[VNFSDK] Use common secret template for postgres credentials

Even through we use common secret template both passwords are still hardcoded in common postgres chart but this will be removed as a final step just like we did for mariadb-galera. Issue-ID: OOM-2250 Change-Id: I4ca210c99c27fbfbf74a467d72a81b2e38d8d800 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> (cherry picked from commit 79677d38adfb3de5a35c00cdb710f6325a8719a9)
author: Krzysztof Opasiak <k.opasiak@samsung.com> 2020-05-05 01:42:23 +0200
committer: Krzysztof Opasiak <k.opasiak@samsung.com> 2020-05-08 17:09:55 +0000
commit: f427199dd4e058b0fb023aa62a97f1b9e1d20ab5 (patch)
tree: b29c3d49b94bb7f11269d9f7d747b2ded5db1ae1 /kubernetes/vnfsdk/values.yaml
parent: 942e8f8450f06dc2f20d6c3b5dc28a62ef524770 (diff)
1 files changed, 18 insertions, 3 deletions
diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml
index 28dea47cfc..82bef2d4eb 100644
--- a/kubernetes/vnfsdk/values.yaml
+++ b/kubernetes/vnfsdk/values.yaml
@@ -22,6 +22,22 @@ global:
   readinessImage: readiness-check:2.0.0
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
+  envsubstImage: dibi/envsubst
+
+secrets:
+  - uid: pg-root-pass
+    name: &pgRootPassSecretName '{{ include "common.release" . }}-vnfsdk-pg-root-pass'
+    type: password
+    externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "vnfsdk-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+    password: '{{ .Values.postgres.config.pgRootpassword }}'
+    policy: generate
+  - uid: pg-user-creds
+    name: &pgUserCredsSecretName '{{ include "common.release" . }}-vnfsdk-pg-user-creds'
+    type: basicAuth
+    externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "vnfsdk-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+    login: '{{ .Values.postgres.config.pgUserName }}'
+    password: '{{ .Values.postgres.config.pgUserPassword }}'
+    passwordPolicy: generate
 
 #################################################################
 # Application configuration defaults.
@@ -50,9 +66,8 @@ postgres:
   config:
     pgUserName: postgres
     pgDatabase: postgres
-    pgPrimaryPassword: postgres
-    pgUserPassword: postgres
-    pgRootPassword: postgres
+    pgUserExternalSecret: *pgUserCredsSecretName
+    pgRootPasswordExternalSecret: *pgRootPassSecretName
 
 # flag to enable debugging - application support required
 debugEnabled: false
author	Krzysztof Opasiak <k.opasiak@samsung.com>	2020-05-05 01:42:23 +0200
committer	Krzysztof Opasiak <k.opasiak@samsung.com>	2020-05-08 17:09:55 +0000
commit	f427199dd4e058b0fb023aa62a97f1b9e1d20ab5 (patch)
tree	b29c3d49b94bb7f11269d9f7d747b2ded5db1ae1 /kubernetes/vnfsdk/values.yaml
parent	942e8f8450f06dc2f20d6c3b5dc28a62ef524770 (diff)