diff --git a/charts/diode/Chart.yaml b/charts/diode/Chart.yaml index 85da79b4..590ea8fe 100644 --- a/charts/diode/Chart.yaml +++ b/charts/diode/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: diode description: A Helm chart for Diode type: application -version: 1.8.0 +version: 1.9.0 appVersion: "1.5.0" home: https://github.com/netboxlabs/diode sources: diff --git a/charts/diode/README.md b/charts/diode/README.md index 28e94329..8bf14fe0 100644 --- a/charts/diode/README.md +++ b/charts/diode/README.md @@ -2,7 +2,7 @@ A Helm chart for Diode -![Version: 1.8.0](https://img.shields.io/badge/Version-1.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.5.0](https://img.shields.io/badge/AppVersion-1.5.0-informational?style=flat-square) +![Version: 1.9.0](https://img.shields.io/badge/Version-1.9.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.5.0](https://img.shields.io/badge/AppVersion-1.5.0-informational?style=flat-square) ## Prerequisites @@ -304,8 +304,13 @@ helm show values diode/diode | diodeReconciler.replicaCount | int | `1` | replica count | | diodeReconciler.resources | object | `{"limits":{"cpu":"500m","memory":"512Mi"},"requests":{"cpu":"100m","memory":"128Mi"}}` | resources | | diodeReconciler.serviceAccount.create | bool | `true` | create service account | +| externalPostgresql.database | string | `"diode"` | database name | +| externalPostgresql.existingSecretKey | string | `"postgresql-password"` | key of password in existing postgresql secret | +| externalPostgresql.existingSecretName | string | `""` | existing postgresql secret | | externalPostgresql.hostname | string | `"localhost"` | hostname | +| externalPostgresql.password | string | `""` | password | | externalPostgresql.port | int | `5432` | port | +| externalPostgresql.username | string | `"diode"` | username | | externalRedis.hostname | string | `"localhost"` | hostname | | externalRedis.port | int | `6379` | port | | global.commonAnnotations | object | `{}` | common annotations for all resources | diff --git a/charts/diode/templates/_helpers.tpl b/charts/diode/templates/_helpers.tpl index b03199bc..84f91c4b 100644 --- a/charts/diode/templates/_helpers.tpl +++ b/charts/diode/templates/_helpers.tpl @@ -291,6 +291,58 @@ Create the port of the Redis database {{- end }} {{- end }} +{{/* +Create the database name for PostgreSQL +*/}} +{{- define "diode.postgresql.database" -}} +{{- if .Values.postgresql.enabled -}} +{{- printf "diode" }} +{{- else if and .Values.externalPostgresql (hasKey .Values.externalPostgresql "database") -}} +{{- .Values.externalPostgresql.database }} +{{- else -}} +{{- fail "externalPostgresql.database must be defined when postgresql.enabled is false" }} +{{- end }} +{{- end }} + +{{/* +Create the username for PostgreSQL +*/}} +{{- define "diode.postgresql.username" -}} +{{- if .Values.postgresql.enabled -}} +{{- printf "diode" }} +{{- else if and .Values.externalPostgresql (hasKey .Values.externalPostgresql "username") -}} +{{- .Values.externalPostgresql.username }} +{{- else -}} +{{- fail "externalPostgresql.username must be defined when postgresql.enabled is false" }} +{{- end }} +{{- end }} + +{{/* +Create the secret name for PostgreSQL credentials +*/}} +{{- define "diode.postgresql.secretname" -}} +{{- if .Values.postgresql.enabled -}} +{{- printf "diode-postgresql-secret" }} +{{- else if and .Values.externalPostgresql (hasKey .Values.externalPostgresql "existingSecretName") (not (empty .Values.externalPostgresql.existingSecretName)) -}} +{{- .Values.externalPostgresql.existingSecretName }} +{{- else -}} +{{- printf "diode-external-postgresql-secret" }} +{{- end }} +{{- end }} + +{{/* +Create the secret key for PostgreSQL password +*/}} +{{- define "diode.postgresql.secretkey" -}} +{{- if .Values.postgresql.enabled -}} +{{- printf "postgres-password" }} +{{- else if and .Values.externalPostgresql (hasKey .Values.externalPostgresql "existingSecretKey") (not (empty .Values.externalPostgresql.existingSecretKey)) -}} +{{- .Values.externalPostgresql.existingSecretKey }} +{{- else -}} +{{- printf "postgresql-password" }} +{{- end }} +{{- end }} + {{/* Create the hostname of the public Hydra service */}} diff --git a/charts/diode/templates/diode-reconciler-configmap.yaml b/charts/diode/templates/diode-reconciler-configmap.yaml index a378652e..777c12ff 100644 --- a/charts/diode/templates/diode-reconciler-configmap.yaml +++ b/charts/diode/templates/diode-reconciler-configmap.yaml @@ -27,8 +27,8 @@ data: DIODE_TO_NETBOX_RATE_LIMITER_BURST: {{ $config.diodeToNetboxRateLimiterBurst | default "1" | quote }} POSTGRES_HOST: {{ include "diode.postgresql.hostname" . | quote }} POSTGRES_PORT: {{ include "diode.postgresql.port" . | quote }} - POSTGRES_DB_NAME: {{ $config.postgresDbName | default "diode" | quote }} - POSTGRES_USER: {{ $config.postgresUser | default "diode" | quote }} + POSTGRES_DB_NAME: {{ include "diode.postgresql.database" . | quote }} + POSTGRES_USER: {{ include "diode.postgresql.username" . | quote }} NETBOX_DIODE_PLUGIN_API_BASE_URL: {{ $config.netboxDiodePluginApiBaseUrl | quote }} NETBOX_DIODE_PLUGIN_SKIP_TLS_VERIFY: {{ $config.netboxDiodePluginSkipTlsVerify | quote }} DIODE_AUTH_TOKEN_URL: {{ printf "%s/token" (include "diode.auth.url" .) | quote }} diff --git a/charts/diode/templates/diode-reconciler-deployment.yaml b/charts/diode/templates/diode-reconciler-deployment.yaml index 4e901465..93180677 100644 --- a/charts/diode/templates/diode-reconciler-deployment.yaml +++ b/charts/diode/templates/diode-reconciler-deployment.yaml @@ -84,9 +84,15 @@ spec: resources: {{- toYaml .| nindent 12 }} {{- end }} - {{- if .Values.diodeReconciler.extraEnvs }} - env: {{- include "common.tplvalues.render" (dict "value" .Values.diodeReconciler.extraEnvs "context" $) | nindent 12 }} - {{- end }} + env: + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "diode.postgresql.secretname" . }} + key: {{ include "diode.postgresql.secretkey" . }} + {{- if .Values.diodeReconciler.extraEnvs }} + {{- include "common.tplvalues.render" (dict "value" .Values.diodeReconciler.extraEnvs "context" $) | nindent 12 }} + {{- end }} envFrom: - configMapRef: name: {{ include "diode.reconciler.configmap" . }} diff --git a/charts/diode/templates/diode-secrets.yaml b/charts/diode/templates/diode-secrets.yaml new file mode 100644 index 00000000..1bdb5d96 --- /dev/null +++ b/charts/diode/templates/diode-secrets.yaml @@ -0,0 +1,16 @@ +{{- if and (not .Values.postgresql.enabled) (not .Values.externalPostgresql.existingSecretName) (not (empty .Values.externalPostgresql.password)) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "diode.postgresql.secretname" . }} + namespace: {{ include "diode.namespace" . }} + labels: + {{- include "diode.labels" . | nindent 4 }} + {{- if .Values.global.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{ include "diode.postgresql.secretkey" . }}: {{ .Values.externalPostgresql.password | b64enc | quote }} +{{- end }} \ No newline at end of file diff --git a/charts/diode/values.yaml b/charts/diode/values.yaml index 65c20817..ae772e64 100644 --- a/charts/diode/values.yaml +++ b/charts/diode/values.yaml @@ -24,7 +24,6 @@ global: # -- common labels for all resources commonLabels: {} - diode: # -- environment name environment: development @@ -35,6 +34,16 @@ externalPostgresql: hostname: localhost # -- port port: 5432 + # -- database name + database: diode + # -- username + username: diode + # -- password + password: "" + # -- existing postgresql secret + existingSecretName: "" + # -- key of password in existing postgresql secret + existingSecretKey: postgresql-password # External Redis configuration (optional) externalRedis: