[SO] Support root secret for external DB

In case of an external DB the secret containing the root password can be given in the global.mariadbGalera section and has to be used in the DB jobs Issue-ID: OOM-3266 Change-Id: Ifdaa4bdefbe3f985bfb2ff9f630a2d806089241c Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
author: Andreas Geissler <andreas-geissler@telekom.de> 2024-01-19 15:47:29 +0100
committer: Andreas Geissler <andreas-geissler@telekom.de> 2024-01-19 15:59:32 +0100
commit: 22318b1a44b4f099a1745bfee3a3583a612faab3 (patch)
tree: 939a5a42e5260039c1dea6af8a19d75b4d480ec3
parent: 21d48641d6344e9f00523ca15d49d44fcdb277b3 (diff)
2 files changed, 26 insertions, 11 deletions
diff --git a/kubernetes/so/Chart.yaml b/kubernetes/so/Chart.yaml
index f59b5e921a..69a85399f9 100755
--- a/kubernetes/so/Chart.yaml
+++ b/kubernetes/so/Chart.yaml
@@ -16,7 +16,7 @@
 apiVersion: v2
 description: ONAP Service Orchestrator
 name: so
-version: 13.0.0
+version: 13.0.1
 
 dependencies:
   - name: common
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index 229decdf38..ec77d92089 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -27,9 +27,11 @@ global:
     servicePort: '3306'
     service: mariadb-galera
     internalPort: '3306'
-    #This flag allows SO to instantiate its own mariadb-galera cluster,
-    #serviceName and nameOverride should be so-mariadb-galera if this flag is enabled
+    # This flag allows SO to instantiate its own mariadb-galera cluster,
+    # serviceName and nameOverride should be so-mariadb-galera if this flag is enabled
     localCluster: false
+    # (optional) if localCluster=false and an external secret is used set this variable
+    #userRootSecret: <secretName>
   persistence:
     mountPath: /dockerdata-nfs
   #This configuration specifies Service and port for SDNC OAM interface
@@ -68,13 +70,18 @@ secrets:
     # override this secret using external one with the same field that is used
     # to pass this to subchart.
     externalSecret: '{{ .Values.global.mariadbGalera.localCluster |
-      ternary ((hasSuffix "so-db-root-pass" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
-                  ternary
-                    ""
-                    (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .))
-              (include "common.mariadb.secret.rootPassSecretName"
-                (dict "dot" .
-                      "chartName" .Values.global.mariadbGalera.nameOverride)) }}'
+      ternary (( hasSuffix "so-db-root-pass" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
+               ternary
+                  ""
+                  (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .)
+               )
+               ( (not (empty (default "" .Values.global.mariadbGalera.userRootSecret))) |
+                 ternary
+                   .Values.global.mariadbGalera.userRootSecret
+                   (include "common.mariadb.secret.rootPassSecretName"
+                     (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)
+                   )
+               ) }}'
     password: '{{ .Values.global.mariadbGalera.mariadbRootpassword }}'
   - uid: db-backup-creds
     name: &dbBackupCredsSecretName '{{ include "common.release" . }}-so-db-backup-creds'
@@ -690,7 +697,15 @@ so-mariadb:
   db:
     rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
     #rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
-    rootPasswordExternalSecret: '{{ ternary (tpl .Values.db.rootPasswordExternalSecretLocalDb .) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}'
+    rootPasswordExternalSecret: '{{ .Values.global.mariadbGalera.localCluster |
+      ternary (tpl .Values.db.rootPasswordExternalSecretLocalDb .)
+               ( (not (empty (default "" .Values.global.mariadbGalera.userRootSecret))) |
+                 ternary
+                   .Values.global.mariadbGalera.userRootSecret
+                   (include "common.mariadb.secret.rootPassSecretName"
+                     (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)
+                   )
+               ) }}'
     backupCredsExternalSecret: *dbBackupCredsSecretName
     userCredsExternalSecret: *dbUserCredsSecretName
     adminCredsExternalSecret: *dbAdminCredsSecretName
author	Andreas Geissler <andreas-geissler@telekom.de>	2024-01-19 15:47:29 +0100
committer	Andreas Geissler <andreas-geissler@telekom.de>	2024-01-19 15:59:32 +0100
commit	22318b1a44b4f099a1745bfee3a3583a612faab3 (patch)
tree	939a5a42e5260039c1dea6af8a19d75b4d480ec3
parent	21d48641d6344e9f00523ca15d49d44fcdb277b3 (diff)