[SDNC] Use common secret template in sdnc-portal

Whole SDNC strongly depends on the assumption that it is using a common mariadb-galera instance and that root password is secret password. Also user and password to sdnc DB is hardcoded. Let's start working on removing this assumption and component by component add support for local and shared mariadb instance without hardcoding any passwords to the database. In this patch all passwords are still hardcoded in the helm chart to not break other parts of SDNC. Those values will be removed in a final patch. Issue-ID: OOM-2309 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I5ca369f43e8863f9ae3ec3f5d648740808a5e099
author: Krzysztof Opasiak <k.opasiak@samsung.com> 2020-02-22 02:12:02 +0100
committer: Krzysztof Opasiak <k.opasiak@samsung.com> 2020-02-24 22:04:33 +0100
commit: 71c809867dccfe45eddd9ae345d50b4956bafd6e (patch)
tree: 98341010f31c5775c01394dcae77d0bd0a5f8704 /kubernetes/sdnc/charts/sdnc-portal/values.yaml
parent: c16d2310224dc9c22bb9f1511b043d52435fe4e3 (diff)
1 files changed, 68 insertions, 5 deletions
diff --git a/kubernetes/sdnc/charts/sdnc-portal/values.yaml b/kubernetes/sdnc/charts/sdnc-portal/values.yaml
index 7ff000e8cb..fa38cf756a 100644
--- a/kubernetes/sdnc/charts/sdnc-portal/values.yaml
+++ b/kubernetes/sdnc/charts/sdnc-portal/values.yaml
@@ -21,6 +21,52 @@ global:
   readinessImage: readiness-check:2.0.2
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
+  # envsusbt
+  envsubstImage: dibi/envsubst
+
+  mariadbGalera:
+    #This flag allows SO to instantiate its own mariadb-galera cluster
+    #If shared instance is used, this chart assumes that DB already exists
+    localCluster: false
+    service: mariadb-galera
+    internalPort: 3306
+    nameOverride: mariadb-galera
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: db-root-password
+    type: password
+    externalSecret: '{{ .Values.global.mariadbGalera.localCluster | ternary (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride"))) (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}'
+    password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword" }}'
+    passwordPolicy: required
+  - uid: db-secret
+    name: &dbSecretName '{{ include "common.release" . }}-sdnc-portal-db-secret'
+    type: basicAuth
+    # This is a nasty trick that allows you override this secret using external one
+    # with the same field that is used to pass this to subchart
+    externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-portal-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+    login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+    password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+    passwordPolicy: required
+  - uid: odl-creds
+    type: basicAuth
+    externalSecret: '{{ .Values.config.odlCredsExternalSecret }}'
+    login: '{{ .Values.config.odlUser }}'
+    password: '{{ .Values.config.odlPassword }}'
+    passwordPolicy: required
+  - uid: fabric-db-creds
+    type: basicAuth
+    externalSecret: '{{ .Values.config.odlCredsExternalSecret }}'
+    login: '{{ .Values.config.dbFabricUser }}'
+    password: '{{ .Values.config.dbFabricPassword }}'
+    passwordPolicy: required
+  - uid: keystore-password
+    type: password
+    externalSecret: '{{ .Values.config.KeyStorePwdExternalSecret }}'
+    password: '{{ .Values.config.keystorePwd }}'
+    passwordPolicy: required
 
 #################################################################
 # Application configuration defaults.
@@ -29,17 +75,34 @@ global:
 repository: nexus3.onap.org:10001
 image: onap/admportal-sdnc-image:1.7.6
 config:
-  dbRootPassword: secretpassword
-  dbSdnctlPassword: gamma
+  dbFabricDB: mysql
+  dbFabricUser: admin
+  dbFabricPassword: admin
+  # dbFabricDBCredsExternalSecret: some secret
   sdncChartName: sdnc
   configDir: /opt/onap/sdnc/data/properties
   storesDir: /opt/onap/sdnc/data/stores
+  odlUser: admin
   odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+  # odlCredsExternalSecret: some secret
   keystorePwd: ff^G9D]yf&r}Ktum@BJ0YB?N
-  mariadbGalera:
-    chartName: mariadb-galera
-    serviceName: mariadb-galera
+  # keystorePwdExternalSecret: some secret
+
+mariadb-galera:
+  config:
+    userCredentialsExternalSecret: *dbSecretName
+    userName: sdnctl
+    userPassword: gamma
+    mysqlDatabase: sdnctl
+  nameOverride: sdnc-portal-galera
+  service:
+    name: sdnc-portal-galera
+    portName: sdnc-portal-galera
     internalPort: 3306
+  replicaCount: 1
+  persistence:
+    enabled: true
+    mountSubPath: sdnc-portal/maria/data
 
 # default number of instances
 replicaCount: 0
author	Krzysztof Opasiak <k.opasiak@samsung.com>	2020-02-22 02:12:02 +0100
committer	Krzysztof Opasiak <k.opasiak@samsung.com>	2020-02-24 22:04:33 +0100
commit	71c809867dccfe45eddd9ae345d50b4956bafd6e (patch)
tree	98341010f31c5775c01394dcae77d0bd0a5f8704 /kubernetes/sdnc/charts/sdnc-portal/values.yaml
parent	c16d2310224dc9c22bb9f1511b043d52435fe4e3 (diff)