From 2ffb1ba25a2a797fe781009adcc4766fbf44fe38 Mon Sep 17 00:00:00 2001 From: Sandeep Shah Date: Tue, 1 Sep 2020 21:13:16 -0500 Subject: [Portal] Remove hardcoded cassandra password Make cassandra password generate automatically and distribute it to components that use DB. Remove also hardcoded encryption key. Issue-ID: PORTAL-944 Signed-off-by: SandeepLinux Change-Id: I6e579a76efacc7a0921fea7c74a7a9e49347ebd8 Signed-off-by: Krzysztof Opasiak Signed-off-by: Sylvain Desbureaux --- .../portal-app/templates/deployment.yaml | 27 +++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) (limited to 'kubernetes/portal/components/portal-app/templates/deployment.yaml') diff --git a/kubernetes/portal/components/portal-app/templates/deployment.yaml b/kubernetes/portal/components/portal-app/templates/deployment.yaml index 6964715ef1..0be1fdc91f 100644 --- a/kubernetes/portal/components/portal-app/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-app/templates/deployment.yaml @@ -49,6 +49,23 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-portal-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/bin/sh"] + args: [ "-c", "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"] + env: + - name: CASSA_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }} + - name: CASSA_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }} + - name: CIPHER_ENC_KEY + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }} + volumeMounts: + - mountPath: /config-input + name: properties-onapportal-scrubbed + - mountPath: /config + name: properties-onapportal {{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} @@ -102,6 +119,9 @@ spec: - name: properties-onapportal mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/portal.properties" subPath: portal.properties + - name: properties-onapportal + mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/key.properties" + subPath: key.properties - name: properties-onapportal mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/music.properties" subPath: music.properties @@ -114,6 +134,8 @@ spec: - name: properties-onapportal mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/web.xml" subPath: web.xml + - name: properties-onapportal + mountPath: "{{ .Values.global.env.tomcatDir }}/temp" - name: var-log-onap mountPath: /var/log/onap resources: @@ -122,7 +144,7 @@ spec: nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} {{- end -}} - {{- if .Values.affinity }} +{{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} @@ -143,6 +165,9 @@ spec: hostPath: path: /etc/localtime - name: properties-onapportal + emptyDir: + medium: Memory + - name: properties-onapportal-scrubbed configMap: name: {{ include "common.fullname" . }}-onapportal defaultMode: 0755 -- cgit 1.2.3-korg