aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/so
diff options
context:
space:
mode:
authorrope252 <gareth.roper@est.tech>2020-09-02 20:49:21 +0100
committerSylvain Desbureaux <sylvain.desbureaux@orange.com>2020-10-19 14:49:05 +0200
commit4d3f36808a67349915c98fe3e035f3b67ffcdda1 (patch)
treeb08e363080c5b97929108d2d466779aa2d812201 /kubernetes/so
parent378813a42e27b1bc7a5e469641b7e4c47ffad43e (diff)
[SO-ETSI-NFVO] Add SO DB and NFVO DB Credentials to NFVO NS LCM Pod for DB Communication
All of the credentials added have been accessed using the common secrets template. In order to avoid hardcoding passwords etc. I have added 2 jdbcUrl's for accessing the NFVO DB and the CamundaBPMN DB. These will be needed for code going into the SO codebase. This change should not have an effect on any other charts, as properties have only been added to ETSI NFVO Charts. Issue-ID: SO-3159 Change-Id: Ic6e0002ce64b872ac0c44fa1f124304c392e6a8b Signed-off-by: rope252 <gareth.roper@est.tech> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Diffstat (limited to 'kubernetes/so')
-rw-r--r--kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml16
-rw-r--r--kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml18
-rw-r--r--kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml19
-rwxr-xr-xkubernetes/so/values.yaml14
4 files changed, 61 insertions, 6 deletions
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml
index 64fd243a27..52f8276844 100644
--- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml
@@ -17,6 +17,22 @@ aai:
version: v19
endpoint: https://aai.{{ include "common.namespace" . }}:8443
spring:
+ datasource:
+ hikari:
+ camunda:
+ jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/camundabpmn
+ username: ${DB_USERNAME}
+ password: ${DB_PASSWORD}
+ driver-class-name: org.mariadb.jdbc.Driver
+ pool-name: bpmn-pool
+ registerMbeans: true
+ nfvo:
+ jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/nfvo
+ username: ${DB_ADMIN_USERNAME}
+ password: ${DB_ADMIN_PASSWORD}
+ driver-class-name: org.mariadb.jdbc.Driver
+ pool-name: nfvo-pool
+ registerMbeans: true
security:
usercredentials:
- username: ${ETSI_NFVO_USERNAME}
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml
index fbba76f13f..45668eda98 100644
--- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml
@@ -51,6 +51,24 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "login") | indent 14 }}
- name: ETSI_NFVO_PASSWORD_INPUT
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "password") | indent 14 }}
+ - name: DB_HOST
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-so-db-secrets
+ key: mariadb.readwrite.host
+ - name: DB_PORT
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-so-db-secrets
+ key: mariadb.readwrite.port
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 14 }}
+ - name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }}
{{ include "so.certificates.env" . | indent 12 | trim }}
envFrom:
- configMapRef:
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml
index 79a8276df4..6af61820db 100644
--- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml
@@ -40,6 +40,18 @@ secrets:
externalSecret: '{{ tpl (default "" .Values.etsi.nfvo.nslcm.credsExternalSecret) . }}'
login: '{{ .Values.etsi.nfvo.nslcm.username }}'
password: '{{ .Values.etsi.nfvo.nslcm.password }}'
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
@@ -50,6 +62,13 @@ pullPolicy: Always
aai:
auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
etsi:
nfvo:
nslcm:
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index 47c82c3d86..e834d86078 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -26,7 +26,7 @@ global:
mariadbGalera:
nameOverride: mariadb-galera
serviceName: mariadb-galera
- servicePort: "3306"
+ servicePort: '3306'
# mariadbRootPassword: secretpassword
# rootPasswordExternalSecret: some secret
#This flag allows SO to instantiate its own mariadb-galera cluster,
@@ -87,7 +87,7 @@ secrets:
passwordPolicy: required
annotations:
helm.sh/hook: pre-upgrade,pre-install
- helm.sh/hook-weight: "0"
+ helm.sh/hook-weight: '0'
helm.sh/hook-delete-policy: before-hook-creation
- uid: db-user-creds
name: &dbUserCredsSecretName '{{ include "common.release" . }}-so-db-user-creds'
@@ -103,7 +103,7 @@ secrets:
login: '{{ .Values.dbCreds.adminName }}'
password: '{{ .Values.dbCreds.adminPassword }}'
passwordPolicy: generate
- - uid: "so-onap-certs"
+ - uid: 'so-onap-certs'
name: &so-certs '{{ include "common.release" . }}-so-certs'
externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
type: generic
@@ -209,11 +209,11 @@ mariadb-galera:
ingress:
enabled: false
service:
- - baseaddr: "so.api"
- name: "so"
+ - baseaddr: 'so.api'
+ name: 'so'
port: 8080
config:
- ssl: "none"
+ ssl: 'none'
mso:
adapters:
@@ -248,6 +248,8 @@ so-catalog-db-adapter:
so-etsi-nfvo-ns-lcm:
enabled: true
+ db:
+ <<: *dbSecrets
so-monitoring:
enabled: true