From 3f704e6a682b604adf6b5f346a566d6e8e02eafc Mon Sep 17 00:00:00 2001 From: Pascal Marzec Date: Tue, 20 Feb 2024 15:00:17 +0100 Subject: [PATCH] fix: fixed problem where chart couldnt be deployed problem was occuring because of the value 'username' in postgresql.auth.username in values.yaml. When setting this value postgresql automatically also sets a password for the root user which couldnt be found in our backend-secrets-postgres.yaml file because we only set a datasource password an no root password. --- charts/puris/templates/backend-deployment.yaml | 11 ++++++++--- charts/puris/templates/backend-secrets-postgres.yaml | 6 ++++-- charts/puris/templates/backend-secrets.yaml | 4 ++-- charts/puris/values.yaml | 8 +++++--- 4 files changed, 19 insertions(+), 10 deletions(-) diff --git a/charts/puris/templates/backend-deployment.yaml b/charts/puris/templates/backend-deployment.yaml index 6b050af9..3ec16116 100644 --- a/charts/puris/templates/backend-deployment.yaml +++ b/charts/puris/templates/backend-deployment.yaml @@ -50,6 +50,11 @@ spec: secretKeyRef: name: "{{ .Values.postgresql.auth.existingSecret }}" key: "postgres-password" + - name: ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.auth.existingSecret }}" + key: "password" {{- else }} - name: DATASOURCE_URL value: "{{ .Values.backend.puris.datasource.url }}" @@ -58,13 +63,13 @@ spec: - name: DATASOURCE_PASSWORD valueFrom: secretKeyRef: - name: "{{ .Values.backend.puris.secret }}" + name: "{{ .Values.backend.puris.existingSecret }}" key: "puris-datasource-password" {{- end }} - name: EDC_CONTROLPLANE_KEY valueFrom: secretKeyRef: - name: "{{ .Values.backend.puris.secret }}" + name: "{{ .Values.backend.puris.existingSecret }}" key: "puris-edc-controlplane-key" - name: EDC_CONTROLPLANE_MANAGEMENT_URL value: "{{ .Values.backend.puris.edc.controlplane.management.url }}" @@ -93,7 +98,7 @@ spec: - name: PURIS_API_KEY valueFrom: secretKeyRef: - name: "{{ .Values.backend.puris.secret }}" + name: "{{ .Values.backend.puris.existingSecret }}" key: "puris-api-key" - name: PURIS_DEMONSTRATOR_ROLE value: "{{ .Values.backend.puris.demonstrator.role }}" diff --git a/charts/puris/templates/backend-secrets-postgres.yaml b/charts/puris/templates/backend-secrets-postgres.yaml index 3ec6d7d3..5af4a521 100644 --- a/charts/puris/templates/backend-secrets-postgres.yaml +++ b/charts/puris/templates/backend-secrets-postgres.yaml @@ -12,10 +12,12 @@ data: # if secret exists, use value provided from values file (to cover update scenario) or existing value from secret # use data map instead of stringData to prevent base64 encoding of already base64-encoded existing value from secret # use index function for secret keys with hyphen otherwise '$secret.data.secretKey' works too - postgres-password: {{ ( .Values.postgresql.auth.password | b64enc ) | default ( index $secret.data "postgres-password" ) | quote }} + password: {{ ( .Values.postgresql.auth.password | b64enc ) | default ( index $secret.data "password" ) | quote }} + postgres-password: {{ ( .Values.postgresql.auth.passwordPostgres | b64enc ) | default ( index $secret.data "postgres-password" ) | quote }} {{ else -}} stringData: # if secret doesn't exist, use provided value from values file or generate a random one - postgres-password: {{ .Values.postgresql.auth.password | default ( randAlphaNum 32 ) | quote }} + password: {{ .Values.postgresql.auth.password | default ( randAlphaNum 32 ) | quote }} + postgres-password: {{ .Values.postgresql.auth.passwordPostgres | default ( randAlphaNum 32 ) | quote }} {{ end }} {{- end -}} diff --git a/charts/puris/templates/backend-secrets.yaml b/charts/puris/templates/backend-secrets.yaml index 868fa78f..d9874bab 100644 --- a/charts/puris/templates/backend-secrets.yaml +++ b/charts/puris/templates/backend-secrets.yaml @@ -1,11 +1,11 @@ apiVersion: v1 kind: Secret metadata: - name: {{ .Values.backend.puris.secret }} + name: {{ .Values.backend.puris.existingSecret }} namespace: {{ .Release.Namespace }} type: Opaque # use lookup function to check if secret exists -{{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.backend.puris.secret) }} +{{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.backend.puris.existingSecret) }} {{ if $secret -}} data: # if secret exists, use value provided from values file (to cover update scenario) or existing value from secret diff --git a/charts/puris/values.yaml b/charts/puris/values.yaml index 643f30c8..4b5c3a67 100644 --- a/charts/puris/values.yaml +++ b/charts/puris/values.yaml @@ -358,7 +358,7 @@ backend: puris: # -- Secret for backend passwords. For more information look into 'backend-secrets.yaml' file. - secret: "secret-backend-puris" + existingSecret: "secret-backend-puris" api: # -- The API key of the PURIS application. Secret-key 'puris-api-key'. key: "test" @@ -463,7 +463,9 @@ postgresql: database: "postgres" # -- Secret containing the password. For more information look into 'backend-secrets-postgres.yaml' file. existingSecret: "secret-postgres-init" - # -- Username for the database. + # -- Username for the root user and for the database. username: "puris" + # -- Password for the root user. Secret-key 'password' + password: "" # -- Password for the database. Secret-key 'postgres-password'. - password: "password" + passwordPostgres: "password"