aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKrzysztof Opasiak <k.opasiak@samsung.com>2020-02-20 20:26:55 +0100
committerKrzysztof Opasiak <k.opasiak@samsung.com>2020-02-20 20:34:21 +0100
commit87e7812fbbde45990ceda3a9e6c72e7b5bd8822c (patch)
treec2494b927e6867caf11170b69affff83d3889b9e
parent62cb98b8def94cd365d2f19b5daac596e546f5bb (diff)
[SDNC] Use common secret template in ueb listener
Whole SDNC strongly depends on the assumption that it is using a common mariadb-galera instance and that root password is secret password. Also user and password to sdnc DB is hardcoded. Let's start working on removing this assumption and component by component add support for local and shared mariadb instance without hardcoding any passwords to the database. In this patchAll passwords are still hardcoded in the helm chart to not break other parts of SDNC. Those values will be removed in a final patch. Issue-ID: OOM-2309 Change-Id: Ie998b3c5775807ef096074b18a18a1773120c1d6 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
-rw-r--r--kubernetes/sdnc/charts/ueb-listener/resources/config/dblib.properties12
-rw-r--r--kubernetes/sdnc/charts/ueb-listener/resources/config/ueb-listener.properties8
-rw-r--r--kubernetes/sdnc/charts/ueb-listener/templates/deployment.yaml33
-rw-r--r--kubernetes/sdnc/charts/ueb-listener/templates/secret.yaml15
-rw-r--r--kubernetes/sdnc/charts/ueb-listener/values.yaml60
5 files changed, 113 insertions, 15 deletions
diff --git a/kubernetes/sdnc/charts/ueb-listener/resources/config/dblib.properties b/kubernetes/sdnc/charts/ueb-listener/resources/config/dblib.properties
index fdc2218532..b4e69d36f5 100644
--- a/kubernetes/sdnc/charts/ueb-listener/resources/config/dblib.properties
+++ b/kubernetes/sdnc/charts/ueb-listener/resources/config/dblib.properties
@@ -2,8 +2,8 @@
# ============LICENSE_START=======================================================
# openECOMP : SDN-C
# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights
-# reserved.
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2020 Samsung Electrinics
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -23,11 +23,11 @@
org.onap.ccsdk.sli.dbtype=jdbc
org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}:{{.Values.config.mariadbGalera.internalPort}}/sdnctl
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password=gamma
+org.onap.ccsdk.sli.jdbc.database={{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD}
org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
org.onap.ccsdk.sli.jdbc.connection.timeout=50
org.onap.ccsdk.sli.jdbc.request.timeout=100
diff --git a/kubernetes/sdnc/charts/ueb-listener/resources/config/ueb-listener.properties b/kubernetes/sdnc/charts/ueb-listener/resources/config/ueb-listener.properties
index 86e51317f2..946773b18b 100644
--- a/kubernetes/sdnc/charts/ueb-listener/resources/config/ueb-listener.properties
+++ b/kubernetes/sdnc/charts/ueb-listener/resources/config/ueb-listener.properties
@@ -2,10 +2,10 @@ org.onap.ccsdk.sli.northbound.uebclient.asdc-address=sdc-be.{{.Release.Namespace
org.onap.ccsdk.sli.northbound.uebclient.consumer-group=sdc-OpenSource-Env1-sdnc-dockero
org.onap.ccsdk.sli.northbound.uebclient.consumer-id=sdc-COpenSource-Env11-sdnc-dockero
org.onap.ccsdk.sli.northbound.uebclient.environment-name=AUTO
-org.onap.ccsdk.sli.northbound.uebclient.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-org.onap.ccsdk.sli.northbound.uebclient.user=sdnc
-org.onap.ccsdk.sli.northbound.uebclient.sdnc-user=admin
-org.onap.ccsdk.sli.northbound.uebclient.sdnc-passwd={{.Values.config.odlPassword}}
+org.onap.ccsdk.sli.northbound.uebclient.password=${UEB_PASSWORD}
+org.onap.ccsdk.sli.northbound.uebclient.user=${UEB_USER}
+org.onap.ccsdk.sli.northbound.uebclient.sdnc-user=${ODL_USER}
+org.onap.ccsdk.sli.northbound.uebclient.sdnc-passwd=${ODL_PASSWORD}
org.onap.ccsdk.sli.northbound.uebclient.asdc-api-base-url=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations/
org.onap.ccsdk.sli.northbound.uebclient.asdc-api-namespace=org:onap:ccsdk
org.onap.ccsdk.sli.northbound.uebclient.spool.incoming=/opt/onap/sdnc/ueb-listener/spool/incoming
diff --git a/kubernetes/sdnc/charts/ueb-listener/templates/deployment.yaml b/kubernetes/sdnc/charts/ueb-listener/templates/deployment.yaml
index 154d36c411..da72e1e558 100644
--- a/kubernetes/sdnc/charts/ueb-listener/templates/deployment.yaml
+++ b/kubernetes/sdnc/charts/ueb-listener/templates/deployment.yaml
@@ -32,10 +32,36 @@ spec:
spec:
initContainers:
- command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SDNC_DB_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: UEB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ueb-creds" "key" "login") | indent 10 }}
+ - name: UEB_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ueb-creds" "key" "password") | indent 10 }}
+ - name: ODL_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
+ - name: ODL_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: properties
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+ - command:
- /root/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbGalera.chartName }}
+ - {{ include "common.mariadbService" . }}
- --container-name
- {{ .Values.config.sdncChartName }}
- --container-name
@@ -87,9 +113,12 @@ spec:
- name: localtime
hostPath:
path: /etc/localtime
- - name: properties
+ - name: config-input
configMap:
name: {{ include "common.fullname" . }}
defaultMode: 0644
+ - name: properties
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdnc/charts/ueb-listener/templates/secret.yaml b/kubernetes/sdnc/charts/ueb-listener/templates/secret.yaml
new file mode 100644
index 0000000000..dee311c336
--- /dev/null
+++ b/kubernetes/sdnc/charts/ueb-listener/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
diff --git a/kubernetes/sdnc/charts/ueb-listener/values.yaml b/kubernetes/sdnc/charts/ueb-listener/values.yaml
index b4b42fdbc5..03fbf52f9b 100644
--- a/kubernetes/sdnc/charts/ueb-listener/values.yaml
+++ b/kubernetes/sdnc/charts/ueb-listener/values.yaml
@@ -21,6 +21,41 @@ global:
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ # envsusbt
+ envsubstImage: dibi/envsubst
+ mariadbGalera:
+ #This flag allows SO to instantiate its own mariadb-galera cluster
+ #If shared instance is used, this chart assumes that DB already exists
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ name: '{{ include "common.release" . }}-sdnc-ueb-listener-db-secret'
+ type: basicAuth
+ # This is a nasty trick that allows you override this secret using external one
+ # with the same field that is used to pass this to subchart
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-ueb-listener-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ passwordPolicy: required
+ - uid: odl-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.odlCredsExternalSecret }}'
+ login: '{{ .Values.config.odlUser }}'
+ password: '{{ .Values.config.odlPassword }}'
+ passwordPolicy: required
+ - uid: ueb-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.odlCredsExternalSecret }}'
+ login: '{{ .Values.config.uebUser }}'
+ password: '{{ .Values.config.uebPassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
@@ -40,11 +75,30 @@ config:
sdcbeChartName: sdc-be
msgRouterContainerName: message-router
configDir: /opt/onap/sdnc/data/properties
+ uebUser: sdnc
+ uebPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ # uebCredsExternalSecret: some secret
+ odlUser: admin
odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
- mariadbGalera:
- chartName: mariadb-galera
- serviceName: mariadb-galera
+ # odlCredsExternalSecret: some secret
+
+mariadb-galera:
+ # '&mariadbConfig' means we "store" the values for later use in the file
+ # with '*mariadbConfig' pointer.
+ config:
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-sdnc-ueb-listener-db-secret'
+ userName: sdnctl
+ userPassword: gamma
+ mysqlDatabase: sdnctl
+ nameOverride: ueb-listener-galera
+ service:
+ name: ueb-listener-galera
+ portName: ueb-listener-galera
internalPort: 3306
+ replicaCount: 1
+ persistence:
+ enabled: true
+ mountSubPath: ueb-listener/maria/data
# default number of instances
replicaCount: 1