External database password now managed as secret

stackhpc · Aug 29, 2023 · 7f8a25d · 7f8a25d
1 parent 5a98be5
commit 7f8a25d
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 11 deletions.
diff --git a/slurm-cluster-chart/templates/database-auth-secret.yaml b/slurm-cluster-chart/templates/database-auth-secret.yaml
@@ -1,18 +1,11 @@
+{{ if not .Values.databaseConnection.passwordSecretName }}
+
 apiVersion: v1
 kind: Secret
 metadata:
   name: database-auth-secret
-  {{ if not .Values.databaseConnection.password }}
   annotations:
     helm.sh/hook: pre-install
-  {{ end }}
-
-{{ if .Values.databaseConnection.password }}
-
-stringData:
-  password: {{ .Values.databaseConnection.password }}
-
-{{ else }}
 
 data:
   password: {{ randAlphaNum 32 | b64enc }}

diff --git a/slurm-cluster-chart/templates/mysql-deployment.yaml b/slurm-cluster-chart/templates/mysql-deployment.yaml
@@ -30,7 +30,11 @@ spec:
             - name: MYSQL_PASSWORD
               valueFrom:
                 secretKeyRef:
+                  {{ if .Values.database.passwordSecretName }}
+                  name: {{ .Values.database.passwordSecretName }}
+                  {{ else }}
                   name: database-auth-secret
+                  {{ end }}
                   key: password
             - name: MYSQL_RANDOM_ROOT_PASSWORD
               value: "yes"

diff --git a/slurm-cluster-chart/templates/slurmdbd-deployment.yaml b/slurm-cluster-chart/templates/slurmdbd-deployment.yaml
@@ -44,7 +44,11 @@ spec:
             - name: StoragePass
               valueFrom:
                 secretKeyRef:
+                  {{ if .Values.database.passwordSecretName }}
+                  name: {{ .Values.database.passwordSecretName }}
+                  {{ else }}
                   name: database-auth-secret
+                  {{ end }}
                   key: password
       hostname: slurmdbd
       restartPolicy: Always

diff --git a/slurm-cluster-chart/values.yaml b/slurm-cluster-chart/values.yaml
@@ -72,8 +72,9 @@ databaseConnection:
   # If using the internal database, changing this field will have no effect
   # If using the external database, this user must exist on it
   user: slurm
-  # Password for database user. If left as nil, one will be randomly generated (recommended for internal database)
-  password:
+  # Name of secret containing database password. Secret should contain a 'password' key. If left as nil, a secret will be created
+  # automatically with a randomly generated password (recommended for internal database)
+  passwordSecretName:
 
 # Configmap resource names
 configmaps: