[SO] Use common secret template in so-mariadb
Use common secrete template in so-mariadb component.
For now passwords are stil hardcoded but this will be removed in
further commits.
Issue-ID: OOM-2328
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I70b13b14d0ddad8913f45c7cabed0c0d221d0005
diff --git a/kubernetes/so/charts/so-mariadb/templates/job.yaml b/kubernetes/so/charts/so-mariadb/templates/job.yaml
index 68c6017..c300209 100644
--- a/kubernetes/so/charts/so-mariadb/templates/job.yaml
+++ b/kubernetes/so/charts/so-mariadb/templates/job.yaml
@@ -43,14 +43,11 @@
- name: DB_HOST
value: {{ .Values.global.migration.dbHost }}
- name: DB_USER
- value: {{ .Values.global.migration.dbUser }}
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-backup-creds" "key" "login") | indent 10 }}
- name: DB_PORT
value: "{{ .Values.global.migration.dbPort }}"
- name: DB_PASS
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-migration
- key: db-root-password-backup
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-backup-creds" "key" "password") | indent 10 }}
command:
- /bin/bash
- -c
@@ -138,10 +135,7 @@
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-root-password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
diff --git a/kubernetes/so/charts/so-mariadb/templates/secrets.yaml b/kubernetes/so/charts/so-mariadb/templates/secrets.yaml
index 1c309fa..746fe61 100644
--- a/kubernetes/so/charts/so-mariadb/templates/secrets.yaml
+++ b/kubernetes/so/charts/so-mariadb/templates/secrets.yaml
@@ -1,4 +1,5 @@
# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -11,36 +12,5 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- db-root-password: {{ .Values.global.mariadbGalera.mariadbRootPassword | b64enc | quote }}
-{{- if .Values.global.migration.enabled }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-migration
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- "helm.sh/hook": pre-upgrade,pre-install
- "helm.sh/hook-weight": "0"
- "helm.sh/hook-delete-policy": before-hook-creation
-type: Opaque
-data:
- db-root-password-backup: {{ .Values.global.migration.dbPassword | b64enc | quote }}
-{{- end }}
+
+{{ include "common.secret" . }}
diff --git a/kubernetes/so/charts/so-mariadb/values.yaml b/kubernetes/so/charts/so-mariadb/values.yaml
index acf9cb4..a5586c6 100755
--- a/kubernetes/so/charts/so-mariadb/values.yaml
+++ b/kubernetes/so/charts/so-mariadb/values.yaml
@@ -26,6 +26,28 @@
ubuntuInitRepository: registry.hub.docker.com
#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-root-pass
+ name: '{{ include "common.release" . }}-so-mariadb-root-pass'
+ type: password
+ externalSecret: '{{ .Values.db.rootPasswordExternalSecret }}'
+ password: '{{ .Values.db.rootPassword }}'
+ passwordPolicy: required
+ - uid: db-backup-creds
+ name: '{{ include "common.release" . }}-so-mariadb-backup-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.db.backupCredsExternalSecret }}'
+ login: '{{ .Values.db.backupUser }}'
+ password: '{{ .Values.db.backupPassword }}'
+ passwordPolicy: required
+ annotations:
+ helm.sh/hook: pre-upgrade,pre-install
+ helm.sh/hook-weight: "0"
+ helm.sh/hook-delete-policy: before-hook-creation
+
+#################################################################
# Application configuration defaults.
#################################################################
# application image
@@ -34,6 +56,13 @@
pullPolicy: Always
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+# db config
+db:
+ rootPassword: secretpassword
+ # rootPasswordExternalSecret: some secret
+ backupPassword: secretpassword
+ backupUser: root
+ # backupCredsExternalSecret: some secret
# application configuration
config:
# gerrit branch where the latest heat code is checked in