Skip to content

Commit

Permalink
Set randomly generated MYSQL_ROOT_PASSWORD via Secret
Browse files Browse the repository at this point in the history
Signed-off-by: Koichiro Den <den@valinux.co.jp>
  • Loading branch information
Koichiro Den committed Nov 20, 2018
1 parent f7aff4a commit 5312459
Show file tree
Hide file tree
Showing 4 changed files with 42 additions and 3 deletions.
6 changes: 6 additions & 0 deletions manifests/vizier/core/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,12 @@ spec:
containers:
- name: vizier-core
image: katib/vizier-core
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: vizier-db-secrets
key: MYSQL_ROOT_PASSWORD
command:
- './vizier-manager'
ports:
Expand Down
5 changes: 4 additions & 1 deletion manifests/vizier/db/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,10 @@ spec:
image: mysql:8.0.3
env:
- name: MYSQL_ROOT_PASSWORD
value: "test"
valueFrom:
secretKeyRef:
name: vizier-db-secrets
key: MYSQL_ROOT_PASSWORD
- name: MYSQL_ALLOW_EMPTY_PASSWORD
value: "true"
- name: MYSQL_DATABASE
Expand Down
18 changes: 16 additions & 2 deletions pkg/db/interface.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"log"
"math/big"
"math/rand"
"os"
"strings"
"time"

Expand All @@ -19,7 +20,7 @@ import (

const (
dbDriver = "mysql"
dbName = "root:test@tcp(vizier-db:3306)/vizier"
dbNameTmpl = "root:%s@tcp(vizier-db:3306)/vizier"
mysqlTimeFmt = "2006-01-02 15:04:05.999999"
)

Expand Down Expand Up @@ -76,6 +77,19 @@ type dbConn struct {

var rs1Letters = []rune("abcdefghijklmnopqrstuvwxyz")

func getDbName() string {
dbPass := os.Getenv("MYSQL_ROOT_PASSWORD")
if dbPass == "" {
log.Printf("WARN: Env var MYSQL_ROOT_PASSWORD is empty. Falling back to \"test\".")

// For backward compatibility, e.g. in case that all but vizier-core
// is older ones so we do not have Secret nor upgraded vizier-db.
dbPass = "test"
}

return fmt.Sprintf(dbNameTmpl, dbPass)
}

func NewWithSQLConn(db *sql.DB) VizierDBInterface {
d := new(dbConn)
d.db = db
Expand All @@ -91,7 +105,7 @@ func NewWithSQLConn(db *sql.DB) VizierDBInterface {
}

func New() VizierDBInterface {
db, err := sql.Open(dbDriver, dbName)
db, err := sql.Open(dbDriver, getDbName())
if err != nil {
log.Fatalf("DB open failed: %v", err)
}
Expand Down
16 changes: 16 additions & 0 deletions scripts/deploy.sh
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,23 @@ set -o xtrace
SCRIPT_ROOT=$(dirname ${BASH_SOURCE})/..

cd ${SCRIPT_ROOT}
# Dedicated namespace has to be present beforehand.
kubectl apply -f manifests/0-namespace.yaml

# Generate Secret with dynamically initialized data, so as to keep Go codebase
# simple as possible i.e., without client-go ClientSet.
cat <<EOF | kubectl create -f -
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: vizier-db-secrets
namespace: katib
data:
MYSQL_ROOT_PASSWORD: $(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c24 | base64)
EOF

# Rest of the static manifests.
kubectl apply -f manifests/pv
kubectl apply -f manifests/vizier/db
kubectl apply -f manifests/vizier/core
Expand Down

0 comments on commit 5312459

Please sign in to comment.