From e74ed5cd24df70e1e9b137eadf8e32d5c89f236b Mon Sep 17 00:00:00 2001
From: Krzysztof Opasiak <k.opasiak@samsung.com>
Date: Thu, 23 Jan 2020 11:49:25 +0100
Subject: [APPC] Don't hardcode mariadb root password

You should never ever assume that secretpassword is a production
ready password for your mariadb-galera instance. Instead let's
just share a secret with our instance of mariadb-galera.

Issue-ID: OOM-2275
Change-Id: I25486ad81a2ec428dbbd379ab3529c84f55acc4b
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
---
 kubernetes/appc/values.yaml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'kubernetes/appc/values.yaml')

diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml
index 4dfb2263ad..a4cd0a644a 100644
--- a/kubernetes/appc/values.yaml
+++ b/kubernetes/appc/values.yaml
@@ -25,6 +25,14 @@ global:
   persistence:
     mountPath: /dockerdata-nfs
 
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: "db-root-pass"
+    externalSecret: '{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}'
+    type: password
+
 #################################################################
 # Application configuration defaults.
 #################################################################
@@ -43,7 +51,6 @@ config:
   odlGid: 101
   ansibleServiceName: appc-ansible-server
   ansiblePort: 8000
-  mariadbRootPassword: secretpassword
   userName: my-user
   userPassword: my-password
   mysqlDatabase: my-database
-- 
cgit 1.2.3-korg