11 files changed, 159 insertions, 220 deletions
diff --git a/kubernetes/common/dgbuilder/resources/scripts/customSettings.js b/kubernetes/common/dgbuilder/resources/config/customSettings.js
index 66b7b5ed15..42c2e5728b 100644
--- a/kubernetes/common/dgbuilder/resources/scripts/customSettings.js
+++ b/kubernetes/common/dgbuilder/resources/config/customSettings.js
@@ -26,31 +26,31 @@ module.exports={
     "sharedDir": "releases/sdnc1.0/flows/shared",
     "userDir": "releases/sdnc1.0",
     "httpAuth": {
-        "user": "dguser",
-        "pass": "{{.Values.config.dgUserPassword}}"
+        "user": "${HTTP_USER}",
+        "pass": "${HTTP_PASSWORD}"
     },
     "dbHost": "{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}",
     "dbPort": "3306",
-    "dbName": "sdnctl",
-    "dbUser": "sdnctl",
-    "dbPassword": "{{.Values.config.dbSdnctlPassword}}",
+    "dbName": "{{.Values.config.db.dbName}}",
+    "dbUser": "${DB_USER}",
+    "dbPassword": "${DB_PASSWORD}",
     "gitLocalRepository": "",
     "restConfUrl": "http://localhost:8181/restconf/operations/SLI-API:execute-graph",
-    "restConfUser": "admin",
-    "restConfPassword": "admin",
+    "restConfUser": "${REST_CONF_USER}",
+    "restConfPassword": "${REST_CONF_PASSWORD}",
     "formatXML": "Y",
     "formatJSON": "Y",
     "httpRoot": "/",
     "disableEditor": false,
     "httpAdminRoot": "/",
     "httpAdminAuth": {
-        "user": "dguser",
-        "pass": "{{.Values.config.dgUserPassword}}"
+        "user": "${HTTP_ADMIN_USER}",
+        "pass": "${HTTP_ADMIN_PASSWORD}"
     },
     "httpNodeRoot": "/",
     "httpNodeAuth": {
-        "user": "dguser",
-        "pass": "{{.Values.config.dgUserPassword}}"
+        "user": "${HTTP_NODE_USER}",
+        "pass": "${HTTP_NODE_PASSWORD}"
     },
     "uiHost": "0.0.0.0",
     "version": "0.9.1",
diff --git a/kubernetes/common/dgbuilder/resources/config/svclogic.properties b/kubernetes/common/dgbuilder/resources/config/svclogic.properties
index b780cafbcd..28612a270b 100644
--- a/kubernetes/common/dgbuilder/resources/config/svclogic.properties
+++ b/kubernetes/common/dgbuilder/resources/config/svclogic.properties
@@ -13,7 +13,7 @@
 # limitations under the License.
 
 org.onap.ccsdk.sli.dbtype=jdbc
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/sdnctl
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}}
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/{{.Values.config.db.dbName}}
+org.onap.ccsdk.sli.jdbc.database={{.Values.config.db.dbName}}
+org.onap.ccsdk.sli.jdbc.user=${DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${DB_PASSWORD}
diff --git a/kubernetes/common/dgbuilder/resources/scripts/createReleaseDir.sh b/kubernetes/common/dgbuilder/resources/scripts/createReleaseDir.sh
deleted file mode 100755
index b037058c2b..0000000000
--- a/kubernetes/common/dgbuilder/resources/scripts/createReleaseDir.sh
+++ /dev/null
@@ -1,149 +0,0 @@
-# Copyright © 2018 AT&T, Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#!/bin/bash
-export PATH=$PATH:.
-appDir=$(pwd)
-if [ "$#" != 3 -a "$#" != 4 ]
-then
-	echo "Usage $0 releaseDir  loginId emailAddress [gitLocalRepository]"
-	echo "Note: Specify the gitLocalRepository path if you would want to be able to import flows from your local git repository"
-	exit
-fi
-if [ ! -e "releases" ]
-then
-	mkdir releases
-fi
-releaseDir="$1"
-name="Release $releaseDir"
-loginId="$2"
-emailid="$3"
-dbHost="{{.Values.config.dbServiceName}}.{{.Release.Namespace}}"
-dbPort="3306"
-dbName="sdnctl"
-dbUser="sdnctl"
-dbPassword="{{.Values.config.dbSdnctlPassword}}"
-gitLocalRepository="$4"
-
-lastPort=$(find "releases/" -name "customSettings.js" |xargs grep uiPort|cut -d: -f2|sed -e s/,//|sort|tail -1)
-echo $lastPort|grep uiPort >/dev/null 2>&1
-if [ "$?" == "0" ]
-then
-lastPort=$(find "releases/" -name "customSettings.js" |xargs grep uiPort|cut -d: -f3|sed -e s/,//|sort|tail -1)
-fi
-#echo $lastPort
-if [ "${lastPort}" == "" ]
-then
-	lastPort="3099"
-fi
-let nextPort=$(expr $lastPort+1)
-#echo $nextPort
-if [ ! -e "releases/$releaseDir" ]
-then
-mkdir releases/$releaseDir
-cd releases/$releaseDir
-mkdir flows
-mkdir flows/shared
-mkdir flows/shared/backups
-mkdir html
-mkdir xml
-mkdir lib
-mkdir lib/flows
-mkdir logs
-mkdir conf
-mkdir codecloud
-customSettingsFile="customSettings.js"
-if [ ! -e "./$customSettingsFile" ]
-then
-	echo "module.exports = {" >$customSettingsFile
-	echo "		'name' : '$name'," >>$customSettingsFile
-	echo "		'emailAddress' :'$emailid'," >>$customSettingsFile
-	echo "		'uiPort' :$nextPort," >>$customSettingsFile
-	echo "		'mqttReconnectTime': 15000," >>$customSettingsFile
-	echo "		'serialReconnectTime' : 15000,"  >>$customSettingsFile
-	echo "		'debugMaxLength': 1000," >>$customSettingsFile
-	echo "		'htmlPath': 'releases/$releaseDir/html/'," >>$customSettingsFile
-	echo "		'xmlPath': 'releases/$releaseDir/xml/'," >>$customSettingsFile
-	echo "		'flowFile' : 'releases/$releaseDir/flows/flows.json'," >>$customSettingsFile
-	echo "		'sharedDir': 'releases/$releaseDir/flows/shared'," >>$customSettingsFile
-	echo "		'userDir' : 'releases/$releaseDir'," >>$customSettingsFile
-	echo "		'httpAuth': {user:'$loginId',pass:'cc03e747a6afbbcbf8be7668acfebee5'}," >>$customSettingsFile
-	echo "		'dbHost': '$dbHost'," >>$customSettingsFile
-	echo "		'dbPort': '$dbPort'," >>$customSettingsFile
-	echo "		'dbName': '$dbName'," >>$customSettingsFile
-	echo "		'dbUser': '$dbUser'," >>$customSettingsFile
-	echo "		'dbPassword': '$dbPassword'," >>$customSettingsFile
-	echo "		'gitLocalRepository': '$gitLocalRepository'" >>$customSettingsFile
-	echo "		'restConfUrl': '$restConfUrl'," >>$customSettingsFile
-	echo "		'restConfUser': '$restConfUser'," >>$customSettingsFile
-	echo "		'restConfPassword': '$restConfPassword'," >>$customSettingsFile
-	echo "		'formatXML': '$formatXML'," >>$customSettingsFile
-	echo "		'formatJSON': '$formatJSON'," >>$customSettingsFile
-	echo "		'enableHttps': true" >>$customSettingsFile
-	echo "		}" >>$customSettingsFile
-fi
-	#echo "Created custom settings  file $customSettingsFile"
-	echo "Done ....."
-else
-	echo "ERROR:customSettings file $customSettingsFile already exists for $releaseDir"
-	exit
-fi
-#echo "Content of custom settings file"
-#echo "============================================================================"
-#	cat $customSettingsFile
-#echo "============================================================================"
-svclogicPropFile="./conf/svclogic.properties"
-if [ ! -d "${appDir}/yangFiles" ]
-then
-	mkdir -p "${appDir}/yangFiles"
-fi
-if [ ! -d "${appDir}/generatedJS" ]
-then
-	mkdir -p "${appDir}/generatedJS"
-fi
-
-if [ ! -e "./$svclogicPropFile" ]
-then
-	echo "org.onap.ccsdk.sli.dbtype=jdbc" >$svclogicPropFile
-	echo "org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{.Release.Namespace}}:3306/sdnctl" >>$svclogicPropFile
-	echo "org.onap.ccsdk.sli.jdbc.database=sdnctl" >>$svclogicPropFile
-	echo "org.onap.ccsdk.sli.jdbc.user=sdnctl" >>$svclogicPropFile
-	echo "org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}}" >>$svclogicPropFile
-fi
-if [ ! -e "${appDir}/flowShareUsers.js" ]
-then
-	echo "module.exports = {\"flowShareUsers\":" >${appDir}/flowShareUsers.js
-        echo "	[" >>${appDir}/flowShareUsers.js
-        echo "	]" >>${appDir}/flowShareUsers.js
-        echo "}" >>${appDir}/flowShareUsers.js
-fi
-grep "$releaseDir" ${appDir}/flowShareUsers.js >/dev/null 2>&1
-if [ "$?" != "0" ]
-then
-	num_of_lines=$(cat ${appDir}/flowShareUsers.js|wc -l)
-	if [ $num_of_lines -gt 4 ]
-	then
-		content=$(head -n -2 ${appDir}/flowShareUsers.js)
-		echo "${content}," > ${appDir}/flowShareUsers.js
-	else
-		content=$(head -n -2 ${appDir}/flowShareUsers.js)
-		echo "$content" > ${appDir}/flowShareUsers.js
-	fi
-	echo "	{" >> ${appDir}/flowShareUsers.js
-	echo "          \"name\" : \"$name\"," >> ${appDir}/flowShareUsers.js
-	echo "          \"rootDir\" : \"$releaseDir\"" >> ${appDir}/flowShareUsers.js
-	echo "	}" >> ${appDir}/flowShareUsers.js
-	echo "	]" >> ${appDir}/flowShareUsers.js
-	echo "}" >> ${appDir}/flowShareUsers.js
-fi
diff --git a/kubernetes/common/dgbuilder/templates/configmap.yaml b/kubernetes/common/dgbuilder/templates/configmap.yaml
index 24f61b5487..828818c68d 100644
--- a/kubernetes/common/dgbuilder/templates/configmap.yaml
+++ b/kubernetes/common/dgbuilder/templates/configmap.yaml
@@ -24,16 +24,3 @@ metadata:
     heritage: {{ .Release.Service }}
 data:
 {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-scripts
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/scripts/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml
index 495c4c6ab6..b3f0ab05a3 100644
--- a/kubernetes/common/dgbuilder/templates/deployment.yaml
+++ b/kubernetes/common/dgbuilder/templates/deployment.yaml
@@ -32,6 +32,40 @@ spec:
     spec:
       initContainers:
       - command:
+        - sh
+        args:
+        - -c
+        - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+        env:
+        - name: DB_USER
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+        - name: DB_PASSWORD
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+        - name: HTTP_USER
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "http-user-creds" "key" "login") | indent 10 }}
+        - name: HTTP_PASSWORD
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "http-user-creds" "key" "password") | indent 10 }}
+        - name: HTTP_ADMIN_USER
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "admin-creds" "key" "login") | indent 10 }}
+        - name: HTTP_ADMIN_PASSWORD
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "admin-creds" "key" "password") | indent 10 }}
+        - name: HTTP_NODE_USER
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "node-creds" "key" "login") | indent 10 }}
+        - name: HTTP_NODE_PASSWORD
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "node-creds" "key" "password") | indent 10 }}
+        - name: REST_CONF_USER
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }}
+        - name: REST_CONF_PASSWORD
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }}
+        volumeMounts:
+        - mountPath: /config-input
+          name: config-input
+        - mountPath: /config
+          name: config
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ include "common.name" . }}-update-config
+      - command:
         - /root/ready.py
         args:
         - --container-name
@@ -59,11 +93,6 @@ spec:
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           env:
-          - name: MYSQL_ROOT_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: {{ template "common.fullname" . }}
-                key: db-root-password
           - name: SDNC_CONFIG_DIR
             value: /opt/onap/sdnc/data/properties
           volumeMounts:
@@ -79,10 +108,7 @@ spec:
           - name: config
             mountPath: /opt/onap/ccsdk/dgbuilder/svclogic/svclogic.properties
             subPath: svclogic.properties
-          - name: scripts
-            mountPath: /opt/onap/ccsdk/dgbuilder/createReleaseDir.sh
-            subPath: createReleaseDir.sh
-          - name: scripts
+          - name: config
             mountPath: /opt/onap/ccsdk/dgbuilder/releases/sdnc1.0/customSettings.js
             subPath: customSettings.js
           resources:
@@ -99,12 +125,11 @@ spec:
         - name: localtime
           hostPath:
             path: /etc/localtime
-        - name: config
+        - name: config-input
           configMap:
             name: {{ include "common.fullname" . }}-config
-        - name: scripts
-          configMap:
-            name: {{ include "common.fullname" . }}-scripts
-            defaultMode: 0755
+        - name: config
+          emptyDir:
+            medium: Memory
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/common/dgbuilder/templates/secrets.yaml b/kubernetes/common/dgbuilder/templates/secrets.yaml
index e00d7cfc03..c9a409fdca 100644
--- a/kubernetes/common/dgbuilder/templates/secrets.yaml
+++ b/kubernetes/common/dgbuilder/templates/secrets.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2018 AT&T, Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,16 +13,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.fullname" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-type: Opaque
-data:
-  db-root-password: {{ .Values.config.dbRootPassword | b64enc | quote }}
-\ No newline at end of file
+{{ include "common.secret" . }}
diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml
index fa205e227e..96d7dffb0a 100644
--- a/kubernetes/common/dgbuilder/values.yaml
+++ b/kubernetes/common/dgbuilder/values.yaml
@@ -31,6 +31,9 @@ global:
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
 
+  # envsusbt
+  envsubstImage: dibi/envsubst
+
   # image pull policy
   pullPolicy: Always
 
@@ -43,6 +46,40 @@ global:
   debugEnabled: true
 
 #################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: 'db-root-password'
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
+    password: '{{ .Values.config.dbRootPassword }}'
+  - uid: 'db-user-creds'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+    login: '{{ .Values.config.db.userName }}'
+    password: '{{ .Values.config.dbSdnctlPassword }}'
+  - uid: 'http-user-creds'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.httpCredsExternalSecret) . }}'
+    login: '{{ .Values.config.httpUser }}'
+    password: '{{ .Values.config.dgUserPassword }}'
+  - uid: 'admin-creds'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.adminCredsExternalSecret) . }}'
+    login: '{{ .Values.config.adminUser }}'
+    password: '{{ .Values.config.dgUserPassword }}'
+  - uid: 'node-creds'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.nodeCredsExternalSecret) . }}'
+    login: '{{ .Values.config.nodeUser }}'
+    password: '{{ .Values.config.dgUserPassword }}'
+  - uid: 'restconf-creds'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.restconfCredsExternalSecret) . }}'
+    login: '{{ .Values.config.restconfUser }}'
+    password: '{{ .Values.config.restconfPassword }}'
+
+#################################################################
 # Application configuration defaults.
 #################################################################
 # application image
@@ -55,6 +92,32 @@ debugEnabled: false
 
 # application configuration
 config:
+  db:
+    dbName: sdnctl
+    # unused for now to preserve the API
+    rootPassword: openECOMP1.0
+    # rootPasswordExternalSecret: some secret
+    userName: sdnctl
+    # unused for now to preserve the API
+    userPassword: gamma
+    # userCredentialsExternalSecret: some secret
+  httpUser: dguser
+  # unused for now to preserve the API
+  httpPassword: cc03e747a6afbbcbf8be7668acfebee5
+  # httpCredsExternalSecret: some secret
+  adminUser: dguser
+  # unused for now to preserve the API
+  adminPassword: cc03e747a6afbbcbf8be7668acfebee5
+  # adminCredsExternalSecret: some secret
+  nodeUser: dguser
+  # unused for now to preserve the API
+  nodePassword: cc03e747a6afbbcbf8be7668acfebee5
+  # nodeCredsExternalSecret: some secret
+  restconfUser: admin
+  # unused for now to preserve the API
+  restconfPassword: admin
+  # restconfCredsExternalSecret: some secret
+
   dbRootPassword: openECOMP1.0
   dbSdnctlPassword: gamma
   dbPodName: mysql-db
diff --git a/kubernetes/common/network-name-gen/requirements.yaml b/kubernetes/common/network-name-gen/requirements.yaml
index 9ef8db89a4..eda693f832 100644
--- a/kubernetes/common/network-name-gen/requirements.yaml
+++ b/kubernetes/common/network-name-gen/requirements.yaml
@@ -18,4 +18,9 @@ dependencies:
     repository: '@local'
   - name: mariadb-galera
     version: ~5.x-0
-    repository: file://../mariadb-galera/
+    repository: '@local'
+    condition: global.mariadbGalera.localCluster
+  - name: mariadb-init
+    version: ~5.x-0
+    repository: '@local'
+    condition: not global.mariadbGalera.localCluster
diff --git a/kubernetes/common/network-name-gen/templates/deployment.yaml b/kubernetes/common/network-name-gen/templates/deployment.yaml
index 2f9cd6a158..a6d18e7a59 100644
--- a/kubernetes/common/network-name-gen/templates/deployment.yaml
+++ b/kubernetes/common/network-name-gen/templates/deployment.yaml
@@ -31,11 +31,19 @@ spec:
         release: {{ include "common.release" . }}
     spec:
       initContainers:
+{{- if .Values.global.mariadbGalera.localCluster }}
       - command:
         - /root/ready.py
         args:
         - --container-name
         - {{ index .Values "mariadb-galera" "nameOverride" }}
+{{- else }}
+      - command:
+        - /root/job_complete.py
+        args:
+        - --job-name
+        - {{ include "common.release" . }}-{{ index .Values "mariadb-init" "nameOverride" }}-config-job
+{{- end }}
         env:
         - name: NAMESPACE
           valueFrom:
@@ -53,11 +61,11 @@ spec:
         - name: SPRING_PROFILE
           value: "{{ .Values.config.springProfile }}"
         - name: NENG_DB_USER
-          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10}}
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "neng-db-secret" "key" "login") | indent 10}}
         - name: NENG_DB_PASS
-          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10}}
+          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "neng-db-secret" "key" "password") | indent 10}}
         - name: NENG_DB_URL
-          value: {{ .Values.config.dbUrl }}
+          value: jdbc:mysql://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
         - name: POL_CLIENT_AUTH
           value: "{{ .Values.config.polClientAuth }}"
         - name: POL_BASIC_AUTH
diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml
index d5897013c4..0defa97c26 100644
--- a/kubernetes/common/network-name-gen/values.yaml
+++ b/kubernetes/common/network-name-gen/values.yaml
@@ -32,24 +32,29 @@ global:
   # image pull policy
   pullPolicy: IfNotPresent
 
+  mariadbGalera: &mariadbGalera
+    #This flag allows SO to instantiate its own mariadb-galera cluster
+    localCluster: false
+    service: mariadb-galera
+    internalPort: 3306
+    nameOverride: mariadb-galera
+
 #################################################################
 # Secrets metaconfig
 #################################################################
 secrets:
-  - uid: "db-user-creds"
-    externalSecret: '{{- include "common.mariadb.secret.userCredentialsSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}'
+  - uid: neng-db-secret
+    name: '{{ include "common.release" . }}-neng-db-secret'
     type: basicAuth
-  - uid: "db-root-pass"
-    externalSecret: '{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}'
-    type: password
+    externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+    login: '{{ .Values.config.db.userName }}'
+    password: '{{ .Values.config.db.userPassword }}'
 
 # sub-chart config
 mariadb-galera:
-  config:
-      userName: nenguser
-      userPassword: nenguser123
-      mariadbRootPassword: nenguser123
-      mysqlDatabase: nengdb
+  config: &mariadbConfig
+    userCredentialsExternalSecret: '{{ include "common.release" . }}-neng-db-secret'
+    mysqlDatabase: nengdb
   nameOverride: nengdb
   service:
     name: nengdb
@@ -59,6 +64,9 @@ mariadb-galera:
     enabled: true
     mountSubPath: network-name-gen/data
 
+mariadb-init:
+  config: *mariadbConfig
+  nameOverride: nengdb-init
 
 #################################################################
 # Application configuration defaults.
@@ -70,7 +78,10 @@ pullPolicy: IfNotPresent
 
 # application configuration
 config:
-  dbUrl: jdbc:mysql://nengdb:3306/nengdb
+  db:
+    userName: nenguser
+    # userPassword: password
+    # userCredentialsExternalSecret: some-secret
   springProfile: live
   polClientAuth: cHl0aG9uOnRlc3Q=
   polBasicAuth: dGVzdHBkcDphbHBoYTEyMw==
diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml
index c2131e9ad0..7aff189ba9 100644
--- a/kubernetes/common/postgres/values.yaml
+++ b/kubernetes/common/postgres/values.yaml
@@ -48,7 +48,7 @@ busyboxRepository: registry.hub.docker.com
 busyboxImage: library/busybox:latest
 
 postgresRepository: crunchydata
-image: crunchy-postgres:centos7-10.4-2.0.0
+image: crunchy-postgres:centos7-10.11-4.2.1
 pullPolicy: Always
 
 # application configuration