Bind secrets to vcsim for example

alexellis · alexellis · commit 7be7afddc264 · 2019-09-09T11:18:26.000+01:00
Updates examples to use projected secrets so that the basic-auth
password and vcenter secrets can be read from the same location.

Signed-off-by: Alex Ellis &lt;alexellis2@gmail.com&gt;
diff --git a/README.md b/README.md
@@ -44,16 +44,17 @@ Or use a secret and pass the name:
 ./vcenter-connector \
   -vc-user="" \
   -vc-pass="" \
-  -vc-user-secret-name=vcenter1-username \
-  -vc-password-secret-name=vcenter1-password
+  -vc-user-secret-name=vcenter-username \
+  -vc-password-secret-name=vcenter-password
 ```
 
 Use `kubectl` to create the secrets you need ahead of time in the namespace where you deploy the connector.
 
 ```sh
 kubectl create secret generic vcenter-secrets \
-  --from-literal vcenter1-username=admin \
-  --from-literal vcenter1-password=test1234
+  -n openfaas \
+  --from-literal vcenter-username=user \
+  --from-literal vcenter-password=pass
 ```
 
 Now mount your secret at `/var/openfaas/secrets/` in your Kubernetes Deployment YAML file.
diff --git a/contrib/vcsim/Dockerfile b/contrib/vcsim/Dockerfile
@@ -10,11 +10,11 @@ ENV GOPATH=/root/go/
 # Building using -mod=vendor, which will utilize the v
 RUN CGO_ENABLED=0 GOOS=linux go build -o vcsim/vcsim vcsim/main.go
 
-FROM alpine:3.8
+FROM alpine:3.9
 
 WORKDIR /root/
 
 EXPOSE 8989
-COPY --from=builder //root/go/src/github.com/vmware/govmomi/vcsim/vcsim .
+COPY --from=builder /root/go/src/github.com/vmware/govmomi/vcsim/vcsim .
 
 CMD ["./vcsim", "-httptest.serve", ":8989", "-tls=false"]
diff --git a/main.go b/main.go
@@ -43,15 +43,15 @@ func main() {
 	}
 
 	if len(vcUserSecret) > 0 {
-		val, err := sdk.ReadSecret("vc-secret-user")
+		val, err := sdk.ReadSecret(vcUserSecret)
 		if err != nil {
 			panic(err.Error())
 		}
 		vcUser = val
 	}
 
 	if len(vcPasswordSecret) > 0 {
-		val, err := sdk.ReadSecret("vc-secret-pass")
+		val, err := sdk.ReadSecret(vcPasswordSecret)
 		if err != nil {
 			panic(err.Error())
 		}
diff --git a/yaml/kubernetes/connector-dep.yml b/yaml/kubernetes/connector-dep.yml
@@ -1,10 +1,11 @@
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
+  name: vcenter-connector
+  namespace: openfaas
   labels:
     app: vcenter
     component: vcenter-connector
-  name: vcenter-connector
 spec:
   replicas: 1
   template:
@@ -15,20 +16,35 @@ spec:
     spec:
       containers:
       - name: vcenter
-        image: embano1/faas-vcconnector:0.4
+        image: openfaas/vcenter-connector:0.2.2-rc2
         command: ["./connector"]
-        args: ["-vcenter", "https://vcenter.ip", "-vc-user", "vcuser", "-vc-pass", "vcpass", "-insecure", "-gateway", "http://gateway.openfaas:8080"]
-      # if you do not have authentication enabled for OpenFaaS comment everything below out (incl. volumes)
+        args: ["-vcenter", "https://vcsim-server:8989", "-vc-user-secret-name", "vcenter-username", "-vc-pass-secret-name", "vcenter-password", "-insecure", "-gateway", "http://gateway.openfaas:8080"]
+        # To remove auth, remove the volumes and mounts.
         env:
           - name: basic_auth
             value: "true"
           - name: secret_mount_path
             value: "/var/secrets/"
         volumeMounts:
-            - name: gateway-basic-auth
+            - name: auth-secrets-projected
               readOnly: true
               mountPath: "/var/secrets/"
       volumes:
-      - name: gateway-basic-auth
-        secret:
-          secretName: gateway-basic-auth
+      - name: auth-secrets-projected
+        projected:
+            defaultMode: 420
+            sources:
+            - secret:
+                items:
+                  - key: basic-auth-user
+                    path: basic-auth-user
+                  - key: basic-auth-password
+                    path: basic-auth-password
+                name: basic-auth
+            - secret:
+                items:
+                  - key: vcenter-username
+                    path: vcenter-username
+                  - key: vcenter-password
+                    path: vcenter-password
+                name: vcenter-secrets
diff --git a/yaml/kubernetes/vcsim-server-dep.yml b/yaml/kubernetes/vcsim-server-dep.yml
@@ -1,11 +1,11 @@
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
+  name: vcsim-server
+  namespace: openfaas
   labels:
     app: vcsim
     component: vcsim-server
-  name: vcsim-server
-  namespace: openfaas
 spec:
   replicas: 1
   template:
diff --git a/yaml/kubernetes/vcsim-server-svc.yml b/yaml/kubernetes/vcsim-server-svc.yml
@@ -2,10 +2,10 @@ apiVersion: v1
 kind: Service
 metadata:
   name: vcsim
+  namespace: openfaas
   labels:
     app: vcsim
     component: vcsim-server
-  namespace: openfaas
 spec:
   ports:
   - port: 8989

Original file line number	Diff line number	Diff line change
`@@ -43,15 +43,15 @@ func main() {`
`43`	`43`	`}`
`44`	`44`
`45`	`45`	`if len(vcUserSecret) > 0 {`
`46`		`- val, err := sdk.ReadSecret("vc-secret-user")`
	`46`	`+ val, err := sdk.ReadSecret(vcUserSecret)`
`47`	`47`	`if err != nil {`
`48`	`48`	`panic(err.Error())`
`49`	`49`	`}`
`50`	`50`	`vcUser = val`
`51`	`51`	`}`
`52`	`52`
`53`	`53`	`if len(vcPasswordSecret) > 0 {`
`54`		`- val, err := sdk.ReadSecret("vc-secret-pass")`
	`54`	`+ val, err := sdk.ReadSecret(vcPasswordSecret)`
`55`	`55`	`if err != nil {`
`56`	`56`	`panic(err.Error())`
`57`	`57`	`}`