aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
authorKrzysztof Opasiak <k.opasiak@samsung.com>2020-03-04 23:06:16 +0100
committerSylvain Desbureaux <sylvain.desbureaux@orange.com>2020-03-09 15:00:59 +0000
commit2f8f4b6c976d2d35ef7bd48dc90776958c533a8e (patch)
tree9da1110b35631fd2d393f5141575d6e02ac67a44 /kubernetes
parent1fe2bbe04b2f81623661105d4d8ef32286122257 (diff)
[SO] Use common secret template in so-mariadb
Use common secrete template in so-mariadb component. For now passwords are stil hardcoded but this will be removed in further commits. Issue-ID: OOM-2328 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I70b13b14d0ddad8913f45c7cabed0c0d221d0005
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/so/charts/so-mariadb/templates/job.yaml12
-rw-r--r--kubernetes/so/charts/so-mariadb/templates/secrets.yaml36
-rwxr-xr-xkubernetes/so/charts/so-mariadb/values.yaml29
3 files changed, 35 insertions, 42 deletions
diff --git a/kubernetes/so/charts/so-mariadb/templates/job.yaml b/kubernetes/so/charts/so-mariadb/templates/job.yaml
index 68c6017b91..c3002093eb 100644
--- a/kubernetes/so/charts/so-mariadb/templates/job.yaml
+++ b/kubernetes/so/charts/so-mariadb/templates/job.yaml
@@ -43,14 +43,11 @@ spec:
- name: DB_HOST
value: {{ .Values.global.migration.dbHost }}
- name: DB_USER
- value: {{ .Values.global.migration.dbUser }}
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-backup-creds" "key" "login") | indent 10 }}
- name: DB_PORT
value: "{{ .Values.global.migration.dbPort }}"
- name: DB_PASS
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-migration
- key: db-root-password-backup
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-backup-creds" "key" "password") | indent 10 }}
command:
- /bin/bash
- -c
@@ -138,10 +135,7 @@ spec:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-root-password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
diff --git a/kubernetes/so/charts/so-mariadb/templates/secrets.yaml b/kubernetes/so/charts/so-mariadb/templates/secrets.yaml
index 1c309faffb..746fe61ccc 100644
--- a/kubernetes/so/charts/so-mariadb/templates/secrets.yaml
+++ b/kubernetes/so/charts/so-mariadb/templates/secrets.yaml
@@ -1,4 +1,5 @@
# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -11,36 +12,5 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- db-root-password: {{ .Values.global.mariadbGalera.mariadbRootPassword | b64enc | quote }}
-{{- if .Values.global.migration.enabled }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-migration
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- "helm.sh/hook": pre-upgrade,pre-install
- "helm.sh/hook-weight": "0"
- "helm.sh/hook-delete-policy": before-hook-creation
-type: Opaque
-data:
- db-root-password-backup: {{ .Values.global.migration.dbPassword | b64enc | quote }}
-{{- end }}
+
+{{ include "common.secret" . }}
diff --git a/kubernetes/so/charts/so-mariadb/values.yaml b/kubernetes/so/charts/so-mariadb/values.yaml
index acf9cb4f33..a5586c6665 100755
--- a/kubernetes/so/charts/so-mariadb/values.yaml
+++ b/kubernetes/so/charts/so-mariadb/values.yaml
@@ -26,6 +26,28 @@ global:
ubuntuInitRepository: registry.hub.docker.com
#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-root-pass
+ name: '{{ include "common.release" . }}-so-mariadb-root-pass'
+ type: password
+ externalSecret: '{{ .Values.db.rootPasswordExternalSecret }}'
+ password: '{{ .Values.db.rootPassword }}'
+ passwordPolicy: required
+ - uid: db-backup-creds
+ name: '{{ include "common.release" . }}-so-mariadb-backup-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.db.backupCredsExternalSecret }}'
+ login: '{{ .Values.db.backupUser }}'
+ password: '{{ .Values.db.backupPassword }}'
+ passwordPolicy: required
+ annotations:
+ helm.sh/hook: pre-upgrade,pre-install
+ helm.sh/hook-weight: "0"
+ helm.sh/hook-delete-policy: before-hook-creation
+
+#################################################################
# Application configuration defaults.
#################################################################
# application image
@@ -34,6 +56,13 @@ image: mariadb:10.1.38
pullPolicy: Always
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+# db config
+db:
+ rootPassword: secretpassword
+ # rootPasswordExternalSecret: some secret
+ backupPassword: secretpassword
+ backupUser: root
+ # backupCredsExternalSecret: some secret
# application configuration
config:
# gerrit branch where the latest heat code is checked in