diff options
author | Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-03-31 23:44:22 +0200 |
---|---|---|
committer | Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-04-03 23:43:07 +0200 |
commit | 09d1b315194e98f33fc26914c44b8c2173409b8c (patch) | |
tree | 59809813afc1481279538800576516a9af1632fc /kubernetes/policy/charts/policy-api/templates | |
parent | 075c02e1a0ba535e9b263de3a0f9ede479ff112f (diff) |
[POLICY] Use common secret template in policy-api
Use common secret template in policy-api module instead of hardcoding db
credentials in config map.
For now db creds are hardcoded but will be remove in further commits.
Issue-ID: OOM-2342
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I6219a06ef466e214756302974589fcc27fa0a4cd
Diffstat (limited to 'kubernetes/policy/charts/policy-api/templates')
-rw-r--r-- | kubernetes/policy/charts/policy-api/templates/deployment.yaml | 25 | ||||
-rw-r--r-- | kubernetes/policy/charts/policy-api/templates/secrets.yaml | 15 |
2 files changed, 39 insertions, 1 deletions
diff --git a/kubernetes/policy/charts/policy-api/templates/deployment.yaml b/kubernetes/policy/charts/policy-api/templates/deployment.yaml index 25e80d0ac3..777cc4954d 100644 --- a/kubernetes/policy/charts/policy-api/templates/deployment.yaml +++ b/kubernetes/policy/charts/policy-api/templates/deployment.yaml @@ -31,6 +31,26 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + + - command: + - sh + args: + - -c + - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: SQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: SQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + volumeMounts: + - mountPath: /config-input + name: apiconfig + - mountPath: /config + name: apiconfig-processed + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -58,7 +78,7 @@ spec: name: localtime readOnly: true - mountPath: /opt/app/policy/api/etc/mounted - name: apiconfig + name: apiconfig-processed resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -77,5 +97,8 @@ spec: configMap: name: {{ include "common.fullname" . }}-configmap defaultMode: 0755 + - name: apiconfig-processed + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/policy-api/templates/secrets.yaml b/kubernetes/policy/charts/policy-api/templates/secrets.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/policy/charts/policy-api/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} |