From cc23cdcacfbba4be31825884c5bd2a17a1eb2dbb Mon Sep 17 00:00:00 2001 From: Jan Dubois Date: Mon, 7 Dec 2020 15:20:52 -0800 Subject: [PATCH 1/2] fix: [gh#kubecf-1649] disable consumption of postgres bosh-link in credhub. This fix doesn't seem to work; most likely because quarks-operator doesn't implement the functionality: > Optional consumers may be specified as nil in the deployment manifest > to block consumption of any providers. See https://github.com/cloudfoundry-incubator/quarks-operator/issues/1259 We are going to keep this change because we expect this to be fixed in the operator eventually. --- chart/templates/_config.tpl | 1 + chart/templates/_credhub.tpl | 16 ++++++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 chart/templates/_credhub.tpl diff --git a/chart/templates/_config.tpl b/chart/templates/_config.tpl index de13108269..1e3c31c900 100644 --- a/chart/templates/_config.tpl +++ b/chart/templates/_config.tpl @@ -73,6 +73,7 @@ {{- include "_resources.update" . }} {{- include "_database.update" . }}{{/* database/_database.tpl */}} {{- include "_multicluster.update" . }} + {{- include "_credhub.update" . }} {{- range $condition, $message := $.Values.unsupported }} {{- if eq "true" (include "_config.condition" (list $ $condition)) }} diff --git a/chart/templates/_credhub.tpl b/chart/templates/_credhub.tpl new file mode 100644 index 0000000000..b65f561d8f --- /dev/null +++ b/chart/templates/_credhub.tpl @@ -0,0 +1,16 @@ +{{- /* +========================================================================================== +| _credhub.update $ ++----------------------------------------------------------------------------------------- +| kubecf credhub customization +| - disable consumption of `postgres` bosh-link. It is optional, and we do not +| wish to reconfigure credhub when autoscaler comes online or is switched off. +| I.e. autoscaler provides a postgres link, and we we wish to ignore it. +========================================================================================== +*/}} +{{- define "_credhub.update" }} +{{- $_ := include "_config.lookupManifest" (list $ "instance_groups/name=credhub/jobs/name=credhub") }} +{{- if $.kubecf.retval }} +{{- $_ := set $.kubecf.retval "consumes" (fromYaml "postgres: null") }} +{{- end }} +{{- end }} From 026ea33f719430bbafb7271b640dba275060d115 Mon Sep 17 00:00:00 2001 From: Jan Dubois Date: Mon, 7 Dec 2020 15:23:26 -0800 Subject: [PATCH 2/2] Remove postgres consumer annotation from credhub job This avoids connecting the link to the autoscaler database instance when that feature is enabled. This commit is expected to be reverted when quarks-operator includes support to disable optional link resolution via the deployment manifest (see previous commit). --- .../credhub/ig_resolver/patch_job_mf.sh | 21 +++++++++++++++++++ .../operations/instance_groups/credhub.yaml | 4 ++++ 2 files changed, 25 insertions(+) create mode 100644 bosh/releases/pre_render_scripts/credhub/credhub/ig_resolver/patch_job_mf.sh diff --git a/bosh/releases/pre_render_scripts/credhub/credhub/ig_resolver/patch_job_mf.sh b/bosh/releases/pre_render_scripts/credhub/credhub/ig_resolver/patch_job_mf.sh new file mode 100644 index 0000000000..0c47b5cd94 --- /dev/null +++ b/bosh/releases/pre_render_scripts/credhub/credhub/ig_resolver/patch_job_mf.sh @@ -0,0 +1,21 @@ +#!/usr/bin/env bash + +set -o errexit -o nounset + +release="credhub" +job="credhub" +job_mf="/var/vcap/all-releases/jobs-src/${release}/${job}/job.MF" +patch --verbose "${job_mf}" <<'EOT' +@@ -76,11 +76,6 @@ provides: + - credhub.data_storage.type + - credhub.data_storage.username + +-consumes: +-- name: postgres +- type: database +- optional: true +- + properties: + credhub.port: + description: "Listening port for the CredHub API" +EOT diff --git a/chart/assets/operations/instance_groups/credhub.yaml b/chart/assets/operations/instance_groups/credhub.yaml index 2e3e02b2b6..d3be1b641f 100644 --- a/chart/assets/operations/instance_groups/credhub.yaml +++ b/chart/assets/operations/instance_groups/credhub.yaml @@ -105,6 +105,10 @@ name: credhub_setup_client_secret type: password +{{- range $bytes := .Files.Glob "assets/operations/pre_render_scripts/credhub_*" }} +{{ $bytes | toString }} +{{- end }} + {{- else }} # Remove directly from the cf-deployment.yml YAML file.