From 7b702c8bba8443d0b90791a8da6cddb92a886584 Mon Sep 17 00:00:00 2001 From: John Mazzitelli Date: Fri, 4 Oct 2024 13:20:04 -0400 Subject: [PATCH] be able to put username in secrets This also adds the ability to put customdashboards.prometheus credentials in secrets part of: https://github.com/kiali/kiali/issues/7795 --- roles/default/kiali-deploy/tasks/main.yml | 30 +++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/roles/default/kiali-deploy/tasks/main.yml b/roles/default/kiali-deploy/tasks/main.yml index 3a3d9edd..c096b853 100644 --- a/roles/default/kiali-deploy/tasks/main.yml +++ b/roles/default/kiali-deploy/tasks/main.yml @@ -591,6 +591,11 @@ {# Initialize #} {% set d = {} %} + {# Prepare the secret volume for prometheus username #} + {% if kiali_vars.external_services.prometheus.auth.username | regex_search('secret:.+:.+') %} + {% set d = d | combine({'prometheus-username': {'secret_name': kiali_vars.external_services.prometheus.auth.username | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.prometheus.auth.username | regex_replace('secret:.+:(.+)', '\\1') }}) %} + {% endif %} + {# Prepare the secret volume for prometheus password #} {% if kiali_vars.external_services.prometheus.auth.password | regex_search('secret:.+:.+') %} {% set d = d | combine({'prometheus-password': {'secret_name': kiali_vars.external_services.prometheus.auth.password | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.prometheus.auth.password | regex_replace('secret:.+:(.+)', '\\1') }}) %} @@ -601,6 +606,11 @@ {% set d = d | combine({'prometheus-token': {'secret_name': kiali_vars.external_services.prometheus.auth.token | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.prometheus.auth.token | regex_replace('secret:.+:(.+)', '\\1') }}) %} {% endif %} + {# Prepare the secret volume for tracing username #} + {% if kiali_vars.external_services.tracing.enabled|bool == True and kiali_vars.external_services.tracing.auth.username | regex_search('secret:.+:.+') %} + {% set d = d | combine({'tracing-username': {'secret_name': kiali_vars.external_services.tracing.auth.username | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.tracing.auth.username | regex_replace('secret:.+:(.+)', '\\1') }}) %} + {% endif %} + {# Prepare the secret volume for tracing password #} {% if kiali_vars.external_services.tracing.enabled|bool == True and kiali_vars.external_services.tracing.auth.password | regex_search('secret:.+:.+') %} {% set d = d | combine({'tracing-password': {'secret_name': kiali_vars.external_services.tracing.auth.password | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.tracing.auth.password | regex_replace('secret:.+:(.+)', '\\1') }}) %} @@ -611,6 +621,11 @@ {% set d = d | combine({'tracing-token': {'secret_name': kiali_vars.external_services.tracing.auth.token | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.tracing.auth.token | regex_replace('secret:.+:(.+)', '\\1') }}) %} {% endif %} + {# Prepare the secret volume for grafana username #} + {% if kiali_vars.external_services.grafana.enabled|bool == True and kiali_vars.external_services.grafana.auth.username | regex_search('secret:.+:.+') %} + {% set d = d | combine({'grafana-username': {'secret_name': kiali_vars.external_services.grafana.auth.username | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.grafana.auth.username | regex_replace('secret:.+:(.+)', '\\1') }}) %} + {% endif %} + {# Prepare the secret volume for grafana password #} {% if kiali_vars.external_services.grafana.enabled|bool == True and kiali_vars.external_services.grafana.auth.password | regex_search('secret:.+:.+') %} {% set d = d | combine({'grafana-password': {'secret_name': kiali_vars.external_services.grafana.auth.password | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.grafana.auth.password | regex_replace('secret:.+:(.+)', '\\1') }}) %} @@ -626,6 +641,21 @@ {% set d = d | combine({'login-token-signing-key': {'secret_name': kiali_vars.login_token.signing_key | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.login_token.signing_key | regex_replace('secret:.+:(.+)', '\\1') }}) %} {% endif %} + {# Prepare the secret volume for customdashboards prometheus username #} + {% if kiali_vars.external_services.custom_dashboards.prometheus.auth.username | regex_search('secret:.+:.+') %} + {% set d = d | combine({'customdashboards-prometheus-username': {'secret_name': kiali_vars.external_services.custom_dashboards.prometheus.auth.username | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.custom_dashboards.prometheus.auth.username | regex_replace('secret:.+:(.+)', '\\1') }}) %} + {% endif %} + + {# Prepare the secret volume for customdashboards prometheus password #} + {% if kiali_vars.external_services.custom_dashboards.prometheus.auth.password | regex_search('secret:.+:.+') %} + {% set d = d | combine({'customdashboards-prometheus-password': {'secret_name': kiali_vars.external_services.custom_dashboards.prometheus.auth.password | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.custom_dashboards.prometheus.auth.password | regex_replace('secret:.+:(.+)', '\\1') }}) %} + {% endif %} + + {# Prepare the secret volume for customdashboards prometheus token #} + {% if kiali_vars.external_services.custom_dashboards.prometheus.auth.token | regex_search('secret:.+:.+') %} + {% set d = d | combine({'customdashboards-prometheus-token': {'secret_name': kiali_vars.external_services.custom_dashboards.prometheus.auth.token | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.custom_dashboards.prometheus.auth.token | regex_replace('secret:.+:(.+)', '\\1') }}) %} + {% endif %} + {# Set the yaml to the new dict #} {{ d | to_nice_yaml }} set_fact: