diff options
author | krishnaa96 <krishna.moorthy6@wipro.com> | 2020-07-28 19:22:50 +0530 |
---|---|---|
committer | krishnaa96 <krishna.moorthy6@wipro.com> | 2020-09-07 14:24:52 +0530 |
commit | 2849ae544fdaa67cd782b2f79d0de7fd9b82c193 (patch) | |
tree | 92b3c68b6a63ecdd64c9d760fa9b8e5a707d7ed5 /kubernetes/oof/charts/oof-cmso/values.yaml | |
parent | ed7b049fe6646b36a0af1047e6126618e93d10bb (diff) |
[OOF] use non-root user to access cmso database
Move mariadb galera config from global to root
Add service name to mariadb-init config
Fix mariadb-init secret to use Additional databases
Create separate users for cmso service and optimizer
Issue-ID: OPTFRA-800
Signed-off-by: krishnaa96 <krishna.moorthy6@wipro.com>
Change-Id: I5b91d297d35125ca242f40fe1a6328da0f4daa62
Diffstat (limited to 'kubernetes/oof/charts/oof-cmso/values.yaml')
-rw-r--r-- | kubernetes/oof/charts/oof-cmso/values.yaml | 57 |
1 files changed, 40 insertions, 17 deletions
diff --git a/kubernetes/oof/charts/oof-cmso/values.yaml b/kubernetes/oof/charts/oof-cmso/values.yaml index b1c3561538..d712965d59 100644 --- a/kubernetes/oof/charts/oof-cmso/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 AT&T +# Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,24 +18,31 @@ ################################################################# secrets: - uid: cmso-db-root-password - name: '{{ include "common.release" . }}-cmso-db-root-password' + name: &rootPassword '{{ include "common.release" . }}-cmso-db-root-password' type: password password: '' policy: generate + - uid: cmso-service-db-secret + name: &serviceDbCreds '{{ include "common.release" . }}-cmso-service-db-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.service.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.service.userName }}' + password: '{{ .Values.config.db.service.userPassword }}' + passwordPolicy: generate - uid: cmso-db-secret - name: '{{ include "common.release" . }}-cmso-db-secret' + name: &optimizerDbCreds '{{ include "common.release" . }}-cmso-optimizer-db-secret' type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' - login: '{{ .Values.config.db.userName }}' - password: '{{ .Values.config.db.userPassword }}' + externalSecret: '{{ tpl (default "" .Values.config.db.optimizer.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.optimizer.userName }}' + password: '{{ .Values.config.db.optimizer.userPassword }}' passwordPolicy: generate mariadb-galera: replicaCount: 1 - nameOverride: cmso-db + nameOverride: &containerName cmso-db service: type: ClusterIP - name: oof-cmso-dbhost + name: &serviceName oof-cmso-dbhost portName: cmso-dbhost nfsprovisionerPrefix: cmso sdnctlPrefix: cmso @@ -43,9 +51,9 @@ mariadb-galera: enabled: true disableNfsProvisioner: true config: - mariadbRootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password' - userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret' - mysqlDatabase: cmso + mariadbRootPasswordExternalSecret: *rootPassword + # userCredentialsExternalSecret: *dbCreds + # mysqlDatabase: cmso externalConfig: | [mysqld] lower_case_table_names = 1 @@ -62,6 +70,20 @@ global: busyBoxImage: busybox:1.30 busyBoxRepository: docker.io +mariadb-init: + mariadbGalera: + containerName: *containerName + serviceName: *serviceName + servicePort: 3306 + userRootSecret: *rootPassword + config: + userCredentialsExternalSecret: *serviceDbCreds + mysqlDatabase: cmso + mysqlAdditionalDatabases: + optimizer: + externalSecret: *optimizerDbCreds + nameOverride: cmso-db-config + flavor: small config: @@ -69,15 +91,17 @@ config: logstashServiceName: log-ls logstashPort: 5044 db: - # userCredentialsExternalsecret: some secret - userName: cmso-admin - # userPassword: password + service: + # userCredentialsExternalsecret: some secret + userName: cmso-admin + # userPassword: password + optimizer: + userName: cmso-optimizer oof-cmso-service: config: db: - userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret' - rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password' + userCredentialsExternalSecret: *serviceDbCreds host: oof-cmso-dbhost container: cmso-db mysqlDatabase: cmso @@ -85,8 +109,7 @@ oof-cmso-service: oof-cmso-optimizer: config: db: - userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret' - rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password' + userCredentialsExternalSecret: *optimizerDbCreds host: oof-cmso-dbhost container: cmso-db mysqlDatabase: optimizer |