summaryrefslogtreecommitdiffstats
path: root/kubernetes/policy/charts/policy-api/templates
diff options
context:
space:
mode:
authorKrzysztof Opasiak <k.opasiak@samsung.com>2020-03-31 23:44:22 +0200
committerKrzysztof Opasiak <k.opasiak@samsung.com>2020-04-03 23:43:07 +0200
commit09d1b315194e98f33fc26914c44b8c2173409b8c (patch)
tree59809813afc1481279538800576516a9af1632fc /kubernetes/policy/charts/policy-api/templates
parent075c02e1a0ba535e9b263de3a0f9ede479ff112f (diff)
[POLICY] Use common secret template in policy-api
Use common secret template in policy-api module instead of hardcoding db credentials in config map. For now db creds are hardcoded but will be remove in further commits. Issue-ID: OOM-2342 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I6219a06ef466e214756302974589fcc27fa0a4cd
Diffstat (limited to 'kubernetes/policy/charts/policy-api/templates')
-rw-r--r--kubernetes/policy/charts/policy-api/templates/deployment.yaml25
-rw-r--r--kubernetes/policy/charts/policy-api/templates/secrets.yaml15
2 files changed, 39 insertions, 1 deletions
diff --git a/kubernetes/policy/charts/policy-api/templates/deployment.yaml b/kubernetes/policy/charts/policy-api/templates/deployment.yaml
index 25e80d0ac3..777cc4954d 100644
--- a/kubernetes/policy/charts/policy-api/templates/deployment.yaml
+++ b/kubernetes/policy/charts/policy-api/templates/deployment.yaml
@@ -31,6 +31,26 @@ spec:
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+
+ - command:
+ - sh
+ args:
+ - -c
+ - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: apiconfig
+ - mountPath: /config
+ name: apiconfig-processed
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -58,7 +78,7 @@ spec:
name: localtime
readOnly: true
- mountPath: /opt/app/policy/api/etc/mounted
- name: apiconfig
+ name: apiconfig-processed
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -77,5 +97,8 @@ spec:
configMap:
name: {{ include "common.fullname" . }}-configmap
defaultMode: 0755
+ - name: apiconfig-processed
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/policy/charts/policy-api/templates/secrets.yaml b/kubernetes/policy/charts/policy-api/templates/secrets.yaml
new file mode 100644
index 0000000000..bd7eb8ea40
--- /dev/null
+++ b/kubernetes/policy/charts/policy-api/templates/secrets.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}