[DCAEGEN2][dashboard] Use common secret template for postgres credentials

Even through we use common secret template both passwords are still
hardcoded in common postgres chart but this will be removed as a final
step just like we did for mariadb-galera.

Issue-ID: OOM-2250
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ic8d8a53093ccdf5f91a26ce9ac2734fe36ccca4f

diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
index a926fb3..bab0344 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
@@ -126,11 +126,11 @@ spec:
             - name: consul_url
               value: http://consul-server-ui:8500
             - name: postgres_user_dashboard
-              value: {{ .Values.postgres.config.pgUserName }}
+              {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 14 }}
+            - name: postgres_password_dashboard
+              {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 14 }}
             - name: postgres_db_name
               value: {{ .Values.postgres.config.pgDatabase }}
-            - name: postgres_password_dashboard
-              value: {{ .Values.postgres.config.pgUserPassword }}
             - name: postgres_ip
               value: {{ .Values.postgres.service.name2 }}
             - name: POD_IP
@@ -169,4 +169,3 @@ spec:
           name: tls-info
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
-

diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml
new file mode 100644 (file)
index 0000000..b143034
--- /dev/null
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+# #
+# # Licensed under the Apache License, Version 2.0 (the "License");
+# # you may not use this file except in compliance with the License.
+# # You may obtain a copy of the License at
+# #
+# #       http://www.apache.org/licenses/LICENSE-2.0
+# #
+# # Unless required by applicable law or agreed to in writing, software
+# # distributed under the License is distributed on an "AS IS" BASIS,
+# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# # See the License for the specific language governing permissions and
+# # limitations under the License.
+*/}}
+{{ include "common.secretFast" . }}

diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
index fd70694..8e3f94d 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
@@ -27,6 +27,15 @@ global:
   tlsRepository: nexus3.onap.org:10001
   tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
 
+secrets:
+  - uid: pg-user-creds
+    name: &pgUserCredsSecretName '{{ include "common.release" . }}-dcae-dashboard-pg-user-creds'
+    type: basicAuth
+    externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "dcae-dashboard-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+    login: '{{ .Values.postgres.config.pgUserName }}'
+    password: '{{ .Values.postgres.config.pgUserPassword }}'
+    passwordPolicy: generate
+
 config:
   logstashServiceName: log-ls
   logstashPort: 5044
@@ -81,10 +90,8 @@ postgres:
       replica: dcae-dashboard-pg-replica
   config:
     pgUserName: dashboard_pg_admin
+    pgUserExternalSecret: *pgUserCredsSecretName
     pgDatabase: dashboard_pg_db_common
-    pgPrimaryPassword: onapdemodb
-    pgUserPassword: onapdemodb
-    pgRootPassword: onapdemodb
     pgPort: "5432"
   persistence:
     mountSubPath: dcae-dashboard/data