From d74a65962b4ece0e89b0ef66912ce367a6187e15 Mon Sep 17 00:00:00 2001
From: Krzysztof Opasiak <k.opasiak@samsung.com>
Date: Fri, 7 Feb 2020 21:06:58 +0100
Subject: [OOF] Use common secret template for mariadb credentials

Remove all hardcoded credentials for mariadb and depend on common
secret template to generate all passwords at the deployment time.

Issue-ID: OOM-2292
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I54e57b317a8852469bcc11aabf6ddf0040ff5eb3
---
 kubernetes/oof/charts/oof-cmso/values.yaml | 46 +++++++++++++++++++++++++++---
 1 file changed, 42 insertions(+), 4 deletions(-)

(limited to 'kubernetes/oof/charts/oof-cmso/values.yaml')

diff --git a/kubernetes/oof/charts/oof-cmso/values.yaml b/kubernetes/oof/charts/oof-cmso/values.yaml
index c97138bded..2b8ad9487d 100644
--- a/kubernetes/oof/charts/oof-cmso/values.yaml
+++ b/kubernetes/oof/charts/oof-cmso/values.yaml
@@ -12,6 +12,23 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: cmso-db-root-password
+    name: '{{ include "common.release" . }}-cmso-db-root-password'
+    type: password
+    password: ''
+    policy: generate
+  - uid: cmso-db-secret
+    name: '{{ include "common.release" . }}-cmso-db-secret'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+    login: '{{ .Values.config.db.userName }}'
+    password: '{{ .Values.config.db.userPassword }}'
+    passwordPolicy: generate
+
 mariadb-galera:
   replicaCount: 1
   nameOverride: cmso-db
@@ -26,9 +43,8 @@ mariadb-galera:
     enabled: true
   disableNfsProvisioner: true
   config:
-    mariadbRootPassword: beer
-    userName: cmso-admin
-    userPassword: nimda-osmc
+    mariadbRootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
+    userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
     mysqlDatabase: cmso
   externalConfig: |
     [mysqld]
@@ -49,4 +65,26 @@ flavor: small
 config:
   log:
     logstashServiceName: log-ls
-    logstashPort: 5044
\ No newline at end of file
+    logstashPort: 5044
+  db:
+    # userCredentialsExternalsecret: some secret
+    userName: cmso-admin
+    # userPassword: password
+
+oof-cmso-service:
+  config:
+    db:
+      userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
+      rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
+      host: oof-cmso-dbhost
+      container: cmso-db
+      mysqlDatabase: cmso
+
+oof-cmso-optimizer:
+  config:
+    db:
+      userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
+      rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
+      host: oof-cmso-dbhost
+      container: cmso-db
+      mysqlDatabase: optimizer
-- 
cgit 1.2.3-korg