diff options
| author |   Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-05-05 01:42:23 +0200 |
|---|---|---|
| committer | Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-05-05 01:49:17 +0200 |
| commit | 79677d38adfb3de5a35c00cdb710f6325a8719a9 (patch) | |
| tree | ed6cef0196afd98723941a94ba8c3b4767d86d3e /kubernetes/vnfsdk/values.yaml | |
| parent | 180578d41ed15c8e349faa943fa82bf41a145779 (diff) | |
[VNFSDK] Use common secret template for postgres credentials
Even through we use common secret template both passwords are still
hardcoded in common postgres chart but this will be removed as a final
step just like we did for mariadb-galera.
Issue-ID: OOM-2250
Change-Id: I4ca210c99c27fbfbf74a467d72a81b2e38d8d800
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Diffstat (limited to 'kubernetes/vnfsdk/values.yaml')
| -rw-r--r-- | kubernetes/vnfsdk/values.yaml | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml index 96cacfbf82..9d1fbea65a 100644 --- a/kubernetes/vnfsdk/values.yaml +++ b/kubernetes/vnfsdk/values.yaml @@ -22,6 +22,22 @@ global: readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + envsubstImage: dibi/envsubst + +secrets: + - uid: pg-root-pass + name: &pgRootPassSecretName '{{ include "common.release" . }}-vnfsdk-pg-root-pass' + type: password + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "vnfsdk-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}' + password: '{{ .Values.postgres.config.pgRootpassword }}' + policy: generate + - uid: pg-user-creds + name: &pgUserCredsSecretName '{{ include "common.release" . }}-vnfsdk-pg-user-creds' + type: basicAuth + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "vnfsdk-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' + login: '{{ .Values.postgres.config.pgUserName }}' + password: '{{ .Values.postgres.config.pgUserPassword }}' + passwordPolicy: generate ################################################################# # Application configuration defaults. @@ -50,9 +66,8 @@ postgres: config: pgUserName: postgres pgDatabase: postgres - pgPrimaryPassword: postgres - pgUserPassword: postgres - pgRootPassword: postgres + pgUserExternalSecret: *pgUserCredsSecretName + pgRootPasswordExternalSecret: *pgRootPassSecretName # flag to enable debugging - application support required debugEnabled: false |