diff options
m--------- | kubernetes/aai | 0 | ||||
m--------- | kubernetes/robot | 0 | ||||
-rw-r--r-- | kubernetes/so/charts/so-mariadb/templates/job.yaml | 12 | ||||
-rw-r--r-- | kubernetes/so/charts/so-mariadb/templates/secrets.yaml | 36 | ||||
-rwxr-xr-x | kubernetes/so/charts/so-mariadb/values.yaml | 29 |
5 files changed, 35 insertions, 42 deletions
diff --git a/kubernetes/aai b/kubernetes/aai -Subproject 4f4d14ab45a2225953961136220041189d56601 +Subproject 3d1bbe894ff20bc8b1512591c6d8993b4d2009b diff --git a/kubernetes/robot b/kubernetes/robot -Subproject c854b484ebbd5e0c1be1e6a032a79beeb4cab6f +Subproject 3fa8381f2a1e5f030ee1388466417817dda0fbe diff --git a/kubernetes/so/charts/so-mariadb/templates/job.yaml b/kubernetes/so/charts/so-mariadb/templates/job.yaml index 68c6017b91..c3002093eb 100644 --- a/kubernetes/so/charts/so-mariadb/templates/job.yaml +++ b/kubernetes/so/charts/so-mariadb/templates/job.yaml @@ -43,14 +43,11 @@ spec: - name: DB_HOST value: {{ .Values.global.migration.dbHost }} - name: DB_USER - value: {{ .Values.global.migration.dbUser }} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-backup-creds" "key" "login") | indent 10 }} - name: DB_PORT value: "{{ .Values.global.migration.dbPort }}" - name: DB_PASS - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }}-migration - key: db-root-password-backup + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-backup-creds" "key" "password") | indent 10 }} command: - /bin/bash - -c @@ -138,10 +135,7 @@ spec: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.readwrite.port - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-root-password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 10 }} volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/so/charts/so-mariadb/templates/secrets.yaml b/kubernetes/so/charts/so-mariadb/templates/secrets.yaml index 1c309faffb..746fe61ccc 100644 --- a/kubernetes/so/charts/so-mariadb/templates/secrets.yaml +++ b/kubernetes/so/charts/so-mariadb/templates/secrets.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,36 +12,5 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - db-root-password: {{ .Values.global.mariadbGalera.mariadbRootPassword | b64enc | quote }} -{{- if .Values.global.migration.enabled }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-migration - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": pre-upgrade,pre-install - "helm.sh/hook-weight": "0" - "helm.sh/hook-delete-policy": before-hook-creation -type: Opaque -data: - db-root-password-backup: {{ .Values.global.migration.dbPassword | b64enc | quote }} -{{- end }} + +{{ include "common.secret" . }} diff --git a/kubernetes/so/charts/so-mariadb/values.yaml b/kubernetes/so/charts/so-mariadb/values.yaml index acf9cb4f33..a5586c6665 100755 --- a/kubernetes/so/charts/so-mariadb/values.yaml +++ b/kubernetes/so/charts/so-mariadb/values.yaml @@ -26,6 +26,28 @@ global: ubuntuInitRepository: registry.hub.docker.com ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-root-pass + name: '{{ include "common.release" . }}-so-mariadb-root-pass' + type: password + externalSecret: '{{ .Values.db.rootPasswordExternalSecret }}' + password: '{{ .Values.db.rootPassword }}' + passwordPolicy: required + - uid: db-backup-creds + name: '{{ include "common.release" . }}-so-mariadb-backup-creds' + type: basicAuth + externalSecret: '{{ .Values.db.backupCredsExternalSecret }}' + login: '{{ .Values.db.backupUser }}' + password: '{{ .Values.db.backupPassword }}' + passwordPolicy: required + annotations: + helm.sh/hook: pre-upgrade,pre-install + helm.sh/hook-weight: "0" + helm.sh/hook-delete-policy: before-hook-creation + +################################################################# # Application configuration defaults. ################################################################# # application image @@ -34,6 +56,13 @@ image: mariadb:10.1.38 pullPolicy: Always ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 +# db config +db: + rootPassword: secretpassword + # rootPasswordExternalSecret: some secret + backupPassword: secretpassword + backupUser: root + # backupCredsExternalSecret: some secret # application configuration config: # gerrit branch where the latest heat code is checked in |