[OOF] use non-root user to access cmso database

Move mariadb galera config from global to root Add service name to mariadb-init config Fix mariadb-init secret to use Additional databases Create separate users for cmso service and optimizer Issue-ID: OPTFRA-800 Signed-off-by: krishnaa96 <krishna.moorthy6@wipro.com> Change-Id: I5b91d297d35125ca242f40fe1a6328da0f4daa62
author: krishnaa96 <krishna.moorthy6@wipro.com> 2020-07-28 19:22:50 +0530
committer: krishnaa96 <krishna.moorthy6@wipro.com> 2020-09-07 14:24:52 +0530
commit: 2849ae544fdaa67cd782b2f79d0de7fd9b82c193 (patch)
tree: 92b3c68b6a63ecdd64c9d760fa9b8e5a707d7ed5 /kubernetes/oof/charts/oof-cmso/charts
parent: ed7b049fe6646b36a0af1047e6126618e93d10bb (diff)
4 files changed, 38 insertions, 18 deletions
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml
index 15ce71b716..2f12eec5c0 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -48,6 +49,20 @@ spec:
         image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
+      - name: {{ include "common.name" . }}-db-config-readiness
+        command:
+        - /app/ready.py
+        args:
+        - -j
+        - "{{ include "common.release" . }}-cmso-db-config-config-job"
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
       - name: {{ include "common.name" . }}-chown
         command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
         image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
@@ -64,11 +79,11 @@ spec:
         - name: DB_PORT
           value: {{ .Values.config.db.port | quote}}
         - name: DB_USERNAME
-          value: {{ .Values.config.db.root }}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
         - name: DB_SCHEMA
           value: {{ .Values.config.db.mysqlDatabase }}
         - name: DB_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
         terminationMessagePolicy: File
         volumeMounts:
         - name: {{ include "common.fullname" . }}-config
@@ -85,11 +100,11 @@ spec:
         - name: DB_PORT
           value: {{ .Values.config.db.port | quote}}
         - name: DB_USERNAME
-          value: {{ .Values.config.db.root }}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
         - name: DB_SCHEMA
           value: {{ .Values.config.db.mysqlDatabase }}
         - name: DB_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
         - name: JAVA_TRUSTSTORE
           value: /share/etc/certs/{{ .Values.global.truststoreFile }}
         - name: SSL_KEYSTORE
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml
index 5de87f5be1..e511728261 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2019 AT&T
+# Copyright (C) 2020 Wipro Limited.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -39,11 +40,6 @@ debugEnabled: false
 # Secrets metaconfig
 #################################################################
 secrets:
-  - uid: cmso-db-root-password
-    type: password
-    password: '{{ .Values.config.db.rootPassword }}'
-    externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
-    policy: required
   - uid: cmso-db-user-secret
     type: basicAuth
     externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
@@ -88,7 +84,6 @@ service:
 config:
   db:
     port: 3306
-    root: root
 #    rootPassword: pass
 #    rootPasswordExternalSecret: some secret
 #    user: cmso-admin
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml
index ff37e8f218..cb7a76f546 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml
@@ -1,4 +1,5 @@
 # Copyright (c) 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -48,6 +49,20 @@ spec:
         image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
+      - name: {{ include "common.name" . }}-db-config-readiness
+        command:
+        - /app/ready.py
+        args:
+        - -j
+        - "{{ include "common.release" . }}-cmso-db-config-config-job"
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
       - name: {{ include "common.name" . }}-chown
         command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
         image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
@@ -64,11 +79,11 @@ spec:
         - name: DB_PORT
           value: {{ .Values.config.db.port | quote}}
         - name: DB_USERNAME
-          value: {{ .Values.config.db.root }}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
         - name: DB_SCHEMA
           value: {{ .Values.config.db.mysqlDatabase }}
         - name: DB_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
         terminationMessagePolicy: File
         volumeMounts:
         - name: {{ include "common.fullname" . }}-config
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml
index f8326272c6..d086411704 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2018-2019 AT&T
+# Copyright (C) 2020 Wipro Limited.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -39,11 +40,6 @@ debugEnabled: false
 # Secrets metaconfig
 #################################################################
 secrets:
-  - uid: cmso-db-root-password
-    type: password
-    password: '{{ .Values.config.db.rootPassword }}'
-    externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
-    policy: required
   - uid: cmso-db-user-secret
     type: basicAuth
     externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
@@ -88,7 +84,6 @@ service:
 config:
   db:
     port: 3306
-    root: root
 #    rootPassword: pass
 #    rootPasswordExternalSecret: some secret
 #    user: cmso-admin
author	krishnaa96 <krishna.moorthy6@wipro.com>	2020-07-28 19:22:50 +0530
committer	krishnaa96 <krishna.moorthy6@wipro.com>	2020-09-07 14:24:52 +0530
commit	2849ae544fdaa67cd782b2f79d0de7fd9b82c193 (patch)
tree	92b3c68b6a63ecdd64c9d760fa9b8e5a707d7ed5 /kubernetes/oof/charts/oof-cmso/charts
parent	ed7b049fe6646b36a0af1047e6126618e93d10bb (diff)