{{- if .Values.global.mariadbGalera.localCluster -}}
{{ printf "%s-%s-db-user-credentials" (include "common.fullname" .) (index .Values "mariadb-galera" "nameOverride") -}}
{{- else -}}
- {{ printf "%s-%s" (include "common.release" .) (index .Values "mariadb-init" "nameOverride") -}}
+ {{ printf "%s-%s-%s" ( include "common.release" .) (index .Values "mariadb-init" "nameOverride") (index .Values "mariadb-init" "config" "mysqlDatabase" ) -}}
{{- end -}}
{{- end -}}
Choose the value of secret param to retrieve user value.
*/}}
{{- define "common.mariadbSecretParam" -}}
- {{- if .Values.global.mariadbGalera.localCluster -}}
- {{ printf "password" -}}
- {{- else -}}
- {{ printf "db-user-password" -}}
- {{- end -}}
+ {{ printf "password" -}}
{{- end -}}
Choose the name of the mariadb secret to use.
*/}}
{{- define "mariadbInit.mariadbClusterSecret" -}}
- {{- if (eq "default" .Values.global.mariadbGalera.userRootSecret) -}}
- {{- printf "%s-%s-db-root-password" (include "common.release" .) .Values.global.mariadbGalera.nameOverride -}}
- {{- else -}}
- {{- .Values.global.mariadbGalera.userRootSecret -}}
- {{- end -}}
+ {{- printf "%s-%s-db-root-password" (include "common.release" .) (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride) -}}
{{- end -}}
- name: DB_PORT
value: "{{ .Values.global.mariadbGalera.servicePort }}"
- name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "mariadbInit.mariadbClusterSecret" . }}
- key: {{ .Values.global.mariadbGalera.userRootSecretKey }}
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }}
- name: {{ printf "MYSQL_USER_%s" .Values.config.mysqlDatabase | upper }}
- value: "{{ .Values.config.userName }}"
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }}
- name: {{ printf "MYSQL_PASSWORD_%s" .Values.config.mysqlDatabase | upper }}
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-user-password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }}
{{- $root := . }}
-{{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }}
+{{ range $db, $_values := .Values.config.mysqlAdditionalDatabases }}
- name: {{ printf "MYSQL_USER_%s" $db | upper }}
- value: {{ $dbInfos.user }}
+ {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "login") | indent 10 }}
- name: {{ printf "MYSQL_PASSWORD_%s" $db | upper }}
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" $root }}-secret
- key: {{ printf "db-%s-user-password" $db }}
+ {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "password") | indent 10 }}
{{ end }}
volumeMounts:
- mountPath: /etc/localtime
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- db-user-password: {{ index .Values.config.userPassword | b64enc | quote }}
-{{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }}
- {{ printf "db-%s-user-password" $db}}: {{ $dbInfos.password | b64enc | quote }}
-{{ end }}
+{{- define "mariadb-init._update-secrets" -}}
+ {{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }}
+{{ printf "- uid: %s" $db }}
+{{ printf " type: basicAuth" }}
+ {{- if $dbInfos.externalSecret }}
+{{ printf " externalSecret: %s" $dbInfos.externalSecret }}
+ {{- end }}
+{{ printf " login: %s" $dbInfos.user }}
+{{ printf " password: %s" $dbInfos.password }}
+{{ printf " passwordPolicy: required" }}
+ {{- end -}}
+{{- end -}}
+
+{{ $global := . }}
+{{ $secretsString := .Values.secrets | toYaml | indent 2 }}
+{{ $additionalSecretsString := (include "mariadb-init._update-secrets" .) | indent 2 }}
+{{ $finalSecretsString := (cat "\nsecrets:\n" $secretsString $additionalSecretsString) | replace " -" " -" }}
+{{ $finalSecrets := ($finalSecretsString | fromYaml).secrets }}
+
+{{ $newValues := set $global.Values "secrets" $finalSecrets }}
+{{ $tmpGlobal := set $global "Values" $newValues }}
+
+{{ include "common.secret" $tmpGlobal }}
nameOverride: mariadb-galera
servicePort: 3306
# set these two values if you want to access an 'out of ONAP' mariadb
- userRootSecret: default
- userRootSecretKey: password
+ # userRootPassword: some-password
+ # userRootSecret: some-secret-name
+ # userRootSecretKey: password
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: root-password
+ type: password
+ externalSecret: '{{ tpl (default (include "mariadbInit.mariadbClusterSecret" .) .Values.global.mariadbGalera.userRootSecret) . }}'
+ password: '{{ tpl (default "" .global.mariadbGalera.userRootPassword) . }}'
+ - uid: '{{ .Values.config.mysqlDatabase }}'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.mysqlExternalSecret) . }}'
+ login: '{{ .Values.config.userName }}'
+ password: '{{ .Values.config.userPassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
config:
userPassword: Ci@shsOd3pky1Vji
userName: u5WZ1GMSIS1wHZF
+ # set this value if you would like to use external secret instead of providing a password
+ # mysqlExternalsecret: some-secret-name
mysqlDatabase: ynsaUCru6mUNwGal
mysqlAdditionalDatabases: {}
# add addtional dabases
# dbOne:
# user: one
# password: pwd1
+ # externalSecret: some-secret-name
# dbTwo:
# user: two
# password: pwd2
+ # externalSecret: some-secret-name
config_map: default
nodeSelector: {}
Code Review / oom.git / commitdiff