From e55b4d5b6c817f28e34c08e30b8b01d3cd732a3e Mon Sep 17 00:00:00 2001 From: Krzysztof Opasiak Date: Fri, 7 Feb 2020 22:54:20 +0100 Subject: [DMAAP] Don't hardcode mariadb-galera password Let's use common secret template to generate user credentials for DMAAP data router DB DB and depend on mariadb-galera to generate secure enough root password. Issue-ID: OOM-2287 Signed-off-by: Krzysztof Opasiak Change-Id: I82d22a2db2dc9fba655f99f837be689f4a32a871 --- .../components/dmaap-dr-prov/templates/deployment.yaml | 5 +++++ .../dmaap/components/dmaap-dr-prov/templates/secret.yaml | 15 +++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml (limited to 'kubernetes/dmaap/components/dmaap-dr-prov/templates') diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml index d6257bb96e..104fcdc54a 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml @@ -120,6 +120,11 @@ spec: port: {{ .Values.config.dmaapDrProv.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + env: + - name: DB_USERNAME + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }} volumeMounts: {{- if .Values.global.aafEnabled }} - mountPath: {{ .Values.persistence.aafCredsPath }} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml new file mode 100644 index 0000000000..dee311c336 --- /dev/null +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} -- cgit