aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDominik Mizyn <d.mizyn@samsung.com>2020-04-14 17:14:42 +0200
committerDominik Mizyn <d.mizyn@samsung.com>2020-04-22 19:49:31 +0200
commit1103810e20915d95f2b02be50a69fe32f23e6576 (patch)
tree299584721e79477d0c4ab8af1ff93fcc2f128144
parent0e3ce2bad52540956dfcef432de6b13207ef72b2 (diff)
[POLICY] Remove hardcoded credentials from policy-api
This patch remove hardcoded healthcheck credentials from policy-api. Issue-ID: OOM-2342 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com> Change-Id: Ifc12d78fc1f7f00dd1466c32553453f0273661a3
-rw-r--r--kubernetes/policy/charts/policy-api/resources/config/config.json4
-rw-r--r--kubernetes/policy/charts/policy-api/templates/deployment.yaml8
-rw-r--r--kubernetes/policy/charts/policy-api/values.yaml11
3 files changed, 18 insertions, 5 deletions
diff --git a/kubernetes/policy/charts/policy-api/resources/config/config.json b/kubernetes/policy/charts/policy-api/resources/config/config.json
index 2e46ccae96..fba7e6ce12 100644
--- a/kubernetes/policy/charts/policy-api/resources/config/config.json
+++ b/kubernetes/policy/charts/policy-api/resources/config/config.json
@@ -20,8 +20,8 @@
"restServerParameters":{
"host":"0.0.0.0",
"port":6969,
- "userName":"healthcheck",
- "password":"zb!XztG34",
+ "userName":"${RESTSERVER_USER}",
+ "password":"${RESTSERVER_PASSWORD}",
"https": true,
"aaf": false
},
diff --git a/kubernetes/policy/charts/policy-api/templates/deployment.yaml b/kubernetes/policy/charts/policy-api/templates/deployment.yaml
index 777cc4954d..e1f699eccf 100644
--- a/kubernetes/policy/charts/policy-api/templates/deployment.yaml
+++ b/kubernetes/policy/charts/policy-api/templates/deployment.yaml
@@ -39,9 +39,13 @@ spec:
- "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- name: SQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }}
- name: SQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }}
+ - name: RESTSERVER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 12 }}
+ - name: RESTSERVER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 12 }}
volumeMounts:
- mountPath: /config-input
name: apiconfig
diff --git a/kubernetes/policy/charts/policy-api/values.yaml b/kubernetes/policy/charts/policy-api/values.yaml
index 2e31f6b2ef..48eb689778 100644
--- a/kubernetes/policy/charts/policy-api/values.yaml
+++ b/kubernetes/policy/charts/policy-api/values.yaml
@@ -28,12 +28,18 @@ global:
# Secrets metaconfig
#################################################################
secrets:
- - uid: db-secret
+ - uid: db-creds
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
login: '{{ .Values.db.user }}'
password: '{{ .Values.db.password }}'
passwordPolicy: required
+ - uid: restserver-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ login: '{{ .Values.restServer.user }}'
+ password: '{{ .Values.restServer.password }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
@@ -50,6 +56,9 @@ debugEnabled: false
db:
user: policy_user
password: policy_user
+restServer:
+ user: healthcheck
+ password: zb!XztG34
# default number of instances
replicaCount: 1