[POLICY] Remove hardcoded credentials from policy-api
This patch remove hardcoded healthcheck credentials from policy-api.
Issue-ID: OOM-2342
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Change-Id: Ifc12d78fc1f7f00dd1466c32553453f0273661a3
diff --git a/kubernetes/policy/charts/policy-api/resources/config/config.json b/kubernetes/policy/charts/policy-api/resources/config/config.json
index 2e46cca..fba7e6c 100644
--- a/kubernetes/policy/charts/policy-api/resources/config/config.json
+++ b/kubernetes/policy/charts/policy-api/resources/config/config.json
@@ -20,8 +20,8 @@
"restServerParameters":{
"host":"0.0.0.0",
"port":6969,
- "userName":"healthcheck",
- "password":"zb!XztG34",
+ "userName":"${RESTSERVER_USER}",
+ "password":"${RESTSERVER_PASSWORD}",
"https": true,
"aaf": false
},
diff --git a/kubernetes/policy/charts/policy-api/templates/deployment.yaml b/kubernetes/policy/charts/policy-api/templates/deployment.yaml
index 777cc49..e1f699e 100644
--- a/kubernetes/policy/charts/policy-api/templates/deployment.yaml
+++ b/kubernetes/policy/charts/policy-api/templates/deployment.yaml
@@ -39,9 +39,13 @@
- "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- name: SQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }}
- name: SQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }}
+ - name: RESTSERVER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 12 }}
+ - name: RESTSERVER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 12 }}
volumeMounts:
- mountPath: /config-input
name: apiconfig
diff --git a/kubernetes/policy/charts/policy-api/values.yaml b/kubernetes/policy/charts/policy-api/values.yaml
index 2e31f6b..48eb689 100644
--- a/kubernetes/policy/charts/policy-api/values.yaml
+++ b/kubernetes/policy/charts/policy-api/values.yaml
@@ -28,12 +28,18 @@
# Secrets metaconfig
#################################################################
secrets:
- - uid: db-secret
+ - uid: db-creds
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
login: '{{ .Values.db.user }}'
password: '{{ .Values.db.password }}'
passwordPolicy: required
+ - uid: restserver-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ login: '{{ .Values.restServer.user }}'
+ password: '{{ .Values.restServer.password }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
@@ -50,6 +56,9 @@
db:
user: policy_user
password: policy_user
+restServer:
+ user: healthcheck
+ password: zb!XztG34
# default number of instances
replicaCount: 1