "helm-toolkit.utils.to_ini" .Values.conf.barbican_api | indent 4 }} + barbican.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.barbican | b64enc }} + logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} + barbican-api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} + api_audit_map.conf: {{ include "helm-toolkit.utils.to_ini" .Values.conf.audit_map | b64enc }} + policy.json: {{ toJson .Values.conf.policy | b64enc }} + barbican-api.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.barbican_api | b64enc }} {{- end }} diff --git a/barbican/templates/deployment-api.yaml b/barbican/templates/deployment-api.yaml index 5b36193b54..43ac756e84 100644 --- a/barbican/templates/deployment-api.yaml +++ b/barbican/templates/deployment-api.yaml @@ -107,8 +107,8 @@ spec: - name: etcbarbican emptyDir: {} - name: barbican-etc - configMap: - name: barbican-etc + secret: + secretName: barbican-etc defaultMode: 0444 - name: barbican-bin configMap: diff --git a/ceilometer/templates/configmap-etc.yaml b/ceilometer/templates/configmap-etc.yaml index d7d9653be5..17ddb1b03a 100644 --- a/ceilometer/templates/configmap-etc.yaml +++ b/ceilometer/templates/configmap-etc.yaml @@ -107,25 +107,18 @@ limitations under the License. --- apiVersion: v1 -kind: ConfigMap +kind: Secret metadata: name: ceilometer-etc +type: Opaque data: - rally_tests.yaml: | -{{ toYaml .Values.conf.rally_tests | indent 4 }} - ceilometer.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ceilometer | indent 4 }} - api_paste.ini: | -{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }} - policy.json: | -{{ toJson .Values.conf.policy | indent 4 }} - event_pipeline.yaml: | -{{ toYaml .Values.conf.event_pipeline | indent 4 }} - pipeline.yaml: | -{{ toYaml .Values.conf.pipeline | indent 4 }} - event_definitions.yaml: | -{{ toYaml .Values.conf.event_definitions | indent 4 }} - gnocchi_resources.yaml: | -{{ toYaml .Values.conf.gnocchi_resources | indent 4 }} -{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_ceilometer "key" "wsgi-ceilometer.conf" ) | indent 2 }} + rally_tests.yaml: {{ toYaml .Values.conf.rally_tests | b64enc }} + ceilometer.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ceilometer | b64enc }} + api_paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} + policy.json: {{ toJson .Values.conf.policy | b64enc }} + event_pipeline.yaml: {{ toYaml .Values.conf.event_pipeline | b64enc }} + pipeline.yaml: {{ toYaml .Values.conf.pipeline | b64enc }} + event_definitions.yaml: {{ toYaml .Values.conf.event_definitions | b64enc }} + gnocchi_resources.yaml: {{ toYaml .Values.conf.gnocchi_resources | b64enc }} +{{ include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_ceilometer "key" "wsgi-ceilometer.conf" "format" "Secret" ) | indent 2 }} {{- end }} diff --git a/ceilometer/templates/daemonset-compute.yaml b/ceilometer/templates/daemonset-compute.yaml index f677a73f88..b5f812658c 100644 --- a/ceilometer/templates/daemonset-compute.yaml +++ b/ceilometer/templates/daemonset-compute.yaml @@ -109,8 +109,8 @@ spec: - name: pod-etc-ceilometer emptyDir: {} - name: ceilometer-etc - configMap: - name: ceilometer-etc + secret: + secretName: ceilometer-etc defaultMode: 0444 - name: ceilometer-bin configMap: diff --git a/ceilometer/templates/deployment-api.yaml b/ceilometer/templates/deployment-api.yaml index 8597e0266b..fc3cf0892f 100644 --- a/ceilometer/templates/deployment-api.yaml +++ b/ceilometer/templates/deployment-api.yaml @@ -114,8 +114,8 @@ spec: - name: pod-etc-ceilometer emptyDir: {} - name: ceilometer-etc - configMap: - name: ceilometer-etc + secret: + secretName: ceilometer-etc defaultMode: 0444 - name: ceilometer-bin configMap: diff --git a/ceilometer/templates/deployment-central.yaml b/ceilometer/templates/deployment-central.yaml index 40c30b918a..1fa781fe80 100644 --- a/ceilometer/templates/deployment-central.yaml +++ b/ceilometer/templates/deployment-central.yaml @@ -96,8 +96,8 @@ spec: - name: pod-etc-ceilometer emptyDir: {} - name: ceilometer-etc - configMap: - name: ceilometer-etc + secret: + secretName: ceilometer-etc defaultMode: 0444 - name: ceilometer-bin configMap: diff --git a/ceilometer/templates/deployment-collector.yaml b/ceilometer/templates/deployment-collector.yaml index c79db0af83..c85e7ae4df 100644 --- a/ceilometer/templates/deployment-collector.yaml +++ b/ceilometer/templates/deployment-collector.yaml @@ -96,8 +96,8 @@ spec: - name: pod-etc-ceilometer emptyDir: {} - name: ceilometer-etc - configMap: - name: ceilometer-etc + secret: + secretName: ceilometer-etc defaultMode: 0444 - name: ceilometer-bin configMap: diff --git a/ceilometer/templates/deployment-notification.yaml b/ceilometer/templates/deployment-notification.yaml index f7fa80db69..0e4296ed70 100644 --- a/ceilometer/templates/deployment-notification.yaml +++ b/ceilometer/templates/deployment-notification.yaml @@ -96,8 +96,8 @@ spec: - name: pod-etc-ceilometer emptyDir: {} - name: ceilometer-etc - configMap: - name: ceilometer-etc + secret: + secretName: ceilometer-etc defaultMode: 0444 - name: ceilometer-bin configMap: diff --git a/ceilometer/templates/pod-rally-test.yaml b/ceilometer/templates/pod-rally-test.yaml index 2e859ea3ab..370bda8937 100644 --- a/ceilometer/templates/pod-rally-test.yaml +++ b/ceilometer/templates/pod-rally-test.yaml @@ -86,8 +86,8 @@ spec: {{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }} volumes: - name: ceilometer-etc - configMap: - name: ceilometer-etc + secret: + secretName: ceilometer-etc defaultMode: 0444 - name: ceilometer-bin configMap: diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml index e116bdede1..88d9fa07cf 100644 --- a/cinder/templates/configmap-etc.yaml +++ b/cinder/templates/configmap-etc.yaml @@ -108,33 +108,24 @@ limitations under the License. {{- end -}} --- apiVersion: v1 -kind: ConfigMap +kind: Secret metadata: name: cinder-etc +type: Opaque data: - rally_tests.yaml: | -{{ toYaml .Values.conf.rally_tests.tests | indent 4 }} - cinder.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.cinder | indent 4 }} - logging.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | indent 4 }} - backends.conf: | -{{ include "helm-toolkit.utils.to_ini" .Values.conf.backends | indent 4 }} - api-paste.ini: | -{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }} - policy.json: | -{{ toJson .Values.conf.policy | indent 4 }} - cinder_sudoers: | -{{ $envAll.Values.conf.cinder_sudoers | indent 4 }} - rootwrap.conf: | -{{ $envAll.Values.conf.rootwrap | indent 4 }} + rally_tests.yaml: {{ toYaml .Values.conf.rally_tests.tests | b64enc }} + cinder.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.cinder | b64enc }} + logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} + backends.conf: {{ include "helm-toolkit.utils.to_ini" .Values.conf.backends | b64enc }} + api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} + policy.json: {{ toJson .Values.conf.policy | b64enc }} + cinder_sudoers: {{ $envAll.Values.conf.cinder_sudoers | b64enc }} + rootwrap.conf: {{ $envAll.Values.conf.rootwrap | b64enc }} {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }} {{- $filePrefix := replace "_" "-" $key }} - {{ printf "%s.filters" $filePrefix }}: | -{{ $value.content | indent 4 }} + {{ printf "%s.filters" $filePrefix }}: {{ $value.content | b64enc }} {{- end }} {{- if .Values.backup.external_ceph_rbd.enabled }} - external-backup-ceph.conf: | -{{ include "helm-toolkit.utils.to_ini" .Values.backup.external_ceph_rbd.conf | indent 4 }} + external-backup-ceph.conf: {{ include "helm-toolkit.utils.to_ini" .Values.backup.external_ceph_rbd.conf | b64enc }} {{- end }} {{- end }} diff --git a/cinder/templates/cron-job-cinder-volume-usage-audit.yaml b/cinder/templates/cron-job-cinder-volume-usage-audit.yaml index 99359ad8e1..2347af58fb 100644 --- a/cinder/templates/cron-job-cinder-volume-usage-audit.yaml +++ b/cinder/templates/cron-job-cinder-volume-usage-audit.yaml @@ -71,8 +71,8 @@ spec: - name: etccinder emptyDir: {} - name: cinder-etc - configMap: - name: cinder-etc + secret: + secretName: cinder-etc defaultMode: 0444 - name: cinder-bin configMap: diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml index b84e46e4ef..502ec2c785 100644 --- a/cinder/templates/deployment-api.yaml +++ b/cinder/templates/deployment-api.yaml @@ -118,8 +118,8 @@ spec: name: cinder-bin defaultMode: 0555 - name: cinder-etc - configMap: - name: cinder-etc + secret: + secretName: cinder-etc defaultMode: 0444 {{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }} #NOTE (portdirect): this will need to be set to a shared mount amongst all cinder diff --git a/cinder/templates/deployment-backup.yaml b/cinder/templates/deployment-backup.yaml index 9606d14a55..434ad400d5 100644 --- a/cinder/templates/deployment-backup.yaml +++ b/cinder/templates/deployment-backup.yaml @@ -195,8 +195,8 @@ spec: {{ if $mounts_cinder_backup.volumeMounts }}{{ toYaml $mounts_cinder_backup.volumeMounts | indent 12 }}{{ end }} volumes: - name: cinder-etc - configMap: - name: cinder-etc + secret: + secretName: cinder-etc defaultMode: 0444 - name: cinder-bin configMap: diff --git a/cinder/templates/deployment-scheduler.yaml b/cinder/templates/deployment-scheduler.yaml index cef6a5eac5..1682385cc5 100644 --- a/cinder/templates/deployment-scheduler.yaml +++ b/cinder/templates/deployment-scheduler.yaml @@ -104,8 +104,8 @@ spec: name: cinder-bin defaultMode: 0555 - name: cinder-etc - configMap: - name: cinder-etc + secret: + secretName: cinder-etc defaultMode: 0444 {{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }} #NOTE (portdirect): this will need to be set to a shared mount amongst all cinder diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml index 64b71f0053..37d054a4b3 100644 --- a/cinder/templates/deployment-volume.yaml +++ b/cinder/templates/deployment-volume.yaml @@ -159,8 +159,9 @@ spec: name: cinder-bin defaultMode: 0555 - name: cinder-etc - configMap: - name: cinder-etc + secret: + secretName: cinder-etc + defaultMode: 0444 {{- if include "cinder.utils.is_ceph_volume_configured" $envAll }} - name: etcceph emptyDir: {} diff --git a/cinder/templates/job-backup-storage-init.yaml b/cinder/templates/job-backup-storage-init.yaml index 978b6910f1..5705a16409 100644 --- a/cinder/templates/job-backup-storage-init.yaml +++ b/cinder/templates/job-backup-storage-init.yaml @@ -159,8 +159,8 @@ spec: defaultMode: 0444 {{- if .Values.backup.external_ceph_rbd.enabled }} - name: cinder-etc - configMap: - name: cinder-etc + secret: + secretName: cinder-etc defaultMode: 0444 {{- end }} {{- if empty .Values.conf.ceph.admin_keyring }} diff --git a/cinder/templates/pod-rally-test.yaml b/cinder/templates/pod-rally-test.yaml index 00909833d1..66b9018815 100644 --- a/cinder/templates/pod-rally-test.yaml +++ b/cinder/templates/pod-rally-test.yaml @@ -88,8 +88,8 @@ spec: {{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }} volumes: - name: cinder-etc - configMap: - name: cinder-etc + secret: + secretName: cinder-etc defaultMode: 0444 - name: cinder-bin configMap: diff --git a/congress/templates/configmap-etc.yaml b/congress/templates/configmap-etc.yaml index 0996efd7d6..4b4fd0536e 100644 --- a/congress/templates/configmap-etc.yaml +++ b/congress/templates/configmap-etc.yaml @@ -77,16 +77,13 @@ limitations under the License. {{- end -}} --- apiVersion: v1 -kind: ConfigMap +kind: Secret metadata: name: congress-etc +type: Opaque data: - congress.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.congress | indent 4 }} - logging.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | indent 4 }} - api-paste.ini: | -{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }} - policy.json: | -{{ toJson .Values.conf.policy | indent 4 }} + congress.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.congress | b64enc }} + logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} + api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} + policy.json: {{ toJson .Values.conf.policy | b64enc }} {{- end }} diff --git a/congress/templates/deployment-api.yaml b/congress/templates/deployment-api.yaml index f2e6ba7a20..8f169654f4 100644 --- a/congress/templates/deployment-api.yaml +++ b/congress/templates/deployment-api.yaml @@ -89,7 +89,7 @@ spec: name: congress-bin defaultMode: 0777 - name: congress-etc - configMap: - name: congress-etc + secret: + secretName: congress-etc defaultMode: 0444 {{ end }} diff --git a/congress/templates/deployment-datasource.yaml b/congress/templates/deployment-datasource.yaml index 9047d50df3..bafadb82ef 100644 --- a/congress/templates/deployment-datasource.yaml +++ b/congress/templates/deployment-datasource.yaml @@ -83,8 +83,8 @@ spec: name: congress-bin defaultMode: 0555 - name: congress-etc - configMap: - name: congress-etc + secret: + secretName: congress-etc defaultMode: 0444 {{ end }} diff --git a/congress/templates/deployment-policy-engine.yaml b/congress/templates/deployment-policy-engine.yaml index 452f6dc97c..5b64d37c61 100644 --- a/congress/templates/deployment-policy-engine.yaml +++ b/congress/templates/deployment-policy-engine.yaml @@ -83,8 +83,8 @@ spec: name: congress-bin defaultMode: 0555 - name: congress-etc - configMap: - name: congress-etc + secret: + secretName: congress-etc defaultMode: 0444 {{ end }} diff --git a/glance/templates/configmap-etc.yaml b/glance/templates/configmap-etc.yaml index c3d2f72355..3c922db44c 100644 --- a/glance/templates/configmap-etc.yaml +++ b/glance/templates/configmap-etc.yaml @@ -158,23 +158,17 @@ limitations under the License. {{- end -}} --- apiVersion: v1 -kind: ConfigMap +kind: Secret metadata: name: glance-etc +type: Opaque data: - rally_tests.yaml: | -{{ toYaml .Values.conf.rally_tests.tests | indent 4 }} - glance-api.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.glance | indent 4 }} - logging.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | indent 4 }} - glance-api-paste.ini: | -{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }} - glance-registry.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.glance_registry | indent 4 }} - glance-registry-paste.ini: | -{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste_registry | indent 4 }} - policy.json: | -{{ toJson .Values.conf.policy | indent 4 }} -{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.swift_store "key" "swift-store.conf") | indent 2 }} + rally_tests.yaml: {{ toYaml .Values.conf.rally_tests.tests | b64enc }} + glance-api.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.glance | b64enc }} + logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} + glance-api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} + glance-registry.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.glance_registry | b64enc }} + glance-registry-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste_registry | b64enc }} + policy.json: {{ toJson .Values.conf.policy | b64enc }} +{{- include "helm-toolkit.snippets.values_template_renderer" ( dict "envAll" $envAll "template" .Values.conf.swift_store "key" "swift-store.conf" "format" "Secret" ) | indent 2 }} {{- end }} diff --git a/glance/templates/deployment-api.yaml b/glance/templates/deployment-api.yaml index 78902ad8fe..81c4bca495 100644 --- a/glance/templates/deployment-api.yaml +++ b/glance/templates/deployment-api.yaml @@ -157,8 +157,8 @@ spec: name: glance-bin defaultMode: 0555 - name: glance-etc - configMap: - name: glance-etc + secret: + secretName: glance-etc defaultMode: 0444 {{- if eq .Values.storage "pvc" }} - name: glance-images diff --git a/glance/templates/deployment-registry.yaml b/glance/templates/deployment-registry.yaml index 0852e22473..8f2f9106aa 100644 --- a/glance/templates/deployment-registry.yaml +++ b/glance/templates/deployment-registry.yaml @@ -104,8 +104,8 @@ spec: name: glance-bin defaultMode: 0555 - name: glance-etc - configMap: - name: glance-etc + secret: + secretName: glance-etc defaultMode: 0444 {{ if $mounts_glance_registry.volumes }}{{ toYaml $mounts_glance_registry.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/glance/templates/pod-rally-test.yaml b/glance/templates/pod-rally-test.yaml index a807b83d83..a0f992fbee 100644 --- a/glance/templates/pod-rally-test.yaml +++ b/glance/templates/pod-rally-test.yaml @@ -88,8 +88,8 @@ spec: {{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }} volumes: - name: glance-etc - configMap: - name: glance-etc + secret: + secretName: glance-etc defaultMode: 0444 - name: glance-bin configMap: diff --git a/gnocchi/templates/configmap-etc.yaml b/gnocchi/templates/configmap-etc.yaml index 8fec1d2919..83d3f148d3 100644 --- a/gnocchi/templates/configmap-etc.yaml +++ b/gnocchi/templates/configmap-etc.yaml @@ -85,15 +85,13 @@ limitations under the License. {{- $envAll := . }} --- apiVersion: v1 -kind: ConfigMap +kind: Secret metadata: name: gnocchi-etc +type: Opaque data: - gnocchi.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.gnocchi | indent 4 }} - api-paste.ini: | -{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }} - policy.json: | -{{ toJson .Values.conf.policy | indent 4 }} -{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.apache "key" "wsgi-gnocchi.conf") | indent 2 }} + gnocchi.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.gnocchi | b64enc }} + api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} + policy.json: {{ toJson .Values.conf.policy | b64enc }} +{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.apache "key" "wsgi-gnocchi.conf" "format" "Secret" ) | indent 2 }} {{- end }} diff --git a/gnocchi/templates/daemonset-metricd.yaml b/gnocchi/templates/daemonset-metricd.yaml index 9eed78221c..03ee56f709 100644 --- a/gnocchi/templates/daemonset-metricd.yaml +++ b/gnocchi/templates/daemonset-metricd.yaml @@ -98,8 +98,8 @@ spec: - name: pod-etc-gnocchi emptyDir: {} - name: gnocchi-etc - configMap: - name: gnocchi-etc + secret: + secretName: gnocchi-etc defaultMode: 0444 - name: gnocchi-bin configMap: diff --git a/gnocchi/templates/daemonset-statsd.yaml b/gnocchi/templates/daemonset-statsd.yaml index 5c155e11fe..2331cec476 100644 --- a/gnocchi/templates/daemonset-statsd.yaml +++ b/gnocchi/templates/daemonset-statsd.yaml @@ -104,8 +104,8 @@ spec: - name: pod-etc-gnocchi emptyDir: {} - name: gnocchi-etc - configMap: - name: gnocchi-etc + secret: + secretName: gnocchi-etc defaultMode: 0444 - name: gnocchi-bin configMap: diff --git a/gnocchi/templates/deployment-api.yaml b/gnocchi/templates/deployment-api.yaml index f5432c4f40..66081a8689 100644 --- a/gnocchi/templates/deployment-api.yaml +++ b/gnocchi/templates/deployment-api.yaml @@ -123,8 +123,8 @@ spec: - name: pod-etc-gnocchi emptyDir: {} - name: gnocchi-etc - configMap: - name: gnocchi-etc + secret: + secretName: gnocchi-etc defaultMode: 0444 - name: gnocchi-bin configMap: diff --git a/gnocchi/templates/job-db-init-indexer.yaml b/gnocchi/templates/job-db-init-indexer.yaml index 19abe9dd14..ad472908dd 100644 --- a/gnocchi/templates/job-db-init-indexer.yaml +++ b/gnocchi/templates/job-db-init-indexer.yaml @@ -66,8 +66,8 @@ spec: readOnly: true volumes: - name: gnocchi-etc - configMap: - name: gnocchi-etc + secret: + secretName: gnocchi-etc defaultMode: 0444 - name: pod-etc-gnocchi emptyDir: {} diff --git a/gnocchi/templates/job-db-sync.yaml b/gnocchi/templates/job-db-sync.yaml index 3dd1a1b83e..b0f62f0d64 100644 --- a/gnocchi/templates/job-db-sync.yaml +++ b/gnocchi/templates/job-db-sync.yaml @@ -76,8 +76,8 @@ spec: readOnly: true volumes: - name: gnocchi-etc - configMap: - name: gnocchi-etc + secret: + secretName: gnocchi-etc defaultMode: 0444 - name: gnocchi-bin configMap: diff --git a/gnocchi/templates/pod-gnocchi-test.yaml b/gnocchi/templates/pod-gnocchi-test.yaml index 2835c0ed4f..df02983ce3 100644 --- a/gnocchi/templates/pod-gnocchi-test.yaml +++ b/gnocchi/templates/pod-gnocchi-test.yaml @@ -70,8 +70,8 @@ spec: {{ if $mounts_gnocchi_tests.volumeMounts }}{{ toYaml $mounts_gnocchi_tests.volumeMounts | indent 8 }}{{ end }} volumes: - name: gnocchi-etc - configMap: - name: gnocchi-etc + secret: + secretName: gnocchi-etc defaultMode: 0444 - name: gnocchi-bin configMap: diff --git a/heat/templates/configmap-etc.yaml b/heat/templates/configmap-etc.yaml index 7d565282aa..e89012d664 100644 --- a/heat/templates/configmap-etc.yaml +++ b/heat/templates/configmap-etc.yaml @@ -134,22 +134,17 @@ limitations under the License. {{- end -}} --- apiVersion: v1 -kind: ConfigMap +kind: Secret metadata: name: heat-etc +type: Opaque data: - rally_tests.yaml: | -{{ toYaml .Values.conf.rally_tests.tests | indent 4 }} - heat.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.heat | indent 4 }} - logging.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | indent 4 }} - api-paste.ini: | -{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }} - policy.json: | -{{ toJson .Values.conf.policy | indent 4 }} + rally_tests.yaml: {{ toYaml .Values.conf.rally_tests.tests | b64enc }} + heat.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.heat | b64enc }} + logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} + api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} + policy.json: {{ toJson .Values.conf.policy | b64enc }} {{- range $key, $value := $envAll.Values.conf.rally_tests.templates }} - {{ printf "test_template_%d" $key }}: | -{{ $value.template | indent 4 }} + {{ printf "test_template_%d" $key }}: {{ $value.template | b64enc }} {{- end }} {{- end }} diff --git a/heat/templates/cron-job-engine-cleaner.yaml b/heat/templates/cron-job-engine-cleaner.yaml index ad7ad65049..ecbab74843 100644 --- a/heat/templates/cron-job-engine-cleaner.yaml +++ b/heat/templates/cron-job-engine-cleaner.yaml @@ -71,8 +71,8 @@ spec: - name: etcheat emptyDir: {} - name: heat-etc - configMap: - name: heat-etc + secret: + secretName: heat-etc defaultMode: 0444 - name: heat-bin configMap: diff --git a/heat/templates/deployment-api.yaml b/heat/templates/deployment-api.yaml index 41f4caee72..062c4d7d00 100644 --- a/heat/templates/deployment-api.yaml +++ b/heat/templates/deployment-api.yaml @@ -104,8 +104,8 @@ spec: name: heat-bin defaultMode: 0555 - name: heat-etc - configMap: - name: heat-etc + secret: + secretName: heat-etc defaultMode: 0444 {{ if $mounts_heat_api.volumes }}{{ toYaml $mounts_heat_api.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/heat/templates/deployment-cfn.yaml b/heat/templates/deployment-cfn.yaml index b8c7382e87..9759f1f1ef 100644 --- a/heat/templates/deployment-cfn.yaml +++ b/heat/templates/deployment-cfn.yaml @@ -104,8 +104,8 @@ spec: name: heat-bin defaultMode: 0555 - name: heat-etc - configMap: - name: heat-etc + secret: + secretName: heat-etc defaultMode: 0444 {{ if $mounts_heat_cfn.volumes }}{{ toYaml $mounts_heat_cfn.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/heat/templates/deployment-cloudwatch.yaml b/heat/templates/deployment-cloudwatch.yaml index 135ec26aa5..aaec3a2458 100644 --- a/heat/templates/deployment-cloudwatch.yaml +++ b/heat/templates/deployment-cloudwatch.yaml @@ -104,8 +104,8 @@ spec: name: heat-bin defaultMode: 0555 - name: heat-etc - configMap: - name: heat-etc + secret: + secretName: heat-etc defaultMode: 0444 {{ if $mounts_heat_cloudwatch.volumes }}{{ toYaml $mounts_heat_cloudwatch.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/heat/templates/deployment-engine.yaml b/heat/templates/deployment-engine.yaml index 50caaa599b..71803bd92d 100644 --- a/heat/templates/deployment-engine.yaml +++ b/heat/templates/deployment-engine.yaml @@ -102,8 +102,8 @@ spec: name: heat-bin defaultMode: 0555 - name: heat-etc - configMap: - name: heat-etc + secret: + secretName: heat-etc defaultMode: 0444 {{ if $mounts_heat_engine.volumes }}{{ toYaml $mounts_heat_engine.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/heat/templates/pod-rally-test.yaml b/heat/templates/pod-rally-test.yaml index 3f435d35e2..7cdd5a183a 100644 --- a/heat/templates/pod-rally-test.yaml +++ b/heat/templates/pod-rally-test.yaml @@ -94,8 +94,8 @@ spec: {{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }} volumes: - name: heat-etc - configMap: - name: heat-etc + secret: + secretName: heat-etc defaultMode: 0444 - name: heat-bin configMap: diff --git a/horizon/templates/configmap-etc.yaml b/horizon/templates/configmap-etc.yaml index dc695a1094..bfdfc18733 100644 --- a/horizon/templates/configmap-etc.yaml +++ b/horizon/templates/configmap-etc.yaml @@ -18,14 +18,14 @@ limitations under the License. {{- $envAll := . }} --- apiVersion: v1 -kind: ConfigMap +kind: Secret metadata: name: horizon-etc +type: Opaque data: -{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.horizon.apache "key" "horizon.conf") | indent 2 }} -{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.horizon.local_settings.template "key" "local_settings") | indent 2 }} +{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.horizon.apache "key" "horizon.conf" "format" "Secret" ) | indent 2 }} +{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.horizon.local_settings.template "key" "local_settings" "format" "Secret" ) | indent 2 }} {{- range $key, $value := .Values.conf.horizon.policy }} - {{ printf "%s_policy.json" $key }}: | -{{ $value | toPrettyJson | indent 4 }} + {{ printf "%s_policy.json" $key }}: {{ $value | toPrettyJson | b64enc }} {{- end }} {{- end }} diff --git a/horizon/templates/deployment.yaml b/horizon/templates/deployment.yaml index 02439ddbdc..c6a3bd5d32 100644 --- a/horizon/templates/deployment.yaml +++ b/horizon/templates/deployment.yaml @@ -117,8 +117,8 @@ spec: name: horizon-bin defaultMode: 0555 - name: horizon-etc - configMap: - name: horizon-etc + secret: + secretName: horizon-etc defaultMode: 0444 {{ if $mounts_horizon.volumes }}{{ toYaml $mounts_horizon.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/horizon/templates/job-db-sync.yaml b/horizon/templates/job-db-sync.yaml index 72e6adf608..980280c0f4 100644 --- a/horizon/templates/job-db-sync.yaml +++ b/horizon/templates/job-db-sync.yaml @@ -61,8 +61,8 @@ spec: {{ if $mounts_horizon_db_sync.volumeMounts }}{{ toYaml $mounts_horizon_db_sync.volumeMounts | indent 10 }}{{ end }} volumes: - name: horizon-etc - configMap: - name: horizon-etc + secret: + secretName: horizon-etc defaultMode: 0444 - name: horizon-bin configMap: diff --git a/ironic/templates/configmap-etc.yaml b/ironic/templates/configmap-etc.yaml index d0a62d5a4d..613e4bfe1d 100644 --- a/ironic/templates/configmap-etc.yaml +++ b/ironic/templates/configmap-etc.yaml @@ -198,16 +198,14 @@ limitations under the License. {{- end -}} --- apiVersion: v1 -kind: ConfigMap +kind: Secret metadata: name: ironic-etc +type: Opaque data: - ironic.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ironic | indent 4 }} - logging.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | indent 4 }} - policy.json: | -{{ toJson .Values.conf.policy | indent 4 }} -{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.tftp_map_file "key" "tftp-map-file") | indent 2 }} -{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.nginx "key" "nginx.conf") | indent 2 }} + ironic.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ironic | b64enc }} + logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} + policy.json: {{ toJson .Values.conf.policy | b64enc }} +{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.tftp_map_file "key" "tftp-map-file" "format" "Secret" ) | indent 2 }} +{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.nginx "key" "nginx.conf" "format" "Secret" ) | indent 2 }} {{- end }} diff --git a/ironic/templates/deployment-api.yaml b/ironic/templates/deployment-api.yaml index 1f8c5084fc..3c9de76064 100644 --- a/ironic/templates/deployment-api.yaml +++ b/ironic/templates/deployment-api.yaml @@ -130,8 +130,8 @@ spec: name: ironic-bin defaultMode: 0555 - name: ironic-etc - configMap: - name: ironic-etc + secret: + secretName: ironic-etc defaultMode: 0444 - name: pod-shared emptyDir: {} diff --git a/ironic/templates/statefulset-conductor.yaml b/ironic/templates/statefulset-conductor.yaml index 928823e386..66f3f792dc 100644 --- a/ironic/templates/statefulset-conductor.yaml +++ b/ironic/templates/statefulset-conductor.yaml @@ -219,8 +219,8 @@ spec: name: ironic-bin defaultMode: 0555 - name: ironic-etc - configMap: - name: ironic-etc + secret: + secretName: ironic-etc defaultMode: 0444 - name: host-var-lib-ironic hostPath: diff --git a/keystone/templates/configmap-etc.yaml b/keystone/templates/configmap-etc.yaml index edd97d9afe..5e7721b6b6 100644 --- a/keystone/templates/configmap-etc.yaml +++ b/keystone/templates/configmap-etc.yaml @@ -43,26 +43,21 @@ limitations under the License. {{- end -}} --- apiVersion: v1 -kind: ConfigMap +kind: Secret metadata: name: keystone-etc +type: Opaque data: - rally_tests.yaml: | -{{ toYaml .Values.conf.rally_tests.tests | indent 4 }} - keystone.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.keystone | indent 4 }} - logging.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.logging | indent 4 }} - keystone-paste.ini: | -{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }} - policy.json: | -{{ toJson .Values.conf.policy | indent 4 }} - ports.conf: "" + rally_tests.yaml: {{ toYaml .Values.conf.rally_tests.tests | b64enc }} + keystone.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.keystone | b64enc }} + logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.logging | b64enc }} + keystone-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} + policy.json: {{ toJson .Values.conf.policy | b64enc }} + ports.conf: '' {{- range $k, $v := .Values.conf.ks_domains }} - keystone.{{ $k }}.json: | -{{ toJson $v | indent 4 }} + keystone.{{ $k }}.json: {{ toJson $v | b64enc }} {{- end }} -{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.mpm_event "key" "mpm_event.conf") | indent 2 }} -{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_keystone "key" "wsgi-keystone.conf") | indent 2 }} -{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.sso_callback_template "key" "sso_callback_template.html") | indent 2 }} +{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.mpm_event "key" "mpm_event.conf" "format" "Secret" ) | indent 2 }} +{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_keystone "key" "wsgi-keystone.conf" "format" "Secret" ) | indent 2 }} +{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.sso_callback_template "key" "sso_callback_template.html" "format" "Secret" ) | indent 2 }} {{- end }} diff --git a/keystone/templates/cron-job-credential-rotate.yaml b/keystone/templates/cron-job-credential-rotate.yaml index 20566feccc..069968c8dd 100644 --- a/keystone/templates/cron-job-credential-rotate.yaml +++ b/keystone/templates/cron-job-credential-rotate.yaml @@ -112,8 +112,8 @@ spec: - name: etckeystone emptyDir: {} - name: keystone-etc - configMap: - name: keystone-etc + secret: + secretName: keystone-etc defaultMode: 0444 - name: keystone-bin configMap: diff --git a/keystone/templates/cron-job-fernet-rotate.yaml b/keystone/templates/cron-job-fernet-rotate.yaml index 8ef3d3db11..00e086ab46 100644 --- a/keystone/templates/cron-job-fernet-rotate.yaml +++ b/keystone/templates/cron-job-fernet-rotate.yaml @@ -111,8 +111,8 @@ spec: - name: etckeystone emptyDir: {} - name: keystone-etc - configMap: - name: keystone-etc + secret: + secretName: keystone-etc defaultMode: 0444 - name: keystone-bin configMap: diff --git a/keystone/templates/deployment-api.yaml b/keystone/templates/deployment-api.yaml index cff41c61c8..cb5e04c97a 100644 --- a/keystone/templates/deployment-api.yaml +++ b/keystone/templates/deployment-api.yaml @@ -145,8 +145,8 @@ spec: - name: run-apache emptyDir: {} - name: keystone-etc - configMap: - name: keystone-etc + secret: + secretName: keystone-etc defaultMode: 0444 - name: keystone-bin configMap: diff --git a/keystone/templates/job-credential-setup.yaml b/keystone/templates/job-credential-setup.yaml index b0964453d9..2eef6a372f 100644 --- a/keystone/templates/job-credential-setup.yaml +++ b/keystone/templates/job-credential-setup.yaml @@ -87,6 +87,8 @@ spec: volumeMounts: - name: etckeystone mountPath: /etc/keystone + - name: credential-keys + mountPath: {{ .Values.conf.keystone.credential.key_repository | quote }} - name: keystone-etc mountPath: /etc/keystone/keystone.conf subPath: keystone.conf @@ -103,9 +105,11 @@ spec: volumes: - name: etckeystone emptyDir: {} + - name: credential-keys + emptyDir: {} - name: keystone-etc - configMap: - name: keystone-etc + secret: + secretName: keystone-etc defaultMode: 0444 - name: keystone-bin configMap: diff --git a/keystone/templates/job-domain-manage.yaml b/keystone/templates/job-domain-manage.yaml index df0bd03a62..a2c8be84d2 100644 --- a/keystone/templates/job-domain-manage.yaml +++ b/keystone/templates/job-domain-manage.yaml @@ -103,8 +103,8 @@ spec: - name: etckeystonedomains emptyDir: {} - name: keystone-etc - configMap: - name: keystone-etc + secret: + secretName: keystone-etc defaultMode: 0444 - name: keystone-bin configMap: diff --git a/keystone/templates/job-fernet-setup.yaml b/keystone/templates/job-fernet-setup.yaml index 58cd0a3bd5..ebe9f2184f 100644 --- a/keystone/templates/job-fernet-setup.yaml +++ b/keystone/templates/job-fernet-setup.yaml @@ -88,6 +88,8 @@ spec: volumeMounts: - name: etckeystone mountPath: /etc/keystone + - name: fernet-keys + mountPath: {{ .Values.conf.keystone.fernet_tokens.key_repository | quote }} - name: keystone-etc mountPath: /etc/keystone/keystone.conf subPath: keystone.conf @@ -104,9 +106,11 @@ spec: volumes: - name: etckeystone emptyDir: {} + - name: fernet-keys + emptyDir: {} - name: keystone-etc - configMap: - name: keystone-etc + secret: + secretName: keystone-etc defaultMode: 0444 - name: keystone-bin configMap: diff --git a/keystone/templates/pod-rally-test.yaml b/keystone/templates/pod-rally-test.yaml index 91a314dbfc..fedb8ff665 100644 --- a/keystone/templates/pod-rally-test.yaml +++ b/keystone/templates/pod-rally-test.yaml @@ -86,8 +86,8 @@ spec: {{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }} volumes: - name: keystone-etc - configMap: - name: keystone-etc + secret: + secretName: keystone-etc defaultMode: 0444 - name: keystone-bin configMap: diff --git a/magnum/templates/configmap-etc.yaml b/magnum/templates/configmap-etc.yaml index 677abfce51..7796fa0c27 100644 --- a/magnum/templates/configmap-etc.yaml +++ b/magnum/templates/configmap-etc.yaml @@ -87,16 +87,13 @@ limitations under the License. {{- end -}} --- apiVersion: v1 -kind: ConfigMap +kind: Secret metadata: name: magnum-etc +type: Opaque data: - magnum.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.magnum | indent 4 }} - logging.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | indent 4 }} - api-paste.ini: | -{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }} - policy.json: | -{{ toJson .Values.conf.policy | indent 4 }} + magnum.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.magnum | b64enc }} + logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} + api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} + policy.json: {{ toJson .Values.conf.policy | b64enc }} {{- end }} diff --git a/magnum/templates/deployment-api.yaml b/magnum/templates/deployment-api.yaml index a859df5f60..4ecc38dee9 100644 --- a/magnum/templates/deployment-api.yaml +++ b/magnum/templates/deployment-api.yaml @@ -114,8 +114,8 @@ spec: name: magnum-bin defaultMode: 0555 - name: magnum-etc - configMap: - name: magnum-etc + secret: + secretName: magnum-etc defaultMode: 0444 - name: magnum-lock-path emptyDir: {} diff --git a/magnum/templates/statefulset-conductor.yaml b/magnum/templates/statefulset-conductor.yaml index 0762cae2a1..f20bcf52fb 100644 --- a/magnum/templates/statefulset-conductor.yaml +++ b/magnum/templates/statefulset-conductor.yaml @@ -109,8 +109,8 @@ spec: name: magnum-bin defaultMode: 0555 - name: magnum-etc - configMap: - name: magnum-etc + secret: + secretName: magnum-etc defaultMode: 0444 - name: magnum-lock-path emptyDir: {} diff --git a/mistral/templates/configmap-etc.yaml b/mistral/templates/configmap-etc.yaml index 133cce3662..2e24c764ce 100644 --- a/mistral/templates/configmap-etc.yaml +++ b/mistral/templates/configmap-etc.yaml @@ -77,20 +77,16 @@ limitations under the License. {{- end -}} --- apiVersion: v1 -kind: ConfigMap +kind: Secret metadata: name: mistral-etc +type: Opaque data: - rally_tests.yaml: | -{{ toYaml .Values.conf.rally_tests.tests | indent 4 }} - mistral.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.mistral | indent 4 }} - logging.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | indent 4 }} - policy.json: | -{{ toJson .Values.conf.policy | indent 4 }} + rally_tests.yaml: {{ toYaml .Values.conf.rally_tests.tests | b64enc }} + mistral.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.mistral | b64enc }} + logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} + policy.json: {{ toJson .Values.conf.policy | b64enc }} {{- range $key, $value := $envAll.Values.conf.rally_tests.templates }} - {{ printf "test_template_%d" $key }}: | -{{ $value.template | indent 4 }} + {{ printf "test_template_%d" $key }}: {{ $value.template | b64enc }} {{- end }} {{- end }} diff --git a/mistral/templates/deployment-api.yaml b/mistral/templates/deployment-api.yaml index 7d519dd8c0..07b7dc03f4 100644 --- a/mistral/templates/deployment-api.yaml +++ b/mistral/templates/deployment-api.yaml @@ -100,8 +100,8 @@ spec: name: mistral-bin defaultMode: 0555 - name: mistral-etc - configMap: - name: mistral-etc + secret: + secretName: mistral-etc defaultMode: 0444 {{ if $mounts_mistral_api.volumes }}{{ toYaml $mounts_mistral_api.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/mistral/templates/deployment-executor.yaml b/mistral/templates/deployment-executor.yaml index 4623dabcd0..6948181ece 100644 --- a/mistral/templates/deployment-executor.yaml +++ b/mistral/templates/deployment-executor.yaml @@ -82,8 +82,8 @@ spec: name: mistral-bin defaultMode: 0555 - name: mistral-etc - configMap: - name: mistral-etc + secret: + secretName: mistral-etc defaultMode: 0444 {{ if $mounts_mistral_executor.volumes }}{{ toYaml $mounts_mistral_executor.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/mistral/templates/pod-rally-test.yaml b/mistral/templates/pod-rally-test.yaml index dd68b16f77..7155a46168 100644 --- a/mistral/templates/pod-rally-test.yaml +++ b/mistral/templates/pod-rally-test.yaml @@ -94,8 +94,8 @@ spec: {{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }} volumes: - name: mistral-etc - configMap: - name: mistral-etc + secret: + secretName: mistral-etc defaultMode: 0444 - name: mistral-bin configMap: diff --git a/mistral/templates/statefulset-engine.yaml b/mistral/templates/statefulset-engine.yaml index 9a77b22a6f..56f57333a9 100644 --- a/mistral/templates/statefulset-engine.yaml +++ b/mistral/templates/statefulset-engine.yaml @@ -79,8 +79,8 @@ spec: name: mistral-bin defaultMode: 0555 - name: mistral-etc - configMap: - name: mistral-etc + secret: + secretName: mistral-etc defaultMode: 0444 {{ if $mounts_mistral_engine.volumes }}{{ toYaml $mounts_mistral_engine.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/mistral/templates/statefulset-event-engine.yaml b/mistral/templates/statefulset-event-engine.yaml index 3b043bcd23..3785e33406 100644 --- a/mistral/templates/statefulset-event-engine.yaml +++ b/mistral/templates/statefulset-event-engine.yaml @@ -79,8 +79,8 @@ spec: name: mistral-bin defaultMode: 0555 - name: mistral-etc - configMap: - name: mistral-etc + secret: + secretName: mistral-etc defaultMode: 0444 {{ if $mounts_mistral_event_engine.volumes }}{{ toYaml $mounts_mistral_event_engine.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/mistral/values.yaml b/mistral/values.yaml index 2eae336b83..d1610c5f57 100644 --- a/mistral/values.yaml +++ b/mistral/values.yaml @@ -459,7 +459,7 @@ conf: port: null api_workers: 8 coordination: - backend_url: null + backend_url: "" database: max_retries: -1 keystone_authtoken: diff --git a/neutron/templates/configmap-etc.yaml b/neutron/templates/configmap-etc.yaml index ffed59c8a0..7293df04e2 100644 --- a/neutron/templates/configmap-etc.yaml +++ b/neutron/templates/configmap-etc.yaml @@ -171,49 +171,32 @@ just set it along with nova_metadata_host. {{- end -}} --- apiVersion: v1 -kind: ConfigMap +kind: Secret metadata: name: {{ $configMapName }} +type: Opaque data: - rally_tests.yaml: | -{{ toYaml $envAll.Values.conf.rally_tests.tests | indent 4 }} - api-paste.ini: | -{{ include "helm-toolkit.utils.to_ini" $envAll.Values.conf.paste | indent 4 }} - policy.json: | -{{ toJson $envAll.Values.conf.policy | indent 4 }} - neutron.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.neutron | indent 4 }} - logging.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | indent 4 }} - dhcp_agent.ini: | -{{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.dhcp_agent | indent 4 }} - l3_agent.ini: | -{{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.l3_agent | indent 4 }} - metadata_agent.ini: | -{{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.metadata_agent | indent 4 }} - metering_agent.ini: | -{{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.metering_agent | indent 4 }} - ml2_conf.ini: | -{{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.ml2_conf | indent 4 }} - ml2_conf_sriov.ini: | -{{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.ml2_conf_sriov | indent 4 }} - macvtap_agent.ini: | -{{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.macvtap_agent | indent 4 }} - linuxbridge_agent.ini: | -{{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.linuxbridge_agent | indent 4 }} - openvswitch_agent.ini: | -{{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.openvswitch_agent | indent 4 }} - sriov_agent.ini: | -{{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.sriov_agent | indent 4 }} + rally_tests.yaml: {{ toYaml $envAll.Values.conf.rally_tests.tests | b64enc }} + api-paste.ini: {{ include "helm-toolkit.utils.to_ini" $envAll.Values.conf.paste | b64enc }} + policy.json: {{ toJson $envAll.Values.conf.policy | b64enc }} + neutron.conf: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.neutron | b64enc }} + logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} + dhcp_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.dhcp_agent | b64enc }} + l3_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.l3_agent | b64enc }} + metadata_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.metadata_agent | b64enc }} + metering_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.metering_agent | b64enc }} + ml2_conf.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.ml2_conf | b64enc }} + ml2_conf_sriov.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.ml2_conf_sriov | b64enc }} + macvtap_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.macvtap_agent | b64enc }} + linuxbridge_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.linuxbridge_agent | b64enc }} + openvswitch_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.openvswitch_agent | b64enc }} + sriov_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.sriov_agent | b64enc }} dnsmasq.conf: "" - neutron_sudoers: | -{{ $envAll.Values.conf.neutron_sudoers | indent 4 }} - rootwrap.conf: | -{{ $envAll.Values.conf.rootwrap | indent 4 }} + neutron_sudoers: {{ $envAll.Values.conf.neutron_sudoers | b64enc }} + rootwrap.conf: {{ $envAll.Values.conf.rootwrap | b64enc }} {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }} {{- $filePrefix := replace "_" "-" $key }} - {{ printf "%s.filters" $filePrefix }}: | -{{ $value.content | indent 4 }} + {{ printf "%s.filters" $filePrefix }}: {{ $value.content | b64enc }} {{- end }} {{- end }} {{- end }} diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml index fee57fcf88..f78293bf39 100644 --- a/neutron/templates/daemonset-dhcp-agent.yaml +++ b/neutron/templates/daemonset-dhcp-agent.yaml @@ -135,8 +135,8 @@ spec: name: neutron-bin defaultMode: 0555 - name: neutron-etc - configMap: - name: {{ $configMapName }} + secret: + secretName: {{ $configMapName }} defaultMode: 0444 - name: socket hostPath: diff --git a/neutron/templates/daemonset-l3-agent.yaml b/neutron/templates/daemonset-l3-agent.yaml index 49f6341588..e0772467ee 100644 --- a/neutron/templates/daemonset-l3-agent.yaml +++ b/neutron/templates/daemonset-l3-agent.yaml @@ -134,8 +134,8 @@ spec: name: neutron-bin defaultMode: 0555 - name: neutron-etc - configMap: - name: {{ $configMapName }} + secret: + secretName: {{ $configMapName }} defaultMode: 0444 - name: libmodules hostPath: diff --git a/neutron/templates/daemonset-lb-agent.yaml b/neutron/templates/daemonset-lb-agent.yaml index e90c0f0f47..3dcf7606ef 100644 --- a/neutron/templates/daemonset-lb-agent.yaml +++ b/neutron/templates/daemonset-lb-agent.yaml @@ -194,8 +194,8 @@ spec: name: neutron-bin defaultMode: 0555 - name: neutron-etc - configMap: - name: {{ $configMapName }} + secret: + secretName: {{ $configMapName }} defaultMode: 0444 - name: run hostPath: diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml index c1c8d52dbb..dfe58fb16e 100644 --- a/neutron/templates/daemonset-metadata-agent.yaml +++ b/neutron/templates/daemonset-metadata-agent.yaml @@ -148,8 +148,8 @@ spec: name: neutron-bin defaultMode: 0555 - name: neutron-etc - configMap: - name: {{ $configMapName }} + secret: + secretName: {{ $configMapName }} defaultMode: 0444 - name: socket hostPath: diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml index 7b1a801f63..1ee216ace8 100644 --- a/neutron/templates/daemonset-ovs-agent.yaml +++ b/neutron/templates/daemonset-ovs-agent.yaml @@ -198,8 +198,8 @@ spec: name: neutron-bin defaultMode: 0555 - name: neutron-etc - configMap: - name: {{ $configMapName }} + secret: + secretName: {{ $configMapName }} defaultMode: 0444 - name: run hostPath: diff --git a/neutron/templates/daemonset-sriov-agent.yaml b/neutron/templates/daemonset-sriov-agent.yaml index c1675c8951..871c927fb1 100644 --- a/neutron/templates/daemonset-sriov-agent.yaml +++ b/neutron/templates/daemonset-sriov-agent.yaml @@ -171,8 +171,8 @@ spec: name: neutron-bin defaultMode: 0555 - name: neutron-etc - configMap: - name: {{ $configMapName }} + secret: + secretName: {{ $configMapName }} defaultMode: 0444 - name: run hostPath: diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml index 03d3835f6c..adc514f803 100644 --- a/neutron/templates/deployment-server.yaml +++ b/neutron/templates/deployment-server.yaml @@ -113,8 +113,8 @@ spec: name: neutron-bin defaultMode: 0555 - name: neutron-etc - configMap: - name: neutron-etc + secret: + secretName: neutron-etc defaultMode: 0444 {{ if $mounts_neutron_server.volumes }}{{ toYaml $mounts_neutron_server.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/neutron/templates/pod-rally-test.yaml b/neutron/templates/pod-rally-test.yaml index bcc7a27a34..6294824252 100644 --- a/neutron/templates/pod-rally-test.yaml +++ b/neutron/templates/pod-rally-test.yaml @@ -88,8 +88,8 @@ spec: {{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }} volumes: - name: neutron-etc - configMap: - name: neutron-etc + secret: + secretName: neutron-etc defaultMode: 0444 - name: neutron-bin configMap: diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml index cbd69eeae4..d1a55f5c80 100644 --- a/nova/templates/configmap-etc.yaml +++ b/nova/templates/configmap-etc.yaml @@ -214,34 +214,26 @@ limitations under the License. {{- end -}} --- apiVersion: v1 -kind: ConfigMap +kind: Secret metadata: name: {{ $configMapName }} +type: Opaque data: - rally_tests.yaml: | -{{ toYaml .Values.conf.rally_tests.tests | indent 4 }} - api-paste.ini: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.paste | indent 4 }} - policy.yaml: | -{{ toYaml .Values.conf.policy | indent 4 }} - nova_sudoers: | -{{ $envAll.Values.conf.nova_sudoers | indent 4 }} - rootwrap.conf: | -{{- .Values.conf.rootwrap | indent 4 }} + rally_tests.yaml: {{ toYaml .Values.conf.rally_tests.tests | b64enc }} + api-paste.ini: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.paste | b64enc }} + policy.yaml: {{ toYaml .Values.conf.policy | b64enc }} + nova_sudoers: {{ $envAll.Values.conf.nova_sudoers | b64enc }} + rootwrap.conf: {{ .Values.conf.rootwrap | b64enc }} {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }} {{- $filePrefix := replace "_" "-" $key }} - {{ printf "%s.filters" $filePrefix }}: | -{{ $value.content | indent 4 }} + {{ printf "%s.filters" $filePrefix }}: {{ $value.content | b64enc }} {{- end }} - nova.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova | indent 4 }} - logging.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | indent 4 }} - nova-ironic.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova_ironic | indent 4 }} -{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_placement "key" "wsgi-nova-placement.conf" ) | indent 2 }} + nova.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova | b64enc }} + logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} + nova-ironic.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova_ironic | b64enc }} +{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_placement "key" "wsgi-nova-placement.conf" "format" "Secret" ) | indent 2 }} # FIXME(portdirect): why is this file suffixed .sh? -{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh "key" "ssh-config.sh" ) | indent 2 }} +{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.ssh "key" "ssh-config.sh" "format" "Secret" ) | indent 2 }} {{- end }} {{- end }} {{- if .Values.manifests.configmap_etc }} diff --git a/nova/templates/cron-job-cell-setup.yaml b/nova/templates/cron-job-cell-setup.yaml index a59b37483e..d5dfda5851 100644 --- a/nova/templates/cron-job-cell-setup.yaml +++ b/nova/templates/cron-job-cell-setup.yaml @@ -74,8 +74,8 @@ spec: - name: etcnova emptyDir: {} - name: nova-etc - configMap: - name: nova-etc + secret: + secretName: nova-etc defaultMode: 0444 - name: nova-bin configMap: diff --git a/nova/templates/cron-job-service-cleaner.yaml b/nova/templates/cron-job-service-cleaner.yaml index 831a2a135f..70ea5ba226 100644 --- a/nova/templates/cron-job-service-cleaner.yaml +++ b/nova/templates/cron-job-service-cleaner.yaml @@ -63,8 +63,8 @@ spec: - name: etcnova emptyDir: {} - name: nova-etc - configMap: - name: nova-etc + secret: + secretName: nova-etc defaultMode: 0444 - name: nova-bin configMap: diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml index d8401d0099..4cf4b930ec 100644 --- a/nova/templates/daemonset-compute.yaml +++ b/nova/templates/daemonset-compute.yaml @@ -290,8 +290,8 @@ spec: name: nova-bin defaultMode: 0555 - name: nova-etc - configMap: - name: {{ $configMapName }} + secret: + secretName: {{ $configMapName }} defaultMode: 0444 {{- if .Values.conf.ceph.enabled }} - name: etcceph diff --git a/nova/templates/deployment-api-metadata.yaml b/nova/templates/deployment-api-metadata.yaml index bcba71ccb2..729330084a 100644 --- a/nova/templates/deployment-api-metadata.yaml +++ b/nova/templates/deployment-api-metadata.yaml @@ -153,8 +153,8 @@ spec: name: nova-bin defaultMode: 0555 - name: nova-etc - configMap: - name: nova-etc + secret: + secretName: nova-etc defaultMode: 0444 - name: pod-shared emptyDir: {} diff --git a/nova/templates/deployment-api-osapi.yaml b/nova/templates/deployment-api-osapi.yaml index 4e1f40ba7f..65972bc97f 100644 --- a/nova/templates/deployment-api-osapi.yaml +++ b/nova/templates/deployment-api-osapi.yaml @@ -100,8 +100,8 @@ spec: name: nova-bin defaultMode: 0555 - name: nova-etc - configMap: - name: nova-etc + secret: + secretName: nova-etc defaultMode: 0444 {{ if $mounts_nova_api_osapi.volumes}}{{ toYaml $mounts_nova_api_osapi.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml index 823e8cb43c..03c9d9bea3 100644 --- a/nova/templates/deployment-conductor.yaml +++ b/nova/templates/deployment-conductor.yaml @@ -82,8 +82,8 @@ spec: name: nova-bin defaultMode: 0555 - name: nova-etc - configMap: - name: nova-etc + secret: + secretName: nova-etc defaultMode: 0444 {{ if $mounts_nova_conductor.volumes }}{{ toYaml $mounts_nova_conductor.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/nova/templates/deployment-consoleauth.yaml b/nova/templates/deployment-consoleauth.yaml index 7083ad1b54..0e339232d7 100644 --- a/nova/templates/deployment-consoleauth.yaml +++ b/nova/templates/deployment-consoleauth.yaml @@ -82,8 +82,8 @@ spec: name: nova-bin defaultMode: 0555 - name: nova-etc - configMap: - name: nova-etc + secret: + secretName: nova-etc defaultMode: 0444 {{ if $mounts_nova_consoleauth.volumes }}{{ toYaml $mounts_nova_consoleauth.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/nova/templates/deployment-novncproxy.yaml b/nova/templates/deployment-novncproxy.yaml index 3f523dadc0..549f542eed 100644 --- a/nova/templates/deployment-novncproxy.yaml +++ b/nova/templates/deployment-novncproxy.yaml @@ -120,8 +120,8 @@ spec: name: nova-bin defaultMode: 0555 - name: nova-etc - configMap: - name: nova-etc + secret: + secretName: nova-etc defaultMode: 0444 - name: pod-usr-share-novnc emptyDir: {} diff --git a/nova/templates/deployment-placement.yaml b/nova/templates/deployment-placement.yaml index f96500b4ec..542e780db1 100644 --- a/nova/templates/deployment-placement.yaml +++ b/nova/templates/deployment-placement.yaml @@ -109,8 +109,8 @@ spec: name: nova-bin defaultMode: 0555 - name: nova-etc - configMap: - name: nova-etc + secret: + secretName: nova-etc defaultMode: 0444 {{- if $mounts_nova_placement.volumes }}{{ toYaml $mounts_nova_placement.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml index f042ba0ff8..3e0c8fcf86 100644 --- a/nova/templates/deployment-scheduler.yaml +++ b/nova/templates/deployment-scheduler.yaml @@ -82,8 +82,8 @@ spec: name: nova-bin defaultMode: 0555 - name: nova-etc - configMap: - name: nova-etc + secret: + secretName: nova-etc defaultMode: 0444 {{ if $mounts_nova_scheduler.volumes }}{{ toYaml $mounts_nova_scheduler.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/nova/templates/deployment-spiceproxy.yaml b/nova/templates/deployment-spiceproxy.yaml index 8df7f82275..65f6a4f946 100644 --- a/nova/templates/deployment-spiceproxy.yaml +++ b/nova/templates/deployment-spiceproxy.yaml @@ -120,8 +120,8 @@ spec: name: nova-bin defaultMode: 0555 - name: nova-etc - configMap: - name: nova-etc + secret: + secretName: nova-etc defaultMode: 0444 - name: pod-usr-share-spice-html5 emptyDir: {} diff --git a/nova/templates/job-cell-setup.yaml b/nova/templates/job-cell-setup.yaml index 988ac165bf..8764da10f2 100644 --- a/nova/templates/job-cell-setup.yaml +++ b/nova/templates/job-cell-setup.yaml @@ -79,8 +79,8 @@ spec: - name: etcnova emptyDir: {} - name: nova-etc - configMap: - name: nova-etc + secret: + secretName: nova-etc defaultMode: 0444 - name: nova-bin configMap: diff --git a/nova/templates/pod-rally-test.yaml b/nova/templates/pod-rally-test.yaml index 9982282ca2..661a4fde37 100644 --- a/nova/templates/pod-rally-test.yaml +++ b/nova/templates/pod-rally-test.yaml @@ -88,8 +88,8 @@ spec: {{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }} volumes: - name: nova-etc - configMap: - name: nova-etc + secret: + secretName: nova-etc defaultMode: 0444 - name: nova-bin configMap: diff --git a/nova/templates/statefulset-compute-ironic.yaml b/nova/templates/statefulset-compute-ironic.yaml index eca793938f..1933667229 100644 --- a/nova/templates/statefulset-compute-ironic.yaml +++ b/nova/templates/statefulset-compute-ironic.yaml @@ -95,8 +95,8 @@ spec: name: nova-bin defaultMode: 0555 - name: nova-etc - configMap: - name: nova-etc + secret: + secretName: nova-etc defaultMode: 0444 - name: varlibironic hostPath: diff --git a/rally/templates/configmap-etc.yaml b/rally/templates/configmap-etc.yaml index afa651f1a9..2bbe5fec72 100644 --- a/rally/templates/configmap-etc.yaml +++ b/rally/templates/configmap-etc.yaml @@ -54,10 +54,10 @@ limitations under the License. --- apiVersion: v1 -kind: ConfigMap +kind: Secret metadata: name: rally-etc +type: Opaque data: - rally.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.rally | indent 4 }} + rally.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.rally | b64enc }} {{- end }} diff --git a/rally/templates/job-manage-db.yaml b/rally/templates/job-manage-db.yaml index 402a1a1c09..bb20c05055 100644 --- a/rally/templates/job-manage-db.yaml +++ b/rally/templates/job-manage-db.yaml @@ -57,8 +57,8 @@ spec: - name: etcrally emptyDir: {} - name: rally-etc - configMap: - name: rally-etc + secret: + secretName: rally-etc defaultMode: 0444 - name: rally-bin configMap: diff --git a/rally/templates/job-run-task.yaml b/rally/templates/job-run-task.yaml index 0b90d35072..09f35029f7 100644 --- a/rally/templates/job-run-task.yaml +++ b/rally/templates/job-run-task.yaml @@ -84,8 +84,8 @@ spec: - name: etcrally emptyDir: {} - name: rally-etc - configMap: - name: rally-etc + secret: + secretName: rally-etc defaultMode: 0444 - name: rally-tasks configMap: diff --git a/senlin/templates/configmap-etc.yaml b/senlin/templates/configmap-etc.yaml index cf9477ae5f..027b4689c4 100644 --- a/senlin/templates/configmap-etc.yaml +++ b/senlin/templates/configmap-etc.yaml @@ -97,18 +97,14 @@ limitations under the License. {{- end -}} --- apiVersion: v1 -kind: ConfigMap +kind: Secret metadata: name: senlin-etc +type: Opaque data: - rally_tests.yaml: | -{{ toYaml .Values.conf.rally_tests.tests | indent 4 }} - senlin.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.senlin | indent 4 }} - logging.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | indent 4 }} - api-paste.ini: | -{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }} - policy.json: | -{{ toJson .Values.conf.policy | indent 4 }} + rally_tests.yaml: {{ toYaml .Values.conf.rally_tests.tests | b64enc }} + senlin.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.senlin | b64enc }} + logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} + api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} + policy.json: {{ toJson .Values.conf.policy | b64enc }} {{- end }} diff --git a/senlin/templates/cron-job-engine-cleaner.yaml b/senlin/templates/cron-job-engine-cleaner.yaml index 2ab3ea3fa7..8127f19f64 100644 --- a/senlin/templates/cron-job-engine-cleaner.yaml +++ b/senlin/templates/cron-job-engine-cleaner.yaml @@ -74,8 +74,8 @@ spec: - name: etcsenlin emptyDir: {} - name: senlin-etc - configMap: - name: senlin-etc + secret: + secretName: senlin-etc defaultMode: 0444 - name: senlin-bin configMap: diff --git a/senlin/templates/deployment-api.yaml b/senlin/templates/deployment-api.yaml index 437db345a5..dcdccc362b 100644 --- a/senlin/templates/deployment-api.yaml +++ b/senlin/templates/deployment-api.yaml @@ -112,8 +112,8 @@ spec: name: senlin-bin defaultMode: 0555 - name: senlin-etc - configMap: - name: senlin-etc + secret: + secretName: senlin-etc defaultMode: 0444 {{ if $mounts_senlin_api.volumes }}{{ toYaml $mounts_senlin_api.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/senlin/templates/deployment-engine.yaml b/senlin/templates/deployment-engine.yaml index c9b6487acd..2f6f8ba126 100644 --- a/senlin/templates/deployment-engine.yaml +++ b/senlin/templates/deployment-engine.yaml @@ -85,8 +85,8 @@ spec: name: senlin-bin defaultMode: 0555 - name: senlin-etc - configMap: - name: senlin-etc + secret: + secretName: senlin-etc defaultMode: 0444 {{ if $mounts_senlin_engine.volumes }}{{ toYaml $mounts_senlin_engine.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/tempest/templates/configmap-etc.yaml b/tempest/templates/configmap-etc.yaml index bd44108b93..855c460787 100644 --- a/tempest/templates/configmap-etc.yaml +++ b/tempest/templates/configmap-etc.yaml @@ -43,18 +43,16 @@ limitations under the License. --- apiVersion: v1 -kind: ConfigMap +kind: Secret metadata: name: tempest-etc +type: Opaque data: - tempest.conf: |+ -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.tempest | indent 4 }} + tempest.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.tempest | b64enc }} {{ if not (empty .Values.conf.blacklist) }} - test-blacklist: |+ -{{ include "tempest.utils.to_regex_file" .Values.conf.blacklist | indent 4 }} + test-blacklist: {{ include "tempest.utils.to_regex_file" .Values.conf.blacklist | b64enc }} {{ end }} {{ if not (empty .Values.conf.whitelist) }} - test-whitelist: |+ -{{ include "tempest.utils.to_regex_file" .Values.conf.whitelist | indent 4 }} + test-whitelist: {{ include "tempest.utils.to_regex_file" .Values.conf.whitelist | b64enc }} {{ end }} {{- end }} diff --git a/tempest/templates/job-run-tests.yaml b/tempest/templates/job-run-tests.yaml index 7c2080a1de..fd1d8b086a 100644 --- a/tempest/templates/job-run-tests.yaml +++ b/tempest/templates/job-run-tests.yaml @@ -89,8 +89,8 @@ spec: - name: etctempest emptyDir: {} - name: tempest-etc - configMap: - name: tempest-etc + secret: + secretName: tempest-etc defaultMode: 0444 - name: tempest-bin configMap: