diff options
| author |   Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-04-01 22:33:58 +0200 |
|---|---|---|
| committer |   jhh <jorge.hernandez-herrero@att.com> | 2020-04-10 15:43:22 -0500 |
| commit | 98a79cc52d63ae1218aff2b0043fedf9536f235a (patch) | |
| tree | 949e0bd81fc7e7f58812c7d2ebc518086e1864d1 /kubernetes/policy/values.yaml | |
| parent | 9f66ecee20e4fde39ced729b856e68af1ab31bb6 (diff) | |
[POLICY] Use common secret template in whole policy module
All subcharts are ready so now we can remove hardcoded mariadb
credentials in policy module and depend on common secret chart to
generate them for us at the deployment time.
Issue-ID: OOM-2342
Change-Id: I84bfc30511312be0b2e614ddff4676f36d85619b
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
Diffstat (limited to 'kubernetes/policy/values.yaml')
| -rw-r--r-- | kubernetes/policy/values.yaml | 42 |
1 files changed, 37 insertions, 5 deletions
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 1ac00c760a..524fe9953d 100644 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -22,6 +22,7 @@ global: readinessImage: readiness-check:2.0.2 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + envsubstImage: dibi/envsubst ubuntuImage: ubuntu:16.04 pdp: nameOverride: pdp @@ -37,9 +38,6 @@ global: # '&mariadbConfig' means we "store" the values for later use in the file # with '*mariadbConfig' pointer. config: &mariadbConfig - userName: policy_user - userPassword: policy_user - mariadbRootPassword: secret mysqlDatabase: policyadmin service: &mariadbService name: policy-mariadb @@ -47,6 +45,24 @@ global: internalPort: 3306 ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-root-password + name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password' + type: password + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret"))}}' + password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword") }}' + policy: generate + - uid: db-secret + name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret' + type: basicAuth + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}' + login: '{{ index .Values "mariadb-galera" "config" "userName" }}' + password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}' + passwordPolicy: generate + +################################################################# # Application configuration defaults. ################################################################# # application image @@ -58,14 +74,26 @@ pullPolicy: Always subChartsOnly: enabled: true +db: &dbSecretsHook + credsExternalSecret: *dbSecretName + pap: nameOverride: pap + db: *dbSecretsHook pdp: nameOverride: pdp + db: *dbSecretsHook drools: nameOverride: drools -brmwgw: + db: *dbSecretsHook +brmsgw: nameOverride: brmsgw + db: *dbSecretsHook +policy-api: + db: *dbSecretsHook +policy-xacml-pdp: + db: *dbSecretsHook + nexus: nameOverride: nexus @@ -112,7 +140,11 @@ ingress: mariadb-galera: # mariadb-galera.config and global.mariadb.config must be equals - config: *mariadbConfig + config: + <<: *mariadbConfig + userName: policy_user + mariadbRootPasswordExternalSecret: *dbRootPassSecretName + userCredentialsExternalSecret: *dbSecretName nameOverride: policy-mariadb # mariadb-galera.service and global.mariadb.service must be equals service: *mariadbService |