Merge "Grafana: Add job to update admin password"

This commit is contained in:
Zuul 2019-02-16 01:10:44 +00:00 committed by Gerrit Code Review
commit 0d4970087e
5 changed files with 123 additions and 0 deletions

View File

@ -0,0 +1,26 @@
#!/bin/bash
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
echo "Attempting to update Grafana admin user password"
grafana-cli admin reset-admin-password --homepath "/usr/share/grafana" --config /etc/grafana/grafana.ini ${GF_SECURITY_ADMIN_PASSWORD}
if [ "$?" == 1 ]; then
echo "The Grafana admin user does not exist yet, so no need to update password"
exit 0;
else
exit 0;
fi

View File

@ -32,4 +32,6 @@ data:
{{ tuple "bin/_helm-tests.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_helm-tests.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
grafana.sh: | grafana.sh: |
{{ tuple "bin/_grafana.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_grafana.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
set-admin-password.sh: |
{{ tuple "bin/_set-admin-password.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }} {{- end }}

View File

@ -0,0 +1,79 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_set_admin_user }}
{{- $envAll := . }}
{{- $serviceAccountName := "grafana-set-admin-user" }}
{{ tuple $envAll "set_admin_user" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: grafana-set-admin-user
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
spec:
template:
metadata:
labels:
{{ tuple $envAll "grafana" "set-admin-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value | quote }}
initContainers:
{{ tuple $envAll "set_admin_user" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: grafana-set-admin-password
{{ tuple $envAll "grafana" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.set_admin_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
allowPrivilegeEscalation: false
command:
- /tmp/set-admin-password.sh
env:
- name: GF_SECURITY_ADMIN_USER
valueFrom:
secretKeyRef:
name: grafana-admin-creds
key: GRAFANA_ADMIN_USERNAME
- name: GF_SECURITY_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: grafana-admin-creds
key: GRAFANA_ADMIN_PASSWORD
volumeMounts:
- name: grafana-etc
mountPath: /etc/grafana/grafana.ini
subPath: grafana.ini
- name: grafana-bin
mountPath: /tmp/set-admin-password.sh
subPath: set-admin-password.sh
readOnly: true
volumes:
- name: pod-etc-grafana
emptyDir: {}
- name: grafana-bin
configMap:
name: grafana-bin
defaultMode: 0555
- name: grafana-etc
secret:
secretName: grafana-etc
defaultMode: 0444
{{- end }}

View File

@ -107,6 +107,13 @@ pod:
limits: limits:
memory: "1024Mi" memory: "1024Mi"
cpu: "2000m" cpu: "2000m"
set_admin_user:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
tests: tests:
requests: requests:
memory: "128Mi" memory: "128Mi"
@ -264,6 +271,7 @@ dependencies:
jobs: jobs:
- grafana-db-init - grafana-db-init
- grafana-db-session-sync - grafana-db-session-sync
- grafana-set-admin-user
services: services:
- endpoint: internal - endpoint: internal
service: oslo_db service: oslo_db
@ -271,6 +279,12 @@ dependencies:
services: services:
- endpoint: internal - endpoint: internal
service: local_image_registry service: local_image_registry
set_admin_user:
jobs:
- grafana-db-init
services:
- endpoint: internal
service: oslo_db
tests: tests:
services: services:
- endpoint: internal - endpoint: internal
@ -314,6 +328,7 @@ manifests:
job_db_init_session: true job_db_init_session: true
job_db_session_sync: true job_db_session_sync: true
job_image_repo_sync: true job_image_repo_sync: true
job_set_admin_user: true
network_policy: false network_policy: false
secret_db: true secret_db: true
secret_db_session: true secret_db_session: true

View File

@ -34,6 +34,7 @@ fi
export CEPH_NETWORK=$(./tools/deployment/multinode/kube-node-subnet.sh) export CEPH_NETWORK=$(./tools/deployment/multinode/kube-node-subnet.sh)
export CEPH_FS_ID="$(cat /tmp/ceph-fs-uuid.txt)" export CEPH_FS_ID="$(cat /tmp/ceph-fs-uuid.txt)"
export RELEASE_UUID=$(uuidgen)
export OSH_INFRA_PATH export OSH_INFRA_PATH
# NOTE(srwilkers): We add this here due to envsubst expanding the ${tag} placeholder in # NOTE(srwilkers): We add this here due to envsubst expanding the ${tag} placeholder in