From 1205b660e3e2eb375f54cdc764c4fd6e545de14a Mon Sep 17 00:00:00 2001 From: Daniel Richter Date: Wed, 10 Jul 2024 00:31:48 +0200 Subject: [PATCH] feat: allow passing postgresql username and password from secret as environment variables separately This allows the use of postgres-operator which provides the username and password as separate keys feat: allow passing postgresql username and password from secret as environment variables separately This allows the use of postgres-operator which provides the username and password as separate keys fix: correctly check which keys to use --- charts/vaultwarden/Chart.yaml | 2 +- charts/vaultwarden/README.md | 28 ++++++++++++----------- charts/vaultwarden/templates/_podSpec.tpl | 27 +++++++++++++++++++++- charts/vaultwarden/values.yaml | 8 ++++++- 4 files changed, 49 insertions(+), 16 deletions(-) diff --git a/charts/vaultwarden/Chart.yaml b/charts/vaultwarden/Chart.yaml index e17e083..74b0a0e 100644 --- a/charts/vaultwarden/Chart.yaml +++ b/charts/vaultwarden/Chart.yaml @@ -13,5 +13,5 @@ maintainers: - name: guerzon email: guerzon@proton.me url: https://github.com/guerzon -version: 0.23.1 +version: 0.24.3 kubeVersion: ">=1.12.0-0" diff --git a/charts/vaultwarden/README.md b/charts/vaultwarden/README.md index 68749eb..249631f 100644 --- a/charts/vaultwarden/README.md +++ b/charts/vaultwarden/README.md @@ -321,19 +321,21 @@ helm -n $NAMESPACE uninstall $RELEASE_NAME ### Database settings -| Name | Description | Value | -| ---------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | --------- | -| `database.type` | Database type, either mysql or postgresql | `default` | -| `database.host` | Database hostname or IP address | `""` | -| `database.port` | Database port | `""` | -| `database.username` | Database username | `""` | -| `database.password` | Database password | `""` | -| `database.dbName` | Database name | `""` | -| `database.uriOverride` | Manually specify the DB connection string | `""` | -| `database.existingSecret` | Name of an existing secret containing the database URI | `""` | -| `database.existingSecretKey` | Key in the existing secret | `""` | -| `database.connectionRetries` | Number of times to retry the database connection during startup, with 1 second delay between each retry, set to 0 to retry indefinitely. | `15` | -| `database.maxConnections` | Define the size of the connection pool used for connecting to the database. | `10` | +| Name | Description | Value | +| ------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------- | ---------- | +| `database.type` | Database type, either mysql or postgresql | `default` | +| `database.host` | Database hostname or IP address | `""` | +| `database.port` | Database port | `""` | +| `database.username` | Database username | `""` | +| `database.password` | Database password | `""` | +| `database.dbName` | Database name | `""` | +| `database.uriOverride` | Manually specify the DB connection string | `""` | +| `database.existingSecret` | Name of an existing secret containing either a single key with the database uri, or a separate key for username and password | `""` | +| `database.existingSecretKey` | Key in the existing secret | `""` | +| `database.existingSecretUserKey` | Key in the existing secret | `username` | +| `database.existingSecretPasswordKey` | Key in the existing secret | `password` | +| `database.connectionRetries` | Number of times to retry the database connection during startup, with 1 second delay between each retry, set to 0 to retry indefinitely. | `15` | +| `database.maxConnections` | Define the size of the connection pool used for connecting to the database. | `10` | ### Push notifications diff --git a/charts/vaultwarden/templates/_podSpec.tpl b/charts/vaultwarden/templates/_podSpec.tpl index 51f15a0..a8ff488 100644 --- a/charts/vaultwarden/templates/_podSpec.tpl +++ b/charts/vaultwarden/templates/_podSpec.tpl @@ -68,7 +68,32 @@ containers: - name: DISABLE_ADMIN_TOKEN value: "true" {{- end }} - {{- if ne "default" .Values.database.type }} + {{- if and ( eq .Values.database.type "postgresql") .Values.database.existingSecret (not .Values.database.existingSecretKey)}} + - name: DATABASE_URL + value: "postgresql://{{ .Values.database.host }}" + - name: PGPORT + value: {{ .Values.database.port | quote }} + - name: PGDATABASE + value: {{ .Values.database.dbName | quote }} + - name: PGUSER + {{- if .Values.database.existingSecretUserKey}} + valueFrom: + secretKeyRef: + name: {{ .Values.database.existingSecret | quote }} + key: {{ .Values.database.existingSecretUserKey | quote }} + {{- else }} + value: {{ .Values.database.username | quote }} + {{- end }} + - name: PGPASSWORD + {{- if .Values.database.existingSecretPasswordKey}} + valueFrom: + secretKeyRef: + name: {{ .Values.database.existingSecret | quote }} + key: {{ .Values.database.existingSecretPasswordKey | quote }} + {{- else }} + value: {{ .Values.database.password }} + {{- end }} + {{- else if ne "default" .Values.database.type }} - name: DATABASE_URL {{- if .Values.database.existingSecret }} valueFrom: diff --git a/charts/vaultwarden/values.yaml b/charts/vaultwarden/values.yaml index 9cc5853..5379d25 100644 --- a/charts/vaultwarden/values.yaml +++ b/charts/vaultwarden/values.yaml @@ -277,12 +277,18 @@ database: ## @param database.uriOverride Manually specify the DB connection string ## uriOverride: "" - ## @param database.existingSecret Name of an existing secret containing the database URI + ## @param database.existingSecret Name of an existing secret containing either a single key with the database uri, or a separate key for username and password ## existingSecret: "" ## @param database.existingSecretKey Key in the existing secret ## existingSecretKey: "" + ## @param database.existingSecretUserKey Key in the existing secret + ## + existingSecretUserKey: username + ## @param database.existingSecretPasswordKey Key in the existing secret + ## + existingSecretPasswordKey: password ## @param database.connectionRetries Number of times to retry the database connection during startup, with 1 second delay between each retry, set to 0 to retry indefinitely. ## connectionRetries: 15