Merge pull request #441 from MikeRayMSFT/CTP2-0

Ctp2 0

Author: MikeRayMSFT

samples/features/high availability/Kubernetes/sample-manifest-files/rotate-creds.yaml

@@ -0,0 +1,92 @@
+---
+apiVersion: v1
+
+kind: ServiceAccount
+
+metadata:
+  name: rotate-creds
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+
+kind: Role
+
+metadata:
+  name: rotate-creds
+
+rules:
+- resources: ["secrets"]
+  apiGroups: [""]
+  verbs: ["get", "update"]
+- resources: ["pods"]
+  apiGroups: [""]
+  verbs: ["list"]
+- resources: ["statefulsets"]
+  apiGroups: ["apps"]
+  verbs: ["get"]
+
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+
+kind: RoleBinding
+
+metadata:
+  name: rotate-creds
+  namespace: default
+
+roleRef:
+  name: rotate-creds
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+
+subjects:
+- name: rotate-creds
+  kind: ServiceAccount
+
+
+---
+apiVersion: batch/v1
+
+kind: Job
+
+metadata:
+  name: rotate-creds
+
+spec:
+  template:
+    metadata:
+      name: rotate-creds
+    spec:
+      serviceAccount: rotate-creds
+      restartPolicy: Never
+      containers:
+      - name: rotate-creds
+        image: mcr.microsoft.com/mssql/ha:vNext-CTP2.0-ubuntu
+        command: ["/mssql-server-k8s-rotate-creds"]
+        env:
+        - name: MSSQL_K8S_STATEFULSET_NAME
+          value: sql-0
+        - name: MSSQL_ROTATE_CERT
+          value: "True"
+        - name: MSSQL_K8S_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: MSSQL_K8S_MASTER_KEY_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: new-sql-secrets
+              key: masterkeypassword
+        - name: MSSQL_K8S_SA_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: sql-secrets
+              key: sapassword
+        - name: MSSQL_K8S_NEW_SA_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: new-sql-secrets
+              key: sapassword
+        
+