From 71c809867dccfe45eddd9ae345d50b4956bafd6e Mon Sep 17 00:00:00 2001 From: Krzysztof Opasiak Date: Sat, 22 Feb 2020 02:12:02 +0100 Subject: [SDNC] Use common secret template in sdnc-portal Whole SDNC strongly depends on the assumption that it is using a common mariadb-galera instance and that root password is secret password. Also user and password to sdnc DB is hardcoded. Let's start working on removing this assumption and component by component add support for local and shared mariadb instance without hardcoding any passwords to the database. In this patch all passwords are still hardcoded in the helm chart to not break other parts of SDNC. Those values will be removed in a final patch. Issue-ID: OOM-2309 Signed-off-by: Krzysztof Opasiak Change-Id: I5ca369f43e8863f9ae3ec3f5d648740808a5e099 --- .../charts/sdnc-portal/templates/deployment.yaml | 41 ++++++++++++++++++---- .../sdnc/charts/sdnc-portal/templates/secrets.yaml | 28 ++++++++------- 2 files changed, 50 insertions(+), 19 deletions(-) (limited to 'kubernetes/sdnc/charts/sdnc-portal/templates') diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml index db92b20186..3a728ad92f 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml +++ b/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml @@ -31,11 +31,40 @@ spec: release: {{ include "common.release" . }} spec: initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: SDNC_DB_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: SDNC_DB_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: DB_FABRIC_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "fabric-db-creds" "key" "login") | indent 10 }} + - name: DB_FABRIC_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "fabric-db-creds" "key" "password") | indent 10 }} + - name: ODL_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }} + - name: ODL_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }} + - name: KEYSTORE_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "keystore-password" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: config-input + - mountPath: /config + name: properties + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + - command: - /root/ready.py args: - --container-name - - {{ .Values.config.mariadbGalera.chartName }} + - {{ include "common.mariadbService" . }} - --container-name - {{ .Values.config.sdncChartName }} env: @@ -71,10 +100,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-root-password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14 }} - name: SDNC_CONFIG_DIR value: "{{ .Values.config.configDir }}" volumeMounts: @@ -110,9 +136,12 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: properties + - name: config-input configMap: name: {{ include "common.fullname" . }} defaultMode: 0644 + - name: properties + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/secrets.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/secrets.yaml index 239f734276..dee311c336 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/templates/secrets.yaml +++ b/kubernetes/sdnc/charts/sdnc-portal/templates/secrets.yaml @@ -1,13 +1,15 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - db-root-password: {{ .Values.config.dbRootPassword | b64enc | quote }} +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} -- cgit 1.2.3-korg