summaryrefslogtreecommitdiffstats
path: root/kubernetes/common
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/common')
-rw-r--r--kubernetes/common/common/templates/_mariadb.tpl4
-rw-r--r--kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml12
-rw-r--r--kubernetes/common/mariadb-galera/templates/secrets.yaml17
-rw-r--r--kubernetes/common/mariadb-galera/templates/statefulset.yaml14
-rw-r--r--kubernetes/common/mariadb-galera/values.yaml18
-rw-r--r--kubernetes/common/mariadb-init/templates/_mariadb.tpl2
-rw-r--r--kubernetes/common/mariadb-init/values.yaml2
7 files changed, 31 insertions, 38 deletions
diff --git a/kubernetes/common/common/templates/_mariadb.tpl b/kubernetes/common/common/templates/_mariadb.tpl
index cd7142fd73..15fb5a4225 100644
--- a/kubernetes/common/common/templates/_mariadb.tpl
+++ b/kubernetes/common/common/templates/_mariadb.tpl
@@ -41,7 +41,7 @@
*/}}
{{- define "common.mariadbSecret" -}}
{{- if .Values.global.mariadbGalera.localCluster -}}
- {{ printf "%s-%s" (include "common.fullname" .) (index .Values "mariadb-galera" "nameOverride") -}}
+ {{ printf "%s-%s-db-user-credentials" (include "common.fullname" .) (index .Values "mariadb-galera" "nameOverride") -}}
{{- else -}}
{{ printf "%s-%s" (.Release.Name) (index .Values "mariadb-init" "nameOverride") -}}
{{- end -}}
@@ -52,7 +52,7 @@
*/}}
{{- define "common.mariadbSecretParam" -}}
{{- if .Values.global.mariadbGalera.localCluster -}}
- {{ printf "user-password" -}}
+ {{ printf "password" -}}
{{- else -}}
{{ printf "db-user-password" -}}
{{- end -}}
diff --git a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml
index a5f1578159..408bd1814c 100644
--- a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml
+++ b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml
@@ -1,5 +1,5 @@
{{/*
-# Copyright © 2019 Amdocs, Bell Canada
+# Copyright © 2019 Amdocs, Bell Canada, Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -86,10 +86,7 @@ spec:
echo "Backup Successful!!!"
env:
- name: DB_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.fullname" . }}
- key: db-root-password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14}}
volumeMounts:
- name: backup-dir
mountPath: /backup
@@ -99,10 +96,7 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.fullname" . }}
- key: db-root-password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14}}
command:
- /bin/bash
- -c
diff --git a/kubernetes/common/mariadb-galera/templates/secrets.yaml b/kubernetes/common/mariadb-galera/templates/secrets.yaml
index 233158f791..3f8eb0b6de 100644
--- a/kubernetes/common/mariadb-galera/templates/secrets.yaml
+++ b/kubernetes/common/mariadb-galera/templates/secrets.yaml
@@ -1,4 +1,5 @@
# Copyright © 2018 Amdocs, Bell Canada
+# Copyright © 2019 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -11,18 +12,4 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ .Release.Name }}"
- heritage: "{{ .Release.Service }}"
-type: Opaque
-data:
- db-root-password: {{ .Values.config.mariadbRootPassword | b64enc | quote }}
- user-password: {{ default "" .Values.config.userPassword | b64enc | quote }} \ No newline at end of file
+{{ include "common.secret" . }}
diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml
index c3cb4aaaf4..a9f1fb37b7 100644
--- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml
+++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2019 Amdocs, Bell Canada, Orange
+# Copyright © 2019 Amdocs, Bell Canada, Orange, Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -61,19 +61,13 @@ spec:
apiVersion: v1
fieldPath: metadata.namespace
- name: MYSQL_USER
- value: {{ default "" .Values.config.userName | quote }}
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-credentials" "key" "login") | indent 14}}
- name: MYSQL_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: user-password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-credentials" "key" "password") | indent 14}}
- name: MYSQL_DATABASE
value: {{ default "" .Values.config.mysqlDatabase | quote }}
- name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-root-password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14}}
ports:
- containerPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml
index 14215e46de..a6dd1ca359 100644
--- a/kubernetes/common/mariadb-galera/values.yaml
+++ b/kubernetes/common/mariadb-galera/values.yaml
@@ -1,4 +1,5 @@
# Copyright © 2018 Amdocs, Bell Canada
+# Copyright © 2019 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -13,6 +14,21 @@
# limitations under the License.
#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "db-root-password"
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.mariadbRootPassword }}'
+ - uid: "db-user-credentials"
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.userName }}'
+ password: '{{ .Values.config.userPassword }}'
+
+
+#################################################################
# Global configuration defaults.
#################################################################
global:
@@ -41,7 +57,9 @@ pullPolicy: IfNotPresent
# application configuration
config:
+ # .mariadbRootPasswordExternalSecret: 'some-external-secret'
mariadbRootPassword: secretpassword
+ # .userCredentialsExternalSecret: 'some-external-secret'
userName: my-user
userPassword: my-password
mysqlDatabase: my-database
diff --git a/kubernetes/common/mariadb-init/templates/_mariadb.tpl b/kubernetes/common/mariadb-init/templates/_mariadb.tpl
index 4f111a5f40..fb3f7974b9 100644
--- a/kubernetes/common/mariadb-init/templates/_mariadb.tpl
+++ b/kubernetes/common/mariadb-init/templates/_mariadb.tpl
@@ -19,7 +19,7 @@
*/}}
{{- define "mariadbInit.mariadbClusterSecret" -}}
{{- if (eq "default" .Values.global.mariadbGalera.userRootSecret) -}}
- {{- printf "%s-mariadb-galera-%s" (include "common.release" .) .Values.global.mariadbGalera.nameOverride -}}
+ {{- printf "%s-mariadb-galera-%s-db-root-password" (include "common.release" .) .Values.global.mariadbGalera.nameOverride -}}
{{- else -}}
{{- .Values.global.mariadbGalera.userRootSecret -}}
{{- end -}}
diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml
index 095ff62ddf..d148ba6888 100644
--- a/kubernetes/common/mariadb-init/values.yaml
+++ b/kubernetes/common/mariadb-init/values.yaml
@@ -24,7 +24,7 @@ global:
servicePort: 3306
# set these two values if you want to access an 'out of ONAP' mariadb
userRootSecret: default
- userRootSecretKey: db-root-password
+ userRootSecretKey: password
#################################################################
# Application configuration defaults.