Skip to content

Resolve "Move Postgres secrets into Kubernetes Secrets"

Jason Plum requested to merge 67-move-pgsql-password-to-secret into master

Move the PostgreSQL password to a secret, adding appropriate mounts and alterations to templates and documentation.

psql:
  password:
    secret: gitlab-postres
    key: psql-password

Unicorn, Sidekiq, Migrations:

  • Update values.yaml with changes, set default values as above.
  • Updated deployment to add an additional mount, and path
  • Update ConfigMap's database.yml.erb to read the password from file (/etc/gitlab/gitlab-postgres/psql-password)

Omnibus:

  • Update values.yaml with changes, set default values as above.
  • Update deployment to add additional mount and path.
  • Update ConfigMap to read password from file, and use Ruby's Digest::MD5.hexdigest to encode the sql_user_password, removing the manual step!

Documentation:

  • Updated installation/secrets.md with new secret creation
  • Updated installation/configuration.md to remove all references to PostgreSQL settings changes.
  • Updated example-config.yaml to reflect switch to secret

Closes #67 (closed)

Associated MR for Environments: https://gitlab.com/gitlab-com/environments/merge_requests/90

Edited by Jason Plum

Merge request reports