All of the credentials added have been accessed using the common secrets template.
In order to avoid hardcoding passwords etc.
I have added 2 jdbcUrl's for accessing the NFVO DB and the CamundaBPMN DB. These will be needed for code going into the SO codebase.
This change should not have an effect on any other charts, as properties have only been added to ETSI NFVO Charts.
Issue-ID: SO-3159
Change-Id: Ic6e0002ce64b872ac0c44fa1f124304c392e6a8b
Signed-off-by: rope252 <gareth.roper@est.tech>
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
version: v19
endpoint: https://aai.{{ include "common.namespace" . }}:8443
spring:
+ datasource:
+ hikari:
+ camunda:
+ jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/camundabpmn
+ username: ${DB_USERNAME}
+ password: ${DB_PASSWORD}
+ driver-class-name: org.mariadb.jdbc.Driver
+ pool-name: bpmn-pool
+ registerMbeans: true
+ nfvo:
+ jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/nfvo
+ username: ${DB_ADMIN_USERNAME}
+ password: ${DB_ADMIN_PASSWORD}
+ driver-class-name: org.mariadb.jdbc.Driver
+ pool-name: nfvo-pool
+ registerMbeans: true
security:
usercredentials:
- username: ${ETSI_NFVO_USERNAME}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "login") | indent 14 }}
- name: ETSI_NFVO_PASSWORD_INPUT
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "password") | indent 14 }}
+ - name: DB_HOST
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-so-db-secrets
+ key: mariadb.readwrite.host
+ - name: DB_PORT
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-so-db-secrets
+ key: mariadb.readwrite.port
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 14 }}
+ - name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }}
{{ include "so.certificates.env" . | indent 12 | trim }}
envFrom:
- configMapRef:
externalSecret: '{{ tpl (default "" .Values.etsi.nfvo.nslcm.credsExternalSecret) . }}'
login: '{{ .Values.etsi.nfvo.nslcm.username }}'
password: '{{ .Values.etsi.nfvo.nslcm.password }}'
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
aai:
auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
etsi:
nfvo:
nslcm:
mariadbGalera:
nameOverride: mariadb-galera
serviceName: mariadb-galera
- servicePort: "3306"
+ servicePort: '3306'
# mariadbRootPassword: secretpassword
# rootPasswordExternalSecret: some secret
#This flag allows SO to instantiate its own mariadb-galera cluster,
passwordPolicy: required
annotations:
helm.sh/hook: pre-upgrade,pre-install
- helm.sh/hook-weight: "0"
+ helm.sh/hook-weight: '0'
helm.sh/hook-delete-policy: before-hook-creation
- uid: db-user-creds
name: &dbUserCredsSecretName '{{ include "common.release" . }}-so-db-user-creds'
login: '{{ .Values.dbCreds.adminName }}'
password: '{{ .Values.dbCreds.adminPassword }}'
passwordPolicy: generate
- - uid: "so-onap-certs"
+ - uid: 'so-onap-certs'
name: &so-certs '{{ include "common.release" . }}-so-certs'
externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
type: generic
ingress:
enabled: false
service:
- - baseaddr: "so.api"
- name: "so"
+ - baseaddr: 'so.api'
+ name: 'so'
port: 8080
config:
- ssl: "none"
+ ssl: 'none'
mso:
adapters:
so-etsi-nfvo-ns-lcm:
enabled: true
+ db:
+ <<: *dbSecrets
so-monitoring:
enabled: true