Merge pull request #2 from raresfirebolt/remove_secrets_from_git

generate secrets manually
raresfirebolt · May 12, 2021 · cac1c4f · cac1c4f
2 parents db48b7d + 329d7e3
commit cac1c4f
Show file tree

Hide file tree

Showing 7 changed files with 33 additions and 2 deletions.
diff --git a/charts/repo/timescaledb-multinode-0.8.1.tgz b/charts/repo/timescaledb-multinode-0.8.1.tgz
diff --git a/charts/timescaledb-multinode/Chart.yaml b/charts/timescaledb-multinode/Chart.yaml
@@ -4,7 +4,7 @@
 apiVersion: v1
 name: timescaledb-multinode
 description: 'TimescaleDB Multinode Deployment.'
-version: 0.8.0
+version: 0.8.1
 # appVersion specifies the version of the software, which can vary wildly,
 # e.g. TimescaleDB 1.4.1 on PostgreSQL 11 or TimescaleDB 1.5.0 on PostgreSQL 12.
 # https://github.com/helm/helm/blob/master/docs/charts.md#the-appversion-field

diff --git a/charts/timescaledb-multinode/README.md b/charts/timescaledb-multinode/README.md
@@ -38,6 +38,20 @@ Alternatively, a YAML file that specifies the values for the parameters can be p
 ```console
 helm upgrade --install my-release -f myvalues.yaml .
 ```
+### Secret override
+
+Instead of setting secrets in values.yaml, they can be manually generated. The following example is for timescaledb-access node and timescaledb-data node.
+
+In values.yaml set:
+```console
+credentials:
+  fromValues: false
+```
+
+```console
+kubectl create secret generic `my-release`-access --from-literal=password-superuser='<manually_generated_timescaledb-access_password>'
+kubectl create secret generic `my-release`-data --from-literal=password-superuser='<manually_generated_client_timescaledb-data_password>'
+```
 
 For details about what parameters you can set, have a look at the [Administrator Guide](admin-guide.md#configure)
 
@@ -108,6 +122,13 @@ our [TimescaleDB > Tutorial: Scaling out TimescaleDB](https://docs.timescale.com
 to create distributed hypertables and start using multinode TimescaleDB.
 
 ### Connecting from another pod
+If you are connecting from inside a pod in the Kubernetes cluster set service type to ClusterIP. Edit the following in values.yaml:
+
+```console
+access:
+  service:
+    type: ClusterIP
+```
 
 From inside a pod in the Kubernetes cluster, you need to use the
 internal DNS address, e.g.,

diff --git a/charts/timescaledb-multinode/admin-guide.md b/charts/timescaledb-multinode/admin-guide.md
@@ -23,6 +23,8 @@ The following table lists the configurable parameters of the TimescaleDB Helm ch
 | `image.tag`                       | The version of the image to pull            | `pg12.5-ts2.0.0-p0`
 | `image.pullPolicy`                | The pull policy                             | `IfNotPresent`                                      |
 | `credentials.accessNode.superuser`| Password of the superuser for the Access Node | `tea`                                             |
+| `accessNode.service.type`         | Setup external access using LoadBalancer or ClusterIP  | `LoadBalancer`                           |
+| `credentials.fromValues`          | Load credentials from values.yaml           | `true`                                              |
 | `credentials.dataNode.superuser`  | Password of the superuser for the Data Nodes  | `coffee`                                          |
 | `env`                             | Extra custom environment variables, expressed as [EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.16/#envvarsource-v1-core) | `PGDATA` and some language settings |
 | `resources`                       | Any resources you wish to assign to the pod | `{}`                                                |

diff --git a/charts/timescaledb-multinode/templates/sec-timescaledb.yaml b/charts/timescaledb-multinode/templates/sec-timescaledb.yaml
@@ -1,6 +1,7 @@
 # This file and its contents are licensed under the Apache License 2.0.
 # Please see the included NOTICE for copyright information and LICENSE for a copy of the license.
 
+{{- if .Values.credentials.fromValues }}
 ---
 apiVersion: v1
 kind: Secret
@@ -29,3 +30,4 @@ type: Opaque
 data:
   password-superuser: {{ .Values.credentials.dataNode.superuser | b64enc }}
 ...
+{{- end }}
diff --git a/charts/timescaledb-multinode/templates/svc-timescaledb-access.yaml b/charts/timescaledb-multinode/templates/svc-timescaledb-access.yaml
@@ -14,7 +14,7 @@ metadata:
   annotations:
     service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "4000"
 spec:
-  type: LoadBalancer
+  type: {{ .Values.accessNode.service.type }}
   ports:
   - name: postgresql
     port: 5432

diff --git a/charts/timescaledb-multinode/values.yaml b/charts/timescaledb-multinode/values.yaml
@@ -14,8 +14,14 @@ image:
   tag: pg12-ts2.0.0-p0
   pullPolicy: IfNotPresent
 
+#enable external access using LoadBalancer
+accessNode:
+  service:
+    type: LoadBalancer
+
 # Credentials used by PostgreSQL
 credentials:
+  fromValues: true
   accessNode:
     superuser: tea
   dataNode: