From: Krzysztof Opasiak <k.opasiak@samsung.com>
Date: Tue, 4 Feb 2020 20:16:50 +0000 (+0100)
Subject: [COMMON] Use common secret template in postgres
X-Git-Tag: 6.0.0~403
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F73%2F101273%2F3;p=oom.git

[COMMON] Use common secret template in postgres

Use common secret template for storing DB credentials

Issue-ID: OOM-2250
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ic640bba21a368cf3dd7d3a712abd13907b86a217
---

diff --git a/kubernetes/common/common/templates/_postgres.tpl b/kubernetes/common/common/templates/_postgres.tpl
new file mode 100644
index 0000000000..45d903e574
--- /dev/null
+++ b/kubernetes/common/common/templates/_postgres.tpl
@@ -0,0 +1,65 @@
+{{/*
+# Copyright © 2019 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{/*
+  UID of postgres root password
+*/}}
+{{- define "common.postgres.secret.rootPassUID" -}}
+  {{- printf "db-root-password" }}
+{{- end -}}
+
+{{/*
+  Name of postgres secret
+*/}}
+{{- define "common.postgres.secret._secretName" -}}
+  {{- $global := .dot }}
+  {{- $chartName := tpl .chartName $global -}}
+  {{- include "common.secret.genName" (dict "global" $global "uid" (include .uidTemplate $global) "chartName" $chartName) }}
+{{- end -}}
+
+{{/*
+  Name of postgres root password secret
+*/}}
+{{- define "common.postgres.secret.rootPassSecretName" -}}
+  {{- include "common.postgres.secret._secretName" (set . "uidTemplate" "common.postgres.secret.rootPassUID") }}
+{{- end -}}
+
+{{/*
+  UID of postgres user credentials
+*/}}
+{{- define "common.postgres.secret.userCredentialsUID" -}}
+  {{- printf "db-user-credentials" }}
+{{- end -}}
+
+{{/*
+  Name of postgres user credentials secret
+*/}}
+{{- define "common.postgres.secret.userCredentialsSecretName" -}}
+  {{- include "common.postgres.secret._secretName" (set . "uidTemplate" "common.postgres.secret.userCredentialsUID") }}
+{{- end -}}
+
+{{/*
+  UID of postgres primary password
+*/}}
+{{- define "common.postgres.secret.primaryPasswordUID" -}}
+  {{- printf "primary-password" }}
+{{- end -}}
+
+{{/*
+  Name of postgres user credentials secret
+*/}}
+{{- define "common.postgres.secret.primaryPasswordSecretName" -}}
+  {{- include "common.postgres.secret._secretName" (set . "uidTemplate" "common.postgres.secret.primaryPasswordUID") }}
+{{- end -}}
diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl
index 9766cb3fca..3777c1b2e4 100644
--- a/kubernetes/common/postgres/templates/_deployment.tpl
+++ b/kubernetes/common/postgres/templates/_deployment.tpl
@@ -88,24 +88,15 @@ spec:
         - name: PG_PRIMARY_PORT
           value: "{{ $dot.Values.service.internalPort }}"
         - name: PG_PRIMARY_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ template "common.fullname" $dot }}
-              key: pg-primary-password
+          {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
         - name: PG_USER
-          value: "{{ $dot.Values.config.pgUserName }}"
+          {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
         - name: PG_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ template "common.fullname" $dot }}
-              key: pg-user-password
+          {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
         - name: PG_DATABASE
           value: "{{ $dot.Values.config.pgDatabase }}"
         - name: PG_ROOT_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ template "common.fullname" $dot }}
-              key: pg-root-password
+          {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
         volumeMounts:
         - name: pool-hba-conf
           mountPath: /pgconf/pool_hba.conf
diff --git a/kubernetes/common/postgres/templates/secrets.yaml b/kubernetes/common/postgres/templates/secrets.yaml
index db1bc5bb15..4c68015528 100644
--- a/kubernetes/common/postgres/templates/secrets.yaml
+++ b/kubernetes/common/postgres/templates/secrets.yaml
@@ -13,19 +13,4 @@
 # # See the License for the specific language governing permissions and
 # # limitations under the License.
 */}}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.fullname" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-type: Opaque
-data:
-  pg-primary-password: {{ .Values.config.pgPrimaryPassword | b64enc | quote }}
-  pg-user-password: {{ .Values.config.pgUserPassword | b64enc | quote }}
-  pg-root-password: {{ .Values.config.pgRootPassword | b64enc | quote }}
-  
+{{ include "common.secret" . }}
diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml
index 3104ee79d2..9fc25b43c9 100644
--- a/kubernetes/common/postgres/values.yaml
+++ b/kubernetes/common/postgres/values.yaml
@@ -21,6 +21,24 @@ global:
   readinessRepository: oomk8s
   readinessImage: readiness-check:2.0.0
 
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: '{{ include "common.postgres.secret.rootPassUID" . }}'
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.config.pgRootPasswordExternalSecret) . }}'
+    password: '{{ .Values.config.pgRootPassword }}'
+  - uid: '{{ include "common.postgres.secret.userCredentialsUID" . }}'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.pgUserExternalSecret) . }}'
+    login: '{{ .Values.config.pgUserName }}'
+    password: '{{ .Values.config.pgUserPassword }}'
+  - uid: '{{ include "common.postgres.secret.primaryPasswordUID" . }}'
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.config.pgPrimaryPasswordExternalSecret) . }}'
+    password: '{{ .Values.config.pgPrimaryPassword }}'
+
 #################################################################
 # Application configuration defaults.
 #################################################################