From 894aafb845ca5169fa47fcff9fe8fe29c9e4a208 Mon Sep 17 00:00:00 2001
From: Krzysztof Opasiak <k.opasiak@samsung.com>
Date: Fri, 31 Jan 2020 23:28:25 +0100
Subject: [Modeling] Use common secret template for mariadb root password

Remove hardcoded root password from the modeling chart.
Because of huge number of issues in modeling docker image
(see onap-discuss for details) I don't want to touch it.
That's why I just made an awful hack to concatenate DB
username and password before the entrypoint script.

Please keep in mind that this eliminates only hardcoded
root password but there is plenty of other credentials that
are boiled into container image (DB, SDC, VCF-REDIS(!) etc).

Issue-ID: OOM-2286
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Id85a03ec7f55885b606179d10e8b6528c6cb6947
---
 .../modeling-etsicatalog/templates/deployment.yaml  | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

(limited to 'kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml')

diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml
index d8790e7d5b..a2e03b8bf6 100644
--- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml
+++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml
@@ -49,6 +49,11 @@ spec:
         name: {{ include "common.name" . }}-readiness
       containers:
         - name: {{ include "common.name" . }}
+          command:
+            - bash
+          args:
+            - -c
+            - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
@@ -68,14 +73,14 @@ spec:
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           env:
-            - name: MSB_ADDR
-              value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
-            - name: MYSQL_ADDR
-              value: "{{ .Values.config.dbServiceName }}:{{ .Values.config.dbPort }}"
-            - name: MYSQL_AUTH
-              value: "{{ .Values.config.dbUser }}:{{ index .Values "mariadb-galera" "config" "mariadbRootPassword" }}"
-            - name: REDIS_ADDR
-              value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+          - name: MSB_ADDR
+            value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+          - name: MYSQL_ADDR
+            value: {{ (index .Values "mariadb-galera" "service" "name") }}:{{ (index .Values "mariadb-galera" "service" "internalPort") }}
+          - name: MYSQL_ROOT_PASSWORD
+            {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12}}
+          - name: REDIS_ADDR
+            value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
           volumeMounts:
           - name: {{ include "common.fullname" . }}-etsicatalog
             mountPath: /service/modeling/etsicatalog/static
-- 
cgit 1.2.3-korg