diff options
| author |   Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-02-19 01:44:30 +0100 |
|---|---|---|
| committer | Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-03-13 02:22:34 +0100 |
| commit | 967946cac8b5885baae4532cfee88f0ce7ae7aac (patch) | |
| tree | 7cb5ed73a42b2dd29fbd896bae9d8d240c7e1f2a /kubernetes/appc/values.yaml | |
| parent | 367b492a7fab6170e726b24e39fe82d0c19358ae (diff) | |
[APPC] Use common secret tamplate for mariadb-galera credentials
Use init container construction & common secret template to remove
hardcoded mysql db credentials.
For now credentials are still hardcoded in the values file to avoid
making too many changes at once.
I also had to make properties files writeable because appc uses some
weird design and modifies them inside main container while starting
odl.
Issue-ID: OOM-2275
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ie36522fc1fdf92a382d5f25a54d4cb150b57ea35
Diffstat (limited to 'kubernetes/appc/values.yaml')
| -rw-r--r-- | kubernetes/appc/values.yaml | 43 |
1 files changed, 39 insertions, 4 deletions
diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml index ac96820c35..fd6e31f133 100644 --- a/kubernetes/appc/values.yaml +++ b/kubernetes/appc/values.yaml @@ -22,6 +22,8 @@ global: readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + # envsusbt + envsubstImage: dibi/envsubst persistence: mountPath: /dockerdata-nfs @@ -30,8 +32,23 @@ global: ################################################################# secrets: - uid: "db-root-pass" - externalSecret: '{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}' + name: '{{ include "common.release" . }}-appc-db-root-pass' + externalSecret: '{{ .Values.config.dbRootPassExternalSecret }}' type: password + password: '{{ .Values.config.dbRootPass }}' + - uid: 'appcdb-user-creds' + name: '{{ include "common.release" . }}-appcdb-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.appcdb.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.appcdb.userName }}' + password: '{{ .Values.config.appcdb.password }}' + - uid: 'sdncdb-user-creds' + name: '{{ include "common.release" . }}-sdncdb-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.sdncdb.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.sdncdb.userName }}' + password: '{{ .Values.config.sdncdb.password }}' + ################################################################# # Application configuration defaults. @@ -47,13 +64,26 @@ debugEnabled: false # application configuration config: +# dbRootPassExternalSecret: some secret +# dbRootPass: password + appcdb: + # Warning: changing this config option may not work. + # It seems that the DB name is hardcoded. + dbName: appcctl + userName: appcctl + password: appcctl + # userCredsExternalSecret: some secret + sdncdb: + # Warning: changing this config option may not work. + # It seems that the DB name is hardcoded. + dbName: sdnctl + userName: sdnctl + password: gamma + # userCredsExternalSecret: some secret odlUid: 100 odlGid: 101 ansibleServiceName: appc-ansible-server ansiblePort: 8000 - userName: my-user - userPassword: my-password - mysqlDatabase: my-database mariadbGaleraSVCName: appc-dbhost mariadbGaleraContName: appc-db enableAAF: true @@ -85,6 +115,8 @@ appc-ansible-server: mariadb-galera: nameOverride: appc-db + config: + mariadbRootPasswordExternalSecret: '{{ include "common.release" . }}-appc-db-root-pass' service: name: appc-dbhost portName: appc-dbhost @@ -98,6 +130,9 @@ mariadb-galera: dgbuilder: nameOverride: appc-dgbuilder config: + db: + rootPasswordExternalSecret: '{{ include "common.release" . }}-appc-db-root-pass' + userCredentialsExternalSecret: '{{ include "common.release" . }}-sdncdb-user-creds' dbPodName: appc-db dbServiceName: appc-dbhost service: |