diff --git a/CHANGELOG.md b/CHANGELOG.md index 5659d1b..2ef4f36 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file. ## Added - Option to override Relay external host in config from [plejik](https://github.com/plejik) +- Option to provide existing Kubernetes secret for Database credentials ### Changed - Updated Kubernetes labels from [nlamirault](https://github.com/nlamirault) diff --git a/charts/ztka/README.md b/charts/ztka/README.md index db636c0..a097c88 100644 --- a/charts/ztka/README.md +++ b/charts/ztka/README.md @@ -114,6 +114,7 @@ helm show values paralus/ztka | deploy.postgresql.database | string | `""` | Postgresql database name. Required when `deploy.postgresql.enable` is unset and dsn is not specified. | | deploy.postgresql.dsn | string | `""` | Postgresql DSN for example, "postgres://user:password@host:5432/db". Required when `deploy.postgresql.enable` is unset and individual components are not specified. Overrides individual components (address, username, password, database) | | deploy.postgresql.enable | bool | `false` | Postgresql db is auto deployed and managed by Helm release when true. (It is recommended to manage your own DB instance separately or use DB services like Amazon RDS in production) | +| deploy.postgresql.existingSecret | string | `""` | Postgresql existing Kubernetes secret for database authentication. Overwrites `deploy.postgresql.dsn`, `deploy.postgresql.address`, `deploy.postgresql.username`, `deploy.postgresql.password` and `deploy.postgresql.database` The Kubernetes secret must contain all values it overrides | | deploy.postgresql.password | string | `""` | Postgresql password. Required when `deploy.postgresql.enable` is unset and dsn is not specified. | | deploy.postgresql.username | string | `""` | Postgresql username. Required when `deploy.postgresql.enable` is unset and dsn is not specified. | | elasticsearch.minimumMasterNodes | int | `1` | | @@ -173,3 +174,5 @@ helm show values paralus/ztka | services.relay | object | `{"name":"relay","ports":[{"containerPort":443,"name":"https"}],"type":"ClusterIP"}` | relay service config | | tolerations | list | `[]` | | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) diff --git a/charts/ztka/templates/_helpers.tpl b/charts/ztka/templates/_helpers.tpl index 9a6ae2b..b6256d9 100644 --- a/charts/ztka/templates/_helpers.tpl +++ b/charts/ztka/templates/_helpers.tpl @@ -103,6 +103,8 @@ Get DB Address. {{- define "ztka.dbAddr" -}} {{- if .Values.deploy.postgresql.enable -}} {{.Release.Name}}-postgresql.{{.Release.Namespace}}.svc.cluster.local + {{- else if .Values.deploy.postgresql.existingSecret -}} +{{- printf "%s" (tpl .Values.deploy.postgresql.existingSecret $) -}} {{- else if empty .Values.deploy.postgresql.dsn -}} {{ required "A valid .Values.deploy.postgresql.address entry required!" .Values.deploy.postgresql.address }} {{- end -}} @@ -114,6 +116,8 @@ Get DB Username. {{- define "ztka.dbUser" -}} {{- if .Values.deploy.postgresql.enable -}} {{.Values.postgresql.auth.username}} + {{- else if .Values.deploy.postgresql.existingSecret -}} +{{- printf "%s" (tpl .Values.deploy.postgresql.existingSecret $) -}} {{- else if empty .Values.deploy.postgresql.dsn -}} {{ required "A valid .Values.deploy.postgresql.username entry required!" .Values.deploy.postgresql.username }} {{- end -}} @@ -125,6 +129,8 @@ Get DB Password. {{- define "ztka.dbPassword" -}} {{- if .Values.deploy.postgresql.enable -}} {{.Values.postgresql.auth.password}} + {{- else if .Values.deploy.postgresql.existingSecret -}} +{{- printf "%s" (tpl .Values.deploy.postgresql.existingSecret $) -}} {{- else if empty .Values.deploy.postgresql.dsn -}} {{ required "A valid .Values.deploy.postgresql.password entry required!" .Values.deploy.postgresql.password }} {{- end -}} @@ -136,6 +142,8 @@ Get DB Name. {{- define "ztka.dbName" -}} {{- if .Values.deploy.postgresql.enable -}} {{.Values.postgresql.auth.database}} + {{- else if .Values.deploy.postgresql.existingSecret -}} +{{- printf "%s" (tpl .Values.deploy.postgresql.existingSecret $) -}} {{- else if empty .Values.deploy.postgresql.dsn -}} {{ required "A valid .Values.deploy.postgresql.database entry required!" .Values.deploy.postgresql.database }} {{- end -}} @@ -149,6 +157,8 @@ Get DSN postgres://{{ .Values.postgresql.auth.username }}:{{ .Values.postgresql.auth.password }}@{{.Release.Name}}-postgresql.{{.Release.Namespace}}.svc.cluster.local:5432/{{ .Values.postgresql.auth.database }}?sslmode=disable {{- else if .Values.deploy.postgresql.dsn -}} {{ .Values.deploy.postgresql.dsn }} + {{- else if .Values.deploy.postgresql.existingSecret -}} +{{- printf "%s" (tpl .Values.deploy.postgresql.existingSecret $) -}} {{- else -}} {{- $username := required "A valid .Values.deploy.postgresql.username entry required!" .Values.deploy.postgresql.username -}} {{- $password := required "A valid .Values.deploy.postgresql.password entry required!" .Values.deploy.postgresql.password -}} diff --git a/charts/ztka/templates/deployment-paralus.yaml b/charts/ztka/templates/deployment-paralus.yaml index 9fcfe38..361a772 100644 --- a/charts/ztka/templates/deployment-paralus.yaml +++ b/charts/ztka/templates/deployment-paralus.yaml @@ -45,7 +45,11 @@ spec: - name: DSN valueFrom: secretKeyRef: + {{- if .Values.deploy.postgresql.existingSecret }} + name: {{ .Values.deploy.postgresql.existingSecret }} + {{- else }} name: paralus-db + {{- end }} key: DSN imagePullPolicy: {{ .Values.images.pullPolicy }} {{- end }} @@ -58,7 +62,11 @@ spec: - name: DSN valueFrom: secretKeyRef: + {{- if .Values.deploy.postgresql.existingSecret }} + name: {{ .Values.deploy.postgresql.existingSecret }} + {{- else }} name: paralus-db + {{- end }} key: DSN imagePullPolicy: {{ .Values.images.pullPolicy }} {{- end }} @@ -79,7 +87,11 @@ spec: - configMapRef: name: paralus-config - secretRef: + {{- if .Values.deploy.postgresql.existingSecret }} + name: {{ .Values.deploy.postgresql.existingSecret }} + {{- else}} name: paralus-db + {{- end }} imagePullPolicy: {{ .Values.images.pullPolicy }} containers: - name: paralus-tail @@ -104,7 +116,11 @@ spec: - configMapRef: name: paralus-config - secretRef: + {{- if .Values.deploy.postgresql.existingSecret }} + name: {{ .Values.deploy.postgresql.existingSecret }} + {{- else }} name: paralus-db + {{- end }} ports: {{- range .Values.services.paralus.ports }} - name: {{ .name }} diff --git a/charts/ztka/templates/deployment-prompt.yaml b/charts/ztka/templates/deployment-prompt.yaml index 6850bae..658b9a7 100644 --- a/charts/ztka/templates/deployment-prompt.yaml +++ b/charts/ztka/templates/deployment-prompt.yaml @@ -62,7 +62,11 @@ spec: - configMapRef: name: prompt-config - secretRef: + {{- if .Values.deploy.postgresql.existingSecret }} + name: {{ .Values.deploy.postgresql.existingSecret }} + {{- else }} name: paralus-db + {{- end }} ports: {{- range .Values.services.prompt.ports }} - name: {{ .name }} diff --git a/charts/ztka/templates/secret-database.yaml b/charts/ztka/templates/secret-database.yaml index 266516e..b30df37 100644 --- a/charts/ztka/templates/secret-database.yaml +++ b/charts/ztka/templates/secret-database.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.deploy.postgresql.existingSecret }} apiVersion: v1 kind: Secret metadata: @@ -12,3 +13,4 @@ data: DB_PASSWORD: {{ include "ztka.dbPassword" . | b64enc | quote }} DB_NAME: {{ include "ztka.dbName" . | b64enc | quote }} DSN: {{ include "ztka.dsn" . | b64enc | quote }} +{{- end }} diff --git a/charts/ztka/values.yaml b/charts/ztka/values.yaml index 21a7a22..51463cb 100644 --- a/charts/ztka/values.yaml +++ b/charts/ztka/values.yaml @@ -221,6 +221,11 @@ deploy: # when true. (It is recommended to manage your own DB instance # separately or use DB services like Amazon RDS in production) enable: false + # -- Postgresql existing Kubernetes secret for database authentication. + # Overwrites `deploy.postgresql.dsn`, `deploy.postgresql.address`, + # `deploy.postgresql.username`, `deploy.postgresql.password` and `deploy.postgresql.database` + # The Kubernetes secret must contain all values it overrides + existingSecret: "" # -- Postgresql DSN for example, "postgres://user:password@host:5432/db". Required # when `deploy.postgresql.enable` is unset and individual components are not specified. # Overrides individual components (address, username, password, database)