Revert change in the mariadb secret naming convention

rackerlabs · Mar 26, 2024 · 7b19a18 · 7b19a18
1 parent 7eab299
commit 7b19a18
Show file tree

Hide file tree

Showing 7 changed files with 21 additions and 15 deletions.
diff --git a/docs/infrastructure-mariadb.md b/docs/infrastructure-mariadb.md
@@ -19,7 +19,7 @@ kubectl --namespace mariadb-system get pods -w
 
 ## Deploy the MariaDB Cluster
 
-## Pre-requsites:
+## Pre-requsites
 
 - Vault should be installed by following the instructions in [vault documentation](https://docs.rackspacecloud.com/vault/)
 - User has access to `osh/mariadb/` path in the Vault
@@ -40,49 +40,55 @@ kubectl exec --stdin=true --tty=true vault-0 -n vault -- \
     vault kv list osh/mariadb
 ```
 
-### Create the secrets:
+### Create the secrets
 
 - Mariadb root-password:
+
 ``` shell
 kubectl exec --stdin=true --tty=true vault-0 -n vault -- \
-    vault kv put -mount=osh/mariadb mariadb-root-password root-password=$(< /dev/urandom tr -dc _A-Za-z0-9 | head -c${1:-32};echo;)
+    vault kv put -mount=osh/mariadb mariadb root-password=$(< /dev/urandom tr -dc _A-Za-z0-9 | head -c${1:-32};echo;)
 ```
 
 - MaxScale password:
+
 ``` shell
 kubectl exec --stdin=true --tty=true vault-0 -n vault -- \
     vault kv put -mount=osh/mariadb maxscale password=$(< /dev/urandom tr -dc _A-Za-z0-9 | head -c${1:-32};echo;)
 ```
 
-### Validate the secrets:
+### Validate the secrets
 
 ``` shell
 kubectl exec --stdin=true --tty=true vault-0 -n vault -- \
     vault kv list osh/mariadb
 kubectl exec --stdin=true --tty=true vault-0 -n vault -- \
-    vault kv get -mount=osh/mariadb mariadb-root-password
+    vault kv get -mount=osh/mariadb mariadb
 ```
 
-## Install mariadb cluster:
+## Install mariadb cluster
 
 - Ensure that the `vault-ca-secret` Kubernetes Secret exists in the OpenStack namespace containing the Vault CA certificate:
-```shell
+
+``` shell
 kubectl get secret vault-ca-secret -o yaml -n openstack
 ```
 
 - If it is absent, create one using the following command:
-```shell
+
+``` shell
 kubectl create secret generic vault-ca-secret \
     --from-literal=ca.crt="$(kubectl get secret vault-tls-secret \
     -o jsonpath='{.data.ca\.crt}' -n vault | base64 -d -)" -n openstack
 ```
 
 - Deploy the necessary Vault resources to create Kubernetes secrets required by the mariadb installation:
+
 ``` shell
 kubectl apply -k /opt/genestack/kustomize/mariadb-cluster/base/vault
 ```
 
 - Validate whether the required Kubernetes secrets from Vault are populated:
+
 ``` shell
 kubectl get secrets -n openstack
 ```

diff --git a/docs/openstack-glance.md b/docs/openstack-glance.md
@@ -105,7 +105,7 @@ helm upgrade --install glance ./glance \
     -f /opt/genestack/helm-configs/glance/glance-helm-overrides.yaml \
     --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \
     --set endpoints.identity.auth.glance.password="$(kubectl --namespace openstack get secret glance-admin -o jsonpath='{.data.password}' | base64 -d)" \
-    --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb-root-password -o jsonpath='{.data.root-password}' | base64 -d)" \
+    --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \
     --set endpoints.oslo_db.auth.glance.password="$(kubectl --namespace openstack get secret glance-db-password -o jsonpath='{.data.password}' | base64 -d)" \
     --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \
     --set endpoints.oslo_messaging.auth.glance.password="$(kubectl --namespace openstack get secret glance-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \

diff --git a/docs/openstack-heat.md b/docs/openstack-heat.md
@@ -118,7 +118,7 @@ helm upgrade --install heat ./heat \
     --set endpoints.identity.auth.heat.password="$(kubectl --namespace openstack get secret heat-admin -o jsonpath='{.data.password}' | base64 -d)" \
     --set endpoints.identity.auth.heat_trustee.password="$(kubectl --namespace openstack get secret heat-trustee -o jsonpath='{.data.password}' | base64 -d)" \
     --set endpoints.identity.auth.heat_stack_user.password="$(kubectl --namespace openstack get secret heat-stack-user -o jsonpath='{.data.password}' | base64 -d)" \
-    --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb-root-password -o jsonpath='{.data.root-password}' | base64 -d)" \
+    --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \
     --set endpoints.oslo_db.auth.heat.password="$(kubectl --namespace openstack get secret heat-db-password -o jsonpath='{.data.password}' | base64 -d)" \
     --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \
     --set endpoints.oslo_messaging.auth.heat.password="$(kubectl --namespace openstack get secret heat-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \

diff --git a/docs/openstack-keystone.md b/docs/openstack-keystone.md
@@ -100,7 +100,7 @@ helm upgrade --install keystone ./keystone \
     --timeout 120m \
     -f /opt/genestack/helm-configs/keystone/keystone-helm-overrides.yaml \
     --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \
-    --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb-root-password -o jsonpath='{.data.root-password}' | base64 -d)" \
+    --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \
     --set endpoints.oslo_db.auth.keystone.password="$(kubectl --namespace openstack get secret keystone-db-password -o jsonpath='{.data.password}' | base64 -d)" \
     --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \
     --set endpoints.oslo_messaging.auth.keystone.password="$(kubectl --namespace openstack get secret keystone-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \

diff --git a/kustomize/mariadb-cluster/base/mariadb-galera.yaml b/kustomize/mariadb-cluster/base/mariadb-galera.yaml
@@ -5,7 +5,7 @@ metadata:
   namespace: openstack
 spec:
   rootPasswordSecretKeyRef:
-    name: mariadb-root-password
+    name: mariadb
     key: root-password
   username: mariadb
   database: mariadb

diff --git a/kustomize/mariadb-cluster/base/vault/kustomization.yaml b/kustomize/mariadb-cluster/base/vault/kustomization.yaml
@@ -2,5 +2,5 @@ namespace: openstack
 resources:
   - vaultauth.yaml
   - vaultconnection.yaml
-  - mariadb-root-password.yaml
+  - mariadb.yaml
   - mariadb-maxscale.yaml
diff --git a/...ter/base/vault/mariadb-root-password.yaml → ...e/mariadb-cluster/base/vault/mariadb.yaml b/...ter/base/vault/mariadb-root-password.yaml → ...e/mariadb-cluster/base/vault/mariadb.yaml
@@ -10,11 +10,11 @@ spec:
   mount: 'osh/mariadb'
 
 # path of the secret
-  path: mariadb-root-password
+  path: mariadb
 
 # dest k8s secret
   destination:
-     name: mariadb-root-password
+     name: mariadb
      create: true
 
 # static secret refresh interval