[SO] Support root secret for external DB

In case of an external DB the secret containing the root
password can be given in the global.mariadbGalera section
and has to be used in the DB jobs

Issue-ID: OOM-3266

Change-Id: Ifdaa4bdefbe3f985bfb2ff9f630a2d806089241c
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>

diff --git a/kubernetes/so/Chart.yaml b/kubernetes/so/Chart.yaml
index f59b5e9..69a8539 100755 (executable)
--- a/kubernetes/so/Chart.yaml
+++ b/kubernetes/so/Chart.yaml
@@ -16,7 +16,7 @@
 apiVersion: v2
 description: ONAP Service Orchestrator
 name: so
-version: 13.0.0
+version: 13.0.1
 
 dependencies:
   - name: common

diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index 229decd..ec77d92 100755 (executable)
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -27,9 +27,11 @@ global:
     servicePort: '3306'
     service: mariadb-galera
     internalPort: '3306'
-    #This flag allows SO to instantiate its own mariadb-galera cluster,
-    #serviceName and nameOverride should be so-mariadb-galera if this flag is enabled
+    # This flag allows SO to instantiate its own mariadb-galera cluster,
+    # serviceName and nameOverride should be so-mariadb-galera if this flag is enabled
     localCluster: false
+    # (optional) if localCluster=false and an external secret is used set this variable
+    #userRootSecret: <secretName>
   persistence:
     mountPath: /dockerdata-nfs
   #This configuration specifies Service and port for SDNC OAM interface
@@ -68,13 +70,18 @@ secrets:
     # override this secret using external one with the same field that is used
     # to pass this to subchart.
     externalSecret: '{{ .Values.global.mariadbGalera.localCluster |
-      ternary ((hasSuffix "so-db-root-pass" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
-                  ternary
-                    ""
-                    (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .))
-              (include "common.mariadb.secret.rootPassSecretName"
-                (dict "dot" .
-                      "chartName" .Values.global.mariadbGalera.nameOverride)) }}'
+      ternary (( hasSuffix "so-db-root-pass" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
+               ternary
+                  ""
+                  (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .)
+               )
+               ( (not (empty (default "" .Values.global.mariadbGalera.userRootSecret))) |
+                 ternary
+                   .Values.global.mariadbGalera.userRootSecret
+                   (include "common.mariadb.secret.rootPassSecretName"
+                     (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)
+                   )
+               ) }}'
     password: '{{ .Values.global.mariadbGalera.mariadbRootpassword }}'
   - uid: db-backup-creds
     name: &dbBackupCredsSecretName '{{ include "common.release" . }}-so-db-backup-creds'
@@ -690,7 +697,15 @@ so-mariadb:
   db:
     rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
     #rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
-    rootPasswordExternalSecret: '{{ ternary (tpl .Values.db.rootPasswordExternalSecretLocalDb .) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}'
+    rootPasswordExternalSecret: '{{ .Values.global.mariadbGalera.localCluster |
+      ternary (tpl .Values.db.rootPasswordExternalSecretLocalDb .)
+               ( (not (empty (default "" .Values.global.mariadbGalera.userRootSecret))) |
+                 ternary
+                   .Values.global.mariadbGalera.userRootSecret
+                   (include "common.mariadb.secret.rootPassSecretName"
+                     (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)
+                   )
+               ) }}'
     backupCredsExternalSecret: *dbBackupCredsSecretName
     userCredsExternalSecret: *dbUserCredsSecretName
     adminCredsExternalSecret: *dbAdminCredsSecretName