aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/common
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/common')
-rw-r--r--kubernetes/common/certInitializer/templates/_certInitializer.yaml22
-rw-r--r--kubernetes/common/mariadb-galera/values.yaml2
-rw-r--r--kubernetes/common/network-name-gen/templates/deployment.yaml11
-rw-r--r--kubernetes/common/network-name-gen/values.yaml11
-rw-r--r--kubernetes/common/postgres/values.yaml6
5 files changed, 33 insertions, 19 deletions
diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
index 0e0f339e11..7ac360b4eb 100644
--- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml
+++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
@@ -42,10 +42,10 @@
{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
{{- $initName := default "certInitializer" -}}
{{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}}
-{{- $subchartDot := mergeOverwrite (fromJson (toJson $dot)) (dict "Chart" (set (fromJson (toJson .Chart)) "Name" $initRoot.nameOverride) "Values" $initRoot) }}
+{{- $subchartDot := mergeOverwrite (deepCopy (omit $dot "Values")) (dict "Chart" (set (fromJson (toJson $dot.Chart)) "Name" $initRoot.nameOverride) "Values" (mergeOverwrite (deepCopy $initRoot) (dict "global" $dot.Values.global))) }}
- name: {{ include "common.name" $dot }}-aaf-readiness
- image: "{{ $dot.Values.global.readinessRepository }}/{{ $dot.Values.global.readinessImage }}"
- imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+ image: "{{ $subchartDot.Values.global.readinessRepository }}/{{ $subchartDot.Values.global.readinessImage }}"
+ imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
command:
- /root/ready.py
args:
@@ -62,8 +62,8 @@
apiVersion: v1
fieldPath: metadata.namespace
- name: {{ include "common.name" $dot }}-aaf-config
- image: {{ (default $dot.Values.repository $dot.Values.global.repository) }}/{{ $dot.Values.global.aafAgentImage }}
- imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+ image: {{ (default $subchartDot.Values.repository $subchartDot.Values.global.repository) }}/{{ $subchartDot.Values.global.aafAgentImage }}
+ imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
volumeMounts:
- mountPath: {{ $initRoot.mountPath }}
name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
@@ -124,20 +124,20 @@
{{- define "common.certInitializer._volumes" -}}
{{- $dot := default . .dot -}}
{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
-{{- $subchartDot := mergeOverwrite (fromJson (toJson $dot)) (dict "Chart" (set (fromJson (toJson .Chart)) "Name" $initRoot.nameOverride) "Values" $initRoot) }}
+{{- $subchartDot := mergeOverwrite (deepCopy (omit $dot "Values")) (dict "Chart" (set (fromJson (toJson $dot.Chart)) "Name" $initRoot.nameOverride) "Values" (mergeOverwrite (deepCopy $initRoot) (dict "global" $dot.Values.global))) }}
- name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
emptyDir:
medium: Memory
-{{- if $initRoot.aaf_add_config }}
-- name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
- configMap:
- name: {{ include "common.fullname" $subchartDot }}-add-config
- defaultMode: 0700
- name: aaf-agent-certs
configMap:
name: {{ include "common.fullname" $subchartDot }}-certs
defaultMode: 0700
+{{- if $initRoot.aaf_add_config }}
+- name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
+ configMap:
+ name: {{ include "common.fullname" $subchartDot }}-add-config
+ defaultMode: 0700
{{- end -}}
{{- end -}}
diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml
index 6decff2463..af08ea3d58 100644
--- a/kubernetes/common/mariadb-galera/values.yaml
+++ b/kubernetes/common/mariadb-galera/values.yaml
@@ -129,7 +129,7 @@ ingress:
## Configure MariaDB-Galera with a custom my.cnf file
## ref: https://mariadb.com/kb/en/mariadb/configuring-mariadb-with-mycnf/#example-of-configuration-file
##
-externalConfig: {}
+externalConfig: ""
# externalConfig: |-
# [mysqld]
# innodb_buffer_pool_size=2G
diff --git a/kubernetes/common/network-name-gen/templates/deployment.yaml b/kubernetes/common/network-name-gen/templates/deployment.yaml
index 3e9e849052..b9550c7666 100644
--- a/kubernetes/common/network-name-gen/templates/deployment.yaml
+++ b/kubernetes/common/network-name-gen/templates/deployment.yaml
@@ -57,6 +57,11 @@ spec:
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
+ command:
+ - bash
+ args:
+ - '-c'
+ - 'export POL_BASIC_AUTH=`echo -n $POL_BASIC_AUTH_USER:$POL_BASIC_AUTH_PASSWORD | base64`; /startService.sh'
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
@@ -70,8 +75,10 @@ spec:
value: jdbc:mysql://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
- name: POL_CLIENT_AUTH
value: "{{ .Values.config.polClientAuth }}"
- - name: POL_BASIC_AUTH
- value: "{{ .Values.config.polBasicAuth }}"
+ - name: POL_BASIC_AUTH_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pol-basic-auth-secret" "key" "login") | indent 10}}
+ - name: POL_BASIC_AUTH_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pol-basic-auth-secret" "key" "password") | indent 10}}
- name: POL_URL
value: "{{ .Values.config.polUrl }}"
- name: POL_ENV
diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml
index a9f2a5bbd4..81c596c6c9 100644
--- a/kubernetes/common/network-name-gen/values.yaml
+++ b/kubernetes/common/network-name-gen/values.yaml
@@ -49,6 +49,12 @@ secrets:
externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
login: '{{ .Values.config.db.userName }}'
password: '{{ .Values.config.db.userPassword }}'
+ - uid: pol-basic-auth-secret
+ name: '{{ include "common.release" . }}-pol-basic-auth-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.polBasicAuthSecret) . }}'
+ login: '{{ .Values.config.polBasicAuthUser }}'
+ password: '{{ .Values.config.polBasicAuthPassword }}'
# sub-chart config
mariadb-galera:
@@ -84,8 +90,9 @@ config:
# userCredentialsExternalSecret: some-secret
springProfile: live
polClientAuth: cHl0aG9uOnRlc3Q=
- polBasicAuth: dGVzdHBkcDphbHBoYTEyMw==
- polUrl: https://pdp:8081/pdp/api/getConfig
+ polBasicAuthUser: healthcheck
+ polBasicAuthPassword: zb!XztG34
+ polUrl: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision
polEnv: TEST
polReqId: xx
aaiCertPass: changeit
diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml
index 10f9405de6..a5a416329b 100644
--- a/kubernetes/common/postgres/values.yaml
+++ b/kubernetes/common/postgres/values.yaml
@@ -58,9 +58,9 @@ pullPolicy: Always
config:
pgUserName: testuser
pgDatabase: userdb
- pgPrimaryPassword: password
- pgUserPassword: password
- pgRootPassword: password
+ # pgPrimaryPassword: password
+ # pgUserPassword: password
+ # pgRootPassword: password
container:
name: