Fix issue reading backup/restore secrets
This patchset uses jq to parse secrets instead of the grep/awk combination that was being used before, which was problematic if the formatting of secrets gets changed. In order to do this for etcdctl-utility pod, I had to add "jq" to the Dockerfile. Mysql and Postgresql utility images already had jq. Change-Id: Ice7e7a44dbe9d6f8b4c7f02d2ed75c08ee47c89f
This commit is contained in:
parent
2b7f38fb22
commit
d5ec559cba
|
@ -10,8 +10,8 @@ fi
|
|||
|
||||
export ETCD_CONF_SECRET={{ $envAll.Values.conf.etcd_backup_restore.secrets.kube_system.conf_secret }}
|
||||
export ETCD_IMAGE_NAME=$(kubectl get cronjob -n ${ETCD_POD_NAMESPACE} kubernetes-etcd-backup -o yaml -o jsonpath="{range .spec.jobTemplate.spec.template.spec.containers[*]}{.image}{'\n'}{end}" | grep etcdctl-utility)
|
||||
export ETCD_BACKUP_BASE_PATH=$(kubectl get secret -o yaml -n ${ETCD_POD_NAMESPACE} ${ETCD_CONF_SECRET} | grep BACKUP_BASE_PATH | awk '{print $2}' | base64 -d)
|
||||
ETCD_REMOTE_BACKUP_ENABLED=$(kubectl get secret -o yaml -n ${ETCD_POD_NAMESPACE} ${ETCD_CONF_SECRET} | grep REMOTE_BACKUP_ENABLED | awk '{print $2}' | base64 -d)
|
||||
export ETCD_BACKUP_BASE_PATH=$(kubectl get secret -n ${ETCD_POD_NAMESPACE} ${ETCD_CONF_SECRET} -o json | jq -r .data.BACKUP_BASE_PATH | base64 -d)
|
||||
ETCD_REMOTE_BACKUP_ENABLED=$(kubectl get secret -n ${ETCD_POD_NAMESPACE} ${ETCD_CONF_SECRET} -o json | jq -r .data.REMOTE_BACKUP_ENABLED | base64 -d)
|
||||
export ETCD_REMOTE_BACKUP_ENABLED=$(echo $ETCD_REMOTE_BACKUP_ENABLED | sed 's/"//g')
|
||||
|
||||
if [[ $NODE == "" ]];then
|
||||
|
|
|
@ -10,8 +10,8 @@ fi
|
|||
|
||||
export MARIADB_CONF_SECRET={{ $envAll.Values.conf.mariadb_backup_restore.secrets.conf_secret }}
|
||||
export MARIADB_IMAGE_NAME=$(kubectl get cronjob -n ${MARIADB_POD_NAMESPACE} mariadb-backup -o yaml -o jsonpath="{range .spec.jobTemplate.spec.template.spec.containers[*]}{.image}{'\n'}{end}" | grep mysqlclient-utility)
|
||||
export MARIADB_BACKUP_BASE_PATH=$(kubectl get secret -o yaml -n ${MARIADB_POD_NAMESPACE} ${MARIADB_CONF_SECRET} | grep BACKUP_BASE_PATH | awk '{print $2}' | base64 -d)
|
||||
MARIADB_REMOTE_BACKUP_ENABLED=$(kubectl get secret -o yaml -n ${MARIADB_POD_NAMESPACE} ${MARIADB_CONF_SECRET} | grep REMOTE_BACKUP_ENABLED | awk '{print $2}' | base64 -d)
|
||||
export MARIADB_BACKUP_BASE_PATH=$(kubectl get secret -n ${MARIADB_POD_NAMESPACE} ${MARIADB_CONF_SECRET} -o json | jq -r .data.BACKUP_BASE_PATH | base64 -d)
|
||||
MARIADB_REMOTE_BACKUP_ENABLED=$(kubectl get secret -n ${MARIADB_POD_NAMESPACE} ${MARIADB_CONF_SECRET} -o json | jq -r .data.REMOTE_BACKUP_ENABLED | base64 -d)
|
||||
export MARIADB_REMOTE_BACKUP_ENABLED=$(echo $MARIADB_REMOTE_BACKUP_ENABLED | sed 's/"//g')
|
||||
|
||||
if [[ $MARIADB_IMAGE_NAME == "" ]]; then
|
||||
|
|
|
@ -7,7 +7,7 @@ IFS=', ' read -re -a BACKUP_RESTORE_NAMESPACE_ARRAY <<< "$BACKUP_RESTORE_NAMESPA
|
|||
function database_cmd() {
|
||||
NAMESPACE=$1
|
||||
|
||||
POSTGRES_PWD=$(kubectl get secret -n "$NAMESPACE" postgresql-admin -o yaml | grep POSTGRES_PASSWORD | awk '{print $2}' | base64 -d)
|
||||
POSTGRES_PWD=$(kubectl get secret -n "$NAMESPACE" postgresql-admin -o json | jq -r .data.POSTGRES_PASSWORD | base64 -d)
|
||||
POSTGRES_CREDS="postgresql://postgres:${POSTGRES_PWD}@postgresql.${NAMESPACE}.svc.cluster.local?sslmode=disable"
|
||||
SQL_CMD="psql $POSTGRES_CREDS"
|
||||
|
||||
|
|
|
@ -10,8 +10,8 @@ fi
|
|||
|
||||
export POSTGRESQL_CONF_SECRET={{ $envAll.Values.conf.postgresql_backup_restore.secrets.conf_secret }}
|
||||
export POSTGRESQL_IMAGE_NAME=$(kubectl get cronjob -n ucp postgresql-backup -o yaml -o jsonpath="{range .spec.jobTemplate.spec.template.spec.containers[*]}{.image}{'\n'}{end}" | grep postgresql-utility)
|
||||
export POSTGRESQL_BACKUP_BASE_PATH=$(kubectl get secret -o yaml -n ${POSTGRESQL_POD_NAMESPACE} ${POSTGRESQL_CONF_SECRET} | grep BACKUP_BASE_PATH | awk '{print $2}' | base64 -d)
|
||||
POSTGRESQL_REMOTE_BACKUP_ENABLED=$(kubectl get secret -o yaml -n ${POSTGRESQL_POD_NAMESPACE} ${POSTGRESQL_CONF_SECRET} | grep REMOTE_BACKUP_ENABLED | awk '{print $2}' | base64 -d)
|
||||
export POSTGRESQL_BACKUP_BASE_PATH=$(kubectl get secret -n ${POSTGRESQL_POD_NAMESPACE} ${POSTGRESQL_CONF_SECRET} -o json | jq -r .data.BACKUP_BASE_PATH | base64 -d)
|
||||
POSTGRESQL_REMOTE_BACKUP_ENABLED=$(kubectl get secret -n ${POSTGRESQL_POD_NAMESPACE} ${POSTGRESQL_CONF_SECRET} -o json | jq -r .data.REMOTE_BACKUP_ENABLED | base64 -d)
|
||||
export POSTGRESQL_REMOTE_BACKUP_ENABLED=$(echo $POSTGRESQL_REMOTE_BACKUP_ENABLED | sed 's/"//g')
|
||||
|
||||
if [[ $POSTGRESQL_IMAGE_NAME == "" ]]; then
|
||||
|
|
|
@ -4,7 +4,7 @@ function database_cmd() {
|
|||
NAMESPACE=$1
|
||||
|
||||
get_postgres_password() {
|
||||
PW=$(kubectl get secret -n "$NAMESPACE" postgresql-admin -o yaml | grep POSTGRES_PASSWORD | awk '{print $2}' | base64 -d)
|
||||
PW=$(kubectl get secret -n "$NAMESPACE" postgresql-admin -o json | jq -r .data.POSTGRES_PASSWORD | base64 -d)
|
||||
echo "$PW"
|
||||
}
|
||||
POSTGRES_PWD=$(get_postgres_password)
|
||||
|
|
|
@ -32,6 +32,7 @@ RUN set -xe \
|
|||
rsyslog \
|
||||
python3.6 \
|
||||
python3-pip \
|
||||
jq \
|
||||
&& pip3 install \
|
||||
oslo.rootwrap==5.8.0 \
|
||||
python-openstackclient==3.18.1 \
|
||||
|
|
Loading…
Reference in New Issue