summaryrefslogtreecommitdiffstats
path: root/kubernetes/portal/components/portal-sdk
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2020-10-02 15:48:42 +0000
committerGerrit Code Review <gerrit@onap.org>2020-10-02 15:48:42 +0000
commitcc77031bc750e16f0dd425a415e676b862518c79 (patch)
treeec1c502c1bffbae89b94343cfa2baabafc97a8ee /kubernetes/portal/components/portal-sdk
parent4c9bb49d34b8dbadadc4c99ca39e213241fed4cd (diff)
parentd6b989d947334a7da8acc36ae064d753db360f2c (diff)
Merge "[PORTAL] Non-root user for back-end database"
Diffstat (limited to 'kubernetes/portal/components/portal-sdk')
-rwxr-xr-xkubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties6
-rw-r--r--kubernetes/portal/components/portal-sdk/templates/deployment.yaml4
-rw-r--r--kubernetes/portal/components/portal-sdk/values.yaml10
3 files changed, 17 insertions, 3 deletions
diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
index 2a2ec59d5c..1faed41b85 100755
--- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
+++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
@@ -40,8 +40,8 @@ decryption_key = AGLDdG4D04BKm2IxIWEr8o==
db.driver = org.mariadb.jdbc.Driver
db.connectionURL = jdbc:mariadb://portal-db:3306/ecomp_sdk
-db.userName = root
-db.password = Aa123456
+db.userName =${PORTAL_DB_USER}
+db.password =${PORTAL_DB_PASSWORD}
db.min_pool_size = 5
db.max_pool_size = 10
hb.dialect = org.hibernate.dialect.MySQLDialect
@@ -90,4 +90,4 @@ remote_centralized_system_access = {{.Values.global.aafEnabled}}
ext_central_access_user_name = aaf_admin@people.osaaf.org
ext_central_access_password = demo123456!
ext_central_access_url = {{.Values.aafURL}}
-ext_central_access_user_domain = @people.osaaf.org \ No newline at end of file
+ext_central_access_user_domain = @people.osaaf.org
diff --git a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml
index f79098fade..fabefde9d3 100644
--- a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml
+++ b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml
@@ -61,6 +61,10 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }}
- name: CIPHER_ENC_KEY
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }}
+ - name: PORTAL_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }}
+ - name: PORTAL_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }}
volumeMounts:
- mountPath: /config-input
name: properties-onapportalsdk-scrubbed
diff --git a/kubernetes/portal/components/portal-sdk/values.yaml b/kubernetes/portal/components/portal-sdk/values.yaml
index c0f1b58c9a..4056b2aa7a 100644
--- a/kubernetes/portal/components/portal-sdk/values.yaml
+++ b/kubernetes/portal/components/portal-sdk/values.yaml
@@ -39,6 +39,12 @@ secrets:
login: '{{ .Values.cassandra.config.cassandraUsername }}'
password: '{{ .Values.cassandra.config.cassandraPassword }}'
passwordPolicy: required
+ - uid: portal-backend-db
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}'
+ login: '{{ .Values.mariadb.config.backendUserName }}'
+ password: '{{ .Values.mariadb.config.backendPassword }}'
+ passwordPolicy: required
- uid: cipher-enc-key
type: password
externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}'
@@ -115,6 +121,10 @@ service:
mariadb:
service:
name: portal-db
+ config:
+ # backendDbExternalSecret: some secret
+ backendUserName: portal
+ backendPassword: portal
widget:
service:
name: portal-widget