search

bitpoke / mysql-operator

Asynchronous MySQL Replication on Kubernetes using Percona Server and Openark's Orchestrator.
https://www.bitpoke.io/docs/mysql-operator/getting-started/
Apache License 2.0
1.03k stars 275 forks source link

Use environment variables instead of k8s secret for passwords #902

Open chrism417 opened 1 year ago

chrism417 commented 1 year ago

When deploying the cluster, is there some other way to set the password for the root/app user other than a k8s secret?

The only place I see to set the passwords are here: https://github.com/bitpoke/mysql-operator/blob/master/deploy/charts/mysql-cluster/values.yaml#L14-L17 which requires a kubernetes secret.

For example, is there a way to use a SecretProviderClass?

zozidalom commented 10 months ago

I don't know about an option for this unfortunately, but the workaround I found was this:

In Gitlab CI/CD to use an environment variable to setup the config I use helmfile and I created a File type CI/CD variable for the values.yaml file of my chart which contains my mysql-cluster.

Then in the secret I just read the variables from the values.yaml file.

apiVersion: v1
kind: Secret
metadata:
  name: my-mysql
type: Opaque
data:
  ROOT_PASSWORD: {{ .Values.rootPassword | b64enc }}
  DATABASE: {{ .Values.database | b64enc }}
  USER: {{ .Values.user | b64enc }}
  PASSWORD: {{ .Values.password | b64enc }}