From 79677d38adfb3de5a35c00cdb710f6325a8719a9 Mon Sep 17 00:00:00 2001
From: Krzysztof Opasiak <k.opasiak@samsung.com>
Date: Tue, 5 May 2020 01:42:23 +0200
Subject: [VNFSDK] Use common secret template for postgres credentials

Even through we use common secret template both passwords are still
hardcoded in common postgres chart but this will be removed as a final
step just like we did for mariadb-galera.

Issue-ID: OOM-2250
Change-Id: I4ca210c99c27fbfbf74a467d72a81b2e38d8d800
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
---
 kubernetes/vnfsdk/values.yaml | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

(limited to 'kubernetes/vnfsdk/values.yaml')

diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml
index 96cacfbf82..9d1fbea65a 100644
--- a/kubernetes/vnfsdk/values.yaml
+++ b/kubernetes/vnfsdk/values.yaml
@@ -22,6 +22,22 @@ global:
   readinessImage: readiness-check:2.0.0
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
+  envsubstImage: dibi/envsubst
+
+secrets:
+  - uid: pg-root-pass
+    name: &pgRootPassSecretName '{{ include "common.release" . }}-vnfsdk-pg-root-pass'
+    type: password
+    externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "vnfsdk-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+    password: '{{ .Values.postgres.config.pgRootpassword }}'
+    policy: generate
+  - uid: pg-user-creds
+    name: &pgUserCredsSecretName '{{ include "common.release" . }}-vnfsdk-pg-user-creds'
+    type: basicAuth
+    externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "vnfsdk-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+    login: '{{ .Values.postgres.config.pgUserName }}'
+    password: '{{ .Values.postgres.config.pgUserPassword }}'
+    passwordPolicy: generate
 
 #################################################################
 # Application configuration defaults.
@@ -50,9 +66,8 @@ postgres:
   config:
     pgUserName: postgres
     pgDatabase: postgres
-    pgPrimaryPassword: postgres
-    pgUserPassword: postgres
-    pgRootPassword: postgres
+    pgUserExternalSecret: *pgUserCredsSecretName
+    pgRootPasswordExternalSecret: *pgRootPassSecretName
 
 # flag to enable debugging - application support required
 debugEnabled: false
-- 
cgit 1.2.3-korg