[SO] Use common secret template in so-mariadb

Use common secrete template in so-mariadb component.
For now passwords are stil hardcoded but this will be removed in
further commits.

Issue-ID: OOM-2328
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I70b13b14d0ddad8913f45c7cabed0c0d221d0005

diff --git a/kubernetes/so/charts/so-mariadb/templates/job.yaml b/kubernetes/so/charts/so-mariadb/templates/job.yaml
index 68c6017..c300209 100644 (file)
--- a/kubernetes/so/charts/so-mariadb/templates/job.yaml
+++ b/kubernetes/so/charts/so-mariadb/templates/job.yaml
@@ -43,14 +43,11 @@ spec:
         - name: DB_HOST
           value: {{ .Values.global.migration.dbHost }}
         - name: DB_USER
-          value: {{ .Values.global.migration.dbUser }}
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-backup-creds" "key" "login") | indent 10 }}
         - name: DB_PORT
           value: "{{ .Values.global.migration.dbPort }}"
         - name: DB_PASS
-          valueFrom:
-            secretKeyRef:
-              name: {{ template "common.fullname" . }}-migration
-              key: db-root-password-backup
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-backup-creds" "key" "password") | indent 10 }}
         command:
         - /bin/bash
         - -c
@@ -138,10 +135,7 @@ spec:
               name: {{ include "common.release" . }}-so-db-secrets
               key: mariadb.readwrite.port
         - name: MYSQL_ROOT_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ template "common.fullname" . }}
-              key: db-root-password
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 10 }}
         volumeMounts:
         - mountPath: /etc/localtime
           name: localtime

diff --git a/kubernetes/so/charts/so-mariadb/templates/secrets.yaml b/kubernetes/so/charts/so-mariadb/templates/secrets.yaml
index 1c309fa..746fe61 100644 (file)
--- a/kubernetes/so/charts/so-mariadb/templates/secrets.yaml
+++ b/kubernetes/so/charts/so-mariadb/templates/secrets.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,36 +12,5 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-type: Opaque
-data:
-  db-root-password: {{ .Values.global.mariadbGalera.mariadbRootPassword | b64enc | quote }}
-{{- if .Values.global.migration.enabled }}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-migration
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    "helm.sh/hook": pre-upgrade,pre-install
-    "helm.sh/hook-weight": "0"
-    "helm.sh/hook-delete-policy": before-hook-creation
-type: Opaque
-data:
-  db-root-password-backup: {{ .Values.global.migration.dbPassword | b64enc | quote }}
-{{- end }}
+
+{{ include "common.secret" . }}

diff --git a/kubernetes/so/charts/so-mariadb/values.yaml b/kubernetes/so/charts/so-mariadb/values.yaml
index acf9cb4..a5586c6 100755 (executable)
--- a/kubernetes/so/charts/so-mariadb/values.yaml
+++ b/kubernetes/so/charts/so-mariadb/values.yaml
@@ -25,6 +25,28 @@ global:
   readinessImage: readiness-check:2.0.2
   ubuntuInitRepository: registry.hub.docker.com
 
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: db-root-pass
+    name: '{{ include "common.release" . }}-so-mariadb-root-pass'
+    type: password
+    externalSecret: '{{ .Values.db.rootPasswordExternalSecret }}'
+    password: '{{ .Values.db.rootPassword }}'
+    passwordPolicy: required
+  - uid: db-backup-creds
+    name: '{{ include "common.release" . }}-so-mariadb-backup-creds'
+    type: basicAuth
+    externalSecret: '{{ .Values.db.backupCredsExternalSecret }}'
+    login: '{{ .Values.db.backupUser }}'
+    password: '{{ .Values.db.backupPassword }}'
+    passwordPolicy: required
+    annotations:
+      helm.sh/hook: pre-upgrade,pre-install
+      helm.sh/hook-weight: "0"
+      helm.sh/hook-delete-policy: before-hook-creation
+
 #################################################################
 # Application configuration defaults.
 #################################################################
@@ -34,6 +56,13 @@ image: mariadb:10.1.38
 pullPolicy: Always
 ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
 
+# db config
+db:
+  rootPassword: secretpassword
+  # rootPasswordExternalSecret: some secret
+  backupPassword: secretpassword
+  backupUser: root
+  # backupCredsExternalSecret: some secret
 # application configuration
 config:
   # gerrit branch where the latest heat code is checked in