diff --git a/k8s/base/backend/deployment.yaml b/k8s/base/backend/deployment.yaml index 8bbad93..1d6b3eb 100644 --- a/k8s/base/backend/deployment.yaml +++ b/k8s/base/backend/deployment.yaml @@ -49,12 +49,12 @@ spec: valueFrom: secretKeyRef: name: mysql-secret - key: DB_USER + key: MYSQL_USER - name: DB_PASSWORD valueFrom: secretKeyRef: name: mysql-secret - key: DB_PASSWORD + key: MYSQL_PASSWORD - name: DB_NAME valueFrom: secretKeyRef: diff --git a/k8s/base/mysql/deployment.yaml b/k8s/base/mysql/deployment.yaml index fbb17f4..a0a3419 100644 --- a/k8s/base/mysql/deployment.yaml +++ b/k8s/base/mysql/deployment.yaml @@ -44,6 +44,18 @@ spec: # Allow root to connect from backend pods (any host), not just localhost. - name: MYSQL_ROOT_HOST value: "%" + # Create the app user on first init. Required if PVC is ever wiped and + # MySQL reinitializes — otherwise scrumapp user won't exist and backend fails. + - name: MYSQL_USER + valueFrom: + secretKeyRef: + name: mysql-secret + key: MYSQL_USER + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-secret + key: MYSQL_PASSWORD volumeMounts: - name: mysql-data mountPath: /var/lib/mysql diff --git a/k8s/base/mysql/secret.yaml b/k8s/base/mysql/secret.yaml index 50e8f3d..6d62292 100644 --- a/k8s/base/mysql/secret.yaml +++ b/k8s/base/mysql/secret.yaml @@ -12,20 +12,8 @@ data: MYSQL_PASSWORD: c2NydW1wYXNz DB_NAME: c2NydW1fbWFuYWdlcg== -# apiVersion: v1 -# kind: Secret -# metadata: -# name: mysql-secret -# labels: -# app.kubernetes.io/name: mysql -# app.kubernetes.io/component: database -# type: Opaque -# data: -# # Base64 encoded values — change these for production! -# # echo -n 'scrumpass' | base64 => c2NydW1wYXNz -# # echo -n 'root' | base64 => cm9vdA== -# # echo -n 'scrum_manager' | base64 => c2NydW1fbWFuYWdlcg== -# MYSQL_ROOT_PASSWORD: c2NydW1wYXNz -# DB_USER: cm9vdA== -# DB_PASSWORD: c2NydW1wYXNz -# DB_NAME: c2NydW1fbWFuYWdlcg== +# Decode reference: +# MYSQL_ROOT_PASSWORD: scrumpass +# MYSQL_USER: scrumapp +# MYSQL_PASSWORD: scrumpass +# DB_NAME: scrum_manager