- uid: db-user-creds
name: '{{ include "common.release" . }}-so-bpmn-infra-db-user-creds'
type: basicAuth
- externalSecret: '{{ .Values.db.userCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
login: '{{ .Values.db.userName }}'
password: '{{ .Values.db.userPassword }}'
passwordPolicy: required
- uid: db-admin-creds
name: '{{ include "common.release" . }}-so-bpmn-infra-db-admin-creds'
type: basicAuth
- externalSecret: '{{ .Values.db.adminCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
- uid: db-user-creds
name: '{{ include "common.release" . }}-so-catalog-db-adapter-db-user-creds'
type: basicAuth
- externalSecret: '{{ .Values.db.userCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
login: '{{ .Values.db.userName }}'
password: '{{ .Values.db.userPassword }}'
passwordPolicy: required
- uid: db-admin-creds
name: '{{ include "common.release" . }}-so-catalog-db-adapter-db-admin-creds'
type: basicAuth
- externalSecret: '{{ .Values.db.adminCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
- uid: db-root-pass
name: '{{ include "common.release" . }}-so-mariadb-root-pass'
type: password
- externalSecret: '{{ .Values.db.rootPasswordExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.rootPasswordExternalSecret) . }}'
password: '{{ .Values.db.rootPassword }}'
passwordPolicy: required
- uid: db-backup-creds
name: '{{ include "common.release" . }}-so-mariadb-backup-creds'
type: basicAuth
- externalSecret: '{{ .Values.db.backupCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.backupCredsExternalSecret) . }}'
login: '{{ .Values.db.backupUser }}'
password: '{{ .Values.db.backupPassword }}'
passwordPolicy: required
helm.sh/hook-delete-policy: before-hook-creation
- uid: db-user-creds
type: basicAuth
- externalSecret: '{{ .Values.db.userCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
login: '{{ .Values.db.userName }}'
password: '{{ .Values.db.userPassword }}'
- uid: db-admin-creds
type: basicAuth
- externalSecret: '{{ .Values.db.adminCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
- uid: camunda-db-creds
type: basicAuth
- externalSecret: '{{ .Values.db.camunda.dbCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.camunda.dbCredsExternalSecret) . }}'
login: '{{ .Values.db.camunda.userName }}'
password: '{{ .Values.db.camunda.password }}'
- uid: request-db-creds
type: basicAuth
- externalSecret: '{{ .Values.db.request.dbCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.request.dbCredsExternalSecret) . }}'
login: '{{ .Values.db.request.userName }}'
password: '{{ .Values.db.request.password }}'
- uid: catalog-db-creds
type: basicAuth
- externalSecret: '{{ .Values.db.catalog.dbCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.catalog.dbCredsExternalSecret) . }}'
login: '{{ .Values.db.catalog.userName }}'
password: '{{ .Values.db.catalog.password }}'
secrets:
- uid: db-user-creds
type: basicAuth
- externalSecret: '{{ .Values.db.userCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
login: '{{ .Values.db.userName }}'
password: '{{ .Values.db.userPassword }}'
passwordPolicy: required
- uid: db-admin-creds
type: basicAuth
- externalSecret: '{{ .Values.db.adminCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
secrets:
- uid: db-user-creds
type: basicAuth
- externalSecret: '{{ .Values.db.userCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
login: '{{ .Values.db.userName }}'
password: '{{ .Values.db.userPassword }}'
passwordPolicy: required
- uid: db-admin-creds
type: basicAuth
- externalSecret: '{{ .Values.db.adminCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
secrets:
- uid: db-user-creds
type: basicAuth
- externalSecret: '{{ .Values.db.userCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
login: '{{ .Values.db.userName }}'
password: '{{ .Values.db.userPassword }}'
passwordPolicy: required
- uid: db-admin-creds
type: basicAuth
- externalSecret: '{{ .Values.db.adminCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
secrets:
- uid: db-user-creds
type: basicAuth
- externalSecret: '{{ .Values.db.userCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
login: '{{ .Values.db.userName }}'
password: '{{ .Values.db.userPassword }}'
passwordPolicy: required
- uid: db-admin-creds
type: basicAuth
- externalSecret: '{{ .Values.db.adminCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
secrets:
- uid: db-user-creds
type: basicAuth
- externalSecret: '{{ .Values.db.userCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
login: '{{ .Values.db.userName }}'
password: '{{ .Values.db.userPassword }}'
passwordPolicy: required
- uid: db-admin-creds
type: basicAuth
- externalSecret: '{{ .Values.db.adminCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
secrets:
- uid: db-user-creds
type: basicAuth
- externalSecret: '{{ .Values.db.userCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
login: '{{ .Values.db.userName }}'
password: '{{ .Values.db.userPassword }}'
passwordPolicy: required
- uid: db-admin-creds
type: basicAuth
- externalSecret: '{{ .Values.db.adminCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
{{- if eq .Values.global.security.aaf.enabled true }}
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
nameOverride: mariadb-galera
serviceName: mariadb-galera
servicePort: "3306"
- mariadbRootPassword: secretpassword
+ # mariadbRootPassword: secretpassword
+ # rootPasswordExternalSecret: some secret
#This flag allows SO to instantiate its own mariadb-galera cluster,
#serviceName and nameOverride should be so-mariadb-galera if this flag is enabled
localCluster: false
dbPort: 3306
dbUser: root
dbPassword: secretpassword
+ # dbCredsExternalSecret: some secret
msbEnabled: true
security:
aaf:
certs:
trustStorePassword: b25hcDRzbw==
keyStorePassword: c280b25hcA==
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-root-pass
+ name: &dbRootPassSecretName '{{ include "common.release" . }}-so-db-root-pass'
+ type: password
+ externalSecret: '{{ ternary .Values.global.mariadbGalera.rootPasswordExternalSecret (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.rootPasswordExternalSecret) .Values.global.mariadbGalera.localCluster }}'
+ password: '{{ .Values.global.mariadbGalera.mariadbRootpassword }}'
+ - uid: db-backup-creds
+ name: &dbBackupCredsSecretName '{{ include "common.release" . }}-so-db-backup-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary .Values.global.migration.dbCredsExternalSecret "migrationDisabled" .Values.global.migration.enabled }}'
+ login: '{{ ternary .Values.global.migration.dbUser "migrationDisabled" .Values.global.migration.enabled }}'
+ password: '{{ ternary .Values.global.migration.dbPassword "migrationDisabled" .Values.global.migration.enabled }}'
+ passwordPolicy: required
+ annotations:
+ helm.sh/hook: pre-upgrade,pre-install
+ helm.sh/hook-weight: "0"
+ helm.sh/hook-delete-policy: before-hook-creation
+ - uid: db-user-creds
+ name: &dbUserCredsSecretName '{{ include "common.release" . }}-so-db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.dbCreds.userCredsExternalSecret }}'
+ login: '{{ .Values.dbCreds.userName }}'
+ password: '{{ .Values.dbCreds.userPassword }}'
+ passwordPolicy: generate
+ - uid: db-admin-creds
+ name: &dbAdminCredsSecretName '{{ include "common.release" . }}-so-db-admin-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.dbCreds.adminCredsExternalSecret }}'
+ login: '{{ .Values.dbCreds.adminName }}'
+ password: '{{ .Values.dbCreds.adminPassword }}'
+ passwordPolicy: generate
+
#################################################################
# Application configuration defaults.
#################################################################
+
+dbSecrets: &dbSecrets
+ userCredsExternalSecret: *dbUserCredsSecretName
+ adminCredsExternalSecret: *dbAdminCredsSecretName
+
+# unused in this, just to pass to subcharts
+dbCreds:
+ userName: so_user
+ adminName: so_admin
+
repository: nexus3.onap.org:10001
image: onap/so/api-handler-infra:1.5.3
pullPolicy: Always
# --set so.global.mariadbGalera.nameOverride=so-mariadb-galera \
# --set so.global.mariadbGalera.serviceName=so-mariadb-galera
mariadb-galera:
+ config:
+ mariadbRootPasswordExternalSecret: *dbRootPassSecretName
nameOverride: so-mariadb-galera
replicaCount: 1
service:
auth: 51EA5414022D7BE536E7516C4D1A6361416921849B72C0D6FC1C7F262FD9F2BBC2AD124190A332D9845A188AD80955567A4F975C84C221EEA8243BFD92FFE6896CDD1EA16ADD34E1E3D47D4A
health:
auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ=
+
so-bpmn-infra:
+ db:
+ <<: *dbSecrets
cds:
auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
aai:
vnfm:
adapter:
auth: Basic dm5mbTpwYXNzd29yZDEk
+
so-catalog-db-adapter:
+ db:
+ <<: *dbSecrets
mso:
config:
cadi:
adapters:
db:
auth: Basic YnBlbDpwYXNzd29yZDEk
+
so-openstack-adapter:
+ db:
+ <<: *dbSecrets
aaf:
auth:
encrypted: 7F182B0C05D58A23A1C4966B9CDC9E0B8BC5CD53BC8C7B4083D869F8D53E9BDC3EFD55C94B1D3F
noAuthn: /manage/health
db:
auth: Basic YnBlbDpwYXNzd29yZDEk
+
so-request-db-adapter:
+ db:
+ <<: *dbSecrets
mso:
config:
cadi:
adapters:
requestDb:
auth: Basic YnBlbDpwYXNzd29yZDEk
+
so-sdc-controller:
+ db:
+ <<: *dbSecrets
aai:
auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
mso:
asdc-controller1:
password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
so-sdnc-adapter:
+ db:
+ <<: *dbSecrets
org:
onap:
so:
auth: Basic YnBlbDpwYXNzd29yZDEk
rest:
aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+
so-vfc-adapter:
+ db:
+ <<: *dbSecrets
mso:
config:
cadi:
aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
apiEnforcement: org.onap.so.vnfmAdapterPerm
noAuthn: /manage/health
+
+so-monitoring:
+ db:
+ <<: *dbSecrets
+
+so-mariadb:
+ db:
+ rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
+ rootPasswordExternalSecret: '{{ ternary .Values.db.rootPasswordExternalSecretLocalDb (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}'
+ backupCredsExternalSecret: *dbBackupCredsSecretName
+ userCredsExternalSecret: *dbUserCredsSecretName
+ adminCredsExternalSecret: *dbAdminCredsSecretName
Code Review / oom.git / commitdiff