[bitnami/ghost] Set usePasswordFiles=true by default (#32346)

* [bitnami/ghost] Set `usePasswordFiles=true` by default

Signed-off-by: Miguel Ruiz <[email protected]>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <[email protected]>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <[email protected]>

* Implement fixes

Signed-off-by: Miguel Ruiz <[email protected]>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <[email protected]>

---------

Signed-off-by: Miguel Ruiz <[email protected]>
Signed-off-by: Bitnami Containers <[email protected]>
Co-authored-by: Bitnami Containers <[email protected]>

Author: migruiz4

bitnami/ghost/CHANGELOG.md

@@ -1,8 +1,12 @@
 # Changelog
 
-## 22.1.19 (2025-03-05)
+## 22.2.0 (2025-03-13)
 
-* [bitnami/ghost] Release 22.1.19 ([#32327](https://github.com/bitnami/charts/pull/32327))
+* [bitnami/ghost] Set `usePasswordFiles=true` by default ([#32346](https://github.com/bitnami/charts/pull/32346))
+
+## <small>22.1.19 (2025-03-05)</small>
+
+* [bitnami/ghost] Release 22.1.19 (#32327) ([c968511](https://github.com/bitnami/charts/commit/c968511b976340a5ee89cedca19f7f034888e65c)), closes [#32327](https://github.com/bitnami/charts/issues/32327)
 
 ## <small>22.1.18 (2025-03-03)</small>
 

bitnami/ghost/Chart.yaml

@@ -41,4 +41,4 @@ maintainers:
 name: ghost
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/ghost
-version: 22.1.19
+version: 22.2.0

bitnami/ghost/README.md

@@ -231,6 +231,7 @@ See the [Parameters](#parameters) section to configure the PVC or to disable per
 | `commonAnnotations`      | Annotations to add to all deployed objects                                              | `{}`            |
 | `clusterDomain`          | Kubernetes cluster domain name                                                          | `cluster.local` |
 | `extraDeploy`            | Array of extra objects to deploy with the release                                       | `[]`            |
+| `usePasswordFiles`       | Mount credentials as files instead of using environment variables                       | `true`          |
 | `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false`         |
 | `diagnosticMode.command` | Command to override all containers in the deployment                                    | `["sleep"]`     |
 | `diagnosticMode.args`    | Args to override all containers in the deployment                                       | `["infinity"]`  |

bitnami/ghost/templates/deployment.yaml

@@ -156,11 +156,16 @@ spec:
               value: {{ include "ghost.databaseName" . | quote }}
             - name: GHOST_DATABASE_USER
               value: {{ include "ghost.databaseUser" . | quote }}
+            {{- if .Values.usePasswordFiles }}
+            - name: GHOST_DATABASE_PASSWORD_FILE
+              value: "/opt/bitnami/ghost/secrets/mysql-password"
+            {{- else }}
             - name: GHOST_DATABASE_PASSWORD
               valueFrom:
                 secretKeyRef:
                   name: {{ include "ghost.databaseSecretName" . }}
                   key: mysql-password
+            {{- end -}}
             {{- if (and (not .Values.mysql.enabled) .Values.externalDatabase.ssl) }}
             - name: GHOST_DATABASE_ENABLE_SSL
               value: {{ .Values.externalDatabase.ssl | quote }}
@@ -175,11 +180,16 @@ spec:
               value: {{ ternary .Values.containerPorts.https .Values.containerPorts.http .Values.ghostEnableHttps | quote }}
             - name: GHOST_USERNAME
               value: {{ .Values.ghostUsername | quote }}
+            {{- if .Values.usePasswordFiles }}
+            - name: GHOST_PASSWORD_FILE
+              value: {{ printf "/opt/bitnami/ghost/secrets/%s" (include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "ghost-password")) }}
+            {{- else }}
             - name: GHOST_PASSWORD
               valueFrom:
                 secretKeyRef:
                   name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }}
                   key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "ghost-password") }}
+            {{- end }}
             - name: GHOST_EMAIL
               value: {{ .Values.ghostEmail | quote }}
             - name: GHOST_BLOG_TITLE
@@ -205,12 +215,17 @@ spec:
               value: {{ .Values.smtpUser | quote }}
             {{- end }}
             {{- if .Values.smtpPassword }}
+            {{- if .Values.usePasswordFiles }}
+            - name: GHOST_SMTP_PASSWORD_FILE
+              value: {{ printf "/opt/bitnami/ghost/secrets/%s" (include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "smtp-password")) }}
+            {{- else }}
             - name: GHOST_SMTP_PASSWORD
               valueFrom:
                 secretKeyRef:
                   name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }}
                   key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "smtp-password") }}
             {{- end }}
+            {{- end }}
             {{- if .Values.smtpService }}
             - name: GHOST_SMTP_SERVICE
               value: {{ .Values.smtpService | quote }}
@@ -312,6 +327,10 @@ spec:
               subPath: tmp-dir
             - name: ghost-data
               mountPath: /bitnami/ghost
+            {{- if and .Values.usePasswordFiles }}
+            - name: ghost-secrets
+              mountPath: /opt/bitnami/ghost/secrets
+            {{- end }}
             {{- if .Values.persistence.subPath }}
               subPath: {{ .Values.persistence.subPath }}
             {{- end }}
@@ -324,6 +343,19 @@ spec:
       volumes:
         - name: empty-dir
           emptyDir: {}
+        {{- if and .Values.usePasswordFiles }}
+        - name: ghost-secrets
+          projected:
+            sources:
+              - secret:
+                  name: {{ include "ghost.databaseSecretName" . }}
+              - secret:
+                  name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }}
+              {{- if .Values.smtpPassword }}
+              - secret:
+                  name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }}
+              {{- end }}
+        {{- end }}
         - name: ghost-data
         {{- if .Values.persistence.enabled }}
           persistentVolumeClaim:

bitnami/ghost/values.yaml

@@ -55,6 +55,9 @@ clusterDomain: cluster.local
 ## @param extraDeploy Array of extra objects to deploy with the release
 ##
 extraDeploy: []
+## @param usePasswordFiles Mount credentials as files instead of using environment variables
+##
+usePasswordFiles: true
 ## Enable diagnostic mode in the deployment
 ##
 diagnosticMode: