summaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
authorBruno Sakoto <bruno.sakoto@bell.ca>2021-03-08 17:59:44 -0500
committerKrzysztof Opasiak <k.opasiak@samsung.com>2021-03-24 15:47:12 +0000
commitc27240ba03334c57a012b9b4f535cecdde602526 (patch)
tree455139b2db782573aad30f8ed0c0fecdd5699291 /kubernetes
parentd8e1c6c974e5df6a7b34e1fa04b64f40d8bbcbab (diff)
[CPS] Add credentials for service basic auth
Set environment variables for basic authentication to cps service. Username and password are provided from values file. If the password is not provided, it is generated from master password at deployment time. Issue-ID: CPS-175 Signed-off-by: Bruno Sakoto <bruno.sakoto@bell.ca> Change-Id: Icc2744b851cfd4288a3951f791f2bd284f4ad3ca
Diffstat (limited to 'kubernetes')
-rwxr-xr-xkubernetes/cps/templates/deployment.yaml7
-rwxr-xr-xkubernetes/cps/values.yaml23
2 files changed, 24 insertions, 6 deletions
diff --git a/kubernetes/cps/templates/deployment.yaml b/kubernetes/cps/templates/deployment.yaml
index 4f87d206a7..59062cc0f8 100755
--- a/kubernetes/cps/templates/deployment.yaml
+++ b/kubernetes/cps/templates/deployment.yaml
@@ -1,6 +1,6 @@
{{/*
# Copyright (C) 2021 Pantheon.tech, Orange
-# Modifications Copyright (C) 2020 Bell Canada. All rights reserved.
+# Modifications Copyright (C) 2021 Bell Canada.
# Modifications Copyright (C) 2021 Nordix Foundation. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -70,6 +70,11 @@ spec:
path: {{ .Values.readiness.path }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: CPS_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }}
+ - name: CPS_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }}
resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }}
diff --git a/kubernetes/cps/values.yaml b/kubernetes/cps/values.yaml
index 2c28231490..77ebb09dd9 100755
--- a/kubernetes/cps/values.yaml
+++ b/kubernetes/cps/values.yaml
@@ -1,4 +1,4 @@
-# Copyright (C) 2021 Pantheon.tech, Orange
+# Copyright (C) 2021 Pantheon.tech, Orange, Bell Canada.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -29,6 +29,12 @@ secrets:
login: '{{ .Values.postgres.config.pgUserName }}'
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
+ - uid: app-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}'
+ login: '{{ .Values.config.appUserName }}'
+ password: '{{ .Values.config.appUserPassword }}'
+ passwordPolicy: generate
#################################################################
# Global configuration defaults.
@@ -44,10 +50,6 @@ global:
image: onap/cps-and-nf-proxy:1.0.0
containerPort: &svc_port 8080
-config:
- # Set it for pre loading xnfdata, else set to null
- liquibaseLabels: xnf-data-preload
-
service:
type: ClusterIP
name: cps
@@ -117,9 +119,20 @@ securityContext:
#################################################################
# Application configuration defaults.
#################################################################
+
+config:
+
+ # Set it for pre loading xnfdata, else set to null
+ liquibaseLabels: xnf-data-preload
+
+ # REST API basic authentication credentials (passsword is generated if not provided)
+ appUserName: cpsuser
+ #appUserPassword:
+
logging:
level: INFO
path: /tmp
+
#################################################################
# Postgres overriding defaults in the postgres
#################################################################