use secret for mysql password

teticio · Aug 31, 2021 · d34f762 · d34f762
1 parent 2b1593a
commit d34f762
Show file tree

Hide file tree

Showing 7 changed files with 37 additions and 9 deletions.
diff --git a/deploy_kops.sh b/deploy_kops.sh
diff --git a/helm-chart/deejai/templates/deployment.yaml b/helm-chart/deejai/templates/deployment.yaml
@@ -28,9 +28,19 @@ spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       initContainers:
-        - name: init-deejai
+        - name: init-{{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          env:
+            - name: MYSQL_ROOT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mysql
+                  key: mysql-root-password
+            - name: SQLALCHEMY_DATABASE_URL
+              value: mysql+pymysql://root:$(MYSQL_ROOT_PASSWORD)@mysql:3306/deejai
           command:
             - /bin/bash
             - -ec
@@ -41,6 +51,14 @@ spec:
             {{- toYaml .Values.securityContext | nindent 12 }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          env:
+            - name: MYSQL_ROOT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mysql
+                  key: mysql-root-password
+            - name: SQLALCHEMY_DATABASE_URL
+              value: mysql+pymysql://root:$(MYSQL_ROOT_PASSWORD)@mysql:3306/deejai
           ports:
             - name: http
               containerPort: 8000

diff --git a/helm-chart/deejai/templates/mysql-deployment.yaml b/helm-chart/deejai/templates/mysql-deployment.yaml
@@ -28,9 +28,11 @@ spec:
       - image: mysql:5.6
         name: mysql
         env:
-          # Use secret in real usage
         - name: MYSQL_ROOT_PASSWORD
-          value: password
+          valueFrom:
+            secretKeyRef:
+              name: mysql
+              key: mysql-root-password
         ports:
         - containerPort: 3306
           name: mysql

diff --git a/helm-chart/deejai/templates/secret.yaml b/helm-chart/deejai/templates/secret.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mysql
+type: Opaque
+data:
+  {{ if .Values.mysqlRootPassword }}
+  mysql-root-password: {{ .Values.mysqlRootPassword | b64enc | quote }}
+  {{ else }}
+  mysql-root-password: {{ randAlphaNum 10 | b64enc | quote }}
+  {{ end }}
diff --git a/helm-chart/images/Dockerfile b/helm-chart/images/Dockerfile
@@ -2,7 +2,6 @@ FROM python:3.8
 ARG APP_URL
 ENV APP_URL $APP_URL
 ENV CUDA_VISIBLE_DEVICES ""
-ENV SQLALCHEMY_DATABASE_URL mysql+pymysql://root:password@mysql:3306/deejai
 COPY . /deej-ai.online-app
 WORKDIR "/deej-ai.online-app"
 RUN sed -i "s|\(http\)[^/]*/[^/]*/[^/]*/|${APP_URL}/|g" .env.production && \

diff --git a/install_helm_chart.sh b/install_helm_chart.sh
@@ -5,4 +5,5 @@ helm upgrade \
   --install deejai helm-chart/deejai \
   --create-namespace \
   --namespace deejai \
-  --values helm-chart/deejai/values.yaml
+  --values helm-chart/deejai/values.yaml \
+  --set mysqlRootPassword=password
diff --git a/src/App.js b/src/App.js
@@ -1,13 +1,10 @@
 // TODO
 //
 // frontend:
-// robots.txt etc
-// service
 // unit tests
-// banner image and ico file
+// ico file
 // fix warnings for unique key
 // fix warning about combining h2 and a in Banner
-// incremental search
 //
 // backend:
 // set seed in noise