commit 1439fde1ba2412f7350d5b6ba7a132be573647dd
author radex <radex@hackerspace.pl> Fri Nov 24 12:22:22 2023 +0100
committer radex <radex@hackerspace.pl> Fri Nov 24 20:39:11 2023 +0000
tree 7a188233946d57ec13b53e8c5837ec3967272531
parent c995c212d2cbbb0fca4c612932a20712289696d8

kube: standardize top.secretRefs convention

Introduce a convention of declaring a secretsRefs:: object below cfg:: for containing all secretKeyRefs. The goal is to self-document all secrets that need to be created in order to deploy a service

Change-Id: I3a990d54f65a288f5e748262c576d2a120efd815
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1806
Reviewed-by: q3k <q3k@hackerspace.pl>

ops/sso/kube/sso.libsonnet

diff --git a/ops/sso/kube/sso.libsonnet b/ops/sso/kube/sso.libsonnet
index c4b9b8c..dbd85bb 100644
--- a/ops/sso/kube/sso.libsonnet
+++ b/ops/sso/kube/sso.libsonnet
@@ -19,6 +19,11 @@
         },
     },
 
+    secretRefs:: {
+        ldap_bind_password: { secretKeyRef: { name: "sso", key: "ldap_bind_password" } },
+        secret_key: { secretKeyRef: { name: "sso", key: "secret_key" } },
+    },
+
     local ns = kube.Namespace(top.cfg.namespace),
 
     deployment: ns.Contain(kube.Deployment("sso")) {
@@ -73,8 +78,8 @@
                                     "/tls/tls.key",
                                 ],
 
-                                LDAP_BIND_PASSWORD: { secretKeyRef: { name: "sso", key: "ldap_bind_password" } },
-                                SECRET_KEY: { secretKeyRef: { name: "sso", key: "secret_key" } },
+                                LDAP_BIND_PASSWORD: top.secretRefs.ldap_bind_password,
+                                SECRET_KEY: top.secretRefs.secret_key,
                                 LOGGING_LEVEL: "INFO",
 
                                 JWT_ALG: "RS256",