Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change way secrets are stored #675

Open
wants to merge 2,593 commits into
base: master
Choose a base branch
from
Open

Change way secrets are stored #675

wants to merge 2,593 commits into from

Conversation

thejsj
Copy link
Member

@thejsj thejsj commented May 19, 2017

We should treat our k8 files as compiled files, since we don't actually (http://blog.andrewray.me/dealing-with-compiled-files-in-git/). We should probably wait some time until we actually have more confidence in our compilation.

What this PR does

  • Moves /ansible/certs to /ansible/secrets/certs
  • Moves all domain certs (/ansible/*.com) to /ansible/secrets/domains
  • Create README explaining secrets directory

Ideas

  • Make certs a env dependent thing (currently we have one global certs directory)
  • Move secrets up one directory (keep outside of /ansible)
  • Make docker-client and certs environment dependent (Currently docker-client certs are shared)
  • Add a secrets directory to every environment which would have all the correct files

Dependencies

  • Create document in confluence explaining changes
  • Create 1Password entry for certs and domains

Tests

Test any modifications on one of our environments.

  • Run runanble-domain-proxy
  • Run content-domain-proxy
  • ...

Deployment (post-merge)

Ensure that all environments have the given changes.

  • deployed to gamma
  • deployed to delta

thejsj and others added 30 commits March 1, 2017 13:58
@thejsj
Add bucket region for web
e6450f4
@Myztiq
Merge pull request #606 from CodeNow/add-aws-region-to-fe
662dcd8 
Add bucket region for web
Updated deploy bucket for marketing.
945f255
Added marketing deploy keys
6bbbeaf
@Myztiq
Merge pull request #607 from CodeNow/updated-deploy-bucket
f821c8e 
Added ability to deploy to marketing again
@thejsj
Change region name
4708bc3
@thejsj
Merge pull request #609 from CodeNow/change-region-name
e9f6737 
Change region name
Added s3 log bucket to ansible
74e5df8
@Myztiq
Merge pull request #610 from CodeNow/SAN-5848-log-streaming
53142d6 
Added s3 log bucket to ansible
@thejsj
Remove loggly
3b1b007
@thejsj
Replace local registry with docker hub
392f95e
@thejsj
Make sure user is sudo
96d9044
@thejsj
Push images to docker hub. Not local registry
ffd27ad
@thejsj
Remove registry.runnable.com
be570dd
@thejsj
Dock should not be bound to any other enviroment. Remove commands tha…
eeca2c8 
…t require variables tied to environment
@thejsj
Remove docks-psad
e4db52b
@thejsj
Re add roles. Must be run with skip-tags in order to work
55f3ff6
@thejsj
Change node service config to tag. Skip tags if running dock
a7b1a87
@thejsj
Remove unused tag
e5f2fcb
@thejsj
Add primary functions for init
c41a0b5
@thejsj
Add vault tokens
425548c
@thejsj
Add tokens
8df4393
@thejsj
Add tag to ensure_registry
982098d
@thejsj
WIP
eeb98c7
@thejsj
Add build_and_squash
e6f6c84
@thejsj
Add stuff
396c655
@thejsj
Uncomment stuff
943e869
@thejsj
Fix vault port. Remove amazon-ssm-agent
9400c65
@anandkumarpatel
Remove psad from dock (#613)
b3e2942 
* remove psad from dock

* update charon, add tag for cert
@thejsj
Small fixes to role
58303f2
Myztiq and others added 28 commits May 16, 2017 14:57
Added keymaker configurations.
f9148e9
Removed installing of postgres client
b9b09b8
Added keymaker pg password for gamma
240c225
Created password for keymaker on delta
c01cc0f
Fixed var name
dbd504c
Added keymaker to localhost
ce39231
Fixed node version
68b98ba
@tosih
Merge pull request #665 from CodeNow/gamma-ingress-proxy-k8
303a39d 
Update gamma ingres proxy k8 configs.
Update k8 deployment for api delta/gamma.
fa57986
Removed unused postgres strings.
4c54ae7
Changed port.
0399481
@thejsj
Fix tagging of image builder
4e58cde
Added builder role back in so it publishes to quay.
a2d0363
@thejsj
Change way we deploy image-builder
7ccf31c
We don't need 4 replicas
6eb6cc4
@thejsj
Change host. Add comment
d0eda67
@Myztiq
Merge pull request #666 from CodeNow/SAN-6252-keymaker
1862b6c 
Added keymaker configurations.
@podviaznikov
update node version to the tested one
691eeb5
@thejsj
Add ability to add default dockerfile
0bddbc6
@thejsj
Merge branch 'fix-image-builder-push' of github.com:CodeNow/devops-sc…
4ee579e 
…ripts into fix-image-builder-push

* 'fix-image-builder-push' of github.com:CodeNow/devops-scripts:
  update node version to the tested one
@thejsj
Change role to just use build_with_dockerfile
b4abbc9
@anandkumarpatel
make vault public (#669)
a44b903 
* make vault public

* add vars for access
@thejsj
Remove unused vars
c580845
@thejsj
Merge branch 'master' into fix-image-builder-push
ba22cc4
@thejsj
Merge pull request #667 from CodeNow/fix-image-builder-push
4d37ce0 
Fix tagging of image builder
@thejsj
Change path of certs to secrets
2760dbe
@thejsj
Add README
70d7970
@thejsj
Change path for secrets for domains
8faca76
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
work in progress
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@thejsj @Myztiq @anandkumarpatel @Nathan219 @henrymollman @podviaznikov @damienrunnable @tosih