kube: standardize top.secretRefs convention
Introduce a convention of declaring a secretsRefs:: object below cfg:: for containing all secretKeyRefs. The goal is to self-document all secrets that need to be created in order to deploy a service
Change-Id: I3a990d54f65a288f5e748262c576d2a120efd815
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1806
Reviewed-by: q3k <q3k@hackerspace.pl>
diff --git a/app/inventory/prod.jsonnet b/app/inventory/prod.jsonnet
index 984d610..67c3583 100644
--- a/app/inventory/prod.jsonnet
+++ b/app/inventory/prod.jsonnet
@@ -21,7 +21,7 @@
mediaPath: '/var/www/media',
},
- secrets:: {
+ secretRefs:: {
postgres: { secretKeyRef: { name: cfg.name, key: 'postgres_password' } },
oauth: { secretKeyRef: { name: cfg.name, key: 'oauth_secret' } },
},
@@ -45,12 +45,12 @@
SPEJSTORE_ENV: 'prod',
SPEJSTORE_DB_NAME: cfg.db.name,
SPEJSTORE_DB_USER: cfg.db.username,
- SPEJSTORE_DB_PASSWORD: top.secrets.postgres,
+ SPEJSTORE_DB_PASSWORD: top.secretRefs.postgres,
SPEJSTORE_DB_HOST: top.psql.svc.host,
SPEJSTORE_DB_PORT: top.psql.svc.port,
SPEJSTORE_ALLOWED_HOSTS: cfg.domain,
SPEJSTORE_CLIENT_ID: cfg.oauthClientId,
- SPEJSTORE_SECRET: top.secrets.oauth,
+ SPEJSTORE_SECRET: top.secretRefs.oauth,
SPEJSTORE_MEDIA_ROOT: cfg.mediaPath,
SPEJSTORE_REQUIRE_AUTH: 'true',
SPEJSTORE_LAN_ALLOWED_ADDRESS_SPACE: '185.236.240.5',
@@ -79,7 +79,7 @@
database: cfg.db.name,
username: cfg.db.username,
- password: top.secrets.postgres,
+ password: top.secretRefs.postgres,
},
bouncer: {},
},