[POLICY] Use common secret template in brmsgw
Use common secret template in brmsgw module instead of hardcoding them in
config map.
For now creds are hardcoded but this will be remove in further commits.
Issue-ID: OOM-2342
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Change-Id: Ic6ea25004d87d993b40df838dd30a71e25386b2c
diff --git a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf
index 7c58b3d..1598a8f 100644
--- a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf
+++ b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf
@@ -21,10 +21,10 @@
REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/
REST_PDP_ID=https://{{ .Values.global.pdp.nameOverride }}:{{.Values.config.pdpPort}}/pdp/
-PDP_HTTP_USER_ID=testpdp
-PDP_HTTP_PASSWORD=alpha123
-PDP_PAP_PDP_HTTP_USER_ID=testpap
-PDP_PAP_PDP_HTTP_PASSWORD=alpha123
+PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID}
+PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD}
+PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID}
+PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD}
M2_HOME=/usr/share/java/maven-3
snapshotRepositoryID=policy-nexus-snapshots
@@ -33,8 +33,8 @@
releaseRepositoryID=policy-nexus-releases
releaseRepositoryName=Releases
releaseRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases
-repositoryUsername=admin
-repositoryPassword=admin123
+repositoryUsername=${REPOSITORY_USERNAME}
+repositoryPassword=${REPOSITORY_PASSWORD}
UEB_URL=message-router
UEB_TOPIC=PDPD-CONFIGURATION
UEB_API_KEY=
diff --git a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml
index 5bbffb5..a636e90 100644
--- a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml
+++ b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml
@@ -42,6 +42,19 @@
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: JDBC_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: PDP_HTTP_USER_ID
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
+ - name: PDP_HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
+ - name: PDP_PAP_PDP_HTTP_USER_ID
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
+ - name: PDP_PAP_PDP_HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
+ - name: REPOSITORY_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }}
+ - name: REPOSITORY_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }}
+ volumeMounts:
volumeMounts:
- mountPath: /config-input
name: pe
@@ -77,6 +90,19 @@
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: JDBC_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: PDP_HTTP_USER_ID
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
+ - name: PDP_HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
+ - name: PDP_PAP_PDP_HTTP_USER_ID
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
+ - name: PDP_PAP_PDP_HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
+ - name: REPOSITORY_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }}
+ - name: REPOSITORY_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }}
+ volumeMounts:
ports:
- containerPort: {{ .Values.service.externalPort }}
{{- if eq .Values.liveness.enabled true }}
diff --git a/kubernetes/policy/charts/brmsgw/values.yaml b/kubernetes/policy/charts/brmsgw/values.yaml
index bf6ccab..ee47b4a 100644
--- a/kubernetes/policy/charts/brmsgw/values.yaml
+++ b/kubernetes/policy/charts/brmsgw/values.yaml
@@ -32,6 +32,24 @@
login: '{{ .Values.db.user }}'
password: '{{ .Values.db.password }}'
passwordPolicy: required
+ - uid: pdp-http-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}'
+ login: '{{ .Values.pdp.pdphttpuserid }}'
+ password: '{{ .Values.pdp.pdphttppassword }}'
+ passwordPolicy: required
+ - uid: pap-http-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}'
+ login: '{{ .Values.pap.pdppappdphttpuserid }}'
+ password: '{{ .Values.pap.pdppappdphttppassword }}'
+ passwordPolicy: required
+ - uid: nexus-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.nexus.nexusCredsExternalSecret) . }}'
+ login: '{{ .Values.nexus.repositoryUsername }}'
+ password: '{{ .Values.nexus.repositoryPassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
@@ -53,6 +71,15 @@
db:
user: policy_user
password: policy_user
+pdp:
+ pdphttpuserid: testpdp
+ pdphttppassword: alpha123
+pap:
+ pdppappdphttpuserid: testpap
+ pdppappdphttppassword: alpha123
+nexus:
+ repositoryUsername: admin
+ repositoryPassword: admin123
# default number of instances
replicaCount: 1