projects / arvados-k8s.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: 18f0d78)
helm: Convert the anonymous and superuser token to values in values.yaml
authorWard Vandewege <wvandewege@veritasgenetics.com>
Mon, 21 May 2018 21:16:59 +0000 (17:16 -0400)
committerWard Vandewege <wvandewege@veritasgenetics.com>
Fri, 25 May 2018 17:31:56 +0000 (13:31 -0400)
No issue #

Arvados-DCO-1.1-Signed-off-by: Ward Vandewege <wvandewege@veritasgenetics.com>

arvados/config/api-server/90-init-db.sh patch | blob | history
arvados/config/sso/90-init-db.sh patch | blob | history
arvados/templates/keep-proxy-deployment.yaml patch | blob | history
arvados/templates/keep-web-deployment.yaml patch | blob | history
arvados/templates/shell-server-deployment.yaml patch | blob | history
arvados/templates/sso-configmap.yaml patch | blob | history
arvados/values.yaml patch | blob | history

diff --git a/arvados/config/api-server/90-init-db.sh b/arvados/config/api-server/90-init-db.sh
index f964c14661e30c288b4074ffcbddc7652f949e2f..cc16372c391c9795742605f47290445a75d51c4c 100644 (file)
--- a/arvados/config/api-server/90-init-db.sh
+++ b/arvados/config/api-server/90-init-db.sh
@@ -22,9 +22,9 @@ prepare_database() {
   if [[ -f "/create-workbench-api-client.rb" ]]; then
     # This is the API server
     cd /var/www/arvados-api/current
-    bundle exec script/create_superuser_token.rb thisisnotaverygoodsuperusersecretstring00000000000
+    bundle exec script/create_superuser_token.rb {{ .Values.superUserSecret }}
     cd script
-    bundle exec get_anonymous_user_token.rb -t thisisnotaverygoodanonymoussecretstring00000000000 || true
+    bundle exec get_anonymous_user_token.rb -t {{ .Values.anonymousUserSecret }} || true
     bundle exec rails runner /create-workbench-api-client.rb
   fi
 
diff --git a/arvados/config/sso/90-init-db.sh b/arvados/config/sso/90-init-db.sh
index 3d8a878445c9b775d1a0c22b413c2a70162e73a5..0515dd63cdd0aa76542294ca51a04323873ca33c 100644 (file)
--- a/arvados/config/sso/90-init-db.sh
+++ b/arvados/config/sso/90-init-db.sh
@@ -19,15 +19,6 @@ prepare_database() {
     echo "Warning: Database is not ready to set up." >&2
     exit 1
   fi
-
-  if [[ -f "/create-workbench-api-client.rb" ]]; then
-    # This is the API server
-    cd /var/www/arvados-api/current
-    bundle exec script/create_superuser_token.rb thisisnotaverygoodsuperusersecretstring00000000000
-    cd script
-    bundle exec get_anonymous_user_token.rb -t thisisnotaverygoodanonymoussecretstring00000000000 || true
-    bundle exec rails runner /create-workbench-api-client.rb
-  fi
 }
 
 prepare_database "db:schema:load"
diff --git a/arvados/templates/keep-proxy-deployment.yaml b/arvados/templates/keep-proxy-deployment.yaml
index 4d2b3b9fb26b80ca113c236873c223931e5a50db..b9906b0c48f4f72f2427d9c4feef3cfe91e5758f 100644 (file)
--- a/arvados/templates/keep-proxy-deployment.yaml
+++ b/arvados/templates/keep-proxy-deployment.yaml
@@ -38,4 +38,4 @@ spec:
             - name : ARVADOS_API_HOST_INSECURE
               value: "true"
             - name : ARVADOS_API_TOKEN
-              value: "thisisnotaverygoodanonymoussecretstring00000000000"
+              value: "{{ .Values.anonymousUserSecret }}"
diff --git a/arvados/templates/keep-web-deployment.yaml b/arvados/templates/keep-web-deployment.yaml
index 999edaabcde9ea5240f4a40af7a2982597f560c7..0cc384234fa3d905bc4cf9aa19505ec12ab5bf21 100644 (file)
--- a/arvados/templates/keep-web-deployment.yaml
+++ b/arvados/templates/keep-web-deployment.yaml
@@ -38,4 +38,4 @@ spec:
             - name : ARVADOS_API_HOST_INSECURE
               value: "true"
             - name : ARVADOS_API_TOKEN
-              value: "thisisnotaverygoodanonymoussecretstring00000000000"
+              value: "{{ .Values.anonymousUserSecret }}"
diff --git a/arvados/templates/shell-server-deployment.yaml b/arvados/templates/shell-server-deployment.yaml
index 455d2ffd1c421347610a4685e390913b769d07b5..c07d07dfe4ac75fbe522e52ce957c66cbabb291c 100644 (file)
--- a/arvados/templates/shell-server-deployment.yaml
+++ b/arvados/templates/shell-server-deployment.yaml
@@ -39,7 +39,7 @@ spec:
             - name : ARVADOS_API_HOST_INSECURE
               value: "true"
             - name : ARVADOS_API_TOKEN
-              value: "thisisnotaverygoodsuperusersecretstring00000000000"
+              value: "{{ .Values.anonymousUserSecret }}"
           volumeMounts:
             - name: shell-server-configmap
               mountPath: /init-scripts-staging/99-init-keep.sh
diff --git a/arvados/templates/sso-configmap.yaml b/arvados/templates/sso-configmap.yaml
index cf9ba1a900c74d46c3e1235aef24e15e17c4f7ef..c8fb70dc373f31f1de2ff13bc47cbfd37fdcda22 100644 (file)
--- a/arvados/templates/sso-configmap.yaml
+++ b/arvados/templates/sso-configmap.yaml
@@ -12,4 +12,4 @@ metadata:
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 data:
-{{ (.Files.Glob "config/sso/*").AsConfig | indent 2 }}
+{{ (tpl (.Files.Glob "config/sso/*").AsConfig . ) | indent 2 }}
diff --git a/arvados/values.yaml b/arvados/values.yaml
index 55e276e808927f831052ec44e20b86a6a709c2bb..eddd0ef15e1bd56391aace800a67e04e4f5be87a 100644 (file)
--- a/arvados/values.yaml
+++ b/arvados/values.yaml
@@ -52,6 +52,11 @@ affinity: {}
 # Must be set to a valid IP address, e.g. by using --set when invoking helm
 externalIP: ~
 
+# A super user token
+superUserSecret: "thisisnotaverygoodsuperusersecretstring00000000000"
+# An anonymous user token
+anonymousUserSecret: "thisisnotaverygoodanonymoussecretstring00000000000"
+
 # The package versions for this Arvados cluster. Also see
 #
 #   curl http://versions.arvados.org/v1/commit/ | jq .