sqlproxy: inject secrets into sqlproxy.cnf

Question

I have a few proxysql (https://proxysql.com/) instances (running in Kubernetes). However, I don't want to hardcode the db credentials in the config file (proxysql.cnf). I was hoping I could use ENV variables but I wasn't able to get that to work. What is the proper way to include secrets in a proxysql instance without hard coding passwords in plain text files?

I was thinking of including the config file as one secret and mount it in Kubernetes (seem over kill or wrong) or run envsubstr via in a startup script or init container.

Thoughts?

Answer 1

What I ended up doing was I ran a sidecar with an init script as a configmap:

      #!/bin/sh

      echo "Check if mysqld is running..."
      while ! nc -z 127.0.0.1 6032; do
        sleep 0.1
      done
      echo "mysql is running!"

      echo "Loading Runtime Data..."

      echo "INSERT INTO mysql_users(username,password,default_hostgroup) VALUES ('$USERNAME','$PASSWORD',1);" | mysql -u $PROXYSQL_USER -p$PROXYSQL_PASSWORD -h 127.0.0.1 -P6032
      echo "LOAD MYSQL USERS TO RUNTIME;" | mysql -u $PROXYSQL_USER -p$PROXYSQL_PASSWORD -h 127.0.0.1 -P6032

      echo "Runtime Data loaded."

      while true; do sleep 300; done;

Seem to work nicely.