aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKrzysztof Opasiak <k.opasiak@samsung.com>2020-01-31 23:28:25 +0100
committerKrzysztof Opasiak <k.opasiak@samsung.com>2020-02-02 11:22:12 +0100
commit894aafb845ca5169fa47fcff9fe8fe29c9e4a208 (patch)
tree4a99c7a8c400c5e5832e70921083a91bd7aaca58
parent43893f5e389b648063d88977ae5fba9364df85c3 (diff)
[Modeling] Use common secret template for mariadb root password
Remove hardcoded root password from the modeling chart. Because of huge number of issues in modeling docker image (see onap-discuss for details) I don't want to touch it. That's why I just made an awful hack to concatenate DB username and password before the entrypoint script. Please keep in mind that this eliminates only hardcoded root password but there is plenty of other credentials that are boiled into container image (DB, SDC, VCF-REDIS(!) etc). Issue-ID: OOM-2286 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Id85a03ec7f55885b606179d10e8b6528c6cb6947
-rw-r--r--kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml21
-rw-r--r--kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml15
-rw-r--r--kubernetes/modeling/charts/modeling-etsicatalog/values.yaml17
3 files changed, 37 insertions, 16 deletions
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml
index d8790e7d5b..a2e03b8bf6 100644
--- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml
+++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml
@@ -49,6 +49,11 @@ spec:
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
+ command:
+ - bash
+ args:
+ - -c
+ - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
@@ -68,14 +73,14 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- - name: MYSQL_ADDR
- value: "{{ .Values.config.dbServiceName }}:{{ .Values.config.dbPort }}"
- - name: MYSQL_AUTH
- value: "{{ .Values.config.dbUser }}:{{ index .Values "mariadb-galera" "config" "mariadbRootPassword" }}"
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+ - name: MSB_ADDR
+ value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+ - name: MYSQL_ADDR
+ value: {{ (index .Values "mariadb-galera" "service" "name") }}:{{ (index .Values "mariadb-galera" "service" "internalPort") }}
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12}}
+ - name: REDIS_ADDR
+ value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
volumeMounts:
- name: {{ include "common.fullname" . }}-etsicatalog
mountPath: /service/modeling/etsicatalog/static
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml
new file mode 100644
index 0000000000..d053c484be
--- /dev/null
+++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml
@@ -0,0 +1,15 @@
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml
index 2244d5f3d9..bb5a76b0ee 100644
--- a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml
+++ b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml
@@ -32,16 +32,23 @@ global:
mountPath: /dockerdata-nfs
#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "db-root-pass"
+ externalSecret: '{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}'
+ type: password
+
+#################################################################
# Dependencies configuration
#################################################################
mariadb-galera:
- config:
- mariadbRootPassword: secretpassword
nameOverride: modeling-mariadb
service:
name: modeling-db
portName: modeling-db
+ internalPort: 3306
nfsprovisionerPrefix: modeling
persistence:
mountSubPath: modeling/data
@@ -64,12 +71,6 @@ istioSidecar: true
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
-config:
- dbServiceName: modeling-db
- dbPort: 3306
- dbUser: root
-
# default number of instances
replicaCount: 1