From 0379af76b82b1bb92ccf03d79f3e0d3ccdb762d6 Mon Sep 17 00:00:00 2001
From: jhh <jorge.hernandez-herrero@att.com>
Date: Mon, 29 Jun 2020 12:31:25 -0500
Subject: [POLICY] add env passwords to api/pap/xacml/dist

keystore and truststore passwords are now stored as
secrets to be accessed by environment variables.

Issue-ID: POLICY-2575
Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
Change-Id: I5831f5c7bc040d036c38c321b5cc87848e80ca48
---
 kubernetes/policy/charts/policy-api/templates/deployment.yaml | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'kubernetes/policy/charts/policy-api/templates')

diff --git a/kubernetes/policy/charts/policy-api/templates/deployment.yaml b/kubernetes/policy/charts/policy-api/templates/deployment.yaml
index e1f699eccf..53f232af74 100644
--- a/kubernetes/policy/charts/policy-api/templates/deployment.yaml
+++ b/kubernetes/policy/charts/policy-api/templates/deployment.yaml
@@ -61,6 +61,11 @@ spec:
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command: ["/opt/app/policy/api/bin/policy-api.sh"]
           args: ["/opt/app/policy/api/etc/mounted/config.json"]
+          env:
+          - name: KEYSTORE_PASSWD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+          - name: TRUSTSTORE_PASSWD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
           # disable liveness probe when breakpoints set in debugger
-- 
cgit 1.2.3-korg