From b34176b7ec2d1fb5134f5b24d9b66c0dbfda5e8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Skyler=20M=C3=A4ntysaari?= Date: Sun, 5 Mar 2023 08:59:45 +0200 Subject: [PATCH] Added ability to supply backend's database creds via secret. --- charts/apps/piped/Chart.yaml | 8 +++----- charts/apps/piped/templates/backend/configmap.yaml | 11 +++++++++-- charts/apps/piped/templates/common.yaml | 7 +++++++ charts/apps/piped/values.yaml | 3 +++ 4 files changed, 22 insertions(+), 7 deletions(-) diff --git a/charts/apps/piped/Chart.yaml b/charts/apps/piped/Chart.yaml index 7a4d150..50615b9 100644 --- a/charts/apps/piped/Chart.yaml +++ b/charts/apps/piped/Chart.yaml @@ -9,7 +9,7 @@ sources: - https://github.com/TeamPiped/piped-proxy keywords: - streaming -version: 1.0.0 +version: 1.1.0 appVersion: latest kubeVersion: ">=1.22.0-0" maintainers: @@ -26,7 +26,5 @@ dependencies: condition: postgresql.enabled annotations: artifacthub.io/changes: |- - - kind: changed - description: Updated to common v1.3.2 which bumps kubeVersion to 1.22. - - kind: changed - description: Enabled the probes by default. + - kind: added + description: Ability to use a secret for backend database credentials diff --git a/charts/apps/piped/templates/backend/configmap.yaml b/charts/apps/piped/templates/backend/configmap.yaml index ca21f87..2aeff58 100644 --- a/charts/apps/piped/templates/backend/configmap.yaml +++ b/charts/apps/piped/templates/backend/configmap.yaml @@ -58,13 +58,20 @@ data: hibernate.connection.url: {{.Values.backend.config.database.connection_url }} hibernate.connection.driver_class: {{.Values.backend.config.database.driver_class }} hibernate.dialect: {{.Values.backend.config.database.dialect }} - hibernate.connection.username: {{.Values.backend.config.database.username }} - hibernate.connection.password: {{.Values.backend.config.database.password }} + {{- if .Values.backend.config.database.secret }} + hibernate.connection.username: {{ include "common.getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" .Values.backend.config.database.secret "Key" "database.username" ) -}} + hibernate.connection.password: {{ include "common.getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" .Values.backend.config.database.secret "Key" "database.password") -}} + {{- end }} {{- else if .Values.postgresql.enabled }} hibernate.connection.url: jdbc:postgresql://piped-postgresql/{{ .Values.postgresql.auth.database}} hibernate.connection.driver_class: org.postgresql.Driver hibernate.dialect: org.hibernate.dialect.PostgreSQLDialect hibernate.connection.username: {{.Values.postgresql.auth.username }} hibernate.connection.password: {{.Values.postgresql.auth.password }} + {{- else if not (.Values.postgresql.enabled .Values.backend.config.database.secret) }} + hibernate.connection.username: {{.Values.backend.config.database.username }} + hibernate.connection.password: {{.Values.backend.config.database.password }} + {{- else }} + {{- fail "Unable to figure out database configuration for backend configmap."}} {{- end }} SENTRY_DSN: diff --git a/charts/apps/piped/templates/common.yaml b/charts/apps/piped/templates/common.yaml index f7d42d9..4c771e4 100644 --- a/charts/apps/piped/templates/common.yaml +++ b/charts/apps/piped/templates/common.yaml @@ -1,6 +1,13 @@ --- {{- include "bjw-s.common.values.init" . }} +{{- define "common.getValueFromSecret" }} +{{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} +{{- if $obj }} +{{- index $obj .Key | b64dec -}} +{{- end -}} +{{- end -}} + {{- define "app-template.hardcodedValues" -}} # Set the nameOverride based on the release name if no override has been set diff --git a/charts/apps/piped/values.yaml b/charts/apps/piped/values.yaml index 3553e7e..01047c2 100644 --- a/charts/apps/piped/values.yaml +++ b/charts/apps/piped/values.yaml @@ -107,6 +107,9 @@ backend: # dialect: org.hibernate.dialect.PostgreSQLDialect # username: piped # password: changeme + # Please only provide the secret name (it should already exist), + # it should only include database.username and database.password as others will be taken from above. + # secret: secret-name image: