summaryrefslogtreecommitdiffstats
path: root/roles/openshift_metrics/templates
diff options
context:
space:
mode:
authorOpenShift Bot <eparis+openshiftbot@redhat.com>2017-03-21 16:12:35 -0500
committerGitHub <noreply@github.com>2017-03-21 16:12:35 -0500
commitbe09be62cf9c3ac7ef1142f494437026d72bd3e7 (patch)
treec839a4301e88eee61e412830ede3afb10a4bf284 /roles/openshift_metrics/templates
parent2ac2c5c4fcc260d5e59c524d54879f9717ac9fa6 (diff)
parent6d7ca91fc4ddd7b40c8b7e9983a9a4b475f72214 (diff)
downloadopenshift-be09be62cf9c3ac7ef1142f494437026d72bd3e7.tar.gz
openshift-be09be62cf9c3ac7ef1142f494437026d72bd3e7.tar.bz2
openshift-be09be62cf9c3ac7ef1142f494437026d72bd3e7.tar.xz
openshift-be09be62cf9c3ac7ef1142f494437026d72bd3e7.zip
Merge pull request #3667 from jpkrohling/JPK-SwitchCassandraToUseGeneratedCerts
Merged by openshift-bot
Diffstat (limited to 'roles/openshift_metrics/templates')
-rw-r--r--roles/openshift_metrics/templates/hawkular_cassandra_rc.j225
-rw-r--r--roles/openshift_metrics/templates/secret.j26
2 files changed, 18 insertions, 13 deletions
diff --git a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2
index 504476dc4..889317847 100644
--- a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2
+++ b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2
@@ -48,11 +48,6 @@ spec:
- "--require_node_auth=true"
- "--enable_client_encryption=true"
- "--require_client_auth=true"
- - "--keystore_file=/secret/cassandra.keystore"
- - "--keystore_password_file=/secret/cassandra.keystore.password"
- - "--truststore_file=/secret/cassandra.truststore"
- - "--truststore_password_file=/secret/cassandra.truststore.password"
- - "--cassandra_pem_file=/secret/cassandra.pem"
env:
- name: CASSANDRA_MASTER
value: "{{ master }}"
@@ -60,6 +55,10 @@ spec:
value: "/cassandra_data"
- name: JVM_OPTS
value: "-Dcassandra.commitlog.ignorereplayerrors=true"
+ - name: TRUSTSTORE_NODES_AUTHORITIES
+ value: "/hawkular-cassandra-certs/tls.peer.truststore.crt"
+ - name: TRUSTSTORE_CLIENT_AUTHORITIES
+ value: "/hawkular-cassandra-certs/tls.client.truststore.crt"
- name: POD_NAMESPACE
valueFrom:
fieldRef:
@@ -76,12 +75,12 @@ spec:
volumeMounts:
- name: cassandra-data
mountPath: "/cassandra_data"
- - name: hawkular-cassandra-secrets
- mountPath: "/secret"
-{% if ((openshift_metrics_cassandra_limits_cpu is defined and openshift_metrics_cassandra_limits_cpu is not none)
+ - name: hawkular-cassandra-certs
+ mountPath: "/hawkular-cassandra-certs"
+{% if ((openshift_metrics_cassandra_limits_cpu is defined and openshift_metrics_cassandra_limits_cpu is not none)
or (openshift_metrics_cassandra_limits_memory is defined and openshift_metrics_cassandra_limits_memory is not none)
or (openshift_metrics_cassandra_requests_cpu is defined and openshift_metrics_cassandra_requests_cpu is not none)
- or (openshift_metrics_cassandra_requests_memory is defined and openshift_metrics_cassandra_requests_memory is not none))
+ or (openshift_metrics_cassandra_requests_memory is defined and openshift_metrics_cassandra_requests_memory is not none))
%}
resources:
{% if (openshift_metrics_cassandra_limits_cpu is not none
@@ -95,8 +94,8 @@ spec:
memory: "{{openshift_metrics_cassandra_limits_memory}}"
{% endif %}
{% endif %}
-{% if (openshift_metrics_cassandra_requests_cpu is not none
- or openshift_metrics_cassandra_requests_memory is not none)
+{% if (openshift_metrics_cassandra_requests_cpu is not none
+ or openshift_metrics_cassandra_requests_memory is not none)
%}
requests:
{% if openshift_metrics_cassandra_requests_cpu is not none %}
@@ -129,6 +128,6 @@ spec:
persistentVolumeClaim:
claimName: "{{ openshift_metrics_cassandra_pvc_prefix }}-{{ node }}"
{% endif %}
- - name: hawkular-cassandra-secrets
+ - name: hawkular-cassandra-certs
secret:
- secretName: hawkular-cassandra-secrets
+ secretName: hawkular-cassandra-certs
diff --git a/roles/openshift_metrics/templates/secret.j2 b/roles/openshift_metrics/templates/secret.j2
index 370890c7d..5b9dba122 100644
--- a/roles/openshift_metrics/templates/secret.j2
+++ b/roles/openshift_metrics/templates/secret.j2
@@ -2,6 +2,12 @@ apiVersion: v1
kind: Secret
metadata:
name: "{{ name }}"
+{% if annotations is defined%}
+ annotations:
+{% for key, value in annotations.iteritems() %}
+ {{key}}: {{value}}
+{% endfor %}
+{% endif %}
labels:
{% for k, v in labels.iteritems() %}
{{ k }}: {{ v }}