[proxysql] Secrets in ConfigMap

[Pionerd]

Currently, ProxySQL stores sensitive data (e.g. user passwords) in the ConfigMap. If I were to make a PR with the below would that be merged?

• Either convert the ConfigMap to a Secret, or at least give that option
• Allow sensitive data such as those passwords to be supplied separately / from existing secrets

[Pionerd]

Never mind, it was a bit hidden, but I now understand how you can mount files directly into the configuration. Proposed contribution is not necessary.

[prwnd9]

@Pionerd How did you do it? Separating user passwords from values.yaml?

[Pionerd]

My concern was with the configMap possibly containing secrets. However, looking at it again, I probably would still expect the possibility to read the passwords from an existing secret (as opposed to helm values which is indeed not ideal).

[law]

So, erm... how did you do it? Can you provide an example that loads a username/password from a standard k8s secret into the proxysql config?

[Pionerd]

No, that is my point. That part is lacking. It (currently) should be supplied through Helm values. When I opened this issue, I thought it was only possible to do so through a ConfigMap, but it works via a Secret; which made my original proposal less urgent. I'm not using proxysql atm, but I think a PR to fix this is desired.