X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fpolicy%2Fcomponents%2Fpolicy-clamp-be%2Ftemplates%2Fdeployment.yaml;h=4354c00a307baa0b627c727d3b84d6f7a2ecc61c;hb=1712ea65fb6d28e88bcf579dad6b980ea002432e;hp=1120f9b2b62a720a254e1f2e3cc765630c9fde33;hpb=2ea763f92819d6290fa90a98cd7c2af55364ec6a;p=oom.git

diff --git a/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml
index 1120f9b2b6..4354c00a30 100644
--- a/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml
@@ -67,8 +67,10 @@ spec:
           - |
           {{- if .Values.global.aafEnabled }}
             export $(grep '^cadi_' {{ .Values.certInitializer.credsPath }}/org.onap.clamp.cred.props | xargs -0)
+            export SDC_CLIENT_PASSWORD_ENC=`java -jar {{ .Values.certInitializer.credsPath }}/aaf-cadi-aaf-2.1.20-full.jar cadi digest ${SDC_CLIENT_PASSWORD} {{ .Values.certInitializer.credsPath }}/org.onap.clamp.keyfile`;
+            envsubst < "/opt/policy/clamp/sdc-controllers-config.json" > "/opt/policy/clamp/sdc-controllers-config-pass.json"
           {{- end }}
-            java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./policy-clamp-backend.jar
+            java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./policy-clamp-backend.jar --spring.config.location=optional:classpath:/,optional:classpath:/config/,optional:file:./,optional:file:./config/
           ports:
           - containerPort: {{ .Values.service.internalPort }}
           # disable liveness probe when breakpoints set in debugger
@@ -95,10 +97,16 @@ spec:
             name: {{ include "common.fullname" . }}-config
             subPath: application.properties
           env:
+          - name: RUNTIME_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-be-secret" "key" "login") | indent 12 }}
+          - name: RUNTIME_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-be-secret" "key" "password") | indent 12 }}
           - name: MYSQL_USER
             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }}
           - name: MYSQL_PASSWORD
             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }}
+          - name: SDC_CLIENT_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "password") | indent 12 }}
           {{-  if ne "unlimited" (include "common.flavor" .) }}
           - name: JAVA_RAM_CONFIGURATION
             value: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=75
@@ -110,6 +118,7 @@ spec:
         {{- if .Values.affinity }}
         affinity: {{ toYaml .Values.affinity | nindent 10 }}
         {{- end }}
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: {{ include "common.fullname" . }}-config
           configMap: