This feature is supported for general availability in releases 6.4.2-6 and later. Some of these features were available as a preview in 6.4.2-4 and 6.4.2-5. Please upgrade to 6.4.2-6 for the full set of general availability features and bug fixes.

Set global database secret

One of the fields available for globalConfigurations is databaseSecretName which can point to a secret containing the database password. To set the database secret name and sync the data to all participating clusters, follow the steps below.

To edit other global configruations, see global configuration

  1. On an existing participating cluster, generate a YAML file containing the database secret with the database password.

This example shoes a secret named my-db-secret with the password my-password encoded in base 64.

apiVersion: v1
  password: bXktcGFzcw
kind: Secret
  name: my-db-secret
type: Opaque
  1. Apply the secret file from the previous step, substituting your own value for <db-secret-file>.

    kubectl apply -f <db-secret-file>
  2. Patch the REAADB custom resource to specify the database secret, substituting your own values for <reaadb-name> and <secret-name>.

    kubectl patch reaadb <reaadb-name> --type merge --patch \
    '{"spec": {"globalConfigurations": {"databaseSecretName": "secret-name"}}}'
  3. Check the REAADB status for an active status and Valid spec status.

    kubectl get reaadb <reaadb-name>
    example-aadb-1   active   Valid
  4. On each other participating cluster, check the secret status.

    ``sh kubectl get reaadb -o=jsonpath='{.status.secretsStatus}'

    The output should show the status as `Invalid`.
  5. Sync the secret on each participating cluster.

    kubectl apply -f <db-secret-file>
  6. Repeat the previous two steps on every participating cluster.