[POLICY] Remove hardcoded credentials from policy-api

This patch remove hardcoded healthcheck credentials from policy-api.

Issue-ID: OOM-2342
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Change-Id: Ifc12d78fc1f7f00dd1466c32553453f0273661a3

diff --git a/kubernetes/policy/charts/policy-api/resources/config/config.json b/kubernetes/policy/charts/policy-api/resources/config/config.json
index 2e46cca..fba7e6c 100644 (file)
--- a/kubernetes/policy/charts/policy-api/resources/config/config.json
+++ b/kubernetes/policy/charts/policy-api/resources/config/config.json
@@ -20,8 +20,8 @@
     "restServerParameters":{
         "host":"0.0.0.0",
         "port":6969,
-        "userName":"healthcheck",
-        "password":"zb!XztG34",
+        "userName":"${RESTSERVER_USER}",
+        "password":"${RESTSERVER_PASSWORD}",
         "https": true,
         "aaf": false
     },

diff --git a/kubernetes/policy/charts/policy-api/templates/deployment.yaml b/kubernetes/policy/charts/policy-api/templates/deployment.yaml
index 777cc49..e1f699e 100644 (file)
--- a/kubernetes/policy/charts/policy-api/templates/deployment.yaml
+++ b/kubernetes/policy/charts/policy-api/templates/deployment.yaml
@@ -39,9 +39,13 @@ spec:
           - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
           env:
           - name: SQL_USER
-            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }}
           - name: SQL_PASSWORD
-            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }}
+          - name: RESTSERVER_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 12 }}
+          - name: RESTSERVER_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 12 }}
           volumeMounts:
           - mountPath: /config-input
             name: apiconfig

diff --git a/kubernetes/policy/charts/policy-api/values.yaml b/kubernetes/policy/charts/policy-api/values.yaml
index 2e31f6b..48eb689 100644 (file)
--- a/kubernetes/policy/charts/policy-api/values.yaml
+++ b/kubernetes/policy/charts/policy-api/values.yaml
@@ -28,12 +28,18 @@ global:
 # Secrets metaconfig
 #################################################################
 secrets:
-  - uid: db-secret
+  - uid: db-creds
     type: basicAuth
     externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
     login: '{{ .Values.db.user }}'
     password: '{{ .Values.db.password }}'
     passwordPolicy: required
+  - uid: restserver-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+    login: '{{ .Values.restServer.user }}'
+    password: '{{ .Values.restServer.password }}'
+    passwordPolicy: required
 
 #################################################################
 # Application configuration defaults.
@@ -50,6 +56,9 @@ debugEnabled: false
 db:
   user: policy_user
   password: policy_user
+restServer:
+  user: healthcheck
+  password: zb!XztG34
 
 # default number of instances
 replicaCount: 1