Главная Обзор Помощь
Вход
RONCC
/
Dell-Omnia-Clusters-HPC-AI
Следить 1
В избранное 0
Ответвить 0
Файлы Обсуждения 0 Запросы на слияние 0 Вики
Ветка: release-1.2
Ветки Метки
Dell-Omnia-C...
/
telemetry
/
roles
/
common
/
tasks
/
k8s_secrets.yml

k8s_secrets.yml 2.3 KB
Постоянная ссылка История Исходник

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 
  1. # Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
    2. 

  2. #
    3. 

  3. # Licensed under the Apache License, Version 2.0 (the "License");
    4. 

  4. # you may not use this file except in compliance with the License.
    5. 

  5. # You may obtain a copy of the License at
    6. 

  6. #
    7. 

  7. #     http://www.apache.org/licenses/LICENSE-2.0
    8. 

  8. #
    9. 

  9. # Unless required by applicable law or agreed to in writing, software
    10. 

  10. # distributed under the License is distributed on an "AS IS" BASIS,
    11. 

  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12. 

  12. # See the License for the specific language governing permissions and
    13. 

  13. # limitations under the License.
    14. 

  14. ---
    15. 

  15. 

  16. - name: Create namespace
    17. 

  17.   kubernetes.core.k8s:
    18. 

  18.     api_version: v1
    19. 

  19.     kind: Namespace
    20. 

  20.     name: "{{ namespace }}"
    21. 

  21.     state: present
    22. 

  22. 

  23. - name: Encrypt timescaledb username
    24. 

  24.   shell: |
    25. 

  25.     set -o pipefail
    26. 

  26.     echo -n "{{ timescaledb_user }}" | base64
    27. 

  27.   register: timescaledb_user_encrypted
    28. 

  28.   changed_when: false
    29. 

  29.   no_log: true
    30. 

  30. 

  31. - name: Encrypt timescaledb password
    32. 

  32.   shell: |
    33. 

  33.     set -o pipefail
    34. 

  34.     echo -n "{{ timescaledb_password }}" | base64
    35. 

  35.   register: timescaledb_password_encrypted
    36. 

  36.   changed_when: false
    37. 

  37.   no_log: true
    38. 

  38. 

  39. - name: Encrypt mysqldb username
    40. 

  40.   shell: |
    41. 

  41.     set -o pipefail
    42. 

  42.     echo -n "{{ mysqldb_user }}" | base64
    43. 

  43.   register: mysqldb_user_encrypted
    44. 

  44.   changed_when: false
    45. 

  45.   no_log: true
    46. 

  46. 

  47. - name: Encrypt mysqldb password
    48. 

  48.   shell: |
    49. 

  49.     set -o pipefail
    50. 

  50.     echo -n "{{ mysqldb_password }}" | base64
    51. 

  51.   register: mysqldb_password_encrypted
    52. 

  52.   changed_when: false
    53. 

  53.   no_log: true
    54. 

  54. 

  55. - name: Encrypt mysqldb password for root user
    56. 

  56.   shell: |
    57. 

  57.     set -o pipefail
    58. 

  58.     echo -n "{{ mysqldb_root_password }}" | base64
    59. 

  59.   register: mysqldb_root_password_encrypted
    60. 

  60.   changed_when: false
    61. 

  61.   no_log: true
    62. 

  62. 

  63. - name: Kubernetes secrets
    64. 

  64.   kubernetes.core.k8s:
    65. 

  65.     state: present
    66. 

  66.     definition:
    67. 

  67.       apiVersion: v1
    68. 

  68.       kind: Secret
    69. 

  69.       metadata:
    70. 

  70.         name: "{{ secrets_name }}"
    71. 

  71.         namespace: "{{ namespace }}"
    72. 

  72.       type: Opaque
    73. 

  73.       data:
    74. 

  74.         timescaledb_user: "{{ timescaledb_user_encrypted.stdout }}"
    75. 

  75.         timescaledb_password: "{{ timescaledb_password_encrypted.stdout }}"
    76. 

  76.         sqldb_user: "{{ mysqldb_user_encrypted.stdout }}"
    77. 

  77.         sqldb_password: "{{ mysqldb_password_encrypted.stdout }}"
    78. 

  78.         sqldb_root_password: "{{ mysqldb_root_password_encrypted.stdout }}"
    79. 

  79.