summaryrefslogtreecommitdiffstats
path: root/kubernetes/modeling/charts/modeling-etsicatalog/templates
diff options
context:
space:
mode:
authorKrzysztof Opasiak <k.opasiak@samsung.com>2020-01-31 23:28:25 +0100
committerKrzysztof Opasiak <k.opasiak@samsung.com>2020-02-02 11:22:12 +0100
commit894aafb845ca5169fa47fcff9fe8fe29c9e4a208 (patch)
tree4a99c7a8c400c5e5832e70921083a91bd7aaca58 /kubernetes/modeling/charts/modeling-etsicatalog/templates
parent43893f5e389b648063d88977ae5fba9364df85c3 (diff)
[Modeling] Use common secret template for mariadb root password
Remove hardcoded root password from the modeling chart. Because of huge number of issues in modeling docker image (see onap-discuss for details) I don't want to touch it. That's why I just made an awful hack to concatenate DB username and password before the entrypoint script. Please keep in mind that this eliminates only hardcoded root password but there is plenty of other credentials that are boiled into container image (DB, SDC, VCF-REDIS(!) etc). Issue-ID: OOM-2286 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Id85a03ec7f55885b606179d10e8b6528c6cb6947
Diffstat (limited to 'kubernetes/modeling/charts/modeling-etsicatalog/templates')
-rw-r--r--kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml21
-rw-r--r--kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml15
2 files changed, 28 insertions, 8 deletions
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml
index d8790e7d5b..a2e03b8bf6 100644
--- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml
+++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml
@@ -49,6 +49,11 @@ spec:
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
+ command:
+ - bash
+ args:
+ - -c
+ - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
@@ -68,14 +73,14 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- - name: MYSQL_ADDR
- value: "{{ .Values.config.dbServiceName }}:{{ .Values.config.dbPort }}"
- - name: MYSQL_AUTH
- value: "{{ .Values.config.dbUser }}:{{ index .Values "mariadb-galera" "config" "mariadbRootPassword" }}"
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+ - name: MSB_ADDR
+ value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+ - name: MYSQL_ADDR
+ value: {{ (index .Values "mariadb-galera" "service" "name") }}:{{ (index .Values "mariadb-galera" "service" "internalPort") }}
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12}}
+ - name: REDIS_ADDR
+ value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
volumeMounts:
- name: {{ include "common.fullname" . }}-etsicatalog
mountPath: /service/modeling/etsicatalog/static
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml
new file mode 100644
index 0000000000..d053c484be
--- /dev/null
+++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml
@@ -0,0 +1,15 @@
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}