Adding instructions and changes in the enable-ssl example

[mrbrandao]

Those changes improves and provide examples on how to use the examples/enable-ssl in OpenShift

• Changing the example secrets to a separated directory from enable-ssl/server* to enable-ssl/certs/tls*
  This allows user to mount their keys in a single directory without having to mount secrets on top configurations file in /opt/app-root/src e.g:

  oc set volume --add --type=secret --secret-name mysecret \
  --mount-path /opt/app-root/src/tls --default-mode 0640 dc/myapp

• Removing chmod command from the pre-start script
  Certs are better to be mounted in OpenShift with the proper permissions already set from the pod.spec.volumes.secret.defaultMode
• This also fix the fail bellow.
  When using the deployment in OpenShift without anyuid scc the following error was ocurring with:

  => sourcing /opt/app-root/src/postgresql-pre-start/enable_ssl.sh ...
  chmod: changing permissions of 'server.key': Operation not permitted

• Moved server.key and server.crt to the new certs directory
• Added a README instruction file

[Lupphes]

LGTM. I will extend the documentation with my notes when this PR is merged. @mrbrandao Do you have some minimal OpenShift configuration for your example that you could include?

[mrbrandao]

LGTM. I will extend the documentation with my notes when this PR is merged. @mrbrandao Do you have some minimal OpenShift configuration for your example that you could include?

Thanks @Lupphes , at the moment I'm not using any special config, everything as default running with restricted scc.

[fila43]

@mrbrandao thank you for your contribution. I will merge it as the tests passed.

[fila43]

[test-all]

[fila43]

[test-all]

[mrbrandao]

@fila43 @Lupphes, I see the TESTS="run_s2i_enable_ssl_test" is failing. I can fix with:

-# chmod og-rwx server.key
+chmod og-rwx certs/*.key

however this will fail in openshift :

    => sourcing /opt/app-root/src/postgresql-pre-start/enable_ssl.sh ...
    chmod: changing permissions of 'server.key': Operation not permitted

do you have any suggestion? Perhaps we can leave the pre-start script but try to skip it when using a oc new-app. Let me know your thougths.

Thank you

[mrbrandao]

I've updated with a fix to the run_s2i_enable_ssl_test also improved the README, by adding examples on how to use with restriced and anyuid scc.

With that we can leave the chmod in the pre-start script and pass the tests. Also added instructions on how to overwrite the pre-start scripts, so we can ran this as restricted scc in OpenShift.

Let me know if anything. Thanks again

[fila43]

[test-all]

[fila43]

[test-all]

[fila43]

There are weird test-case (Openshift 4) fails. Unfortunately, I am not an expert in this area. @phracek PTAL.

[phracek]

[test-all]

[fila43]

[test-all]

[fila43]

The majority of tests passed. Openshift 4 test failed due to connection issues: Error: Failed to download metadata for repo 'rhel-9-server-baseos-rpms': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried RHEL8 tests failed due to a broken test run_master_restart_test So I see it as LGTM and ready to merge.