diff options
Diffstat (limited to 'kubernetes/policy')
12 files changed, 161 insertions, 29 deletions
diff --git a/kubernetes/policy/charts/pap/resources/config/config.json b/kubernetes/policy/charts/pap/resources/config/config.json index 544ecdfc32..5c02ce0f12 100644 --- a/kubernetes/policy/charts/pap/resources/config/config.json +++ b/kubernetes/policy/charts/pap/resources/config/config.json @@ -20,8 +20,8 @@ "restServerParameters":{ "host":"0.0.0.0", "port":6969, - "userName":"healthcheck", - "password":"zb!XztG34", + "userName":"${RESTSERVER_USER}", + "password":"${RESTSERVER_PASSWORD}", "https": true, "aaf": false }, @@ -69,8 +69,8 @@ "clientName": "api", "hostname": "policy-api", "port": 6969, - "userName": "healthcheck", - "password": "zb!XztG34", + "userName": "${API_USER}", + "password": "${API_PASSWORD}", "useHttps": true, "basePath": "policy/api/v1/healthcheck" }, @@ -78,8 +78,8 @@ "clientName": "distribution", "hostname": "policy-distribution", "port": 6969, - "userName": "healthcheck", - "password": "zb!XztG34", + "userName": "${DISTRIBUTION_USER}", + "password": "${DISTRIBUTION_PASSWORD}", "useHttps": true, "basePath": "healthcheck" }] diff --git a/kubernetes/policy/charts/pap/templates/deployment.yaml b/kubernetes/policy/charts/pap/templates/deployment.yaml index 85ca9c1486..39ac8a81ec 100644 --- a/kubernetes/policy/charts/pap/templates/deployment.yaml +++ b/kubernetes/policy/charts/pap/templates/deployment.yaml @@ -42,6 +42,18 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: SQL_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: RESTSERVER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} + - name: RESTSERVER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} + - name: API_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "login") | indent 10 }} + - name: API_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "password") | indent 10 }} + - name: DISTRIBUTION_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "login") | indent 10 }} + - name: DISTRIBUTION_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "password") | indent 10 }} volumeMounts: - mountPath: /config-input name: papconfig diff --git a/kubernetes/policy/charts/pap/values.yaml b/kubernetes/policy/charts/pap/values.yaml index ad7cf96306..ca0c84f3c9 100644 --- a/kubernetes/policy/charts/pap/values.yaml +++ b/kubernetes/policy/charts/pap/values.yaml @@ -34,6 +34,24 @@ secrets: login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required + - uid: restserver-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.user }}' + password: '{{ .Values.restServer.password }}' + passwordPolicy: required + - uid: api-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.api.credsExternalSecret) . }}' + login: '{{ .Values.healthCheckRestClient.api.user }}' + password: '{{ .Values.healthCheckRestClient.api.password }}' + passwordPolicy: required + - uid: distribution-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.distribution.credsExternalSecret) . }}' + login: '{{ .Values.healthCheckRestClient.distribution.user }}' + password: '{{ .Values.healthCheckRestClient.distribution.password }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -51,6 +69,16 @@ debugEnabled: false db: user: policy_user password: policy_user +restServer: + user: healthcheck + password: zb!XztG34 +healthCheckRestClient: + api: + user: healthcheck + password: zb!XztG34 + distribution: + user: healthcheck + password: zb!XztG34 # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf index 52480e59ff..bb12880ca7 100644 --- a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf +++ b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf @@ -39,10 +39,10 @@ REST_PDP_REGISTER_RETRIES=-1 REST_PDP_MAXCONTENT=999999999 # PDP related properties -PDP_HTTP_USER_ID=testpdp -PDP_HTTP_PASSWORD=alpha123 -PDP_PAP_PDP_HTTP_USER_ID=testpap -PDP_PAP_PDP_HTTP_PASSWORD=alpha123 +PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID} +PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD} +PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID} +PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD} node_type=pdp_xacml resource_name=pdp_1 diff --git a/kubernetes/policy/charts/pdp/templates/statefulset.yaml b/kubernetes/policy/charts/pdp/templates/statefulset.yaml index e55f9d0987..b70b04b023 100644 --- a/kubernetes/policy/charts/pdp/templates/statefulset.yaml +++ b/kubernetes/policy/charts/pdp/templates/statefulset.yaml @@ -40,17 +40,29 @@ spec: - sh args: - -c - - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done" + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done" env: - name: JDBC_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: JDBC_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: PDP_HTTP_USER_ID + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }} + - name: PDP_HTTP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }} + - name: PDP_PAP_PDP_HTTP_USER_ID + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }} + - name: PDP_PAP_PDP_HTTP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }} volumeMounts: - - mountPath: /config-input + - mountPath: /config-input/pe + name: pe-input + - mountPath: /config-input/pe-pdp + name: pe-pdp-input + - mountPath: /config/pe name: pe - - mountPath: /config - name: pe-processed + - mountPath: /config/pe-pdp + name: pe-pdp image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config @@ -102,10 +114,10 @@ spec: name: localtime readOnly: true - mountPath: /tmp/policy-install/config/base.conf - name: pe-processed + name: pe subPath: base.conf - mountPath: /tmp/policy-install/config/pdp-tweaks.sh - name: pe-pdp + name: pe-pdp-input subPath: pdp-tweaks.sh - mountPath: /tmp/policy-install/config/pdplp.conf name: pe-pdp @@ -150,7 +162,7 @@ spec: - name: policy-logback configMap: name: {{ include "common.fullname" . }}-log-configmap - - name: pe + - name: pe-input configMap: name: {{ include "common.release" . }}-pe-configmap defaultMode: 0755 @@ -158,11 +170,14 @@ spec: configMap: name: {{ include "common.release" . }}-pe-scripts-configmap defaultMode: 0777 - - name: pe-pdp + - name: pe-pdp-input configMap: name: {{ include "common.fullname" . }}-pe-configmap defaultMode: 0755 - - name: pe-processed + - name: pe + emptyDir: + medium: Memory + - name: pe-pdp emptyDir: medium: Memory imagePullSecrets: diff --git a/kubernetes/policy/charts/pdp/values.yaml b/kubernetes/policy/charts/pdp/values.yaml index 7b5f6f8ac9..0b2f92bc80 100644 --- a/kubernetes/policy/charts/pdp/values.yaml +++ b/kubernetes/policy/charts/pdp/values.yaml @@ -33,6 +33,18 @@ secrets: login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required + - uid: pdp-http-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}' + login: '{{ .Values.pdp.pdphttpuserid }}' + password: '{{ .Values.pdp.pdphttppassword }}' + passwordPolicy: required + - uid: pap-http-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}' + login: '{{ .Values.pap.pdppappdphttpuserid }}' + password: '{{ .Values.pap.pdppappdphttppassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -50,6 +62,12 @@ debugEnabled: false db: user: policy_user password: policy_user +pdp: + pdphttpuserid: testpdp + pdphttppassword: alpha123 +pap: + pdppappdphttpuserid: testpap + pdppappdphttppassword: alpha123 config: papPort: 9091 diff --git a/kubernetes/policy/charts/policy-api/resources/config/config.json b/kubernetes/policy/charts/policy-api/resources/config/config.json index 2e46ccae96..fba7e6ce12 100644 --- a/kubernetes/policy/charts/policy-api/resources/config/config.json +++ b/kubernetes/policy/charts/policy-api/resources/config/config.json @@ -20,8 +20,8 @@ "restServerParameters":{ "host":"0.0.0.0", "port":6969, - "userName":"healthcheck", - "password":"zb!XztG34", + "userName":"${RESTSERVER_USER}", + "password":"${RESTSERVER_PASSWORD}", "https": true, "aaf": false }, diff --git a/kubernetes/policy/charts/policy-api/templates/deployment.yaml b/kubernetes/policy/charts/policy-api/templates/deployment.yaml index 777cc4954d..e1f699eccf 100644 --- a/kubernetes/policy/charts/policy-api/templates/deployment.yaml +++ b/kubernetes/policy/charts/policy-api/templates/deployment.yaml @@ -39,9 +39,13 @@ spec: - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - name: SQL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }} - name: SQL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }} + - name: RESTSERVER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 12 }} + - name: RESTSERVER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 12 }} volumeMounts: - mountPath: /config-input name: apiconfig diff --git a/kubernetes/policy/charts/policy-api/values.yaml b/kubernetes/policy/charts/policy-api/values.yaml index 2e31f6b2ef..48eb689778 100644 --- a/kubernetes/policy/charts/policy-api/values.yaml +++ b/kubernetes/policy/charts/policy-api/values.yaml @@ -28,12 +28,18 @@ global: # Secrets metaconfig ################################################################# secrets: - - uid: db-secret + - uid: db-creds type: basicAuth externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required + - uid: restserver-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.user }}' + password: '{{ .Values.restServer.password }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -50,6 +56,9 @@ debugEnabled: false db: user: policy_user password: policy_user +restServer: + user: healthcheck + password: zb!XztG34 # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json index a52cc0f6d4..3b72d8ed90 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json +++ b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json @@ -21,16 +21,16 @@ "restServerParameters": { "host": "0.0.0.0", "port": 6969, - "userName": "healthcheck", - "password": "zb!XztG34", + "userName": "${RESTSERVER_USER}", + "password": "${RESTSERVER_PASSWORD}", "https": true, "aaf": false }, "policyApiParameters": { "host": "policy-api", "port": 6969, - "userName": "healthcheck", - "password": "zb!XztG34", + "userName": "${API_USER}", + "password": "${API_PASSWORD}", "https": true, "aaf": false }, diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml index 5b02c177b5..9ac5d68a89 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml +++ b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml @@ -31,6 +31,28 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: RESTSERVER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }} + - name: RESTSERVER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }} + - name: API_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "login") | indent 10 }} + - name: API_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: pdpxconfig + - mountPath: /config + name: pdpxconfig-processed + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -63,7 +85,9 @@ spec: name: localtime readOnly: true - mountPath: /opt/app/policy/pdpx/etc/mounted - name: pdpxconfig + name: pdpxconfig-processed + emptyDir: + medium: Memory resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -82,5 +106,8 @@ spec: configMap: name: {{ include "common.fullname" . }}-configmap defaultMode: 0755 + - name: pdpxconfig-processed + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml index a2c0aa0e63..63f50fd7fa 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml @@ -21,6 +21,7 @@ ################################################################# global: persistence: {} + envsubstImage: dibi/envsubst ################################################################# # Secrets metaconfig @@ -32,6 +33,18 @@ secrets: login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required + - uid: restserver-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.user }}' + password: '{{ .Values.restServer.password }}' + passwordPolicy: required + - uid: api-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.apiServer.credsExternalSecret) . }}' + login: '{{ .Values.apiServer.user }}' + password: '{{ .Values.apiServer.password }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -49,6 +62,12 @@ debugEnabled: false db: user: policy_user password: policy_user +restServer: + user: healthcheck + password: zb!XztG34 +apiServer: + user: healthcheck + password: zb!XztG34 # default number of instances replicaCount: 1 |