diff options
| author |   Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-02-07 21:06:58 +0100 |
|---|---|---|
| committer | Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-02-17 22:33:40 +0100 |
| commit | d74a65962b4ece0e89b0ef66912ce367a6187e15 (patch) | |
| tree | 868986b3ca626a6aae04f201aed4d07d8d7a4231 /kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service | |
| parent | 4eddfbdf9caabe3ce30937d78b1bfe8aad72f8f9 (diff) | |
[OOF] Use common secret template for mariadb credentials
Remove all hardcoded credentials for mariadb and depend on common
secret template to generate all passwords at the deployment time.
Issue-ID: OOM-2292
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I54e57b317a8852469bcc11aabf6ddf0040ff5eb3
Diffstat (limited to 'kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service')
3 files changed, 53 insertions, 25 deletions
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml index 385d61684f..b0afb6e285 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml @@ -35,7 +35,7 @@ spec: - /root/ready.py args: - --container-name - - {{ .Values.mariadb.nameOverride }} + - {{ .Values.config.db.container }} env: - name: NAMESPACE valueFrom: @@ -50,18 +50,15 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DB_HOST - value: {{ .Values.config.db_host }}.{{.Release.Namespace}} + value: {{ .Values.config.db.host }}.{{.Release.Namespace}} - name: DB_PORT - value: {{ .Values.config.db_port | quote}} + value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - value: {{ .Values.config.db_root }} + value: {{ .Values.config.db.root }} - name: DB_SCHEMA - value: {{ .Values.config.mysqlDatabase }} + value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-cmso-db-db-root-password - key: password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} terminationMessagePolicy: File volumeMounts: - name: {{ include "common.fullname" . }}-config @@ -98,18 +95,15 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DB_HOST - value: {{ .Values.config.db_host }}.{{.Release.Namespace}} + value: {{ .Values.config.db.host }}.{{.Release.Namespace}} - name: DB_PORT - value: {{ .Values.config.db_port | quote}} + value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - value: {{ .Values.config.db_user }} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}} - name: DB_SCHEMA - value: {{ .Values.config.mysqlDatabase }} + value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-cmso-db-db-user-credentials - key: password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}} - name: JAVA_TRUSTSTORE value: /share/etc/certs/{{ .Values.global.truststoreFile }} - name: SSL_KEYSTORE diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml new file mode 100644 index 0000000000..dee311c336 --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml index 85f6094615..345f03d4d3 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml @@ -37,6 +37,22 @@ dbinit: debugEnabled: false ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: cmso-db-root-password + type: password + password: '{{ .Values.config.db.rootPassword }}' + externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}' + policy: required + - uid: cmso-db-user-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.user }}' + password: '{{ .Values.config.db.password }}' + passwordPolicy: required + +################################################################# # Application configuration defaults. ################################################################# # default number of instances @@ -71,17 +87,20 @@ service: config: - db_root: root - db_user: cmso-admin - mysqlDatabase: cmso - db_host: oof-cmso-dbhost - db_port: 3306 + db: + port: 3306 + root: root +# rootPassword: pass +# rootPasswordExternalSecret: some secret +# user: cmso-admin +# password: pass +# userCredentialsExternalSecret: some-secret +# host: host +# container: container +# mysqlDatabase: cmso optimizer_host: oof-cmso-optimizer optimizer_port: 7997 -mariadb: - nameOverride: cmso-db - ingress: enabled: false |