diff --git a/charts/reports-server/README.md b/charts/reports-server/README.md index 042c0f4..045fa29 100644 --- a/charts/reports-server/README.md +++ b/charts/reports-server/README.md @@ -57,10 +57,15 @@ helm install reports-server --namespace reports-server --create-namespace report | service.type | string | `"ClusterIP"` | Service type | | service.port | int | `443` | Service port | | config.debug | bool | `false` | Enable debug (to use inmemorydatabase) | +| config.db.secretName | string | `""` | If set, database connection information will be read from the Secret with this name. Overrides `db.host`, `db.name`, `db.user`, and `db.password`. | | config.db.host | string | `""` | Database host | +| config.db.hostSecretKeyName | string | `"host"` | The database host will be read from this `key` in the specified Secret, when `db.secretName` is set. | | config.db.name | string | `"reportsdb"` | Database name | +| config.db.dbNameSecretKeyName | string | `"dbname"` | The database name will be read from this `key` in the specified Secret, when `db.secretName` is set. | | config.db.user | string | `"postgres"` | Database user | +| config.db.userSecretKeyName | string | `"username"` | The database username will be read from this `key` in the specified Secret, when `db.secretName` is set. | | config.db.password | string | `"reports"` | Database password | +| config.db.passwordSecretKeyName | string | `"password"` | The database password will be read from this `key` in the specified Secret, when `db.secretName` is set. | ## Source Code diff --git a/charts/reports-server/templates/_helpers.tpl b/charts/reports-server/templates/_helpers.tpl index 807868a..fd74989 100644 --- a/charts/reports-server/templates/_helpers.tpl +++ b/charts/reports-server/templates/_helpers.tpl @@ -60,3 +60,39 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* +Database config is injected into the environment, if a secret ref is set. Otherwise, Helm values are used directly. +*/}} +{{- define "reports-server.dbHost" -}} +{{- if .Values.config.db.secretName }} +{{- printf "%s" "$(DB_HOST)" }} +{{- else }} +{{- default (printf "%s-postgresql.%s" $.Release.Name $.Release.Namespace ) .Values.config.db.host }} +{{- end }} +{{- end }} + +{{- define "reports-server.dbName" -}} +{{- if .Values.config.db.secretName }} +{{- printf "%s" "$(DB_DATABASE)" }} +{{- else }} +{{- .Values.config.db.name }} +{{- end }} +{{- end }} + +{{- define "reports-server.dbUser" -}} +{{- if .Values.config.db.secretName }} +{{- printf "%s" "$(DB_USER)" }} +{{- else }} +{{- .Values.config.db.user }} +{{- end }} +{{- end }} + +{{- define "reports-server.dbPassword" -}} +{{- if .Values.config.db.secretName }} +{{- printf "%s" "$(DB_PASSWORD)" }} +{{- else }} +{{- .Values.config.db.password }} +{{- end }} +{{- end }} + diff --git a/charts/reports-server/templates/deployment.yaml b/charts/reports-server/templates/deployment.yaml index 66722a2..403df4c 100644 --- a/charts/reports-server/templates/deployment.yaml +++ b/charts/reports-server/templates/deployment.yaml @@ -40,17 +40,36 @@ spec: {{- if .Values.config.debug }} - --debug {{- else }} - {{- if .Values.config.db.host }} - - --dbhost={{ .Values.config.db.host }} - {{- else }} - - --dbhost={{ $.Release.Name }}-postgresql.{{ $.Release.Namespace }} - {{- end }} - - --dbname={{ .Values.config.db.name }} - - --dbuser={{ .Values.config.db.user }} - - --dbpassword={{ .Values.config.db.password }} + - --dbhost={{ include "reports-server.dbHost" . }} + - --dbname={{ include "reports-server.dbName" . }} + - --dbuser={{ include "reports-server.dbUser" . }} + - --dbpassword={{ include "reports-server.dbPassword" . }} {{- end }} - --cert-dir=/tmp - --secure-port=4443 + {{- if .Values.config.db.secretName }} + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + key: {{ .Values.config.db.hostSecretKeyName }} + name: {{ .Values.config.db.secretName }} + - name: DB_DATABASE + valueFrom: + secretKeyRef: + key: {{ .Values.config.db.dbNameSecretKeyName }} + name: {{ .Values.config.db.secretName }} + - name: DB_USER + valueFrom: + secretKeyRef: + key: {{ .Values.config.db.userSecretKeyName }} + name: {{ .Values.config.db.secretName }} + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: {{ .Values.config.db.passwordSecretKeyName }} + name: {{ .Values.config.db.secretName }} + {{- end}} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" diff --git a/charts/reports-server/values.yaml b/charts/reports-server/values.yaml index 0881de6..811db77 100644 --- a/charts/reports-server/values.yaml +++ b/charts/reports-server/values.yaml @@ -145,15 +145,25 @@ config: debug: false db: + # -- If set, database connection information will be read from the Secret with this name. Overrides `db.host`, `db.name`, `db.user`, and `db.password`. + secretName: "" # -- Database host host: "" + # -- The database host will be read from this `key` in the specified Secret, when `db.secretName` is set. + hostSecretKeyName: "host" # -- Database name name: reportsdb + # -- The database name will be read from this `key` in the specified Secret, when `db.secretName` is set. + dbNameSecretKeyName: "dbname" # -- Database user user: postgres + # -- The database username will be read from this `key` in the specified Secret, when `db.secretName` is set. + userSecretKeyName: "username" # -- Database password password: reports + # -- The database password will be read from this `key` in the specified Secret, when `db.secretName` is set. + passwordSecretKeyName: "password"