oceanbox/platform
6
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Get rid of grafana ldap toml

Browse Source
This commit is contained in:
Jonas Juselius
2020-11-06 10:19:57 +01:00
parent 88b4b7315e
commit e1fa427036
5 changed files with 30 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
charts/prometheus/grafana-ldap-toml.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: v1
kind: List
metadata: {}
items:
- apiVersion: v1
kind: Secret
type: Opaque
metadata:
labels:
app: grafana
name: grafana-ldap-toml
namespace: prometheus
data:
ldap-toml: @grafana_ldap_toml@

13
clusters/k0/default.nix
View File

@@ -41,19 +41,6 @@ let
acme_email = "innovasjon@itpartner.no"; acme_email = "innovasjon@itpartner.no";
grafana_smtp_user = "utvikling"; grafana_smtp_user = "utvikling";
grafana_smtp_password = "S0m3rp0m@de#21!"; grafana_smtp_password = "S0m3rp0m@de#21!";
grafana_ldap_toml = ''
verbose_logging = true
[[servers]]
host = "itp-dc1.itpartner.intern"
port = 636
use_ssl = true
start_tls = false
ssl_skip_verify = true
bind_dn = "gitlab@itpartner.intern"
bind_password = "hipp hopp snipp snopp"
search_filter = "(&(objectClass=user)(objectClass=person)(|(sAMAccountName=%s)(mail=%s)))"
search_base_dns = ["DC=itpartner,DC=intern"]
'';
}; };
}; };
}; };

13
clusters/k1/default.nix
View File

@@ -42,19 +42,6 @@ let
acme_email = "innovasjon@itpartner.no"; acme_email = "innovasjon@itpartner.no";
grafana_smtp_user = "utvikling"; grafana_smtp_user = "utvikling";
grafana_smtp_password = "S0m3rp0m@de#21!"; grafana_smtp_password = "S0m3rp0m@de#21!";
grafana_ldap_toml = ''
verbose_logging = true
[[servers]]
host = "itp-dc1.itpartner.intern"
port = 636
use_ssl = true
start_tls = false
ssl_skip_verify = true
bind_dn = "gitlab@itpartner.intern"
bind_password = "hipp hopp snipp snopp"
search_filter = "(&(objectClass=user)(objectClass=person)(|(sAMAccountName=%s)(mail=%s)))"
search_base_dns = ["DC=itpartner,DC=intern"]
'';
}; };
}; };
}; };

13
clusters/k2/default.nix
View File

@@ -43,19 +43,6 @@ let
acme_email = "innovasjon@itpartner.no"; acme_email = "innovasjon@itpartner.no";
grafana_smtp_user = "utvikling"; grafana_smtp_user = "utvikling";
grafana_smtp_password = "S0m3rp0m@de#21!"; grafana_smtp_password = "S0m3rp0m@de#21!";
grafana_ldap_toml = ''
verbose_logging = true
[[servers]]
host = "itp-dc1.itpartner.intern"
port = 636
use_ssl = true
start_tls = false
ssl_skip_verify = true
bind_dn = "gitlab@itpartner.intern"
bind_password = "hipp hopp snipp snopp"
search_filter = "(&(objectClass=user)(objectClass=person)(|(sAMAccountName=%s)(mail=%s)))"
search_base_dns = ["DC=itpartner,DC=intern"]
'';
}; };
}; };
}; };

45
modules/k8s.nix
View File

@@ -38,15 +38,22 @@ let
''; '';
}; };
kubernetes-charts = pkgs.stdenv.mkDerivation rec {
name = "kubernetes-charts";
src = ../charts;
buildCommand = ''
mkdir -p $out/share/${name}
cp -r $src/* $out/share${name}
'';
};
show-kubernetes-charts-config = show-kubernetes-charts-config =
let let
ingressNodes = builtins.foldl' (a: x: ingressNodes = builtins.foldl' (a: x:
a + ", ${x}") "${cfg.k8s.master.name}" a + ", ${x}") "${cfg.k8s.master.name}"
cfg.k8s.extraIngressNodes; cfg.k8s.extraIngressNodes;
ingressReplicas = ingressReplicaCount =
builtins.toString (1 + builtins.length cfg.k8s.extraIngressNodes); builtins.toString (1 + builtins.length cfg.k8s.extraIngressNodes);
grafanaLdap = pkgs.writeText "grafana-ldap.toml"
cfg.k8s.charts.grafana_ldap_toml;
in in
pkgs.writeScriptBin "show-kubernetes-charts-config" pkgs.writeScriptBin "show-kubernetes-charts-config"
'' ''
@@ -54,42 +61,54 @@ let
cat << EOF cat << EOF
# Generated by show-kubernetes-charts-config # Generated by show-kubernetes-charts-config
# $(date) # $(date)
# Charts in ${kubernetes-charts}
vars=( vars=(
initca="${pki.initca}" initca="${pki.initca}"
apiserver="${cfg.k8s.master.name}" apiserver="${cfg.k8s.master.name}"
cluster="${cfg.clusterName}" cluster="${cfg.clusterName}"
ingress_nodes="[ ${ingressNodes} ]" ingress_nodes="[ ${ingressNodes} ]"
ingress_replicas="${ingressReplicas}" ingress_replica_count="${ingressReplicaCount}"
filseserver="${cfg.k8s.fileserver}" filseserver="${cfg.k8s.fileserver}"
acme_email="${cfg.k8s.charts.acme_email}" acme_email="${cfg.k8s.charts.acme_email}"
grafana_smtp_user="$(echo -n ${cfg.k8s.charts.grafana_smtp_user} | base64 -w0)" grafana_smtp_user="$(echo -n ${cfg.k8s.charts.grafana_smtp_user} | base64 -w0)"
grafana_smtp_password="$(echo -n ${cfg.k8s.charts.grafana_smtp_password} | base64 -w0)" grafana_smtp_password="$(echo -n ${cfg.k8s.charts.grafana_smtp_password} | base64 -w0)"
grafana_ldap_toml="$(cat ${grafanaLdap} | base64 -w0)"
) )
EOF EOF
cat << 'EOF' cat << 'EOF'
make_substitutions () { substitute_all () {
read x read x
for i in "''${vars[@]}"; do subs=("$@")
for i in "''${subs[@]}"; do
k=$(echo "$i" | cut -d= -f1) k=$(echo "$i" | cut -d= -f1)
v=$(echo "$i" | cut -d= -f2) v=$(echo "$i" | cut -d= -f2)
echo "$x" | sed "s/@$k@/$v/g" echo "$x" | sed "s/@$k@/$v/g"
done done
} }
substitute_defaults () {
substitute_all "''${vars[@]}"
}
kubectl_apply () { kubectl_apply () {
read x
namespace=$1; shift
kubectl get ns $namespace 2>&1 >/dev/null || kubectl create ns $namespace
cat $x | substitute_defaults | kubectl -n $namespace apply -f -
}
kubectl_apply_files () {
namespace=$1; shift
charts=("$@") charts=("$@")
for i in "''${charts[@]}"; do for i in "''${charts[@]}"; do
k=$(echo "$i" | cut -d= -f1) cat $i | kubectl_apply $namespace
v=$(echo "$i" | cut -d= -f2)
sed "s/@$k@/$v/g" $i | kubectl apply -f -
done done
} }
EOF EOF
''; '';
install-apitoken = '' install-apitoken = ''
#!${pkgs.bash}/bin/bash #!${pkgs.bash}/bin/bash
set -e set -e
@@ -162,6 +181,7 @@ let
pkgs.kubernetes-helm pkgs.kubernetes-helm
pkgs.kubectl pkgs.kubectl
cluster-scripts cluster-scripts
kubernetes-charts
show-kubernetes-charts-config show-kubernetes-charts-config
]; ];
@@ -280,11 +300,6 @@ in {
type = types.str; type = types.str;
default = ""; default = "";
}; };
grafana_ldap_toml = mkOption {
type = types.str;
default = "";
};
}; };
}; };