promenade: convert configmap-etc to secret

This converts the etc configmap to be a secret, whic provides additional obfuscation against accidental inspection of secrets. Change-Id: Ifd522a786eb751e7fad35d3f9ee17ec2bb87e010
2019-12-17 15:04:11 -06:00 · 2019-12-17 15:04:11 -06:00 · bfd4924452
parent 3674a86ed8
commit bfd4924452
2 changed files with 6 additions and 9 deletions
--- a/charts/promenade/templates/configmap-etc.yaml
+++ b/charts/promenade/templates/configmap-etc.yaml
@ -47,14 +47,11 @@ limitations under the License.

 ---
 apiVersion: v1
-kind: ConfigMap
+kind: Secret
 metadata:
  name: promenade-etc
 data:
-  api-paste.ini: |+
-{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }}
-  promenade.conf: |+
-{{ include "helm-toolkit.utils.to_ini" .Values.conf.promenade | indent 4 }}
-  policy.yaml: |+
-{{ toYaml .Values.conf.policy | indent 4 }}
+  api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
+  promenade.conf: {{ include "helm-toolkit.utils.to_ini" .Values.conf.promenade | b64enc }}
+  policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
 {{- end }}
--- a/charts/promenade/templates/deployment-api.yaml
+++ b/charts/promenade/templates/deployment-api.yaml
@ -118,8 +118,8 @@ spec:
 {{ if $mounts_promenade_api.volumeMounts }}{{ toYaml $mounts_promenade_api.volumeMounts | indent 12 }}{{ end }}
      volumes:
        - name: promenade-etc
-          configMap:
-            name: promenade-etc
+          secret:
+            secretName: promenade-etc
            defaultMode: 0444
 {{ if $mounts_promenade_api.volumes }}{{ toYaml $mounts_promenade_api.volumes | indent 8 }}{{ end }}
 {{- end }}