summaryrefslogtreecommitdiffstats
path: root/kubernetes/oof/charts/oof-cmso/values.yaml
diff options
context:
space:
mode:
authorkrishnaa96 <krishna.moorthy6@wipro.com>2020-07-28 19:22:50 +0530
committerkrishnaa96 <krishna.moorthy6@wipro.com>2020-09-07 14:24:52 +0530
commit2849ae544fdaa67cd782b2f79d0de7fd9b82c193 (patch)
tree92b3c68b6a63ecdd64c9d760fa9b8e5a707d7ed5 /kubernetes/oof/charts/oof-cmso/values.yaml
parented7b049fe6646b36a0af1047e6126618e93d10bb (diff)
[OOF] use non-root user to access cmso database
Move mariadb galera config from global to root Add service name to mariadb-init config Fix mariadb-init secret to use Additional databases Create separate users for cmso service and optimizer Issue-ID: OPTFRA-800 Signed-off-by: krishnaa96 <krishna.moorthy6@wipro.com> Change-Id: I5b91d297d35125ca242f40fe1a6328da0f4daa62
Diffstat (limited to 'kubernetes/oof/charts/oof-cmso/values.yaml')
-rw-r--r--kubernetes/oof/charts/oof-cmso/values.yaml57
1 files changed, 40 insertions, 17 deletions
diff --git a/kubernetes/oof/charts/oof-cmso/values.yaml b/kubernetes/oof/charts/oof-cmso/values.yaml
index b1c3561538..d712965d59 100644
--- a/kubernetes/oof/charts/oof-cmso/values.yaml
+++ b/kubernetes/oof/charts/oof-cmso/values.yaml
@@ -1,4 +1,5 @@
# Copyright © 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -17,24 +18,31 @@
#################################################################
secrets:
- uid: cmso-db-root-password
- name: '{{ include "common.release" . }}-cmso-db-root-password'
+ name: &rootPassword '{{ include "common.release" . }}-cmso-db-root-password'
type: password
password: ''
policy: generate
+ - uid: cmso-service-db-secret
+ name: &serviceDbCreds '{{ include "common.release" . }}-cmso-service-db-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.service.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.service.userName }}'
+ password: '{{ .Values.config.db.service.userPassword }}'
+ passwordPolicy: generate
- uid: cmso-db-secret
- name: '{{ include "common.release" . }}-cmso-db-secret'
+ name: &optimizerDbCreds '{{ include "common.release" . }}-cmso-optimizer-db-secret'
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
- login: '{{ .Values.config.db.userName }}'
- password: '{{ .Values.config.db.userPassword }}'
+ externalSecret: '{{ tpl (default "" .Values.config.db.optimizer.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.optimizer.userName }}'
+ password: '{{ .Values.config.db.optimizer.userPassword }}'
passwordPolicy: generate
mariadb-galera:
replicaCount: 1
- nameOverride: cmso-db
+ nameOverride: &containerName cmso-db
service:
type: ClusterIP
- name: oof-cmso-dbhost
+ name: &serviceName oof-cmso-dbhost
portName: cmso-dbhost
nfsprovisionerPrefix: cmso
sdnctlPrefix: cmso
@@ -43,9 +51,9 @@ mariadb-galera:
enabled: true
disableNfsProvisioner: true
config:
- mariadbRootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
- userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
- mysqlDatabase: cmso
+ mariadbRootPasswordExternalSecret: *rootPassword
+ # userCredentialsExternalSecret: *dbCreds
+ # mysqlDatabase: cmso
externalConfig: |
[mysqld]
lower_case_table_names = 1
@@ -62,6 +70,20 @@ global:
busyBoxImage: busybox:1.30
busyBoxRepository: docker.io
+mariadb-init:
+ mariadbGalera:
+ containerName: *containerName
+ serviceName: *serviceName
+ servicePort: 3306
+ userRootSecret: *rootPassword
+ config:
+ userCredentialsExternalSecret: *serviceDbCreds
+ mysqlDatabase: cmso
+ mysqlAdditionalDatabases:
+ optimizer:
+ externalSecret: *optimizerDbCreds
+ nameOverride: cmso-db-config
+
flavor: small
config:
@@ -69,15 +91,17 @@ config:
logstashServiceName: log-ls
logstashPort: 5044
db:
- # userCredentialsExternalsecret: some secret
- userName: cmso-admin
- # userPassword: password
+ service:
+ # userCredentialsExternalsecret: some secret
+ userName: cmso-admin
+ # userPassword: password
+ optimizer:
+ userName: cmso-optimizer
oof-cmso-service:
config:
db:
- userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
- rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
+ userCredentialsExternalSecret: *serviceDbCreds
host: oof-cmso-dbhost
container: cmso-db
mysqlDatabase: cmso
@@ -85,8 +109,7 @@ oof-cmso-service:
oof-cmso-optimizer:
config:
db:
- userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
- rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
+ userCredentialsExternalSecret: *optimizerDbCreds
host: oof-cmso-dbhost
container: cmso-db
mysqlDatabase: optimizer