summaryrefslogtreecommitdiffstats
path: root/kubernetes/appc/templates
diff options
context:
space:
mode:
authorKrzysztof Opasiak <k.opasiak@samsung.com>2020-01-23 11:49:25 +0100
committerKrzysztof Opasiak <k.opasiak@samsung.com>2020-02-01 00:10:01 +0100
commite74ed5cd24df70e1e9b137eadf8e32d5c89f236b (patch)
tree09e2881a74abd0833dd7328364c6a666dbeba67c /kubernetes/appc/templates
parent3ed9c940d61526344303ad29d9ce1dc50eb4117a (diff)
[APPC] Don't hardcode mariadb root password
You should never ever assume that secretpassword is a production ready password for your mariadb-galera instance. Instead let's just share a secret with our instance of mariadb-galera. Issue-ID: OOM-2275 Change-Id: I25486ad81a2ec428dbbd379ab3529c84f55acc4b Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Diffstat (limited to 'kubernetes/appc/templates')
-rw-r--r--kubernetes/appc/templates/secrets.yaml14
-rw-r--r--kubernetes/appc/templates/statefulset.yaml5
2 files changed, 2 insertions, 17 deletions
diff --git a/kubernetes/appc/templates/secrets.yaml b/kubernetes/appc/templates/secrets.yaml
index 57311a0077..65a6b24eb7 100644
--- a/kubernetes/appc/templates/secrets.yaml
+++ b/kubernetes/appc/templates/secrets.yaml
@@ -12,16 +12,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- db-root-password: {{ .Values.config.mariadbRootPassword | b64enc | quote }}
+{{ include "common.secret" . }}
diff --git a/kubernetes/appc/templates/statefulset.yaml b/kubernetes/appc/templates/statefulset.yaml
index 9a62426adb..5ed2970c45 100644
--- a/kubernetes/appc/templates/statefulset.yaml
+++ b/kubernetes/appc/templates/statefulset.yaml
@@ -69,10 +69,7 @@ spec:
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-root-password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
- name: SDNC_CONFIG_DIR
value: "{{ .Values.config.configDir }}"
- name: APPC_CONFIG_DIR