Merge pull request #45 from barkhachoithani/feature/CLD-568

barkhachoithani · web-flow · commit e448a4a4db4d · 2022-11-21T10:30:19.000-08:00
CLD-568: Use Random Password for Admin in Helm Chart Deployment
diff --git a/README.md b/README.md
@@ -221,6 +221,44 @@ helm install my-release marklogic/marklogic --version=1.0.0-ea1 \
 
 We recommend that you use the `values.yaml` file for configuring your installation.
 
+## Setting MarkLogic admin password
+
+By default, a randomly generated aphanumeric value will be set for MarkLogic admin password. This value is stored in Kuberenetes secrets. 
+User can also set a custom password by setting a value for adminPassword in the values.yaml file or using the `--set` flag. 
+To retrieve the randomly generated admin password, use the following commands:
+
+1. List the secrets for helm deployment:
+```
+kubectl get secrets
+```
+The output will be similar to:
+
+| NAME | TYPE | DATA | AGE |
+| :---         |     :---:      |          ---: |          ---: |
+| dnode-group-marklogic   | kubernetes.io/basic-auth     | 2    | 33s    |
+
+2. Get the encoded value for admin password:
+```
+kubectl get secret dnode-group-marklogic -o jsonpath='{.data}'
+```
+The output will be similar to:
+```
+{"password":"R0JYaWxzR2c=","username":"YWRtaW4="}
+```
+3. Decode the password secret:
+```
+echo 'R0JYaWxzR2c=' | base64 --decode
+```
+The output will be similar to:
+```
+GBXilsGg
+```
+
+To upgrade the helm charts or deploy new helm charts for multi-node cluster, use the encoded value for admin password from the output of step 2.
+
+To access the MarkLogic cluster use the decode value for admin password from the output of step 3.
+
+
 ### Log Collection
 
 To enable log collection for all Marklogic logs set logCollection.enabled to true. Set each option in logCollection.files to true of false depending on if you want to track each type of Marklogic log file.
diff --git a/charts/templates/secret.yaml b/charts/templates/secret.yaml
@@ -1,3 +1,9 @@
+{{- $adminPassword := (randAlphaNum 10) | b64enc | quote }}
+{{- $secret := (lookup "v1" "Secret" .Release.Namespace .Release.Name ) }}
+{{- if $secret }}
+{{- $adminPassword = index $secret.data "password" }}
+{{- end -}}
+
 apiVersion: v1
 kind: Secret
 metadata:
@@ -6,6 +12,11 @@ metadata:
   labels:
     {{- include "marklogic.labels" . | nindent 4 }}
 type: kubernetes.io/basic-auth
+data:
+  {{- if .Values.auth.adminPassword }}
+    password: {{ .Values.auth.adminPassword | b64enc | quote }}
+  {{- else }}
+    password: {{ $adminPassword }}
+  {{- end }}
 stringData:
-  username: {{ .Values.auth.adminUsername}}
-  password: {{ .Values.auth.adminPassword}}
+  username: {{ .Values.auth.adminUsername }}
