Use common secret template for cds-db mariadb-galera instance.
Issue-ID: OOM-2263
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I4723c84f0079735abddce032ebc3b99541dabb53
blueprintsprocessor.grpcPort=9111
# db
-blueprintsprocessor.db.url=jdbc:mysql://cds-db:3306/sdnctl
-blueprintsprocessor.db.username=sdnctl
-blueprintsprocessor.db.password=sdnctl
+blueprintsprocessor.db.url=jdbc:mysql://{{.Values.config.cdsDB.dbServer}}:{{.Values.config.cdsDB.dbPort}}/{{.Values.config.cdsDB.dbName}}
+blueprintsprocessor.db.username=${CDS_DB_USERNAME}
+blueprintsprocessor.db.password=${CDS_DB_PASSWORD}
blueprintsprocessor.db.driverClassName=org.mariadb.jdbc.Driver
blueprintsprocessor.db.hibernateHbm2ddlAuto=update
blueprintsprocessor.db.hibernateDDLAuto=update
# processor-db endpoint
blueprintsprocessor.db.processor-db.type=maria-db
-blueprintsprocessor.db.processor-db.url=jdbc:mysql://mariadb-galera:3306/sdnctl
+blueprintsprocessor.db.processor-db.url=jdbc:mysql://{{.Values.config.cdsDB.dbServer}}:{{.Values.config.cdsDB.dbPort}}/{{.Values.config.cdsDB.dbName}}
blueprintsprocessor.db.processor-db.username=root
-blueprintsprocessor.db.processor-db.password=secretpassword
+blueprintsprocessor.db.processor-db.password=${CDS_DB_ROOT_PASSWORD}
# Python executor
blueprints.processor.functions.python.executor.executionPath=/opt/app/onap/scripts/jython/ccsdk_blueprints
# Copyright (c) 2019 IBM, Bell Canada
+# Copyright (c) 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst '${CDS_DB_USERNAME},${CDS_DB_PASSWORD},${CDS_DB_ROOT_PASSWORD}' <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: CDS_DB_USERNAME
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cds-db-user-creds" "key" "login") | indent 10}}
+ - name: CDS_DB_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cds-db-user-creds" "key" "password") | indent 10}}
+ - name: CDS_DB_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cds-db-root-pass" "key" "password") | indent 10}}
+
+ volumeMounts:
+ - mountPath: /config-input/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ - mountPath: /config
+ name: processed-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- command:
- /root/ready.py
args:
name: localtime
readOnly: true
- mountPath: {{ .Values.config.appConfigDir }}/application.properties
- name: {{ include "common.fullname" . }}-config
+ name: processed-config
subPath: application.properties
- mountPath: {{ .Values.config.appConfigDir }}/error-messages_en.properties
name: {{ include "common.fullname" . }}-config
- name: {{ include "common.fullname" . }}-blueprints
persistentVolumeClaim:
claimName: {{ include "common.release" . }}-cds-blueprints
+ - name: processed-config
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{ include "common.secret" . }}
# Copyright (c) 2019 IBM, Bell Canada
+# Copyright (c) 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
persistence:
mountPath: /dockerdata-nfs
+ # envsusbt
+ envsubstImage: dibi/envsubst
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: 'cds-db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.cdsDB.dbCredsExternalSecret) . }}'
+ login: '{{ .Values.config.cdsDB.dbUser }}'
+ password: '{{ .Values.config.cdsDB.dbPassword }}'
+ passwordPolicy: required
+ - uid: 'cds-db-root-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cdsDB.dbRootPassExternalSecret) . }}'
+ password: '{{ .Values.config.cdsDB.dbRootPassword }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
config:
appConfigDir: /opt/app/onap/config
useScriptCompileCache: true
+ cdsDB:
+ dbServer: cds-db
+ dbPort: 3306
+ dbName: sdnctl
+ # dbUser: sdnctl
+ # dbPassword: sdnctl
+ # dbCredsExternalSecret: <some secret name>
+ # dbRootPassword: password
+ # dbRootPassExternalSecret
# default number of instances
replicaCount: 1
# custom kafka cluster.
dmaapEnabled: true
+
# probe configuration parameters
liveness:
initialDelaySeconds: 120
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{ include "common.secret" . }}
+# Copyright © 2020 Samsung Electronics
# Copyright © 2019 Orange, Bell Canada
# Copyright © 2017 Amdocs, Bell Canada
#
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - name: &dbUserSecretName '{{ include "common.release" . }}-cds-db-secret'
+ uid: 'cds-db-secret'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "cds-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ - name: &dbRootPasswordSecretName '{{ include "common.release" . }}-cds-db-root-pass'
+ uid: 'cds-db-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) .) (hasSuffix "cds-db-root-pass" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret"))}}'
+ password: '{{ index .Values "mariadb-galera" "config" "mariadbRootPassword" }}'
+
#################################################################
# Application configuration defaults.
#################################################################
ingress:
enabled: false
-
mariadb-galera:
config:
- userName: sdnctl
- userPassword: sdnctl
- mariadbRootPassword: sdnctl
- mysqlDatabase: sdnctl
- nameOverride: cds-db
+ userName: sdnctl
+ # userPassword: sdnctl
+ userCredentialsExternalSecret: *dbUserSecretName
+ mariadbRootPasswordExternalSecret: *dbRootPasswordSecretName
+ mysqlDatabase: &mysqlDbName sdnctl
+ nameOverride: &dbServer cds-db
service:
name: cds-db
portName: cds-db
enabled: true
mountSubPath: cds/data
+cds-blueprints-processor:
+ config:
+ cdsDB:
+ dbServer: *dbServer
+ dbPort: 3306
+ dbName: *mysqlDbName
+ dbCredsExternalSecret: *dbUserSecretName
+ dbRootPassExternalSecret: *dbRootPasswordSecretName
+
#Resource Limit flavor -By Default using small
flavor: small
#segregation for different envionment (Small and Large)