[DCAEGEN2][dashboard] Use common secret template for postgres credentials
Even through we use common secret template both passwords are still
hardcoded in common postgres chart but this will be removed as a final
step just like we did for mariadb-galera.
Issue-ID: OOM-2250
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ic8d8a53093ccdf5f91a26ce9ac2734fe36ccca4f
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
index a926fb3..bab0344 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
@@ -126,11 +126,11 @@
- name: consul_url
value: http://consul-server-ui:8500
- name: postgres_user_dashboard
- value: {{ .Values.postgres.config.pgUserName }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 14 }}
+ - name: postgres_password_dashboard
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 14 }}
- name: postgres_db_name
value: {{ .Values.postgres.config.pgDatabase }}
- - name: postgres_password_dashboard
- value: {{ .Values.postgres.config.pgUserPassword }}
- name: postgres_ip
value: {{ .Values.postgres.service.name2 }}
- name: POD_IP
@@ -169,4 +169,3 @@
name: tls-info
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml
new file mode 100644
index 0000000..b143034
--- /dev/null
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+# #
+# # Licensed under the Apache License, Version 2.0 (the "License");
+# # you may not use this file except in compliance with the License.
+# # You may obtain a copy of the License at
+# #
+# # http://www.apache.org/licenses/LICENSE-2.0
+# #
+# # Unless required by applicable law or agreed to in writing, software
+# # distributed under the License is distributed on an "AS IS" BASIS,
+# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# # See the License for the specific language governing permissions and
+# # limitations under the License.
+*/}}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
index fd70694..8e3f94d 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
@@ -27,6 +27,15 @@
tlsRepository: nexus3.onap.org:10001
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+secrets:
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-dcae-dashboard-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "dcae-dashboard-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
+
config:
logstashServiceName: log-ls
logstashPort: 5044
@@ -81,10 +90,8 @@
replica: dcae-dashboard-pg-replica
config:
pgUserName: dashboard_pg_admin
+ pgUserExternalSecret: *pgUserCredsSecretName
pgDatabase: dashboard_pg_db_common
- pgPrimaryPassword: onapdemodb
- pgUserPassword: onapdemodb
- pgRootPassword: onapdemodb
pgPort: "5432"
persistence:
mountSubPath: dcae-dashboard/data