Andrew
c46f02bca5
When mariadb.enabled=true, references the in-cluster MariaDB this chart deploys. When false, references an external CR via mariadb.externalRef. Privileges scoped to the website's database only — no global ALL PRIVILEGES. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
22 lines
766 B
YAML
22 lines
766 B
YAML
apiVersion: k8s.mariadb.com/v1alpha1
|
|
kind: User
|
|
metadata:
|
|
name: {{ include "ezscale-website.fullname" . }}-user
|
|
labels: {{- include "ezscale-website.labels" . | nindent 4 }}
|
|
spec:
|
|
# spec.name overrides metadata.name as the SQL identifier — needed because
|
|
# k8s resource names can't contain underscores but our SQL username can.
|
|
name: {{ .Values.mariadb.username }}
|
|
mariaDbRef:
|
|
{{- if .Values.mariadb.enabled }}
|
|
name: {{ include "ezscale-website.fullname" . }}-mariadb
|
|
{{- else }}
|
|
name: {{ .Values.mariadb.externalRef.name }}
|
|
namespace: {{ .Values.mariadb.externalRef.namespace }}
|
|
{{- end }}
|
|
passwordSecretKeyRef:
|
|
name: {{ include "ezscale-website.secretName" . }}
|
|
key: DB_PASSWORD
|
|
host: "%"
|
|
maxUserConnections: 50
|