Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[ironic] move dhparams to secrets #7975

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

[ironic] move dhparams to secrets #7975

wants to merge 2 commits into from
+21 −9

Conversation

sandzwerg
Copy link
Contributor

The dhparams were missed when we moved the secrets from configmaps to
secrets. This should make them work with the new secrets-injector. I
also renamed the nginx config from default.conf to the default name
nginx.conf. The emptydir is needed to be able to mount the secret and
possible other configs as well, even when we currently have no other
configs.

@sandzwerg
[ironic] move dhparams to secrets
d0202e3 
The dhparams were missed when we moved the secrets from configmaps to
secrets. This should make them work with the new secrets-injector. I
also renamed the nginx config from default.conf to the default name
nginx.conf. The emptydir is needed to be able to mount the secret and
possible other configs as well, even when we currently have no other
configs.
@sandzwerg
Copy link
Contributor Author

OK, even if that does work it is not enough.

k describe cm ironic-console | grep -n kvv
17:vault+kvv2:///secrets/qa-de-2/ironic/console/default/ssl_dhparam
68:        secure_link_md5 "$secure_link_expires$1 vault+kvv2:///secrets/qa-de-2/ironic/console/default/password";
k describe cm ironic-conductor-testing-etc | grep -n kvv
131:url_auth_digest_secret = vault+kvv2:///secrets/qa-de-2/ironic/console/default/password

So more secrets were missed.

@sandzwerg
[ironic] remove dummy values
b501f34 
Dummy values are apparently no longer allowed after they caused a outage
for a different service somewhere. So values that need to be there need
to be null so that helm templating can check that they exist. This will
break if there are no values in the secrets.
@sapcc-bot
Copy link
Contributor

Failed to validate the helm chart. Details. Readme.

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@fwiesel fwiesel fwiesel approved these changes

@BerndKue BerndKue BerndKue approved these changes

@stefanhipfel stefanhipfel Awaiting requested review from stefanhipfel stefanhipfel is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sandzwerg @sapcc-bot @fwiesel @BerndKue