diff options
author | Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-03-26 23:59:36 +0100 |
---|---|---|
committer | Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-03-26 23:59:36 +0100 |
commit | 68b1c92d437c3bd568f9c5c34efcc46295574ece (patch) | |
tree | 3c3f31120f46dc8061d4bfd72e302043ad3b452f | |
parent | 87a8e38f930e02e2ea6c37ff9bf5642245c4d88c (diff) |
[POLICY] Use common secret template in drools
Use common secret template in drools module instead of putting db
credentials in a single secret file to allow usage of external secret
mechanism.
For now db creds are hardcoded but will be remove in further commits.
Issue-ID: OOM-2342
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I377b71d76b0b37e919ea841586bb6d5c22107952
4 files changed, 17 insertions, 3 deletions
diff --git a/kubernetes/policy/charts/drools/resources/secrets/credentials.conf b/kubernetes/policy/charts/drools/resources/secrets/credentials.conf index 57269c18af..ee2acc40f2 100644 --- a/kubernetes/policy/charts/drools/resources/secrets/credentials.conf +++ b/kubernetes/policy/charts/drools/resources/secrets/credentials.conf @@ -25,9 +25,6 @@ TELEMETRY_PASSWORD={{.Values.telemetry.password}} REPOSITORY_USERNAME={{.Values.nexus.user}} REPOSITORY_PASSWORD={{.Values.nexus.password}} -SQL_USER={{.Values.db.user}} -SQL_PASSWORD={{.Values.db.password}} - PDPD_CONFIGURATION_API_KEY={{.Values.dmaap.brmsgw.key}} PDPD_CONFIGURATION_API_SECRET={{.Values.dmaap.brmsgw.secret}} diff --git a/kubernetes/policy/charts/drools/templates/secrets.yaml b/kubernetes/policy/charts/drools/templates/secrets.yaml index 47e0b8cfb0..7fb84b5ddc 100644 --- a/kubernetes/policy/charts/drools/templates/secrets.yaml +++ b/kubernetes/policy/charts/drools/templates/secrets.yaml @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +{{ include "common.secret" . }} +--- apiVersion: v1 kind: Secret metadata: diff --git a/kubernetes/policy/charts/drools/templates/statefulset.yaml b/kubernetes/policy/charts/drools/templates/statefulset.yaml index 047a77afef..e2463aa2c2 100644 --- a/kubernetes/policy/charts/drools/templates/statefulset.yaml +++ b/kubernetes/policy/charts/drools/templates/statefulset.yaml @@ -74,6 +74,10 @@ spec: env: - name: REPLICAS value: "{{ .Values.replicaCount }}" + - name: SQL_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: SQL_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/charts/drools/values.yaml index fbb4211920..eae24e0b85 100644 --- a/kubernetes/policy/charts/drools/values.yaml +++ b/kubernetes/policy/charts/drools/values.yaml @@ -25,6 +25,17 @@ global: ubuntuImage: ubuntu:16.04 ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + passwordPolicy: required + +################################################################# # Application configuration defaults. ################################################################# # application image |