diff options
Diffstat (limited to 'kubernetes/common/mariadb-init')
6 files changed, 57 insertions, 43 deletions
diff --git a/kubernetes/common/mariadb-init/resources/config/db_init.sh b/kubernetes/common/mariadb-init/resources/config/db_init.sh index 8caa697e79..b2fdb14b12 100755 --- a/kubernetes/common/mariadb-init/resources/config/db_init.sh +++ b/kubernetes/common/mariadb-init/resources/config/db_init.sh @@ -17,8 +17,8 @@ while read DB ; do USER_VAR="MYSQL_USER_${DB^^}" PASS_VAR="MYSQL_PASSWORD_${DB^^}" - USER=${USER_VAR} - PASS=${PASS_VAR} + USER=${!USER_VAR} + PASS=${!PASS_VAR} MYSQL_OPTS=( -h ${DB_HOST} -P ${DB_PORT} -uroot -p${MYSQL_ROOT_PASSWORD} ) echo "Creating database ${DB} and user ${USER}..." diff --git a/kubernetes/common/mariadb-init/templates/_mariadb.tpl b/kubernetes/common/mariadb-init/templates/_mariadb.tpl index fb3f7974b9..af9a4f5f02 100644 --- a/kubernetes/common/mariadb-init/templates/_mariadb.tpl +++ b/kubernetes/common/mariadb-init/templates/_mariadb.tpl @@ -18,9 +18,5 @@ Choose the name of the mariadb secret to use. */}} {{- define "mariadbInit.mariadbClusterSecret" -}} - {{- if (eq "default" .Values.global.mariadbGalera.userRootSecret) -}} - {{- printf "%s-mariadb-galera-%s-db-root-password" (include "common.release" .) .Values.global.mariadbGalera.nameOverride -}} - {{- else -}} - {{- .Values.global.mariadbGalera.userRootSecret -}} - {{- end -}} + {{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride)) -}} {{- end -}} diff --git a/kubernetes/common/mariadb-init/templates/configmap.yaml b/kubernetes/common/mariadb-init/templates/configmap.yaml index 9da03668f5..0144ec1907 100644 --- a/kubernetes/common/mariadb-init/templates/configmap.yaml +++ b/kubernetes/common/mariadb-init/templates/configmap.yaml @@ -21,7 +21,7 @@ metadata: labels: app: {{ include "common.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} + release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml index f3ff9934ab..5202d572a2 100644 --- a/kubernetes/common/mariadb-init/templates/job.yaml +++ b/kubernetes/common/mariadb-init/templates/job.yaml @@ -21,7 +21,7 @@ metadata: labels: app: {{ include "common.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} + release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: backoffLimit: 20 @@ -29,7 +29,7 @@ spec: metadata: labels: app: {{ include "common.name" . }} - release: {{ .Release.Name }} + release: {{ include "common.release" . }} name: {{ include "common.name" . }} spec: initContainers: @@ -60,26 +60,17 @@ spec: - name: DB_PORT value: "{{ .Values.global.mariadbGalera.servicePort }}" - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mariadbInit.mariadbClusterSecret" . }} - key: {{ .Values.global.mariadbGalera.userRootSecretKey }} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }} - name: {{ printf "MYSQL_USER_%s" .Values.config.mysqlDatabase | upper }} - value: "{{ .Values.config.userName }}" + {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }} - name: {{ printf "MYSQL_PASSWORD_%s" .Values.config.mysqlDatabase | upper }} - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-user-password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }} {{- $root := . }} -{{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }} +{{ range $db, $_values := .Values.config.mysqlAdditionalDatabases }} - name: {{ printf "MYSQL_USER_%s" $db | upper }} - value: {{ $dbInfos.user }} + {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "login") | indent 10 }} - name: {{ printf "MYSQL_PASSWORD_%s" $db | upper }} - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" $root }}-secret - key: {{ printf "db-%s-user-password" $db }} + {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "password") | indent 10 }} {{ end }} volumeMounts: - mountPath: /etc/localtime diff --git a/kubernetes/common/mariadb-init/templates/secret.yaml b/kubernetes/common/mariadb-init/templates/secret.yaml index f30d582110..71a89d019b 100644 --- a/kubernetes/common/mariadb-init/templates/secret.yaml +++ b/kubernetes/common/mariadb-init/templates/secret.yaml @@ -12,19 +12,26 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -type: Opaque -data: - db-user-password: {{ index .Values.config.userPassword | b64enc | quote }} -{{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }} - {{ printf "db-%s-user-password" $db}}: {{ $dbInfos.password | b64enc | quote }} -{{ end }} +{{- define "mariadb-init._update-secrets" -}} + {{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }} +{{ printf "- uid: %s" $db }} +{{ printf " type: basicAuth" }} + {{- if $dbInfos.externalSecret }} +{{ printf " externalSecret: %s" $dbInfos.externalSecret }} + {{- end }} +{{ printf " login: %s" $dbInfos.user }} +{{ printf " password: %s" $dbInfos.password }} +{{ printf " passwordPolicy: required" }} + {{- end -}} +{{- end -}} + +{{ $global := . }} +{{ $secretsString := .Values.secrets | toYaml | indent 2 }} +{{ $additionalSecretsString := (include "mariadb-init._update-secrets" .) | indent 2 }} +{{ $finalSecretsString := (cat "\nsecrets:\n" $secretsString $additionalSecretsString) | replace " -" " -" }} +{{ $finalSecrets := ($finalSecretsString | fromYaml).secrets }} + +{{ $newValues := set $global.Values "secrets" $finalSecrets }} +{{ $tmpGlobal := set $global "Values" $newValues }} + +{{ include "common.secret" $tmpGlobal }} diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml index d148ba6888..f6ce95a65f 100644 --- a/kubernetes/common/mariadb-init/values.yaml +++ b/kubernetes/common/mariadb-init/values.yaml @@ -23,8 +23,24 @@ global: nameOverride: mariadb-galera servicePort: 3306 # set these two values if you want to access an 'out of ONAP' mariadb - userRootSecret: default - userRootSecretKey: password + # userRootPassword: some-password + # userRootSecret: some-secret-name + # userRootSecretKey: password + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: root-password + type: password + externalSecret: '{{ tpl (default (include "mariadbInit.mariadbClusterSecret" .) .Values.global.mariadbGalera.userRootSecret) . }}' + password: '{{ tpl (default "" .global.mariadbGalera.userRootPassword) . }}' + - uid: '{{ .Values.config.mysqlDatabase }}' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.userName }}' + password: '{{ .Values.config.userPassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -39,6 +55,8 @@ pullPolicy: IfNotPresent config: userPassword: Ci@shsOd3pky1Vji userName: u5WZ1GMSIS1wHZF + # set this value if you would like to use external secret instead of providing a password + # userCredentialsExternalsecret: some-secret-name mysqlDatabase: ynsaUCru6mUNwGal mysqlAdditionalDatabases: {} # add addtional dabases @@ -48,9 +66,11 @@ config: # dbOne: # user: one # password: pwd1 + # externalSecret: some-secret-name # dbTwo: # user: two # password: pwd2 + # externalSecret: some-secret-name config_map: default nodeSelector: {} |