aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
authorKrzysztof Opasiak <k.opasiak@samsung.com>2020-02-07 22:54:20 +0100
committerKrzysztof Opasiak <k.opasiak@samsung.com>2020-02-28 17:57:08 +0000
commite55b4d5b6c817f28e34c08e30b8b01d3cd732a3e (patch)
tree324d18f38a89a4be917cafd75ef3e31136b18ee7 /kubernetes
parent45ba53a5c01c07f0b1eb91f61b607df04b090390 (diff)
[DMAAP] Don't hardcode mariadb-galera password
Let's use common secret template to generate user credentials for DMAAP data router DB DB and depend on mariadb-galera to generate secure enough root password. Issue-ID: OOM-2287 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I82d22a2db2dc9fba655f99f837be689f4a32a871
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties11
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml5
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml15
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/values.yaml20
4 files changed, 41 insertions, 10 deletions
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
index 34662ae9e3..b6723117a3 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
@@ -7,9 +7,9 @@
# * Licensed under the Apache License, Version 2.0 (the "License");
# * you may not use this file except in compliance with the License.
# * You may obtain a copy of the License at
-# *
+# *
# * http://www.apache.org/licenses/LICENSE-2.0
-# *
+# *
# * Unless required by applicable law or agreed to in writing, software
# * distributed under the License is distributed on an "AS IS" BASIS,
# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -40,9 +40,9 @@ org.onap.dmaap.datarouter.provserver.isaddressauthenabled = false
# Database access
org.onap.dmaap.datarouter.db.driver = org.mariadb.jdbc.Driver
-org.onap.dmaap.datarouter.db.url = jdbc:mariadb://{{.Values.config.dmaapDrDb.mariadbServiceName}}:{{.Values.config.dmaapDrDb.mariadbServicePort}}/datarouter
-org.onap.dmaap.datarouter.db.login = datarouter
-org.onap.dmaap.datarouter.db.password = datarouter
+org.onap.dmaap.datarouter.db.url = jdbc:mariadb://{{.Values.config.dmaapDrDb.mariadbServiceName}}:{{.Values.config.dmaapDrDb.mariadbServicePort}}/{{.Values.mariadb.config.mysqlDatabase}}
+org.onap.dmaap.datarouter.db.login = ${DB_USERNAME}
+org.onap.dmaap.datarouter.db.password = ${DB_PASSWORD}
# PROV - DEFAULT ENABLED TLS PROTOCOLS
org.onap.dmaap.datarouter.provserver.https.include.protocols = TLSv1.1|TLSv1.2
@@ -55,4 +55,3 @@ org.onap.dmaap.datarouter.provserver.aaf.sub.type = org.onap.dmaap-dr.su
org.onap.dmaap.datarouter.provserver.aaf.instance = legacy
org.onap.dmaap.datarouter.provserver.aaf.action.publish = publish
org.onap.dmaap.datarouter.provserver.aaf.action.subscribe = subscribe
-
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
index d6257bb96e..104fcdc54a 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
@@ -120,6 +120,11 @@ spec:
port: {{ .Values.config.dmaapDrProv.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }}
volumeMounts:
{{- if .Values.global.aafEnabled }}
- mountPath: {{ .Values.persistence.aafCredsPath }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml
new file mode 100644
index 0000000000..dee311c336
--- /dev/null
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
index 4dcd7c3319..6165568971 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
@@ -20,6 +20,17 @@ global:
loggingDirectory: /opt/app/datartr/logs
#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: dmaap-dr-db-user-secret
+ name: '{{ include "common.release" . }}-dmaap-dr-db-user-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.dmaapDrDb.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.dmaapDrDb.userName }}'
+ password: '{{ .Values.config.dmaapDrDb.userPassword }}'
+
+#################################################################
# Application configuration defaults.
#################################################################
# application image
@@ -88,6 +99,9 @@ config:
mariadbServiceName: dmaap-dr-db-svc
mariadbServicePort: 3306
mariadbContName: dmaap-dr-db
+ userName: datarouter
+# userPassword: password
+# userCredentialsExternalSecret: some secret
# mariadb-galera configuration
mariadb:
@@ -95,9 +109,7 @@ mariadb:
nameOverride: dmaap-dr-db
replicaCount: 2
config:
- mariadbRootPassword: datarouter
- userName: datarouter
- userPassword: datarouter
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-dmaap-dr-db-user-secret'
mysqlDatabase: datarouter
service:
name: dmaap-dr-db-svc
@@ -136,4 +148,4 @@ resources:
requests:
cpu: 1000m
memory: 2Gi
- unlimited: {} \ No newline at end of file
+ unlimited: {}