From d73224418141fb7a2bae8d083de8f6e88e493c3d Mon Sep 17 00:00:00 2001 From: Krzysztof Opasiak Date: Thu, 30 Jan 2020 12:10:40 +0100 Subject: [COMMON] Use common secret template in mariadb-init Use common secret template for all passwords that are used inside this chart. Issue-ID: OOM-2248 Change-Id: Ia94b87a4d0316a3d334fd492521be5a255c14b4e Signed-off-by: Krzysztof Opasiak Signed-off-by: Sylvain Desbureaux --- .../common/mariadb-init/templates/_mariadb.tpl | 6 +--- kubernetes/common/mariadb-init/templates/job.yaml | 21 ++++-------- .../common/mariadb-init/templates/secret.yaml | 39 +++++++++++++--------- 3 files changed, 30 insertions(+), 36 deletions(-) (limited to 'kubernetes/common/mariadb-init/templates') diff --git a/kubernetes/common/mariadb-init/templates/_mariadb.tpl b/kubernetes/common/mariadb-init/templates/_mariadb.tpl index 231fd875e2..64c15ed862 100644 --- a/kubernetes/common/mariadb-init/templates/_mariadb.tpl +++ b/kubernetes/common/mariadb-init/templates/_mariadb.tpl @@ -18,9 +18,5 @@ Choose the name of the mariadb secret to use. */}} {{- define "mariadbInit.mariadbClusterSecret" -}} - {{- if (eq "default" .Values.global.mariadbGalera.userRootSecret) -}} - {{- printf "%s-%s-db-root-password" (include "common.release" .) .Values.global.mariadbGalera.nameOverride -}} - {{- else -}} - {{- .Values.global.mariadbGalera.userRootSecret -}} - {{- end -}} + {{- printf "%s-%s-db-root-password" (include "common.release" .) (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride) -}} {{- end -}} diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml index 1cdd5024ff..5202d572a2 100644 --- a/kubernetes/common/mariadb-init/templates/job.yaml +++ b/kubernetes/common/mariadb-init/templates/job.yaml @@ -60,26 +60,17 @@ spec: - name: DB_PORT value: "{{ .Values.global.mariadbGalera.servicePort }}" - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mariadbInit.mariadbClusterSecret" . }} - key: {{ .Values.global.mariadbGalera.userRootSecretKey }} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }} - name: {{ printf "MYSQL_USER_%s" .Values.config.mysqlDatabase | upper }} - value: "{{ .Values.config.userName }}" + {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }} - name: {{ printf "MYSQL_PASSWORD_%s" .Values.config.mysqlDatabase | upper }} - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-user-password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }} {{- $root := . }} -{{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }} +{{ range $db, $_values := .Values.config.mysqlAdditionalDatabases }} - name: {{ printf "MYSQL_USER_%s" $db | upper }} - value: {{ $dbInfos.user }} + {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "login") | indent 10 }} - name: {{ printf "MYSQL_PASSWORD_%s" $db | upper }} - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" $root }}-secret - key: {{ printf "db-%s-user-password" $db }} + {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "password") | indent 10 }} {{ end }} volumeMounts: - mountPath: /etc/localtime diff --git a/kubernetes/common/mariadb-init/templates/secret.yaml b/kubernetes/common/mariadb-init/templates/secret.yaml index f30d582110..71a89d019b 100644 --- a/kubernetes/common/mariadb-init/templates/secret.yaml +++ b/kubernetes/common/mariadb-init/templates/secret.yaml @@ -12,19 +12,26 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -type: Opaque -data: - db-user-password: {{ index .Values.config.userPassword | b64enc | quote }} -{{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }} - {{ printf "db-%s-user-password" $db}}: {{ $dbInfos.password | b64enc | quote }} -{{ end }} +{{- define "mariadb-init._update-secrets" -}} + {{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }} +{{ printf "- uid: %s" $db }} +{{ printf " type: basicAuth" }} + {{- if $dbInfos.externalSecret }} +{{ printf " externalSecret: %s" $dbInfos.externalSecret }} + {{- end }} +{{ printf " login: %s" $dbInfos.user }} +{{ printf " password: %s" $dbInfos.password }} +{{ printf " passwordPolicy: required" }} + {{- end -}} +{{- end -}} + +{{ $global := . }} +{{ $secretsString := .Values.secrets | toYaml | indent 2 }} +{{ $additionalSecretsString := (include "mariadb-init._update-secrets" .) | indent 2 }} +{{ $finalSecretsString := (cat "\nsecrets:\n" $secretsString $additionalSecretsString) | replace " -" " -" }} +{{ $finalSecrets := ($finalSecretsString | fromYaml).secrets }} + +{{ $newValues := set $global.Values "secrets" $finalSecrets }} +{{ $tmpGlobal := set $global "Values" $newValues }} + +{{ include "common.secret" $tmpGlobal }} -- cgit 1.2.3-korg