diff --git a/docs/existing-secrets.md b/docs/existing-secrets.md index 9389d0c9..97e8022f 100644 --- a/docs/existing-secrets.md +++ b/docs/existing-secrets.md @@ -12,6 +12,7 @@ This document covers how to utilise existing secrets and special requirements. T * [Components](#components) * [Cassandra](#cassandra) * [Keycloak](#keycloak) + * [MariaDB](#mariadb) * [MinIO](#minio) * [Notes](#notes) * [OpenProject](#openproject) @@ -120,6 +121,46 @@ Values taken from those existing secrets will supersede secret values that are a clientId: "yourSecretValueHere" clientSecret: "yourSecretValueHere" ``` +## MariaDB + +When initialising databases, users and credentials the Chart expects `.sql` files inside the secret to mount and feed them to the database client. + +The expected format for the databases is as follows: + +```yaml +stringData: + init-db-open-xchange.sql: | + CREATE DATABASE IF NOT EXISTS openxchange_dummy; + GRANT ALL PRIVILEGES ON openxchange_dummy.* TO "openxchange_user"@"%"; + FLUSH PRIVILEGES; + init-db-nextcloud.sql: | + CREATE DATABASE IF NOT EXISTS nextcloud; + GRANT ALL PRIVILEGES ON nextcloud.* TO "nextcloud_user"@"%"; + FLUSH PRIVILEGES; + init-db-xwiki.sql: | + CREATE DATABASE IF NOT EXISTS xwiki; + GRANT ALL PRIVILEGES ON xwiki.* TO "xwiki_user"@"%"; + FLUSH PRIVILEGES; +``` + +For the user and credentials the following format is expected: + +```yaml +stringData: + init-user-open-xchange.sql: | + CREATE USER IF NOT EXISTS "openxchange_user"@"%" IDENTIFIED BY {{ .Values.secrets.mariadb.openxchangeUser | quote }}; + ALTER USER "openxchange_user"@"%" WITH MAX_USER_CONNECTIONS 100; + ALTER USER "openxchange_user"@"%" IDENTIFIED BY {{ .Values.secrets.mariadb.openxchangeUser | quote }}; + init-user-nextcloud.sql: | + CREATE USER IF NOT EXISTS "nextcloud_user"@"%" IDENTIFIED BY {{ .Values.secrets.mariadb.nextcloudUser | quote }}; + ALTER USER "nextcloud_user"@"%" WITH MAX_USER_CONNECTIONS 100; + ALTER USER "nextcloud_user"@"%" IDENTIFIED BY {{ .Values.secrets.mariadb.nextcloudUser | quote }}; + init-user-xwiki.sql: | + CREATE USER IF NOT EXISTS "xwiki_user"@"%" IDENTIFIED BY {{ .Values.secrets.mariadb.xwikiUser | quote }}; + ALTER USER "xwiki_user"@"%" WITH MAX_USER_CONNECTIONS 100; + ALTER USER "xwiki_user"@"%" IDENTIFIED BY {{ .Values.secrets.mariadb.xwikiUser | quote }}; +``` + ## MinIO diff --git a/helmfile/apps/services-external/values-mariadb.yaml.gotmpl b/helmfile/apps/services-external/values-mariadb.yaml.gotmpl index ff2190c8..11d7f2b3 100644 --- a/helmfile/apps/services-external/values-mariadb.yaml.gotmpl +++ b/helmfile/apps/services-external/values-mariadb.yaml.gotmpl @@ -53,6 +53,7 @@ job: password: {{ .Values.secrets.mariadb.xwikiUser | quote }} connectionLimit: {{ .Values.databases.xwiki.connectionLimit | default .Values.databases.defaults.userConnectionLimit }} {{ end }} + usersExistingSecret: {{ .Values.existingSecrets.mariadb.users | quote }} databases: # OX uses root user and auto automanages the database, we add a dummy user and create a dummy/empty database. - name: "openxchange_dummy" @@ -66,10 +67,14 @@ job: - name: {{ .Values.databases.xwiki.name | quote }} user: "xwiki_user" {{ end }} + databasesExistingSecret: {{ .Values.existingSecrets.mariadb.databases | quote }} mariadb: rootPassword: value: {{ .Values.secrets.mariadb.rootPassword | quote }} + existingSecret: + name: {{ .Values.existingSecrets.mariadb.rootPassword.name | quote }} + key: {{ .Values.existingSecrets.mariadb.rootPassword.key | quote }} persistence: size: {{ .Values.persistence.storages.mariadb.size | quote }} diff --git a/helmfile/environments/default/existing_secrets.yaml.gotmpl b/helmfile/environments/default/existing_secrets.yaml.gotmpl index 71442113..93c3ee57 100644 --- a/helmfile/environments/default/existing_secrets.yaml.gotmpl +++ b/helmfile/environments/default/existing_secrets.yaml.gotmpl @@ -131,6 +131,12 @@ existingSecrets: clients: name: ~ key: ~ + mariadb: + rootPassword: + name: ~ + key: ~ + databases: ~ + users: ~ minio: existingSecret: ~ rootUserSecretKey: ~