Allow using external Postgres and existing Secrets

helm/thingsboard/Chart.yaml

@@ -25,14 +25,15 @@ home: https://github.com/thingsboard/thingsboard-ce-k8s/
 dependencies:
   - name: postgresql-ha
     version: 8.5.2
-    repository: https://charts.bitnami.com/bitnami
+    repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
+    condition: postgresql-ha.enabled
   - name: cassandra
     version: 9.1.8
-    repository: https://charts.bitnami.com/bitnami
+    repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
     condition: cassandra.enabled
   - name: kafka
     version: 15.3.4
-    repository: https://charts.bitnami.com/bitnami
+    repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
   - name: redis
     version: 16.4.5
-    repository: https://charts.bitnami.com/bitnami
+    repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami

helm/thingsboard/templates/_helpers.tpl

@@ -32,6 +32,61 @@ For helm 3.4- we need to work it around:
 {{- include "postgresql-ha.pgpool" (mustMerge (dict "Chart" (dict "Name" "postgresql-ha") "Values" (index .Values "postgresql-ha")) (deepCopy $deepDictCopy)) }}
 {{- end -}}
 
+{{/*
+Determine PostgreSQL host.
+*/}}
+{{- define "thingsboard.postgresql.host" -}}
+{{- if eq (index .Values "postgresql-ha" "enabled") true }}
+{{- include "thingsboard.pgpoolservicename" . }}
+{{- else }}
+{{- .Values.externalPostgres.host }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine PostgreSQL port.
+*/}}
+{{- define "thingsboard.postgresql.port" -}}
+{{- if eq (index .Values "postgresql-ha" "enabled") true }}
+{{- index .Values "postgresql-ha" "pgpool" "containerPort" }}
+{{- else }}
+{{- .Values.externalPostgres.port }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine PostgreSQL database.
+*/}}
+{{- define "thingsboard.postgresql.database" -}}
+{{- if eq (index .Values "postgresql-ha" "enabled") true }}
+{{- index .Values "postgresql-ha" "postgresql" "database" }}
+{{- else }}
+{{- .Values.externalPostgres.database }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine PostgreSQL username.
+*/}}
+{{- define "thingsboard.postgresql.username" -}}
+{{- if eq (index .Values "postgresql-ha" "enabled") true }}
+{{- index .Values "postgresql-ha" "postgresql" "username" }}
+{{- else }}
+{{- .Values.externalPostgres.username }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine PostgreSQL password.
+*/}}
+{{- define "thingsboard.postgresql.password" -}}
+{{- if eq (index .Values "postgresql-ha" "enabled") true }}
+{{- index .Values "postgresql-ha" "postgresql" "password" }}
+{{- else }}
+{{- .Values.externalPostgres.password }}
+{{- end }}
+{{- end }}
+
 {{/*
 Set the value of cassandra initdb configmap
 /*}}
@@ -125,3 +180,28 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{/*
+Use existing secrets of database credentials, where defined.
+*/}}
+{{- define "thingsboard.database.existingSecrets" -}}
+{{- if .Values.cassandra.dbUser.existingSecret }}
+- name: CASSANDRA_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ include "common.secrets.name" (dict "existingSecret" .Values.cassandra.dbUser.existingSecret "context" $) }}
+      key: {{ include "common.secrets.key" (dict "existingSecret" .Values.cassandra.dbUser.existingSecret "key" "cassandra-password") }}
+{{- end }}
+{{- if .Values.externalPostgres.existingSecret }}
+- name: SPRING_DATASOURCE_USERNAME
+  valueFrom:
+    secretKeyRef:
+      name: {{ include "common.secrets.name" (dict "existingSecret" .Values.externalPostgres.existingSecret "context" $) }}
+      key: {{ include "common.secrets.key" (dict "existingSecret" .Values.externalPostgres.existingSecret "key" "username") }}
+- name: SPRING_DATASOURCE_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ include "common.secrets.name" (dict "existingSecret" .Values.externalPostgres.existingSecret "context" $) }}
+      key: {{ include "common.secrets.key" (dict "existingSecret" .Values.externalPostgres.existingSecret "key" "password") }}
+{{- end }}
+{{- end }}

helm/thingsboard/templates/initializedb-job.yaml

@@ -30,10 +30,14 @@ spec:
         - name: check-db-ready
           image: postgres:{{ index .Values "postgresql-ha" "postgresqlImage" "tag" }}
           command: ['sh', '-c',
-            'until pg_isready -h {{ include "thingsboard.pgpoolservicename" . }} -p {{ index .Values "postgresql-ha" "pgpool" "containerPort" }};
+            'until pg_isready -h {{ include "thingsboard.postgresql.host" . }} -p {{ include "thingsboard.postgresql.port" . }};
             do echo waiting for database; sleep 2; done;']
       containers:
       - name: init-db
+        {{- if or .Values.cassandra.dbUser.existingSecret (.Values.externalPostgres.existingSecret ) }}
+        env:
+        {{- include "thingsboard.database.existingSecrets" $ | indent 8 }}
+        {{- end }}
         envFrom:
         - configMapRef:
             name: '{{ .Release.Name }}-node-db-config'

helm/thingsboard/templates/node-db-configmap.yaml

@@ -27,12 +27,16 @@ data:
   CASSANDRA_URL: {{ .Release.Name }}-cassandra:9042
   CASSANDRA_USE_CREDENTIALS: 'true'
   CASSANDRA_USERNAME: {{ .Values.cassandra.dbUser.user }}
+{{- if (not .Values.cassandra.dbUser.existingSecret) -}}
   CASSANDRA_PASSWORD: {{ .Values.cassandra.dbUser.password }}
+{{- end }}
 {{ else }}
   DATABASE_TS_TYPE: sql
 {{- end }}
   SPRING_JPA_DATABASE_PLATFORM: org.hibernate.dialect.PostgreSQLDialect
   SPRING_DRIVER_CLASS_NAME: org.postgresql.Driver
-  SPRING_DATASOURCE_URL: jdbc:postgresql://{{ include "thingsboard.pgpoolservicename" . }}:{{ index .Values "postgresql-ha" "pgpool" "containerPort" }}/{{ index .Values "postgresql-ha" "postgresql" "database" }}
-  SPRING_DATASOURCE_USERNAME: {{ index .Values "postgresql-ha" "postgresql" "username" }}
-  SPRING_DATASOURCE_PASSWORD: {{ index .Values "postgresql-ha" "postgresql" "password" }}
+  SPRING_DATASOURCE_URL: jdbc:postgresql://{{ include "thingsboard.postgresql.host" . }}:{{ include "thingsboard.postgresql.port" . }}/{{ include "thingsboard.postgresql.database" . }}
+{{- if not (.Values.externalPostgres.existingSecret ) }}
+  SPRING_DATASOURCE_USERNAME: {{ include "thingsboard.postgresql.username" . }}
+  SPRING_DATASOURCE_PASSWORD: {{ include "thingsboard.postgresql.password" . }}
+{{- end }}

helm/thingsboard/templates/node.yaml

@@ -83,6 +83,7 @@ spec:
             value: "{{ .Release.Name }}-redis-master"
           - name: REDIS_PASSWORD
             value: "{{ .Values.redis.auth.password }}"
+          {{- include "thingsboard.database.existingSecrets" $ | indent 10 }}
           envFrom:
           - configMapRef:
               name: {{ .Release.Name }}-node-db-config

helm/thingsboard/values.yaml

@@ -261,8 +261,12 @@ cassandra:
   replicaCount: 1
   dbUser:
     password: setplease
+  # OR use existing Secret with `cassandra-password` key in it.
+    # existingSecret:
+      # name: mysecret
 
 postgresql-ha:
+  enabled: true # set to false when using an external PostgreSQL instance and see externalPostgres keys
   nameOverride: pg
   postgresql:
     database: thingsboard
@@ -278,6 +282,20 @@ postgresql-ha:
   pgpoolImage:
     tag: 4
 
+
+# When using an external PostgreSQL instance and `postgresql-ha.enabled: false`
+externalPostgres:
+  host: localhost
+  port: 5432
+  database: thingsboard
+  username: thingsboard
+  password: setplease
+#   # OR use existing Secret for username and password
+#   existingSecret:
+#     name: test-postgres-secret
+#     username: username
+#     password: password
+
 redis:
   # Set architecture to either standalone or replication
   architecture: standalone