Added ability to supply backend's database creds via secret.

2023-03-05 08:59:45 +02:00 · 2023-03-05 08:59:45 +02:00 · b34176b7ec
parent 3c9966560d
commit b34176b7ec
4 changed files with 22 additions and 7 deletions
--- a/charts/apps/piped/Chart.yaml
+++ b/charts/apps/piped/Chart.yaml
@ -9,7 +9,7 @@ sources:
  - https://github.com/TeamPiped/piped-proxy
 keywords:
  - streaming
-version: 1.0.0
+version: 1.1.0
 appVersion: latest
 kubeVersion: ">=1.22.0-0"
 maintainers:
@ -26,7 +26,5 @@ dependencies:
    condition: postgresql.enabled
 annotations:
  artifacthub.io/changes: |-
-    - kind: changed
-      description: Updated to common v1.3.2 which bumps kubeVersion to 1.22.
-    - kind: changed
-      description: Enabled the probes by default.
+    - kind: added
+      description: Ability to use a secret for backend database credentials
--- a/charts/apps/piped/templates/backend/configmap.yaml
+++ b/charts/apps/piped/templates/backend/configmap.yaml
@ -58,13 +58,20 @@ data:
    hibernate.connection.url: {{.Values.backend.config.database.connection_url }}
    hibernate.connection.driver_class: {{.Values.backend.config.database.driver_class }}
    hibernate.dialect: {{.Values.backend.config.database.dialect }}
-    hibernate.connection.username: {{.Values.backend.config.database.username }}
-    hibernate.connection.password: {{.Values.backend.config.database.password }}
+    {{- if .Values.backend.config.database.secret }}
+    hibernate.connection.username: {{ include "common.getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" .Values.backend.config.database.secret "Key" "database.username" ) -}}
+    hibernate.connection.password: {{ include "common.getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" .Values.backend.config.database.secret "Key" "database.password") -}}
+    {{- end }}
    {{- else if .Values.postgresql.enabled }}
    hibernate.connection.url: jdbc:postgresql://piped-postgresql/{{ .Values.postgresql.auth.database}}
    hibernate.connection.driver_class: org.postgresql.Driver
    hibernate.dialect: org.hibernate.dialect.PostgreSQLDialect
    hibernate.connection.username: {{.Values.postgresql.auth.username }}
    hibernate.connection.password: {{.Values.postgresql.auth.password }}
+    {{- else if not (.Values.postgresql.enabled .Values.backend.config.database.secret) }}
+    hibernate.connection.username: {{.Values.backend.config.database.username }}
+    hibernate.connection.password: {{.Values.backend.config.database.password }}
+    {{- else }}
+     {{- fail "Unable to figure out database configuration for backend configmap."}}
    {{- end }}
    SENTRY_DSN:
--- a/charts/apps/piped/templates/common.yaml
+++ b/charts/apps/piped/templates/common.yaml
@ -1,6 +1,13 @@
 ---
 {{- include "bjw-s.common.values.init" . }}

+{{- define "common.getValueFromSecret" }}
+{{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}}
+{{- if $obj }}
+{{- index $obj .Key | b64dec -}}
+{{- end -}}
+{{- end -}}
+
 {{- define "app-template.hardcodedValues" -}}

 # Set the nameOverride based on the release name if no override has been set
--- a/charts/apps/piped/values.yaml
+++ b/charts/apps/piped/values.yaml
@ -107,6 +107,9 @@ backend:
    #  dialect: org.hibernate.dialect.PostgreSQLDialect
    #  username: piped
    #  password: changeme
+    #  Please only provide the secret name (it should already exist),
+    # it should only include database.username and database.password as others will be taken from above.
+    # secret: secret-name


  image: