From 32f9aaa9b02da0cc442d83c5413684ddc9674381 Mon Sep 17 00:00:00 2001 From: Krzysztof Opasiak Date: Thu, 6 Feb 2020 23:05:15 +0100 Subject: [PATCH] [CDS] Use common secret tamplate for mariadb-galera Use common secret template for cds-db mariadb-galera instance. Issue-ID: OOM-2263 Signed-off-by: Krzysztof Opasiak Change-Id: I4723c84f0079735abddce032ebc3b99541dabb53 --- .../resources/config/application.properties | 10 +++--- .../templates/deployment.yaml | 29 ++++++++++++++++- .../templates/secrets.yaml | 14 ++++++++ .../charts/cds-blueprints-processor/values.yaml | 30 +++++++++++++++++ kubernetes/cds/templates/secrets.yaml | 14 ++++++++ kubernetes/cds/values.yaml | 38 ++++++++++++++++++---- 6 files changed, 123 insertions(+), 12 deletions(-) create mode 100644 kubernetes/cds/charts/cds-blueprints-processor/templates/secrets.yaml create mode 100644 kubernetes/cds/templates/secrets.yaml diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties index 6013cc730e..d36f0bce85 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties +++ b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties @@ -42,9 +42,9 @@ blueprintsprocessor.httpPort=8080 blueprintsprocessor.grpcPort=9111 # db -blueprintsprocessor.db.url=jdbc:mysql://cds-db:3306/sdnctl -blueprintsprocessor.db.username=sdnctl -blueprintsprocessor.db.password=sdnctl +blueprintsprocessor.db.url=jdbc:mysql://{{.Values.config.cdsDB.dbServer}}:{{.Values.config.cdsDB.dbPort}}/{{.Values.config.cdsDB.dbName}} +blueprintsprocessor.db.username=${CDS_DB_USERNAME} +blueprintsprocessor.db.password=${CDS_DB_PASSWORD} blueprintsprocessor.db.driverClassName=org.mariadb.jdbc.Driver blueprintsprocessor.db.hibernateHbm2ddlAuto=update blueprintsprocessor.db.hibernateDDLAuto=update @@ -53,9 +53,9 @@ blueprintsprocessor.db.hibernateDialect=org.hibernate.dialect.MySQL5InnoDBDialec # processor-db endpoint blueprintsprocessor.db.processor-db.type=maria-db -blueprintsprocessor.db.processor-db.url=jdbc:mysql://mariadb-galera:3306/sdnctl +blueprintsprocessor.db.processor-db.url=jdbc:mysql://{{.Values.config.cdsDB.dbServer}}:{{.Values.config.cdsDB.dbPort}}/{{.Values.config.cdsDB.dbName}} blueprintsprocessor.db.processor-db.username=root -blueprintsprocessor.db.processor-db.password=secretpassword +blueprintsprocessor.db.processor-db.password=${CDS_DB_ROOT_PASSWORD} # Python executor blueprints.processor.functions.python.executor.executionPath=/opt/app/onap/scripts/jython/ccsdk_blueprints diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml index 1f7c858ab7..3a887f193e 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml @@ -1,4 +1,5 @@ # Copyright (c) 2019 IBM, Bell Canada +# Copyright (c) 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -43,6 +44,29 @@ spec: release: {{ include "common.release" . }} spec: initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst '${CDS_DB_USERNAME},${CDS_DB_PASSWORD},${CDS_DB_ROOT_PASSWORD}' <${PFILE} >/config/${PFILE}; done" + env: + - name: CDS_DB_USERNAME + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cds-db-user-creds" "key" "login") | indent 10}} + - name: CDS_DB_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cds-db-user-creds" "key" "password") | indent 10}} + - name: CDS_DB_ROOT_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cds-db-root-pass" "key" "password") | indent 10}} + + volumeMounts: + - mountPath: /config-input/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties + - mountPath: /config + name: processed-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + - command: - /root/ready.py args: @@ -114,7 +138,7 @@ spec: name: localtime readOnly: true - mountPath: {{ .Values.config.appConfigDir }}/application.properties - name: {{ include "common.fullname" . }}-config + name: processed-config subPath: application.properties - mountPath: {{ .Values.config.appConfigDir }}/error-messages_en.properties name: {{ include "common.fullname" . }}-config @@ -163,5 +187,8 @@ spec: - name: {{ include "common.fullname" . }}-blueprints persistentVolumeClaim: claimName: {{ include "common.release" . }}-cds-blueprints + - name: processed-config + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/secrets.yaml b/kubernetes/cds/charts/cds-blueprints-processor/templates/secrets.yaml new file mode 100644 index 0000000000..87edb92a4b --- /dev/null +++ b/kubernetes/cds/charts/cds-blueprints-processor/templates/secrets.yaml @@ -0,0 +1,14 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{ include "common.secret" . }} diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml index 9bcf03ad3e..50c33c2f75 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml @@ -1,4 +1,5 @@ # Copyright (c) 2019 IBM, Bell Canada +# Copyright (c) 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -33,6 +34,25 @@ global: persistence: mountPath: /dockerdata-nfs + # envsusbt + envsubstImage: dibi/envsubst + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: 'cds-db-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.cdsDB.dbCredsExternalSecret) . }}' + login: '{{ .Values.config.cdsDB.dbUser }}' + password: '{{ .Values.config.cdsDB.dbPassword }}' + passwordPolicy: required + - uid: 'cds-db-root-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cdsDB.dbRootPassExternalSecret) . }}' + password: '{{ .Values.config.cdsDB.dbRootPassword }}' + passwordPolicy: required + ################################################################# # Application configuration defaults. ################################################################# @@ -48,6 +68,15 @@ debugEnabled: false config: appConfigDir: /opt/app/onap/config useScriptCompileCache: true + cdsDB: + dbServer: cds-db + dbPort: 3306 + dbName: sdnctl + # dbUser: sdnctl + # dbPassword: sdnctl + # dbCredsExternalSecret: + # dbRootPassword: password + # dbRootPassExternalSecret # default number of instances replicaCount: 1 @@ -60,6 +89,7 @@ affinity: {} # custom kafka cluster. dmaapEnabled: true + # probe configuration parameters liveness: initialDelaySeconds: 120 diff --git a/kubernetes/cds/templates/secrets.yaml b/kubernetes/cds/templates/secrets.yaml new file mode 100644 index 0000000000..87edb92a4b --- /dev/null +++ b/kubernetes/cds/templates/secrets.yaml @@ -0,0 +1,14 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{ include "common.secret" . }} diff --git a/kubernetes/cds/values.yaml b/kubernetes/cds/values.yaml index fec878960c..1ead35e234 100644 --- a/kubernetes/cds/values.yaml +++ b/kubernetes/cds/values.yaml @@ -1,3 +1,4 @@ +# Copyright © 2020 Samsung Electronics # Copyright © 2019 Orange, Bell Canada # Copyright © 2017 Amdocs, Bell Canada # @@ -27,6 +28,22 @@ global: persistence: mountPath: /dockerdata-nfs +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - name: &dbUserSecretName '{{ include "common.release" . }}-cds-db-secret' + uid: 'cds-db-secret' + type: basicAuth + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "cds-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}' + login: '{{ index .Values "mariadb-galera" "config" "userName" }}' + password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}' + - name: &dbRootPasswordSecretName '{{ include "common.release" . }}-cds-db-root-pass' + uid: 'cds-db-root-pass' + type: password + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) .) (hasSuffix "cds-db-root-pass" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret"))}}' + password: '{{ index .Values "mariadb-galera" "config" "mariadbRootPassword" }}' + ################################################################# # Application configuration defaults. ################################################################# @@ -64,14 +81,14 @@ readiness: ingress: enabled: false - mariadb-galera: config: - userName: sdnctl - userPassword: sdnctl - mariadbRootPassword: sdnctl - mysqlDatabase: sdnctl - nameOverride: cds-db + userName: sdnctl + # userPassword: sdnctl + userCredentialsExternalSecret: *dbUserSecretName + mariadbRootPasswordExternalSecret: *dbRootPasswordSecretName + mysqlDatabase: &mysqlDbName sdnctl + nameOverride: &dbServer cds-db service: name: cds-db portName: cds-db @@ -80,6 +97,15 @@ mariadb-galera: enabled: true mountSubPath: cds/data +cds-blueprints-processor: + config: + cdsDB: + dbServer: *dbServer + dbPort: 3306 + dbName: *mysqlDbName + dbCredsExternalSecret: *dbUserSecretName + dbRootPassExternalSecret: *dbRootPasswordSecretName + #Resource Limit flavor -By Default using small flavor: small #segregation for different envionment (Small and Large) -- 2.16.6