allow creation of pg-stac secrets from azure secret vault, refs #186 #187
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… key in the vault
…S secrets provider
…ovider configuration
…guration for Azure AKS
…ovider configuration
…ity annotation in deployment template
…figuration in deployment template
…re workload identity and secrets management
…ditional secret inclusion
…ironment variable configuration
…tgreSQL connection string format
…figmap.yaml for PGADMIN_URI initialization and PostgreSQL environment variables
…o ensure PGADMIN_URI is initialized correctly
…ialization in configmap.yaml
…figmap.yaml for PGADMIN_URI initialization and PostgreSQL environment variables
… and environment settings
pantierra
reviewed
Apr 8, 2025
…ts and environment variables for LOAD_FIXTURES and KEEP_ALIVE
…and update values.yaml to use a map for extraEnvVars
…cBootstrap settings and clean up values.yaml by removing unused envVars for raster and vector
…traEnvVars for environment variable management in job.yaml and values.yaml
…meMounts, and extraVolumes for improved secret management and volume handling
- Introduced a unified PostgreSQL configuration structure in values.yaml, replacing the old db configuration. - Added new helper functions for managing PostgreSQL environment variables and secrets based on the selected configuration type (postgrescluster, external-plaintext, external-secret). - Removed old database-related templates (ConfigMap, Deployment, PVC, Secrets, Service) that are no longer needed. - Updated the pgstacbootstrap job and configmap templates to align with the new PostgreSQL configuration. - Implemented validation for PostgreSQL settings to ensure required fields are set based on the selected type.
…ude DATABASE_URL for connection string
…he external secret (host, port, database) will override the corresponding values defined in external.host, external.port, and external.database.
Confirmed that the conditional blocks in deployment.yaml were already consolidated to eliminate redundancy. The file was already using a single include statement for PostgreSQL environment variables:
env:
{{- include "eoapi.postgresqlEnv" $ | nindent 12 }}
Removed the unused eoapi.mapLegacyPostgresql helper function from _helpers.tpl as it wasn't being referenced anywhere in the codebase.
…ructions and examples for server creation, database setup, firewall configuration, and Key Vault integration.
Contributor
|
need #215 to be merged and closed |
Contributor
|
@pantierra No more azure specific configuration |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Refs #186
Creates the
pgstac-secret-object reading from an Azure Secrets Vault.We may or may not want to include this in a main
eoapi-k8srelease, but it would definitely be helpful to have a helm chart with this to test our deploy.cc @geohacker @emmanuelmathot
[EDIT] Emmanuel 08/04/2025
postgrescluster.enabledis false