github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/pkg/scanners/helm/test/mysql/templates/NOTES.txt

github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/pkg/scanners/helm/test/mysql/templates/NOTES.txt (about)

     1  CHART NAME: {{ .Chart.Name }}
     2  CHART VERSION: {{ .Chart.Version }}
     3  APP VERSION: {{ .Chart.AppVersion }}
     4  
     5  ** Please be patient while the chart is being deployed **
     6  
     7  {{- if .Values.diagnosticMode.enabled }}
     8  The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with:
     9  
    10    command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }}
    11    args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }}
    12  
    13  Get the list of pods by executing:
    14  
    15    kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }}
    16  
    17  Access the pod you want to debug by executing
    18  
    19    kubectl exec --namespace {{ .Release.Namespace }} -ti <NAME OF THE POD> -- bash
    20  
    21  In order to replicate the container startup scripts execute this command:
    22  
    23      /opt/bitnami/scripts/mysql/entrypoint.sh /opt/bitnami/scripts/mysql/run.sh
    24  
    25  {{- else }}
    26  
    27  Tip:
    28  
    29    Watch the deployment status using the command: kubectl get pods -w --namespace {{ .Release.Namespace }}
    30  
    31  Services:
    32  
    33    echo Primary: {{ include "mysql.primary.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ .Values.primary.service.port }}
    34  {{- if eq .Values.architecture "replication" }}
    35    echo Secondary: {{ include "mysql.secondary.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ .Values.secondary.service.port }}
    36  {{- end }}
    37  
    38  Execute the following to get the administrator credentials:
    39  
    40    echo Username: root
    41    MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "mysql.secretName" . }} -o jsonpath="{.data.mysql-root-password}" | base64 --decode)
    42  
    43  To connect to your database:
    44  
    45    1. Run a pod that you can use as a client:
    46  
    47        kubectl run {{ include "common.names.fullname" . }}-client --rm --tty -i --restart='Never' --image  {{ template "mysql.image" . }} --namespace {{ .Release.Namespace }} --command -- bash
    48  
    49    2. To connect to primary service (read/write):
    50  
    51        mysql -h {{ include "mysql.primary.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} -uroot -p"$MYSQL_ROOT_PASSWORD"
    52  
    53  {{- if eq .Values.architecture "replication" }}
    54  
    55    3. To connect to secondary service (read-only):
    56  
    57        mysql -h {{ include "mysql.secondary.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} -uroot -p"$MYSQL_ROOT_PASSWORD"
    58  {{- end }}
    59  
    60  {{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
    61  Note: Since NetworkPolicy is enabled, only pods with label {{ template "common.names.fullname" . }}-client=true" will be able to connect to MySQL.
    62  {{- end }}
    63  
    64  {{- if .Values.metrics.enabled }}
    65  
    66  To access the MySQL Prometheus metrics from outside the cluster execute the following commands:
    67  
    68      kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ printf "%s-metrics" (include "common.names.fullname" .) }} {{ .Values.metrics.service.port }}:{{ .Values.metrics.service.port }} &
    69      curl http://127.0.0.1:{{ .Values.metrics.service.port }}/metrics
    70  
    71  {{- end }}
    72  
    73  To upgrade this helm chart:
    74  
    75    1. Obtain the password as described on the 'Administrator credentials' section and set the 'root.password' parameter as shown below:
    76  
    77        ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath="{.data.mysql-root-password}" | base64 --decode)
    78        helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/mysql --set auth.rootPassword=$ROOT_PASSWORD
    79  
    80  {{ include "mysql.validateValues" . }}
    81  {{ include "mysql.checkRollingTags" . }}
    82  {{- if and (not .Values.auth.existingSecret) (not .Values.auth.customPasswordFiles) -}}
    83      {{- $secretName := include "mysql.secretName" . -}}
    84      {{- $requiredPasswords := list -}}
    85  
    86      {{- $requiredRootPassword := dict "valueKey" "auth.rootPassword" "secret" $secretName "field" "mysql-root-password" -}}
    87      {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}}
    88  
    89      {{- if not (empty .Values.auth.username) -}}
    90          {{- $requiredPassword := dict "valueKey" "auth.password" "secret" $secretName "field" "mysql-password" -}}
    91          {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
    92      {{- end -}}
    93  
    94      {{- if (eq .Values.architecture "replication") -}}
    95          {{- $requiredReplicationPassword := dict "valueKey" "auth.replicationPassword" "secret" $secretName "field" "mysql-replication-password" -}}
    96          {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}}
    97      {{- end -}}
    98  
    99      {{- $mysqlPasswordValidationErrors := include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" $) -}}
   100      {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $mysqlPasswordValidationErrors "context" $) -}}
   101  {{- end }}
   102  {{- end }}