Feat: infoblox package option to use rancher secrets intead env variable for password

2018-03-29 18:01:21 +02:00 · 2018-03-29 18:01:21 +02:00 · 3d676df897
commit 3d676df897
parent 00c22f8563
4 changed files with 43 additions and 17 deletions
--- a/infra-templates/infoblox/1/README.md
+++ b/infra-templates/infoblox/1/README.md
@ -4,6 +4,13 @@ Rancher External DNS service powered by Infoblox DNS

 #### Usage

+##### Using Rancher Secrets for infloblox Password
+
+Optionally, you can use the Rancher Secrets to pass infloblox password instead of using environment variable.
+1. Run the Rancher Secrets service before deploying this provider stack.
+2. Create a secret named "infoblox-pass".
+3. Deploy this stack, emptying `Infoblox password` field.
+
 ##### Supported host labels

 `io.rancher.host.external_dns_ip`
--- a/infra-templates/infoblox/1/docker-compose.yml
+++ b/infra-templates/infoblox/1/docker-compose.yml
@ -1,16 +0,0 @@
-infoblox:
-  image: rancher/external-dns:v0.7.8
-  command: -provider=infoblox
-  expose:
-   - 1000
-  environment:
-    INFOBLOX_URL: ${INFOBLOX_URL}
-    INFOBLOX_USER_NAME: ${INFOBLOX_USER_NAME}
-    INFOBLOX_PASSWORD: ${INFOBLOX_PASSWORD}
-    ROOT_DOMAIN: ${ROOT_DOMAIN}
-    SSL_VERIFY: ${SSL_VERIFY}
-    USE_COOKIES: ${USE_COOKIES}
-    TTL: ${TTL}
-  labels:
-    io.rancher.container.create_agent: "true"
-    io.rancher.container.agent.role: "external-dns"
--- a/infra-templates/infoblox/1/docker-compose.yml.tpl
+++ b/infra-templates/infoblox/1/docker-compose.yml.tpl
@ -0,0 +1,35 @@
+version: '2'
+services:
+  infoblox:
+    image: rancher/external-dns:v0.7.8
+    expose:
+     - 1000
+    environment:
+      INFOBLOX_URL: ${INFOBLOX_URL}
+      INFOBLOX_USER_NAME: ${INFOBLOX_USER_NAME}
+      INFOBLOX_PASSWORD: ${INFOBLOX_PASSWORD}
+      INFOBLOX_SECRET: '/run/secrets/infoblox-pass'
+      ROOT_DOMAIN: ${ROOT_DOMAIN}
+      SSL_VERIFY: ${SSL_VERIFY}
+      USE_COOKIES: ${USE_COOKIES}
+      TTL: ${TTL}
+    labels:
+      io.rancher.container.create_agent: "true"
+      io.rancher.container.agent.role: "external-dns"
+{{- if ne .Values.INFOBLOX_PASSWORD ""}}
+    command: -provider=infoblox
+{{- else}}
+    entrypoint:
+      - bash
+      - -c
+      - 'INFOBLOX_PASSWORD=$$(cat $${INFOBLOX_SECRET}) /usr/bin/rancher-entrypoint.sh -provider=infoblox'
+    secrets:
+      - mode: '0444'
+        uid: '0'
+        gid: '0'
+        source: 'infoblox-pass'
+        target: ''
+secrets:
+  infoblox-pass:
+    external: 'true' 
+{{- end}}
--- a/infra-templates/infoblox/1/rancher-compose.yml
+++ b/infra-templates/infoblox/1/rancher-compose.yml
@ -19,7 +19,7 @@
      label: "Infoblox password"
      description: "Infoblox password for your Infoblox service"
      type: "password"
-      required: true
+      required: false
    - variable: "SSL_VERIFY"
      label: "Ssl verify"
      description: "Infoblox Ssl verify for your Infoblox service"