diff options
| author |   Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-04-01 22:33:58 +0200 |
|---|---|---|
| committer |   jhh <jorge.hernandez-herrero@att.com> | 2020-04-10 15:43:22 -0500 |
| commit | 98a79cc52d63ae1218aff2b0043fedf9536f235a (patch) | |
| tree | 949e0bd81fc7e7f58812c7d2ebc518086e1864d1 /kubernetes/policy/templates | |
| parent | 9f66ecee20e4fde39ced729b856e68af1ab31bb6 (diff) | |
[POLICY] Use common secret template in whole policy module
All subcharts are ready so now we can remove hardcoded mariadb
credentials in policy module and depend on common secret chart to
generate them for us at the deployment time.
Issue-ID: OOM-2342
Change-Id: I84bfc30511312be0b2e614ddff4676f36d85619b
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
Diffstat (limited to 'kubernetes/policy/templates')
| -rw-r--r-- | kubernetes/policy/templates/deployment.yaml | 23 | ||||
| -rw-r--r-- | kubernetes/policy/templates/job.yaml | 7 | ||||
| -rw-r--r-- | kubernetes/policy/templates/secrets.yaml | 15 |
3 files changed, 25 insertions, 20 deletions
diff --git a/kubernetes/policy/templates/deployment.yaml b/kubernetes/policy/templates/deployment.yaml index 8a0db8a699..7f96888ec8 100644 --- a/kubernetes/policy/templates/deployment.yaml +++ b/kubernetes/policy/templates/deployment.yaml @@ -33,6 +33,24 @@ spec: spec: initContainers: - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: JDBC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: JDBC_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: pe + - mountPath: /config + name: pe-processed + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + - command: - /root/ready.py args: - --container-name @@ -100,7 +118,7 @@ spec: name: pe-pap subPath: console.conf - mountPath: /tmp/policy-install/config/base.conf - name: pe + name: pe-processed subPath: base.conf - mountPath: /tmp/policy-install/do-start.sh name: pe-scripts @@ -157,5 +175,8 @@ spec: configMap: name: {{ include "common.fullname" . }}-pe-configmap defaultMode: 0755 + - name: pe-processed + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml index 81904143fa..f6a1ace3dc 100644 --- a/kubernetes/policy/templates/job.yaml +++ b/kubernetes/policy/templates/job.yaml @@ -57,14 +57,11 @@ spec: - /dbcmd-config/db.sh env: - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }}-secret - key: db-root-password + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 10 }} - name: MYSQL_HOST value: "{{ index .Values "mariadb-galera" "service" "name" }}" - name: MYSQL_USER - value: "{{ index .Values "mariadb-galera" "config" "userName" }}" + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: MYSQL_PORT value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}" restartPolicy: Never diff --git a/kubernetes/policy/templates/secrets.yaml b/kubernetes/policy/templates/secrets.yaml index 6b8bc41033..c1f98ba3cc 100644 --- a/kubernetes/policy/templates/secrets.yaml +++ b/kubernetes/policy/templates/secrets.yaml @@ -13,17 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-secret - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - db-user-password: {{ index .Values "mariadb-galera" "config" "userPassword" | b64enc | quote }} - db-root-password: {{ index .Values "mariadb-galera" "config" "mariadbRootPassword" | b64enc | quote }} +{{ include "common.secretFast" . }} |