aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
authorKrzysztof Opasiak <k.opasiak@samsung.com>2020-05-05 11:45:03 +0200
committerKrzysztof Opasiak <k.opasiak@samsung.com>2020-05-05 11:46:01 +0200
commitf2816a0fb6271197155bf7514ec16f39faaed0a2 (patch)
tree46ae2cf6c0d21d8c32693cbec93bb0e5311fe898 /kubernetes
parent35e942928f807e690da35ed438de832b0531a008 (diff)
[DCAEGEN2][dashboard] Use common secret template for postgres credentials
Even through we use common secret template both passwords are still hardcoded in common postgres chart but this will be removed as a final step just like we did for mariadb-galera. Issue-ID: OOM-2250 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ic8d8a53093ccdf5f91a26ce9ac2734fe36ccca4f
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml7
-rw-r--r--kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml16
-rw-r--r--kubernetes/dcaegen2/components/dcae-dashboard/values.yaml13
3 files changed, 29 insertions, 7 deletions
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
index a926fb396b..bab034469b 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
@@ -126,11 +126,11 @@ spec:
- name: consul_url
value: http://consul-server-ui:8500
- name: postgres_user_dashboard
- value: {{ .Values.postgres.config.pgUserName }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 14 }}
+ - name: postgres_password_dashboard
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 14 }}
- name: postgres_db_name
value: {{ .Values.postgres.config.pgDatabase }}
- - name: postgres_password_dashboard
- value: {{ .Values.postgres.config.pgUserPassword }}
- name: postgres_ip
value: {{ .Values.postgres.service.name2 }}
- name: POD_IP
@@ -169,4 +169,3 @@ spec:
name: tls-info
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml
new file mode 100644
index 0000000000..b143034d8f
--- /dev/null
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+# #
+# # Licensed under the Apache License, Version 2.0 (the "License");
+# # you may not use this file except in compliance with the License.
+# # You may obtain a copy of the License at
+# #
+# # http://www.apache.org/licenses/LICENSE-2.0
+# #
+# # Unless required by applicable law or agreed to in writing, software
+# # distributed under the License is distributed on an "AS IS" BASIS,
+# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# # See the License for the specific language governing permissions and
+# # limitations under the License.
+*/}}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
index fd7069450e..8e3f94dc64 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
@@ -27,6 +27,15 @@ global:
tlsRepository: nexus3.onap.org:10001
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+secrets:
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-dcae-dashboard-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "dcae-dashboard-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
+
config:
logstashServiceName: log-ls
logstashPort: 5044
@@ -81,10 +90,8 @@ postgres:
replica: dcae-dashboard-pg-replica
config:
pgUserName: dashboard_pg_admin
+ pgUserExternalSecret: *pgUserCredsSecretName
pgDatabase: dashboard_pg_db_common
- pgPrimaryPassword: onapdemodb
- pgUserPassword: onapdemodb
- pgRootPassword: onapdemodb
pgPort: "5432"
persistence:
mountSubPath: dcae-dashboard/data