summaryrefslogtreecommitdiffstats
path: root/kubernetes/portal/components/portal-widget/templates
diff options
context:
space:
mode:
authorSandeep Shah <sandeeplinux1068@gmail.com>2020-10-20 16:11:21 -0500
committerSylvain Desbureaux <sylvain.desbureaux@orange.com>2020-10-27 08:40:12 +0100
commit8f1acc0cf15e399da7c93350233ae0b0f2a74e8f (patch)
treed091907839543e5cf1b505a70e83d1bdca567d05 /kubernetes/portal/components/portal-widget/templates
parentb61ad49e3b97eadebccbf76bcebefa638ef10c05 (diff)
[PORTAL ] Non-root user DB access from WMS
Update portal-widget HELM charts to use non- root user access to the portal mariadb backend Issue-ID: OOM-2601 Signed-off-by: SandeepLinux <ss048t@att.com> Change-Id: I434ce85f1d0922d87fca35f692064a9b5e757954 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Diffstat (limited to 'kubernetes/portal/components/portal-widget/templates')
-rw-r--r--kubernetes/portal/components/portal-widget/templates/deployment.yaml37
-rw-r--r--kubernetes/portal/components/portal-widget/templates/secret.yaml17
2 files changed, 54 insertions, 0 deletions
diff --git a/kubernetes/portal/components/portal-widget/templates/deployment.yaml b/kubernetes/portal/components/portal-widget/templates/deployment.yaml
index 4640a43f73..44d7fc467e 100644
--- a/kubernetes/portal/components/portal-widget/templates/deployment.yaml
+++ b/kubernetes/portal/components/portal-widget/templates/deployment.yaml
@@ -49,6 +49,40 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-portal-widget-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ cd /config-input && \
+ for PFILE in `ls -1 *.*`
+ do
+ envsubst <${PFILE} >/config/${PFILE}
+ chmod 0755 /config/${PFILE}
+ done
+ env:
+ - name: PORTAL_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }}
+ - name: PORTAL_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }}
+ - name: WIDGET_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-widget" "key" "login") | indent 12 }}
+ - name: WIDGET_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-widget" "key" "password") | indent 12 }}
+ - name: ACC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-account" "key" "login") | indent 12 }}
+ - name: ACC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-account" "key" "password") | indent 12 }}
+ - name: JASYPT_ENC_KEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "jasypt-enc-key" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: properties-onapwidgetms-scrubbed
+ - mountPath: /config
+ name: properties-onapwidgetms
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -94,6 +128,9 @@ spec:
hostPath:
path: /etc/localtime
- name: properties-onapwidgetms
+ emptyDir:
+ medium: Memory
+ - name: properties-onapwidgetms-scrubbed
configMap:
name: {{ include "common.fullname" . }}-onapwidgetms
defaultMode: 0755
diff --git a/kubernetes/portal/components/portal-widget/templates/secret.yaml b/kubernetes/portal/components/portal-widget/templates/secret.yaml
new file mode 100644
index 0000000000..9a3f011e80
--- /dev/null
+++ b/kubernetes/portal/components/portal-widget/templates/secret.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}