From 12db78947bd0a76ebfad5cd8e46d5174469207e7 Mon Sep 17 00:00:00 2001 From: "Schmalzried, Terry (ts862m)" Date: Fri, 21 Aug 2020 20:42:33 -0400 Subject: [DCAEGEN2] Use common secret template for cloudify password Link all references to cloudify password to ensure that it can be automatically generated. Set generated password strength to "basic" to work around problem with Cloudify (DCAEGEN2-2450). Issue-ID: DCAEGEN2-1975 Issue-ID: DCAEGEN2-2450 Change-Id: I53e154de854d33be686e830be8a827741bb3ec7e Signed-off-by: Schmalzried, Terry (ts862m) Signed-off-by: Krzysztof Opasiak Signed-off-by: vv770d --- .../components/dcae-cloudify-manager/templates/deployment.yaml | 8 +++++++- .../components/dcae-cloudify-manager/templates/secret.yaml | 2 ++ .../dcaegen2/components/dcae-cloudify-manager/values.yaml | 10 +++++++++- 3 files changed, 18 insertions(+), 2 deletions(-) (limited to 'kubernetes/dcaegen2/components/dcae-cloudify-manager') diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml index 539d202c0f..8f379afcbd 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -144,6 +144,9 @@ spec: name: cm-persistent - mountPath: /opt/onap/certs name: tls-info + - mountPath: /opt/onap/cm-secrets + name: cm-secrets + readOnly: true securityContext: privileged: True volumes: @@ -171,5 +174,8 @@ spec: {{- end }} - emptyDir: {} name: tls-info + - name: cm-secrets + secret: + secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "cm-pass") }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml index dee9200eff..876b971db1 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml @@ -41,3 +41,5 @@ metadata: annotations: kubernetes.io/service-account.name: default type: kubernetes.io/service-account-token +--- +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml index 1010152cb7..a2ee160dd6 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -31,7 +31,15 @@ global: user: docker password: docker +secrets: + - uid: 'cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' + policy: required + config: + cloudifyManagerPassword: "override me" logstashServiceName: log-ls logstashPort: 5044 # Addresses of other ONAP entities -- cgit 1.2.3-korg