From 5312459c28f7e788f8c2eda37c2ca03f34a59fa4 Mon Sep 17 00:00:00 2001 From: Koichiro Den Date: Tue, 20 Nov 2018 12:39:11 +0900 Subject: [PATCH] Set randomly generated MYSQL_ROOT_PASSWORD via Secret Signed-off-by: Koichiro Den --- manifests/vizier/core/deployment.yaml | 6 ++++++ manifests/vizier/db/deployment.yaml | 5 ++++- pkg/db/interface.go | 18 ++++++++++++++++-- scripts/deploy.sh | 16 ++++++++++++++++ 4 files changed, 42 insertions(+), 3 deletions(-) diff --git a/manifests/vizier/core/deployment.yaml b/manifests/vizier/core/deployment.yaml index 273695fcc20..2953ee51816 100644 --- a/manifests/vizier/core/deployment.yaml +++ b/manifests/vizier/core/deployment.yaml @@ -19,6 +19,12 @@ spec: containers: - name: vizier-core image: katib/vizier-core + env: + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: vizier-db-secrets + key: MYSQL_ROOT_PASSWORD command: - './vizier-manager' ports: diff --git a/manifests/vizier/db/deployment.yaml b/manifests/vizier/db/deployment.yaml index 7c46bb94215..a286afa7d95 100644 --- a/manifests/vizier/db/deployment.yaml +++ b/manifests/vizier/db/deployment.yaml @@ -20,7 +20,10 @@ spec: image: mysql:8.0.3 env: - name: MYSQL_ROOT_PASSWORD - value: "test" + valueFrom: + secretKeyRef: + name: vizier-db-secrets + key: MYSQL_ROOT_PASSWORD - name: MYSQL_ALLOW_EMPTY_PASSWORD value: "true" - name: MYSQL_DATABASE diff --git a/pkg/db/interface.go b/pkg/db/interface.go index 8bb0d98ac40..d51843aa112 100644 --- a/pkg/db/interface.go +++ b/pkg/db/interface.go @@ -9,6 +9,7 @@ import ( "log" "math/big" "math/rand" + "os" "strings" "time" @@ -19,7 +20,7 @@ import ( const ( dbDriver = "mysql" - dbName = "root:test@tcp(vizier-db:3306)/vizier" + dbNameTmpl = "root:%s@tcp(vizier-db:3306)/vizier" mysqlTimeFmt = "2006-01-02 15:04:05.999999" ) @@ -76,6 +77,19 @@ type dbConn struct { var rs1Letters = []rune("abcdefghijklmnopqrstuvwxyz") +func getDbName() string { + dbPass := os.Getenv("MYSQL_ROOT_PASSWORD") + if dbPass == "" { + log.Printf("WARN: Env var MYSQL_ROOT_PASSWORD is empty. Falling back to \"test\".") + + // For backward compatibility, e.g. in case that all but vizier-core + // is older ones so we do not have Secret nor upgraded vizier-db. + dbPass = "test" + } + + return fmt.Sprintf(dbNameTmpl, dbPass) +} + func NewWithSQLConn(db *sql.DB) VizierDBInterface { d := new(dbConn) d.db = db @@ -91,7 +105,7 @@ func NewWithSQLConn(db *sql.DB) VizierDBInterface { } func New() VizierDBInterface { - db, err := sql.Open(dbDriver, dbName) + db, err := sql.Open(dbDriver, getDbName()) if err != nil { log.Fatalf("DB open failed: %v", err) } diff --git a/scripts/deploy.sh b/scripts/deploy.sh index fce66f5b93a..1e68ad092f2 100755 --- a/scripts/deploy.sh +++ b/scripts/deploy.sh @@ -22,7 +22,23 @@ set -o xtrace SCRIPT_ROOT=$(dirname ${BASH_SOURCE})/.. cd ${SCRIPT_ROOT} +# Dedicated namespace has to be present beforehand. kubectl apply -f manifests/0-namespace.yaml + +# Generate Secret with dynamically initialized data, so as to keep Go codebase +# simple as possible i.e., without client-go ClientSet. +cat <