From bfd492445224521864bd61b4b5a675b7dd94ed80 Mon Sep 17 00:00:00 2001 From: Matt McEuen Date: Tue, 17 Dec 2019 15:04:11 -0600 Subject: [PATCH] promenade: convert configmap-etc to secret This converts the etc configmap to be a secret, whic provides additional obfuscation against accidental inspection of secrets. Change-Id: Ifd522a786eb751e7fad35d3f9ee17ec2bb87e010 --- charts/promenade/templates/configmap-etc.yaml | 11 ++++------- charts/promenade/templates/deployment-api.yaml | 4 ++-- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/charts/promenade/templates/configmap-etc.yaml b/charts/promenade/templates/configmap-etc.yaml index 0d59f36f..89947821 100644 --- a/charts/promenade/templates/configmap-etc.yaml +++ b/charts/promenade/templates/configmap-etc.yaml @@ -47,14 +47,11 @@ limitations under the License. --- apiVersion: v1 -kind: ConfigMap +kind: Secret metadata: name: promenade-etc data: - api-paste.ini: |+ -{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }} - promenade.conf: |+ -{{ include "helm-toolkit.utils.to_ini" .Values.conf.promenade | indent 4 }} - policy.yaml: |+ -{{ toYaml .Values.conf.policy | indent 4 }} + api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} + promenade.conf: {{ include "helm-toolkit.utils.to_ini" .Values.conf.promenade | b64enc }} + policy.yaml: {{ toYaml .Values.conf.policy | b64enc }} {{- end }} diff --git a/charts/promenade/templates/deployment-api.yaml b/charts/promenade/templates/deployment-api.yaml index e4b5374d..76172eb5 100644 --- a/charts/promenade/templates/deployment-api.yaml +++ b/charts/promenade/templates/deployment-api.yaml @@ -118,8 +118,8 @@ spec: {{ if $mounts_promenade_api.volumeMounts }}{{ toYaml $mounts_promenade_api.volumeMounts | indent 12 }}{{ end }} volumes: - name: promenade-etc - configMap: - name: promenade-etc + secret: + secretName: promenade-etc defaultMode: 0444 {{ if $mounts_promenade_api.volumes }}{{ toYaml $mounts_promenade_api.volumes | indent 8 }}{{ end }} {{- end }}