summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKrzysztof Opasiak <k.opasiak@samsung.com>2020-05-05 11:36:30 +0200
committerKrzysztof Opasiak <k.opasiak@samsung.com>2020-05-05 12:08:27 +0200
commitbb48fc854a89ae8a9e4efc926df0930ae5a271d5 (patch)
treed7b91ab3bd2aff21063aebf9959f243a4b70c865
parent35e942928f807e690da35ed438de832b0531a008 (diff)
[DCAEGEN2] Use common secret template for postgres credentials
Even through we use common secret template both passwords are still hardcoded in common postgres chart but this will be removed as a final step just like we did for mariadb-galera. Issue-ID: OOM-2250 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I4b499e277bb084d7d1f2f2d9b72533a6532b751f
-rw-r--r--kubernetes/dcaegen2/components/dcae-inventory-api/resources/config/config.json4
-rw-r--r--kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml25
-rw-r--r--kubernetes/dcaegen2/components/dcae-inventory-api/templates/secret.yaml16
-rw-r--r--kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml25
4 files changed, 52 insertions, 18 deletions
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/resources/config/config.json b/kubernetes/dcaegen2/components/dcae-inventory-api/resources/config/config.json
index d9927314e1..4be8c195d2 100644
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/resources/config/config.json
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/resources/config/config.json
@@ -1,8 +1,8 @@
{
"database": {
"driverClass": "org.postgresql.Driver",
- "user": "{{ .Values.postgres.config.pgUserName }}",
- "password": "{{ .Values.postgres.config.pgUserPassword }}",
+ "user": "${PG_USER}",
+ "password": "${PG_PASSWORD}",
"url": "jdbc:postgresql://{{ .Values.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }}",
"properties": {
"charSet": "UTF-8"
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml
index 6769c00a2d..bf49157762 100644
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml
@@ -34,6 +34,25 @@ spec:
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: PG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }}
+ - name: PG_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: {{ include "common.fullname" . }}-inv-config-input
+ - mountPath: /config
+ name: {{ include "common.fullname" . }}-inv-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- name: {{ include "common.name" . }}-readiness
image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -135,11 +154,13 @@ spec:
defaultMode: 420
name: {{ include "common.fullname" . }}-filebeat-configmap
name: filebeat-conf
- - name: {{ include "common.fullname" . }}-inv-config
+ - name: {{ include "common.fullname" . }}-inv-config-input
configMap:
name: {{ include "common.fullname" . }}-configmap
+ - name: {{ include "common.fullname" . }}-inv-config
+ emptyDir:
+ medium: Memory
- emptyDir: {}
name: tls-info
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/secret.yaml
new file mode 100644
index 0000000000..b143034d8f
--- /dev/null
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/secret.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+# #
+# # Licensed under the Apache License, Version 2.0 (the "License");
+# # you may not use this file except in compliance with the License.
+# # You may obtain a copy of the License at
+# #
+# # http://www.apache.org/licenses/LICENSE-2.0
+# #
+# # Unless required by applicable law or agreed to in writing, software
+# # distributed under the License is distributed on an "AS IS" BASIS,
+# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# # See the License for the specific language governing permissions and
+# # limitations under the License.
+*/}}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
index 51af963343..a26ae5d196 100644
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
@@ -26,10 +26,20 @@ global:
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+ envsubstImage: dibi/envsubst
repositoryCred:
user: docker
password: docker
+secrets:
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-dcae-inventory-api-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "dcae-inventory-api-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
+
config:
logstashServiceName: log-ls
logstashPort: 5044
@@ -82,24 +92,11 @@ postgres:
replica: dcae-inv-pg-replica
config:
pgUserName: dcae_inv
+ pgUserExternalSecret: *pgUserCredsSecretName
pgDatabase: dcae_inventory
- pgPrimaryPassword: onapdemodb
- pgUserPassword: onapdemodb
- pgRootPassword: onapdemodb
persistence:
mountSubPath: dcae-inv/data
mountInitPath: dcae-inv
- pgpool:
- nameOverride: dcae-inv-pgpool
- service:
- name: dcae-inv-pgpool
- credentials:
- pgusername: ddcae_inv
- pgpassword: onapdemodb
- container:
- name:
- primary: dcae-inv-pgpool-primary
- replica: dcae-inv-pgpool-replica
# Resource Limit flavor -By Default using small
flavor: small