From b43e92cc48e97622a3bdcb0cc385ae5bf894b1b5 Mon Sep 17 00:00:00 2001
From: demskeq8 <alexander.dehn@highstreet-technologies.com>
Date: Fri, 12 Feb 2021 15:43:48 +0100
Subject: [SDNC] Enable SDNC to use external oauth provider

- add additional environment variables

- add config file for external oauth-providers

Issue-ID: OOM-2675
Signed-off-by: demskeq8 <alexander.dehn@highstreet-technologies.com>
Change-Id: I235d3f46f5d109a1e82bdaa3c9de97508116fbe3
[Improve secretes handling]
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
---
 kubernetes/sdnc/templates/statefulset.yaml | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'kubernetes/sdnc/templates')

diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index 48776c9961..bb3948efe2 100644
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -73,6 +73,15 @@ spec:
         - name: DMAAP_HTTP_PROXY_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-proxy-creds" "key" "password") | indent 10 }}
         {{- end }}
+        {{ if .Values.config.sdnr.oauth.enabled }}
+        - name: OAUTH_TOKEN_SECRET
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oauth-token-secret" "key" "password") | indent 10 }}
+        - name: KEYCLOAK_SECRET
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keycloak-secret" "key" "password") | indent 10 }}
+
+        - name: ENABLE_ODLUX_RBAC
+          value: "{{ .Values.config.sdnr.oauth.odluxRbac.enabled | default "true" }}"
+        {{ end }}
 
 
         volumeMounts:
@@ -210,7 +219,8 @@ spec:
           - name: ODL_CERT_DIR
             value: {{ (mustFirst (.Values.certificates)).mountPath }}
           {{- end }}
-
+          - name: ENABLE_OAUTH
+            value: "{{ .Values.config.sdnr.oauth.enabled | default "false" }}"
           volumeMounts:
 {{ include "common.certInitializer.volumeMount" . | indent 10 }}
 {{ include "common.certServiceClient.volumeMounts" . | indent 10 }}
@@ -278,6 +288,11 @@ spec:
           - mountPath: {{ .Values.config.odl.etcDir }}/org.opendaylight.daexim.cfg
             name: properties
             subPath: org.opendaylight.daexim.cfg
+          {{- if .Values.config.sdnr.oauth.enabled }}
+          - mountPath: {{ .Values.config.odl.etcDir }}/oauth-provider.config.json
+            name: properties
+            subPath: oauth-provider.config.json
+          {{ end }}
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
-- 
cgit 1.2.3-korg