--- /dev/null
+{{/*
+# Copyright © 2019 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{/*
+ UID of postgres root password
+*/}}
+{{- define "common.postgres.secret.rootPassUID" -}}
+ {{- printf "db-root-password" }}
+{{- end -}}
+
+{{/*
+ Name of postgres secret
+*/}}
+{{- define "common.postgres.secret._secretName" -}}
+ {{- $global := .dot }}
+ {{- $chartName := tpl .chartName $global -}}
+ {{- include "common.secret.genName" (dict "global" $global "uid" (include .uidTemplate $global) "chartName" $chartName) }}
+{{- end -}}
+
+{{/*
+ Name of postgres root password secret
+*/}}
+{{- define "common.postgres.secret.rootPassSecretName" -}}
+ {{- include "common.postgres.secret._secretName" (set . "uidTemplate" "common.postgres.secret.rootPassUID") }}
+{{- end -}}
+
+{{/*
+ UID of postgres user credentials
+*/}}
+{{- define "common.postgres.secret.userCredentialsUID" -}}
+ {{- printf "db-user-credentials" }}
+{{- end -}}
+
+{{/*
+ Name of postgres user credentials secret
+*/}}
+{{- define "common.postgres.secret.userCredentialsSecretName" -}}
+ {{- include "common.postgres.secret._secretName" (set . "uidTemplate" "common.postgres.secret.userCredentialsUID") }}
+{{- end -}}
+
+{{/*
+ UID of postgres primary password
+*/}}
+{{- define "common.postgres.secret.primaryPasswordUID" -}}
+ {{- printf "primary-password" }}
+{{- end -}}
+
+{{/*
+ Name of postgres user credentials secret
+*/}}
+{{- define "common.postgres.secret.primaryPasswordSecretName" -}}
+ {{- include "common.postgres.secret._secretName" (set . "uidTemplate" "common.postgres.secret.primaryPasswordUID") }}
+{{- end -}}
- name: PG_PRIMARY_PORT
value: "{{ $dot.Values.service.internalPort }}"
- name: PG_PRIMARY_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" $dot }}
- key: pg-primary-password
+ {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
- name: PG_USER
- value: "{{ $dot.Values.config.pgUserName }}"
+ {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
- name: PG_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" $dot }}
- key: pg-user-password
+ {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
- name: PG_DATABASE
value: "{{ $dot.Values.config.pgDatabase }}"
- name: PG_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" $dot }}
- key: pg-root-password
+ {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
volumeMounts:
- name: pool-hba-conf
mountPath: /pgconf/pool_hba.conf
# # See the License for the specific language governing permissions and
# # limitations under the License.
*/}}
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- pg-primary-password: {{ .Values.config.pgPrimaryPassword | b64enc | quote }}
- pg-user-password: {{ .Values.config.pgUserPassword | b64enc | quote }}
- pg-root-password: {{ .Values.config.pgRootPassword | b64enc | quote }}
-
+{{ include "common.secret" . }}
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.0
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: '{{ include "common.postgres.secret.rootPassUID" . }}'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.pgRootPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.pgRootPassword }}'
+ - uid: '{{ include "common.postgres.secret.userCredentialsUID" . }}'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.pgUserExternalSecret) . }}'
+ login: '{{ .Values.config.pgUserName }}'
+ password: '{{ .Values.config.pgUserPassword }}'
+ - uid: '{{ include "common.postgres.secret.primaryPasswordUID" . }}'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.pgPrimaryPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.pgPrimaryPassword }}'
+
#################################################################
# Application configuration defaults.
#################################################################
Code Review / oom.git / commitdiff