From 90700f5a76b7fada66b42a8c4aab302eee254dd1 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Thu, 1 Nov 2018 16:43:17 -0500 Subject: [PATCH] Ceph: Add labels to secrets created by charts This PS adds labels to secrets created by charts, which allows them to be easily identified in deployed sites. PS4: This PS resolves undefined variable "$envAll" issue Change-Id: Icbe3584b0ac18b23e32489c4a04ad5aa7aad67e6 Signed-off-by: Pete Birley --- .../templates/bin/keys/_bootstrap-keyring-manager.sh.tpl | 3 +++ ceph-mon/templates/bin/keys/_storage-keyring-manager.sh.tpl | 5 +++++ .../bin/provisioner/cephfs/_client-key-manager.sh.tpl | 3 +++ .../bin/provisioner/rbd/_namespace-client-key-manager.sh.tpl | 3 +++ 4 files changed, 14 insertions(+) diff --git a/ceph-mon/templates/bin/keys/_bootstrap-keyring-manager.sh.tpl b/ceph-mon/templates/bin/keys/_bootstrap-keyring-manager.sh.tpl index 78d6cfdd5..11c1b4447 100644 --- a/ceph-mon/templates/bin/keys/_bootstrap-keyring-manager.sh.tpl +++ b/ceph-mon/templates/bin/keys/_bootstrap-keyring-manager.sh.tpl @@ -19,6 +19,7 @@ limitations under the License. set -ex {{ if .Release.IsInstall }} +{{- $envAll := . }} function ceph_gen_key () { python ${CEPH_GEN_DIR}/keys-bootstrap-keyring-generator.py @@ -43,6 +44,8 @@ apiVersion: v1 kind: Secret metadata: name: ${KUBE_SECRET_NAME} + labels: +{{ tuple $envAll "ceph" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} type: Opaque data: ${CEPH_KEYRING_NAME}: $( kube_ceph_keyring_gen ${CEPH_KEYRING} ${CEPH_KEYRING_TEMPLATE} ) diff --git a/ceph-mon/templates/bin/keys/_storage-keyring-manager.sh.tpl b/ceph-mon/templates/bin/keys/_storage-keyring-manager.sh.tpl index 9521b3683..3ead03487 100644 --- a/ceph-mon/templates/bin/keys/_storage-keyring-manager.sh.tpl +++ b/ceph-mon/templates/bin/keys/_storage-keyring-manager.sh.tpl @@ -18,6 +18,7 @@ limitations under the License. set -ex {{ if .Release.IsInstall }} +{{- $envAll := . }} function ceph_gen_key () { python ${CEPH_GEN_DIR}/keys-bootstrap-keyring-generator.py @@ -45,6 +46,8 @@ apiVersion: v1 kind: Secret metadata: name: ${KUBE_SECRET_NAME} + labels: +{{ tuple $envAll "ceph" "admin" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} type: Opaque data: ${CEPH_KEYRING_NAME}: $( kube_ceph_keyring_gen ${CEPH_KEYRING} ${CEPH_KEYRING_TEMPLATE} ) @@ -67,6 +70,8 @@ apiVersion: v1 kind: Secret metadata: name: ${KUBE_SECRET_NAME} + labels: +{{ tuple $envAll "ceph" "admin" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} type: kubernetes.io/rbd data: key: $( echo ${CEPH_KEYRING} | base64 | tr -d '\n' ) diff --git a/ceph-provisioners/templates/bin/provisioner/cephfs/_client-key-manager.sh.tpl b/ceph-provisioners/templates/bin/provisioner/cephfs/_client-key-manager.sh.tpl index fe06a0873..6e9c08e7b 100644 --- a/ceph-provisioners/templates/bin/provisioner/cephfs/_client-key-manager.sh.tpl +++ b/ceph-provisioners/templates/bin/provisioner/cephfs/_client-key-manager.sh.tpl @@ -17,6 +17,7 @@ limitations under the License. */}} set -ex +{{- $envAll := . }} CEPH_CEPHFS_KEY=$(kubectl get secret ${PVC_CEPH_CEPHFS_STORAGECLASS_ADMIN_SECRET_NAME} \ --namespace=${PVC_CEPH_CEPHFS_STORAGECLASS_DEPLOYED_NAMESPACE} \ @@ -33,6 +34,8 @@ apiVersion: v1 kind: Secret metadata: name: "${secret_name}" + labels: +{{ tuple $envAll "ceph" "cephfs" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} type: "${secret_type}" data: key: $( echo ${ceph_key} ) diff --git a/ceph-provisioners/templates/bin/provisioner/rbd/_namespace-client-key-manager.sh.tpl b/ceph-provisioners/templates/bin/provisioner/rbd/_namespace-client-key-manager.sh.tpl index 5711ae39a..257fe3f66 100644 --- a/ceph-provisioners/templates/bin/provisioner/rbd/_namespace-client-key-manager.sh.tpl +++ b/ceph-provisioners/templates/bin/provisioner/rbd/_namespace-client-key-manager.sh.tpl @@ -17,6 +17,7 @@ limitations under the License. */}} set -ex +{{- $envAll := . }} CEPH_RBD_KEY=$(kubectl get secret ${PVC_CEPH_RBD_STORAGECLASS_ADMIN_SECRET_NAME} \ --namespace=${PVC_CEPH_RBD_STORAGECLASS_DEPLOYED_NAMESPACE} \ @@ -33,6 +34,8 @@ apiVersion: v1 kind: Secret metadata: name: "${secret_name}" + labels: +{{ tuple $envAll "ceph" "rbd" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} type: "${secret_type}" data: key: $( echo ${ceph_key} )