Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-07 08:07:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/mariadb-galera] Allow to set custom admin user (#4433)

Browse Source 
Do not hardcode username of admin user to `root`. Allow to create custom admin username which defaults to `root`.

Signed-off-by: Matej Hasul <matej.hasul@gooddata.com>
This commit is contained in:
matejhasul
2020-11-24 13:17:09 +01:00
committed by GitHub
parent 4f5fa7a09c
commit 911af1c903
7 changed files with 25 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/mariadb-galera/Chart.yaml
View File

@@ -22,4 +22,4 @@ sources:
- https://github.com/bitnami/bitnami-docker-mariadb-galera
- https://github.com/prometheus/mysqld_exporter
- https://mariadb.org
version: 5.0.1
version: 5.1.0

3
bitnami/mariadb-galera/README.md
View File

@@ -89,7 +89,8 @@ The following table lists the configurable parameters of the MariaDB Galera char
| `securityContext.fsGroup` | Group ID for the container filesystem | `1001` |
| `securityContext.runAsUser` | User ID for the container | `1001` |
| `existingSecret` | Use existing secret for password details (`rootUser.password`, `db.password`, `galera.mariabackup.password` will be ignored and picked up from this secret). The secret has to contain the keys mariadb-root-password, mariadb-galera-mariabackup-password and mariadb-password. | `nil` |
| `rootUser.password` | Password for the `root` user. Ignored if existing secret is provided. | _random 10 character alphanumeric string_ |
| `rootUser.user` | Username for the admin user. | `root` |
| `rootUser.password` | Password for the admin user. Ignored if existing secret is provided. | _random 10 character alphanumeric string_ |
| `rootUser.forcePassword` | Force users to specify a password | `false` |
| `db.user` | Username of new user to create | `nil` |
| `db.password` | Password for the new user. Ignored if existing secret is provided. | _random 10 character alphanumeric string if `db.user` is defined_ |

10
bitnami/mariadb-galera/templates/NOTES.txt
View File

@@ -11,14 +11,14 @@ MariaDB can be accessed via port "{{ .Values.service.port }}" on the following D
{{ template "mariadb-galera.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
To obtain the password for the MariaDB "root" user run the following command:
To obtain the password for the MariaDB admin user run the following command:
echo "$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode)"
To connect to your database run the following command:
kubectl run {{ template "mariadb-galera.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ template "mariadb-galera.image" . }} --command \
-- mysql -h {{ template "mariadb-galera.fullname" . }} -P {{ .Values.service.port }} -u{{ if .Values.db.user }}{{ .Values.db.user }}{{ else }}root{{ end }} -p{{ if .Values.db.user }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-password}" | base64 --decode){{ else }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode){{ end }} {{ .Values.db.name }}
-- mysql -h {{ template "mariadb-galera.fullname" . }} -P {{ .Values.service.port }} -u{{ if .Values.db.user }}{{ .Values.db.user }}{{ else }}{{ .Values.rootUser.user }}{{ end }} -p{{ if .Values.db.user }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-password}" | base64 --decode){{ else }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode){{ end }} {{ .Values.db.name }}
To connect to your database from outside the cluster execute the following commands:
@@ -26,7 +26,7 @@ To connect to your database from outside the cluster execute the following comma
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "mariadb-galera.fullname" . }})
mysql -h $NODE_IP -P $NODE_PORT -u{{ if .Values.db.user }}{{ .Values.db.user }}{{ else }}root{{ end }} -p{{ if .Values.db.user }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-password}" | base64 --decode){{ else }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode){{ end }} {{ .Values.db.name }}
mysql -h $NODE_IP -P $NODE_PORT -u{{ if .Values.db.user }}{{ .Values.db.user }}{{ else }}{{ .Values.rootUser.user }}{{ end }} -p{{ if .Values.db.user }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-password}" | base64 --decode){{ else }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode){{ end }} {{ .Values.db.name }}
{{- else if contains "LoadBalancer" .Values.service.type }}
@@ -34,12 +34,12 @@ To connect to your database from outside the cluster execute the following comma
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "mariadb-galera.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "mariadb-galera.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
mysql -h $SERVICE_IP -P {{ .Values.service.port }} -u{{ if .Values.db.user }}{{ .Values.db.user }}{{ else }}root{{ end }} -p{{ if .Values.db.user }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-password}" | base64 --decode){{ else }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode){{ end }} {{ .Values.db.name }}
mysql -h $SERVICE_IP -P {{ .Values.service.port }} -u{{ if .Values.db.user }}{{ .Values.db.user }}{{ else }}{{ .Values.rootUser.user }}{{ end }} -p{{ if .Values.db.user }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-password}" | base64 --decode){{ else }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode){{ end }} {{ .Values.db.name }}
{{- else if contains "ClusterIP" .Values.service.type }}
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "mariadb-galera.fullname" . }} {{ .Values.service.port }}:{{ .Values.service.port }} &
mysql -h 127.0.0.1 -P {{ .Values.service.port }} -u{{ if .Values.db.user }}{{ .Values.db.user }}{{ else }}root{{ end }} -p{{ if .Values.db.user }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-password}" | base64 --decode){{ else }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode){{ end }} {{ .Values.db.name }}
mysql -h 127.0.0.1 -P {{ .Values.service.port }} -u{{ if .Values.db.user }}{{ .Values.db.user }}{{ else }}{{ .Values.rootUser.user }}{{ end }} -p{{ if .Values.db.user }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-password}" | base64 --decode){{ else }}$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode){{ end }} {{ .Values.db.name }}
{{- end }}

10
bitnami/mariadb-galera/templates/statefulset.yaml
View File

@@ -76,6 +76,8 @@ spec:
value: {{ .Values.galera.name | quote }}
- name: MARIADB_GALERA_CLUSTER_ADDRESS
value: "gcomm://{{ template "mariadb-galera.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
- name: MARIADB_ROOT_USER
value: {{ .Values.rootUser.user | quote }}
- name: MARIADB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
@@ -188,7 +190,7 @@ spec:
- bash
- -ec
- |
exec mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD
exec mysqladmin status -u$MARIADB_ROOT_USER -p$MARIADB_ROOT_PASSWORD
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
@@ -202,7 +204,7 @@ spec:
- bash
- -ec
- |
exec mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD
exec mysqladmin status -u$MARIADB_ROOT_USER -p$MARIADB_ROOT_PASSWORD
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
@@ -244,6 +246,8 @@ spec:
env:
- name: MARIADB_METRICS_EXTRA_FLAGS
value: {{ default "" (join " " .Values.metrics.extraFlags) | quote }}
- name: MARIADB_ROOT_USER
value: {{ .Values.rootUser.user | quote }}
- name: MARIADB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
@@ -257,7 +261,7 @@ spec:
- sh
- -c
- |
DATA_SOURCE_NAME="root:$MARIADB_ROOT_PASSWORD@(localhost:3306)/" /bin/mysqld_exporter $MARIADB_METRICS_EXTRA_FLAGS
DATA_SOURCE_NAME="$MARIADB_ROOT_USER:$MARIADB_ROOT_PASSWORD@(localhost:3306)/" /bin/mysqld_exporter $MARIADB_METRICS_EXTRA_FLAGS
ports:
- name: metrics
containerPort: 9104

2
bitnami/mariadb-galera/values-production.yaml
View File

@@ -142,6 +142,8 @@ securityContext:
## Database credentials for root (admin) user
##
rootUser:
## MariaDB admin user
user: root
## MariaDB admin password
## Password is ignored if existingSecret is specified.
## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-the-root-password-on-first-run

6
bitnami/mariadb-galera/values.schema.json
View File

@@ -39,6 +39,12 @@
"value": true,
"path": "existingSecret"
}
},
"user": {
"type": "string",
"title": "MariaDB admin user",
"description": "Name of the admin user to be created during the 1st initialization of MariaDB.",
"form": true
}
}
},

2
bitnami/mariadb-galera/values.yaml
View File

@@ -141,6 +141,8 @@ securityContext:
## Database credentials for root (admin) user
##
rootUser:
## MariaDB admin user
user: root
## MariaDB admin password
## Password is ignored if existingSecret is specified.
## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-the-root-password-on-first-run