From 44088f97e20a4e51e0355e23373f4c5c5227dade Mon Sep 17 00:00:00 2001 From: Krzysztof Opasiak Date: Wed, 1 Apr 2020 00:28:14 +0200 Subject: [PATCH] [POLICY] Use common secret template in brmsgw Use common secret template in brmsgw module to override DB credentials comming from policy-common For now db creds are hardcoded but will be remove in further commits. Issue-ID: OOM-2342 Signed-off-by: Krzysztof Opasiak Change-Id: Ic15afa9d65982d0ae3a535094f1e4b5f21758c82 --- kubernetes/policy/charts/brmsgw/templates/deployment.yaml | 5 +++++ kubernetes/policy/charts/brmsgw/templates/secrets.yaml | 15 +++++++++++++++ kubernetes/policy/charts/brmsgw/values.yaml | 15 +++++++++++++++ 3 files changed, 35 insertions(+) create mode 100644 kubernetes/policy/charts/brmsgw/templates/secrets.yaml diff --git a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml index 2b2f383e6c..6ff76ddfd1 100644 --- a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml +++ b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml @@ -54,6 +54,11 @@ spec: name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: JDBC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: JDBC_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} ports: - containerPort: {{ .Values.service.externalPort }} {{- if eq .Values.liveness.enabled true }} diff --git a/kubernetes/policy/charts/brmsgw/templates/secrets.yaml b/kubernetes/policy/charts/brmsgw/templates/secrets.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/policy/charts/brmsgw/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/charts/brmsgw/values.yaml b/kubernetes/policy/charts/brmsgw/values.yaml index 9e8bf7324b..08afdeeac0 100644 --- a/kubernetes/policy/charts/brmsgw/values.yaml +++ b/kubernetes/policy/charts/brmsgw/values.yaml @@ -21,6 +21,17 @@ global: readinessRepository: oomk8s readinessImage: readiness-check:2.0.2 +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + passwordPolicy: required + ################################################################# # Application configuration defaults. ################################################################# @@ -38,6 +49,10 @@ config: pdpPort: 8081 nexusPort: 8081 +db: + user: policy_user + password: policy_user + # default number of instances replicaCount: 1 -- 2.16.6