kube: standardize top.secretRefs convention
Introduce a convention of declaring a secretsRefs:: object below cfg:: for containing all secretKeyRefs. The goal is to self-document all secrets that need to be created in order to deploy a service
Change-Id: I3a990d54f65a288f5e748262c576d2a120efd815
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1806
Reviewed-by: q3k <q3k@hackerspace.pl>
diff --git a/ops/sso/kube/sso.libsonnet b/ops/sso/kube/sso.libsonnet
index c4b9b8c..dbd85bb 100644
--- a/ops/sso/kube/sso.libsonnet
+++ b/ops/sso/kube/sso.libsonnet
@@ -19,6 +19,11 @@
},
},
+ secretRefs:: {
+ ldap_bind_password: { secretKeyRef: { name: "sso", key: "ldap_bind_password" } },
+ secret_key: { secretKeyRef: { name: "sso", key: "secret_key" } },
+ },
+
local ns = kube.Namespace(top.cfg.namespace),
deployment: ns.Contain(kube.Deployment("sso")) {
@@ -73,8 +78,8 @@
"/tls/tls.key",
],
- LDAP_BIND_PASSWORD: { secretKeyRef: { name: "sso", key: "ldap_bind_password" } },
- SECRET_KEY: { secretKeyRef: { name: "sso", key: "secret_key" } },
+ LDAP_BIND_PASSWORD: top.secretRefs.ldap_bind_password,
+ SECRET_KEY: top.secretRefs.secret_key,
LOGGING_LEVEL: "INFO",
JWT_ALG: "RS256",