summaryrefslogtreecommitdiffstats
path: root/kubernetes/common/postgres
diff options
context:
space:
mode:
authorKrzysztof Opasiak <k.opasiak@samsung.com>2020-02-04 21:16:50 +0100
committerKrzysztof Opasiak <k.opasiak@samsung.com>2020-02-07 17:11:24 +0100
commitf1f945b51303ad1ace8c2268b0a0f39bcb549d0b (patch)
tree5ca0c9c8f97379a01b97af6b6a703ef11ddcef37 /kubernetes/common/postgres
parentac651828821791f9475d997e1f55658b3662c184 (diff)
[COMMON] Use common secret template in postgres
Use common secret template for storing DB credentials Issue-ID: OOM-2250 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ic640bba21a368cf3dd7d3a712abd13907b86a217
Diffstat (limited to 'kubernetes/common/postgres')
-rw-r--r--kubernetes/common/postgres/templates/_deployment.tpl17
-rw-r--r--kubernetes/common/postgres/templates/secrets.yaml17
-rw-r--r--kubernetes/common/postgres/values.yaml18
3 files changed, 23 insertions, 29 deletions
diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl
index 9766cb3fca..3777c1b2e4 100644
--- a/kubernetes/common/postgres/templates/_deployment.tpl
+++ b/kubernetes/common/postgres/templates/_deployment.tpl
@@ -88,24 +88,15 @@ spec:
- name: PG_PRIMARY_PORT
value: "{{ $dot.Values.service.internalPort }}"
- name: PG_PRIMARY_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" $dot }}
- key: pg-primary-password
+ {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
- name: PG_USER
- value: "{{ $dot.Values.config.pgUserName }}"
+ {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
- name: PG_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" $dot }}
- key: pg-user-password
+ {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
- name: PG_DATABASE
value: "{{ $dot.Values.config.pgDatabase }}"
- name: PG_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" $dot }}
- key: pg-root-password
+ {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
volumeMounts:
- name: pool-hba-conf
mountPath: /pgconf/pool_hba.conf
diff --git a/kubernetes/common/postgres/templates/secrets.yaml b/kubernetes/common/postgres/templates/secrets.yaml
index db1bc5bb15..4c68015528 100644
--- a/kubernetes/common/postgres/templates/secrets.yaml
+++ b/kubernetes/common/postgres/templates/secrets.yaml
@@ -13,19 +13,4 @@
# # See the License for the specific language governing permissions and
# # limitations under the License.
*/}}
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- pg-primary-password: {{ .Values.config.pgPrimaryPassword | b64enc | quote }}
- pg-user-password: {{ .Values.config.pgUserPassword | b64enc | quote }}
- pg-root-password: {{ .Values.config.pgRootPassword | b64enc | quote }}
-
+{{ include "common.secret" . }}
diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml
index 3104ee79d2..9fc25b43c9 100644
--- a/kubernetes/common/postgres/values.yaml
+++ b/kubernetes/common/postgres/values.yaml
@@ -22,6 +22,24 @@ global:
readinessImage: readiness-check:2.0.0
#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: '{{ include "common.postgres.secret.rootPassUID" . }}'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.pgRootPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.pgRootPassword }}'
+ - uid: '{{ include "common.postgres.secret.userCredentialsUID" . }}'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.pgUserExternalSecret) . }}'
+ login: '{{ .Values.config.pgUserName }}'
+ password: '{{ .Values.config.pgUserPassword }}'
+ - uid: '{{ include "common.postgres.secret.primaryPasswordUID" . }}'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.pgPrimaryPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.pgPrimaryPassword }}'
+
+#################################################################
# Application configuration defaults.
#################################################################