diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 750c602..1c5ca4f 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -31,13 +31,27 @@ #%dev.quarkus.datasource.jdbc.url = jdbc:postgresql://localhost:5432/hibernate_db %dev.quarkus.hibernate-orm.database.generation=drop-and-create + %stage.quarkus.kubernetes-config.secrets.enabled=true -quarkus.kubernetes-config.secrets=postgresql +%stage.quarkus.kubernetes-config.secrets=postgresql %stage.quarkus.datasource.jdbc.url=jdbc:postgresql://postgresql:5432/${database-name} %stage.quarkus.datasource.username=${database-user} %stage.quarkus.datasource.password=${database-password} %stage.quarkus.hibernate-orm.database.generation=drop-and-create +# Production settings. We db-name and the user are located on a config map (database-envs). The password is located on a +# secret (database-envs). +%prod.quarkus.kubernetes-config.secrets.enabled=true +%prod.quarkus.kubernetes-config.secrets=database-envs +%prod.quarkus.kubernetes.env.mapping.db-user.from-configmap=database-envs +%prod.quarkus.kubernetes.env.mapping.db-user.with-key=POSTGRESQL_USER +%prod.quarkus.kubernetes.env.mapping.db-name.from-configmap=database-envs +%prod.quarkus.kubernetes.env.mapping.db-name.with-key=POSTGRESQL_DATABASE +%prod.quarkus.datasource.jdbc.url=jdbc:postgresql://postgresql:5432/${db-name} +%prod.quarkus.datasource.username=${db-user} +%prod.quarkus.datasource.password=${postgresql_password} +%prod.quarkus.hibernate-orm.database.generation=update + #Always provide swagger ui quarkus.swagger-ui.always-include=true @@ -57,7 +71,26 @@ quarkus.arc.remove-unused-beans=false %stage.quarkus.openshift.route.target-port=https %stage.quarkus.openshift.route.tls.insecure-edge-termination-policy=redirect %stage.quarkus.openshift.namespace=pct-security-tooling -quarkus.openshift.namespace=pct-security-tooling + + +#Production settings + +#Always provide swagger ui + +# Probably we need to check these 2 settings +%prod.quarkus.openshift.service-account=osh-wrapper-client-sa +%prod.quarkus.openshift.namespace=pct-security-tooling + +%prod.quarkus.openshift.name=osh +%prod.quarkus.openshift.labels.env=prod +%prod.quarkus.log.level=DEBUG + +#Only in Quarkus > 3.x +%prod.quarkus.openshift.route.tls.termination=edge +#As we cant create a edge terminated route (quarkus <3.x) lets disable route creation for now +%prod.quarkus.openshift.route.expose=false +%prod.quarkus.openshift.route.target-port=https +%prod.quarkus.openshift.route.tls.insecure-edge-termination-policy=redirect ########################################## # Kerberos Specifics # @@ -74,6 +107,21 @@ quarkus.openshift.namespace=pct-security-tooling %stage.quarkus.openshift.config-map-volumes.osh-wrapper-config-vol.items."linux-krb5.conf".path=linux-krb5.conf %stage.quarkus.openshift.mounts.osh-wrapper-config-vol.read-only=true + +## Production settings + +%prod.quarkus.openshift.secret-volumes.osh-wrapper.secret-name=kerberos-keytab-osh +%prod.quarkus.openshift.mounts.osh-wrapper.path=/kerberos +%prod.quarkus.openshift.mounts.osh-wrapper.read-only=true +%prod.quarkus.kerberos.keytab-path= /kerberos/kerberos-keytab-osh +%prod.quarkus.kerberos.service-principal-name= HTTP/prodsec-scanchain.apps.ocp-c1.prod.psi.redhat.com + +%prod.quarkus.openshift.mounts.osh-wrapper-config-vol.path=/etc/krb5.conf +%prod.quarkus.openshift.mounts.osh-wrapper-config-vol.sub-path=linux-krb5.conf +%prod.quarkus.openshift.config-map-volumes.osh-wrapper-config-vol.config-map-name=kerberos-config +%prod.quarkus.openshift.config-map-volumes.osh-wrapper-config-vol.items."linux-krb5.conf".path=linux-krb5.conf +%prod.quarkus.openshift.mounts.osh-wrapper-config-vol.read-only=true + ########################################## # Tekton Specifics (Used in app) # ##########################################