From fedfa749669a7aa01fab4ed65e07e17e5aa4715a Mon Sep 17 00:00:00 2001 From: tamal Date: Sun, 11 Feb 2018 22:22:16 -0800 Subject: [PATCH] Use ${} form for onessl envsubst --- hack/deploy/admission.yaml | 2 +- hack/deploy/operator.yaml | 24 ++++++++++++------------ hack/deploy/rbac-list.yaml | 12 ++++++------ 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/hack/deploy/admission.yaml b/hack/deploy/admission.yaml index af597f999..213b70bcc 100644 --- a/hack/deploy/admission.yaml +++ b/hack/deploy/admission.yaml @@ -12,7 +12,7 @@ webhooks: namespace: default name: kubernetes path: /apis/admission.stash.appscode.com/v1alpha1/admissionreviews - caBundle: $KUBE_CA + caBundle: ${KUBE_CA} rules: - operations: - CREATE diff --git a/hack/deploy/operator.yaml b/hack/deploy/operator.yaml index b1d9de501..78363c148 100644 --- a/hack/deploy/operator.yaml +++ b/hack/deploy/operator.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1beta1 kind: Deployment metadata: name: stash-operator - namespace: $STASH_NAMESPACE + namespace: ${STASH_NAMESPACE} labels: app: stash initializers: @@ -19,20 +19,20 @@ spec: annotations: scheduler.alpha.kubernetes.io/critical-pod: '' spec: - serviceAccountName: $STASH_SERVICE_ACCOUNT - imagePullSecrets: [$STASH_IMAGE_PULL_SECRET] + serviceAccountName: ${STASH_SERVICE_ACCOUNT} + imagePullSecrets: [${STASH_IMAGE_PULL_SECRET}] containers: - name: operator args: - run - --v=3 - - --rbac=$STASH_ENABLE_RBAC - - --docker-registry=$STASH_DOCKER_REGISTRY + - --rbac=${STASH_ENABLE_RBAC} + - --docker-registry=${STASH_DOCKER_REGISTRY} - --secure-port=8443 - --audit-log-path=- - --tls-cert-file=/var/serving-cert/tls.crt - --tls-private-key-file=/var/serving-cert/tls.key - image: $STASH_DOCKER_REGISTRY/stash:0.7.0-alpha.0 + image: ${STASH_DOCKER_REGISTRY}/stash:0.7.0-alpha.0 ports: - containerPort: 8443 - containerPort: 56790 @@ -76,20 +76,20 @@ apiVersion: v1 kind: Secret metadata: name: stash-apiserver-cert - namespace: $STASH_NAMESPACE + namespace: ${STASH_NAMESPACE} labels: app: stash type: kubernetes.io/tls data: - tls.crt: $TLS_SERVING_CERT - tls.key: $TLS_SERVING_KEY + tls.crt: ${TLS_SERVING_CERT} + tls.key: ${TLS_SERVING_KEY} --- # to be able to expose TSB inside the cluster apiVersion: v1 kind: Service metadata: name: stash-operator - namespace: $STASH_NAMESPACE + namespace: ${STASH_NAMESPACE} labels: app: stash spec: @@ -114,11 +114,11 @@ metadata: labels: app: stash spec: - caBundle: $SERVICE_SERVING_CERT_CA + caBundle: ${SERVICE_SERVING_CERT_CA} group: admission.stash.appscode.com groupPriorityMinimum: 1000 versionPriority: 15 service: name: stash-operator - namespace: $STASH_NAMESPACE + namespace: ${STASH_NAMESPACE} version: v1alpha1 diff --git a/hack/deploy/rbac-list.yaml b/hack/deploy/rbac-list.yaml index 57301be5b..3784e3665 100644 --- a/hack/deploy/rbac-list.yaml +++ b/hack/deploy/rbac-list.yaml @@ -88,8 +88,8 @@ roleRef: name: stash-operator subjects: - kind: ServiceAccount - name: $STASH_SERVICE_ACCOUNT - namespace: $STASH_NAMESPACE + name: ${STASH_SERVICE_ACCOUNT} + namespace: ${STASH_NAMESPACE} # to read the config for terminating authentication apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding @@ -102,8 +102,8 @@ roleRef: name: extension-apiserver-authentication-reader subjects: - kind: ServiceAccount - name: $STASH_SERVICE_ACCOUNT - namespace: $STASH_NAMESPACE + name: ${STASH_SERVICE_ACCOUNT} + namespace: ${STASH_NAMESPACE} --- # to delegate authentication and authorization apiVersion: rbac.authorization.k8s.io/v1beta1 @@ -118,5 +118,5 @@ roleRef: name: system:auth-delegator subjects: - kind: ServiceAccount - name: $STASH_SERVICE_ACCOUNT - namespace: $STASH_NAMESPACE + name: ${STASH_SERVICE_ACCOUNT} + namespace: ${STASH_NAMESPACE}