summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKrzysztof Opasiak <k.opasiak@samsung.com>2020-03-26 23:59:36 +0100
committerKrzysztof Opasiak <k.opasiak@samsung.com>2020-03-26 23:59:36 +0100
commit68b1c92d437c3bd568f9c5c34efcc46295574ece (patch)
tree3c3f31120f46dc8061d4bfd72e302043ad3b452f
parent87a8e38f930e02e2ea6c37ff9bf5642245c4d88c (diff)
[POLICY] Use common secret template in drools
Use common secret template in drools module instead of putting db credentials in a single secret file to allow usage of external secret mechanism. For now db creds are hardcoded but will be remove in further commits. Issue-ID: OOM-2342 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I377b71d76b0b37e919ea841586bb6d5c22107952
-rw-r--r--kubernetes/policy/charts/drools/resources/secrets/credentials.conf3
-rw-r--r--kubernetes/policy/charts/drools/templates/secrets.yaml2
-rw-r--r--kubernetes/policy/charts/drools/templates/statefulset.yaml4
-rw-r--r--kubernetes/policy/charts/drools/values.yaml11
4 files changed, 17 insertions, 3 deletions
diff --git a/kubernetes/policy/charts/drools/resources/secrets/credentials.conf b/kubernetes/policy/charts/drools/resources/secrets/credentials.conf
index 57269c18af..ee2acc40f2 100644
--- a/kubernetes/policy/charts/drools/resources/secrets/credentials.conf
+++ b/kubernetes/policy/charts/drools/resources/secrets/credentials.conf
@@ -25,9 +25,6 @@ TELEMETRY_PASSWORD={{.Values.telemetry.password}}
REPOSITORY_USERNAME={{.Values.nexus.user}}
REPOSITORY_PASSWORD={{.Values.nexus.password}}
-SQL_USER={{.Values.db.user}}
-SQL_PASSWORD={{.Values.db.password}}
-
PDPD_CONFIGURATION_API_KEY={{.Values.dmaap.brmsgw.key}}
PDPD_CONFIGURATION_API_SECRET={{.Values.dmaap.brmsgw.secret}}
diff --git a/kubernetes/policy/charts/drools/templates/secrets.yaml b/kubernetes/policy/charts/drools/templates/secrets.yaml
index 47e0b8cfb0..7fb84b5ddc 100644
--- a/kubernetes/policy/charts/drools/templates/secrets.yaml
+++ b/kubernetes/policy/charts/drools/templates/secrets.yaml
@@ -13,6 +13,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+{{ include "common.secret" . }}
+---
apiVersion: v1
kind: Secret
metadata:
diff --git a/kubernetes/policy/charts/drools/templates/statefulset.yaml b/kubernetes/policy/charts/drools/templates/statefulset.yaml
index 047a77afef..e2463aa2c2 100644
--- a/kubernetes/policy/charts/drools/templates/statefulset.yaml
+++ b/kubernetes/policy/charts/drools/templates/statefulset.yaml
@@ -74,6 +74,10 @@ spec:
env:
- name: REPLICAS
value: "{{ .Values.replicaCount }}"
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/charts/drools/values.yaml
index fbb4211920..eae24e0b85 100644
--- a/kubernetes/policy/charts/drools/values.yaml
+++ b/kubernetes/policy/charts/drools/values.yaml
@@ -25,6 +25,17 @@ global:
ubuntuImage: ubuntu:16.04
#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+
+#################################################################
# Application configuration defaults.
#################################################################
# application image