Commit c8769686 authored by Fabian Jucker's avatar Fabian Jucker

add k8s backwards compatible copying for more containers

parent 8cd1c341
Pipeline #51903029 passed with stages
in 41 minutes and 34 seconds
---
title: Provide Kubernetes 1.8 backwards compatibility for init-container secret copying
merge_request:
author:
merge_request: 720
author: Fabian Jucker
type: fixed
......@@ -10,11 +10,11 @@ data:
configure: |
set -e
mkdir -p /init-secrets/gitaly /init-secrets/shell
cp /init-config/.gitlab_shell_secret /init-secrets/shell/.gitlab_shell_secret
cp /init-config/gitaly_token /init-secrets/gitaly/gitaly_token
cp -v -r -L /init-config/.gitlab_shell_secret /init-secrets/shell/.gitlab_shell_secret
cp -v -r -L /init-config/gitaly_token /init-secrets/gitaly/gitaly_token
{{- if .Values.global.redis.password.enabled }}
mkdir -p /init-secrets/redis
cp /init-config/redis_password /init-secrets/redis/redis_password
cp -v -r -L /init-config/redis_password /init-secrets/redis/redis_password
{{- end }}
config.toml.erb: |
# The directory where Gitaly's executables are stored
......
......@@ -10,7 +10,7 @@ data:
configure: |
{{- include "gitlab.scripts.configure.secrets" (dict "required" "shell" ) | nindent 4 -}}
mkdir -p /${secret_dir}/ssh
cp /${config_dir}/ssh_host_* /${secret_dir}/ssh/
cp -v -r -L /${config_dir}/ssh_host_* /${secret_dir}/ssh/
chmod 0400 /${secret_dir}/ssh/ssh_host_*
config.yml.erb: |
# GitLab user. git by default
......
......@@ -54,7 +54,7 @@ spec:
args:
- /bin/bash
- -c
- cp /etc/gitlab/.s3cfg $HOME/.s3cfg && while sleep 3600; do :; done # alpine sleep has no infinity
- cp -v -r -L /etc/gitlab/.s3cfg $HOME/.s3cfg && while sleep 3600; do :; done # alpine sleep has no infinity
image: "{{ coalesce .Values.image.repository (include "image.repository" .) }}:{{ coalesce .Values.image.tag (include "gitlab.versionTag" . ) }}"
{{ template "gitlab.imagePullPolicy" . }}
env:
......
......@@ -154,10 +154,10 @@ data:
configure: |
set -e
mkdir -p /init-secrets-workhorse/gitlab-workhorse
cp /init-config/gitlab-workhorse/secret /init-secrets-workhorse/gitlab-workhorse/secret
cp -v -r -L /init-config/gitlab-workhorse/secret /init-secrets-workhorse/gitlab-workhorse/secret
{{- if .Values.global.redis.password.enabled }}
mkdir -p /init-secrets-workhorse/redis
cp /init-config/redis/password /init-secrets-workhorse/redis/
cp -v -r -L /init-config/redis/password /init-secrets-workhorse/redis/
{{- end }}
# Leave this here - This line denotes end of block to the parser.
{{- end }}
......@@ -45,18 +45,17 @@ Returns mount definition for the volume mount definition above.
{{- end -}}
{{/*
Returns a shell script snippet, which extends the script of a configure
container to copy the mutual TLS files to the proper location. Further
Returns a shell script snippet, which extends the script of a configure
container to copy the mutual TLS files to the proper location. Further
it sets the permissions correctly.
*/}}
{{- define "gitlab.psql.ssl.initScript" -}}
{{- if .Values.global.psql.ssl }}
if [ -d /etc/postgresql/ssl ]; then
mkdir -p /${secret_dir}/postgres/ssl
cp /etc/postgresql/ssl/* /${secret_dir}/postgres/ssl/
cp -v -r -L /etc/postgresql/ssl/* /${secret_dir}/postgres/ssl/
chmod 600 /${secret_dir}/postgres/ssl/*
chmod 700 /${secret_dir}/postgres/ssl
fi
{{- end -}}
{{- end -}}
......@@ -66,7 +66,7 @@ init:
if [ -e /config/accesskey ] ; then
sed -e 's@ACCESS_KEY@'"$(cat /config/accesskey)"'@' -e 's@SECRET_KEY@'"$(cat /config/secretkey)"'@' /config/config.yml > /registry/config.yml
else
cp /config/config.yml /registry/config.yml
cp -v -r -L /config/config.yml /registry/config.yml
fi
# Place the `http.secret` value from the kubernetes secret
sed -i -e 's@HTTP_SECRET@'"$(cat /config/httpSecret)"'@' /registry/config.yml
......@@ -74,7 +74,7 @@ init:
if [ -d /config/storage ]; then
# Copy contents of storage secret(s)
mkdir -p /registry/storage
cp /config/storage/* /registry/storage/
cp -v -r -L /config/storage/* /registry/storage/
# Ensure there is a new line in the end
echo '' >> /registry/storage/config
# Default `delete.enabled: true` if not present.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment