diff options
| author |   jhh <jorge.hernandez-herrero@att.com> | 2020-06-29 12:31:25 -0500 |
|---|---|---|
| committer | Jorge Hernandez <jorge.hernandez-herrero@att.com> | 2020-07-02 18:41:57 +0000 |
| commit | 0379af76b82b1bb92ccf03d79f3e0d3ccdb762d6 (patch) | |
| tree | 9dbad8829d15688c289e367a633d1df3f04ca26e /kubernetes/policy/charts/pap | |
| parent | b34e3c934d38900c2137b94d15835621aefcf113 (diff) | |
[POLICY] add env passwords to api/pap/xacml/dist
keystore and truststore passwords are now stored as
secrets to be accessed by environment variables.
Issue-ID: POLICY-2575
Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
Change-Id: I5831f5c7bc040d036c38c321b5cc87848e80ca48
Diffstat (limited to 'kubernetes/policy/charts/pap')
| -rw-r--r-- | kubernetes/policy/charts/pap/templates/deployment.yaml | 5 | ||||
| -rw-r--r-- | kubernetes/policy/charts/pap/values.yaml | 14 |
2 files changed, 19 insertions, 0 deletions
diff --git a/kubernetes/policy/charts/pap/templates/deployment.yaml b/kubernetes/policy/charts/pap/templates/deployment.yaml index 39ac8a81ec..6925d772d1 100644 --- a/kubernetes/policy/charts/pap/templates/deployment.yaml +++ b/kubernetes/policy/charts/pap/templates/deployment.yaml @@ -68,6 +68,11 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/opt/app/policy/pap/bin/policy-pap.sh"] args: ["/opt/app/policy/pap/etc/mounted/config.json"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger diff --git a/kubernetes/policy/charts/pap/values.yaml b/kubernetes/policy/charts/pap/values.yaml index dc7a58d804..47597f08c2 100644 --- a/kubernetes/policy/charts/pap/values.yaml +++ b/kubernetes/policy/charts/pap/values.yaml @@ -54,6 +54,17 @@ secrets: login: '{{ .Values.healthCheckRestClient.distribution.user }}' password: '{{ .Values.healthCheckRestClient.distribution.password }}' passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + ################################################################# # Application configuration defaults. @@ -81,6 +92,9 @@ healthCheckRestClient: distribution: user: healthcheck password: zb!XztG34 +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap # default number of instances replicaCount: 1 |