How to install the database for the official Drupal deploy image

[kopeboy]

I have just deployed the official awesome-akash Drupal image (which I guess is the same as the official Docker Drupal image), but when I head over to my provider's URL to install Drupal, I cannot setup the database.
Isn't the database setup included in the image?!
If it IS: where do I see/configure the database name/user/password?
If it is NOT: the pre-configured Drupal deployment is incomplete and doesn't work out of the box as is missing a database service.

[88plug]

Hi there! You can run the database in the same deployment. Here is what the YAML looks like to do that! Be sure to selected Advanced Options and change the Database Host to : db

---
version: "2.0"

services:
  drupal:
    image: drupal
    depends_on:
      - db
    expose:
      - port: 80
        to:
          - global: true
    env:
      - MYSQL_DATABASE_HOST=db
      - MYSQL_DATABASE_NAME=drupal
      - MYSQL_DATABASE_USER=myuser
      - MYSQL_DATABASE_PASSWORD=mypassword

  db:
    image: mysql:8
    env:
      - MYSQL_DATABASE=drupal
      - MYSQL_USER=myuser
      - MYSQL_PASSWORD=mypassword
      - MYSQL_RANDOM_ROOT_PASSWORD=yes
    expose:
      - port: 3306
        to:
          - service: drupal

profiles:
  compute:
    drupal:
      resources:
        cpu:
          units: 1.0
        memory:
          size: 1Gi
        storage:
          size: 1Gi
    db:
      resources:
        cpu:
          units: 0.5
        memory:
          size: 512Mi
        storage:
          size: 1Gi

  placement:
    akash:
      attributes:
        host: akash
      signedBy:
        anyOf:
          - "akash1365yvmc4s7awdyj3n2sav7xfx76adc6dnmlx63"
          - "akash18qa2a2ltfyvkyj0ggj3hkvuj6twzyumuaru9s4"
      pricing:
        drupal:
          denom: uakt
          amount: 10000
        db:
          denom: uakt
          amount: 5000

deployment:
  drupal:
    akash:
      profile: drupal
      count: 1
  db:
    akash:
      profile: db
      count: 1

[kopeboy]

Thanks. Is the storage defined like above persistent?
Also, how to provide the env variables in a secure way and ensure that the provider can never access them?

[88plug]

Thanks. Is the storage defined like above persistent?

No - you can add that as required easily with the SDL Builder by Cloudmos. Just import the above SDL.

Also, how to provide the env variables in a secure way and ensure that the provider can never access them?

Run a Hashivault Server and try this :

Create a policy in Vault to allow read access to the necessary secrets:

path "secret/data/db" {
  capabilities = ["read"]
}

This policy allows read access to the db secret. Create a role in Vault that maps to the policy:

$ vault write auth/token/roles/my-role allowed_policies=my-policy

This creates a role named my-role that maps to the my-policy policy. Create a token for the role:

$ vault token create -role=my-role

Now adapt the SDL to point at your Hashivault Server

version: "2.0"

services:
  drupal:
    image: drupal
    depends_on:
      - db
    expose:
      - port: 80
        to:
          - global: true
    environment:
      - MYSQL_DATABASE_HOST=db
      - MYSQL_DATABASE_NAME=drupal
      - MYSQL_DATABASE_USER=${MYSQL_USER}
      - MYSQL_DATABASE_PASSWORD=${MYSQL_PASSWORD}
    command: ["sh", "-c", "export MYSQL_USER=$(curl --header 'X-Vault-Token: $VAULT_TOKEN' --request GET $VAULT_ADDRESS/v1/secret/data/db | sed -e 's/^.*MYSQL_USER": "\(.*\)", "MYSQL_PASSWORD.*$/\1/'); export MYSQL_PASSWORD=$(curl --header 'X-Vault-Token: $VAULT_TOKEN' --request GET $VAULT_ADDRESS/v1/secret/data/db | sed -e 's/^.*MYSQL_PASSWORD": "\(.*\)".*$/\1/'); apache2-foreground"]
    env:
      VAULT_TOKEN: <VAULT_TOKEN>
      VAULT_ADDRESS: <VAULT_ADDRESS>

  db:
    image: mysql:8
    environment:
      - MYSQL_DATABASE=drupal
      - MYSQL_USER=${MYSQL_USER}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
      - MYSQL_RANDOM_ROOT_PASSWORD=yes
    expose:
      - port: 3306
        to:
          - service: drupal
    command: ["sh", "-c", "export MYSQL_USER=$(curl --header 'X-Vault-Token: $VAULT_TOKEN' --request GET $VAULT_ADDRESS/v1/secret/data/db | sed -e 's/^.*MYSQL_USER": "\(.*\)", "MYSQL_PASSWORD.*$/\1/'); export MYSQL_PASSWORD=$(curl --header 'X-Vault-Token: $VAULT_TOKEN' --request GET $VAULT_ADDRESS/v1/secret/data/db | sed -e 's/^.*MYSQL_PASSWORD": "\(.*\)".*$/\1/'); docker-entrypoint.sh mysqld"]
    env:
      VAULT_TOKEN: <VAULT_TOKEN>
      VAULT_ADDRESS: <VAULT_ADDRESS>

profiles:
  compute:
    drupal:
      resources:
        cpu:
          units: 1.0
        memory:
          size: 1Gi
        storage:
          size: 1Gi
    db:
      resources:
        cpu:
          units: 0.5
        memory:
          size: 512Mi
        storage:
          size: 1Gi

  placement:
    akash:
      attributes:
        host: akash
      signedBy:
        anyOf:
          - "akash1365yvmc4s7awdyj3n2sav7xfx76adc6dnmlx63"
          - "akash18qa2a2ltfyvkyj0ggj3hkvuj6twzyumuaru9s4"
      pricing:
        drupal:
          denom: uakt
          amount: 10000
        db:
          denom: uakt
          amount: 5000

deployment:
  drupal:
    akash:
      profile: drupal
      count: 1
  db:
    akash:
      profile: db
      count: 1