Remove hardcoded root password from the modeling chart.
Because of huge number of issues in modeling docker image
(see onap-discuss for details) I don't want to touch it.
That's why I just made an awful hack to concatenate DB
username and password before the entrypoint script.
Please keep in mind that this eliminates only hardcoded
root password but there is plenty of other credentials that
are boiled into container image (DB, SDC, VCF-REDIS(!) etc).
Issue-ID: OOM-2286
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Id85a03ec7f55885b606179d10e8b6528c6cb6947
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
+ command:
+ - bash
+ args:
+ - -c
+ - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- - name: MYSQL_ADDR
- value: "{{ .Values.config.dbServiceName }}:{{ .Values.config.dbPort }}"
- - name: MYSQL_AUTH
- value: "{{ .Values.config.dbUser }}:{{ index .Values "mariadb-galera" "config" "mariadbRootPassword" }}"
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+ - name: MSB_ADDR
+ value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+ - name: MYSQL_ADDR
+ value: {{ (index .Values "mariadb-galera" "service" "name") }}:{{ (index .Values "mariadb-galera" "service" "internalPort") }}
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12}}
+ - name: REDIS_ADDR
+ value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
volumeMounts:
- name: {{ include "common.fullname" . }}-etsicatalog
mountPath: /service/modeling/etsicatalog/static
--- /dev/null
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "db-root-pass"
+ externalSecret: '{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}'
+ type: password
+
#################################################################
# Dependencies configuration
#################################################################
mariadb-galera:
- config:
- mariadbRootPassword: secretpassword
nameOverride: modeling-mariadb
service:
name: modeling-db
portName: modeling-db
+ internalPort: 3306
nfsprovisionerPrefix: modeling
persistence:
mountSubPath: modeling/data
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
-config:
- dbServiceName: modeling-db
- dbPort: 3306
- dbUser: root
-
# default number of instances
replicaCount: 1
Code Review / oom.git / commitdiff