Add support for existing K8s secret for Database

CHANGELOG.md

@@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file.
 
 ## Added
 - Option to override Relay external host in config from [plejik](https://github.com/plejik)
+- Option to provide existing Kubernetes secret for Database credentials
 
 ### Changed
 - Updated Kubernetes labels from [nlamirault](https://github.com/nlamirault)

charts/ztka/README.md

@@ -114,6 +114,7 @@ helm show values paralus/ztka
 | deploy.postgresql.database | string | `""` | Postgresql database name. Required when `deploy.postgresql.enable` is unset and dsn is not specified. |
 | deploy.postgresql.dsn | string | `""` | Postgresql DSN for example, "postgres://user:password@host:5432/db". Required when `deploy.postgresql.enable` is unset and individual components are not specified. Overrides individual components (address, username, password, database) |
 | deploy.postgresql.enable | bool | `false` | Postgresql db is auto deployed and managed by Helm release when true. (It is recommended to manage your own DB instance separately or use DB services like Amazon RDS in production) |
+| deploy.postgresql.existingSecret | string | `""` | Postgresql existing Kubernetes secret for database authentication. Overwrites `deploy.postgresql.dsn`, `deploy.postgresql.address`, `deploy.postgresql.username`, `deploy.postgresql.password` and `deploy.postgresql.database` The Kubernetes secret must contain all values it overrides |
 | deploy.postgresql.password | string | `""` | Postgresql password. Required when `deploy.postgresql.enable`   is unset and dsn is not specified. |
 | deploy.postgresql.username | string | `""` | Postgresql username. Required when `deploy.postgresql.enable` is unset and dsn is not specified. |
 | elasticsearch.minimumMasterNodes | int | `1` |  |

charts/ztka/templates/_helpers.tpl

@@ -103,6 +103,8 @@ Get DB Address.
 {{- define "ztka.dbAddr" -}}
   {{- if .Values.deploy.postgresql.enable -}}
 {{.Release.Name}}-postgresql.{{.Release.Namespace}}.svc.cluster.local
+  {{- else if .Values.deploy.postgresql.existingSecret -}}
+{{- printf "%s" (tpl .Values.deploy.postgresql.existingSecret $) -}}
   {{- else if empty .Values.deploy.postgresql.dsn -}}
 {{ required "A valid .Values.deploy.postgresql.address entry required!" .Values.deploy.postgresql.address }}
   {{- end -}}
@@ -114,6 +116,8 @@ Get DB Username.
 {{- define "ztka.dbUser" -}}
   {{- if .Values.deploy.postgresql.enable -}}
 {{.Values.postgresql.auth.username}}
+  {{- else if .Values.deploy.postgresql.existingSecret -}}
+{{- printf "%s" (tpl .Values.deploy.postgresql.existingSecret $) -}}
   {{- else if empty .Values.deploy.postgresql.dsn -}}
 {{ required "A valid .Values.deploy.postgresql.username entry required!" .Values.deploy.postgresql.username }}
   {{- end -}}
@@ -125,6 +129,8 @@ Get DB Password.
 {{- define "ztka.dbPassword" -}}
   {{- if .Values.deploy.postgresql.enable -}}
 {{.Values.postgresql.auth.password}}
+  {{- else if .Values.deploy.postgresql.existingSecret -}}
+{{- printf "%s" (tpl .Values.deploy.postgresql.existingSecret $) -}}
   {{- else if empty .Values.deploy.postgresql.dsn -}}
 {{ required "A valid .Values.deploy.postgresql.password entry required!" .Values.deploy.postgresql.password }}
   {{- end -}}
@@ -136,6 +142,8 @@ Get DB Name.
 {{- define "ztka.dbName" -}}
   {{- if .Values.deploy.postgresql.enable -}}
 {{.Values.postgresql.auth.database}}
+  {{- else if .Values.deploy.postgresql.existingSecret -}}
+{{- printf "%s" (tpl .Values.deploy.postgresql.existingSecret $) -}}
   {{- else if empty .Values.deploy.postgresql.dsn -}}
 {{ required "A valid .Values.deploy.postgresql.database entry required!" .Values.deploy.postgresql.database }}
   {{- end -}}
@@ -149,6 +157,8 @@ Get DSN
 postgres://{{ .Values.postgresql.auth.username }}:{{ .Values.postgresql.auth.password }}@{{.Release.Name}}-postgresql.{{.Release.Namespace}}.svc.cluster.local:5432/{{ .Values.postgresql.auth.database }}?sslmode=disable
   {{- else if .Values.deploy.postgresql.dsn -}}
 {{ .Values.deploy.postgresql.dsn }}
+  {{- else if .Values.deploy.postgresql.existingSecret -}}
+{{- printf "%s" (tpl .Values.deploy.postgresql.existingSecret $) -}}
   {{- else -}}
 {{- $username := required "A valid .Values.deploy.postgresql.username entry required!" .Values.deploy.postgresql.username -}}
 {{- $password := required "A valid .Values.deploy.postgresql.password entry required!" .Values.deploy.postgresql.password -}}

charts/ztka/templates/deployment-paralus.yaml

@@ -45,7 +45,11 @@ spec:
             - name: DSN
               valueFrom:
                 secretKeyRef:
+                {{- if .Values.deploy.postgresql.existingSecret }}
+                  name: {{ .Values.deploy.postgresql.existingSecret }}
+                {{- else }}
                   name: paralus-db
+                {{- end }}
                   key: DSN
           imagePullPolicy: {{ .Values.images.pullPolicy }}
         {{- end }}
@@ -58,7 +62,11 @@ spec:
             - name: DSN
               valueFrom:
                 secretKeyRef:
+                {{- if .Values.deploy.postgresql.existingSecret }}
+                  name: {{ .Values.deploy.postgresql.existingSecret }}
+                {{- else }}
                   name: paralus-db
+                {{- end }}
                   key: DSN
           imagePullPolicy: {{ .Values.images.pullPolicy }}
         {{- end }}
@@ -79,7 +87,11 @@ spec:
           - configMapRef:
               name: paralus-config
           - secretRef:
+            {{- if .Values.deploy.postgresql.existingSecret }}
+              name: {{ .Values.deploy.postgresql.existingSecret }}
+            {{- else}}
               name: paralus-db
+            {{- end }}
           imagePullPolicy: {{ .Values.images.pullPolicy }}
       containers:
         - name: paralus-tail
@@ -104,7 +116,11 @@ spec:
           - configMapRef:
               name: paralus-config
           - secretRef:
+            {{- if .Values.deploy.postgresql.existingSecret }}
+              name: {{ .Values.deploy.postgresql.existingSecret }}
+            {{- else }}
               name: paralus-db
+            {{- end }}
           ports:
             {{- range .Values.services.paralus.ports }}
             - name: {{ .name }}

charts/ztka/templates/deployment-prompt.yaml

@@ -62,7 +62,11 @@ spec:
           - configMapRef:
               name: prompt-config
           - secretRef:
+            {{- if .Values.deploy.postgresql.existingSecret }}
+              name: {{ .Values.deploy.postgresql.existingSecret }}
+            {{- else }}
               name: paralus-db
+            {{- end }}
           ports:
             {{- range .Values.services.prompt.ports }}
             - name: {{ .name }}

charts/ztka/templates/secret-database.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.deploy.postgresql.existingSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -12,3 +13,4 @@ data:
   DB_PASSWORD: {{ include "ztka.dbPassword" . | b64enc | quote }}
   DB_NAME: {{ include "ztka.dbName" . | b64enc | quote }}
   DSN: {{ include "ztka.dsn" . | b64enc | quote }}
+{{- end }}

charts/ztka/values.yaml

@@ -221,6 +221,11 @@ deploy:
     # when true. (It is recommended to manage your own DB instance
     # separately or use DB services like Amazon RDS in production)
     enable: false
+    # -- Postgresql existing Kubernetes secret for database authentication.
+    # Overwrites `deploy.postgresql.dsn`, `deploy.postgresql.address`,
+    # `deploy.postgresql.username`, `deploy.postgresql.password` and `deploy.postgresql.database`
+    # The Kubernetes secret must contain all values it overrides
+    existingSecret: ""
     # -- Postgresql DSN for example, "postgres://user:password@host:5432/db". Required
     # when `deploy.postgresql.enable` is unset and individual components are not specified.
     # Overrides individual components (address, username, password, database)