Resolve "Move Postgres secrets into Kubernetes Secrets"
Move the PostgreSQL password to a secret, adding appropriate mounts and alterations to templates and documentation.
psql:
password:
secret: gitlab-postres
key: psql-password
Unicorn, Sidekiq, Migrations:
- Update
values.yaml
with changes, set default values as above. - Updated deployment to add an additional mount, and path
- Update ConfigMap's
database.yml.erb
to read the password from file (/etc/gitlab/gitlab-postgres/psql-password
)
Omnibus:
- Update
values.yaml
with changes, set default values as above. - Update deployment to add additional mount and path.
- Update ConfigMap to read password from file, and use Ruby's
Digest::MD5.hexdigest
to encode thesql_user_password
, removing the manual step!
Documentation:
- Updated
installation/secrets.md
with new secret creation - Updated
installation/configuration.md
to remove all references to PostgreSQL settings changes. - Updated
example-config.yaml
to reflect switch to secret
Closes #67 (closed)
Associated MR for Environments: https://gitlab.com/gitlab-com/environments/merge_requests/90
Edited by Jason Plum