diff --git a/helm/frost-server/README.md b/helm/frost-server/README.md index 93a9481d9..e28a0aee2 100644 --- a/helm/frost-server/README.md +++ b/helm/frost-server/README.md @@ -201,6 +201,9 @@ The following table lists the configurable parameters of the FROST-Server chart | `frost.db.persistence.local.nodeMountPath` | The mount path to use if using the `local` StorageClassName as FROST-Server database StorageClass persistence. See [bellow](#persistence) for more information. | `/mnt/frost-server-db` | | `frost.db.persistence.hostPath` | If `frost.db.persistence.enabled` is set to false. Than this variable can be used to mount this hostPath to the database container. | `nil` | | `frost.db.database` | The FROST-Server database name to use. | `sensorthings` | +| `frost.db.existingSecret` | If set, this secret is used for the database credentials. | `nil` | +| `frost.db.secretUsernameKey` | The key in the database secret for the username. Change if your secret differs. | `db.username` | +| `frost.db.secretPasswordKey` | The key in the database secret for the password. Change if your secret differs. | `db.password` | | `frost.db.username` | The _base64_ username to use when connecting to the FROST-Server database. | `c2Vuc29ydGhpbmdz` (`sensorthings`) | | `frost.db.password` | The _base64_ password to use when connecting to the FROST-Server database. | `bm93eW91Y2FuY2hhbmdlaXQ=` (`nowyoucanchangeit`) | | `frost.db.idGenerationMode` | Determines how entity ids are generated by any FROST-Server module. See [here](https://github.com/FraunhoferIOSB/FROST-Server/blob/master/docs/settings.adoc#persistence-settings) for more information. | `ServerGeneratedOnly` | @@ -381,6 +384,10 @@ To enable it, set the `frost.db.persistence.storageClassName` to `frost-server-d > **Warning #2**: The `local` StorageClass can only be used if only the ReadWriteOnce [AccessMode](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) is claimed (check the `frost.db.persistence.accessModes` configuration parameter). +### Secret + +It is also possible to create your own secret. To do so set the `frost.db.existingSecret` to your secret. +If your keys differ, you can also set them by setting `frost.db.secretUsernameKey` and `frost.db.secretPasswordKey`. ## Ingress HTTP diff --git a/helm/frost-server/templates/_helpers.tpl b/helm/frost-server/templates/_helpers.tpl index 9853ddeab..2ced7eb8c 100644 --- a/helm/frost-server/templates/_helpers.tpl +++ b/helm/frost-server/templates/_helpers.tpl @@ -27,15 +27,26 @@ Create chart name and version as used by the chart label. {{- end -}} {{/* -Get the HTTP service API version +Get the HTTP service API version. */}} {{- define "frost-server.http.apiVersion" -}} v1.0 {{- end -}} {{/* -Get the HTTP service root URL +Get the HTTP service root URL. */}} {{- define "frost-server.http.serviceRootUrl" -}} {{ .Values.frost.http.serviceProtocol }}://{{ .Values.frost.http.serviceHost }}{{ if .Values.frost.http.servicePort }}:{{ .Values.frost.http.servicePort }}{{ else if not .Values.frost.http.ingress.enabled }}:{{ .Values.frost.http.ports.http.nodePort }}{{ end }}{{ if .Values.frost.http.urlSubPath }}/{{ .Values.frost.http.urlSubPath }}{{ end }} {{- end -}} + +{{/* +Get the DB secret. +*/}} +{{- define "frost-server.db.secret" -}} +{{- if .Values.frost.db.existingSecret -}} +{{ .Values.frost.db.existingSecret }} +{{- else -}} +{{ include "frost-server.fullName" . }} +{{- end -}} +{{- end -}} diff --git a/helm/frost-server/templates/db-backup-deployment.yaml b/helm/frost-server/templates/db-backup-deployment.yaml index bc40f77b5..a5db4f03a 100644 --- a/helm/frost-server/templates/db-backup-deployment.yaml +++ b/helm/frost-server/templates/db-backup-deployment.yaml @@ -45,15 +45,15 @@ spec: - name: POSTGRES_PASS valueFrom: secretKeyRef: - name: {{ include "frost-server.fullName" . }} - key: db.password + name: {{ include "frost-server.db.secret" . }} + key: {{ .Values.frost.db.secretPasswordKey }} - name: POSTGRES_PORT value: "5432" - name: POSTGRES_USER valueFrom: secretKeyRef: - name: {{ include "frost-server.fullName" . }} - key: db.username + name: {{ include "frost-server.db.secret" . }} + key: {{ .Values.frost.db.secretUsernameKey }} - name: REMOVE_BEFORE value: "{{ .Values.frost.backup.removeBefore }}" volumes: diff --git a/helm/frost-server/templates/db-deployment.yaml b/helm/frost-server/templates/db-deployment.yaml index f47b0ed9f..d9b370422 100644 --- a/helm/frost-server/templates/db-deployment.yaml +++ b/helm/frost-server/templates/db-deployment.yaml @@ -62,13 +62,13 @@ spec: - name: POSTGRES_USER valueFrom: secretKeyRef: - name: {{ include "frost-server.fullName" . }} - key: db.username + name: {{ include "frost-server.db.secret" . }} + key: {{ .Values.frost.db.secretUsernameKey }} - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: {{ include "frost-server.fullName" . }} - key: db.password + name: {{ include "frost-server.db.secret" . }} + key: {{ .Values.frost.db.secretPasswordKey }} {{- if .Values.frost.db.persistence.enabled }} volumes: - name: {{ $fullName }} diff --git a/helm/frost-server/templates/http-deployment.yaml b/helm/frost-server/templates/http-deployment.yaml index 3af45241a..f4c35c507 100644 --- a/helm/frost-server/templates/http-deployment.yaml +++ b/helm/frost-server/templates/http-deployment.yaml @@ -135,13 +135,13 @@ spec: - name: persistence_db_username valueFrom: secretKeyRef: - name: {{ include "frost-server.fullName" . }} - key: db.username + name: {{ include "frost-server.db.secret" . }} + key: {{ .Values.frost.db.secretUsernameKey }} - name: persistence_db_password valueFrom: secretKeyRef: - name: {{ include "frost-server.fullName" . }} - key: db.password + name: {{ include "frost-server.db.secret" . }} + key: {{ .Values.frost.db.secretPasswordKey }} # Plugin-Loading settings {{- if .Values.frost.plugins.providedPlugins }} @@ -304,13 +304,13 @@ spec: - name: auth_db_username valueFrom: secretKeyRef: - name: {{ include "frost-server.fullName" . }} - key: db.username + name: {{ include "frost-server.db.secret" . }} + key: {{ .Values.frost.db.secretUsernameKey }} - name: auth_db_password valueFrom: secretKeyRef: - name: {{ include "frost-server.fullName" . }} - key: db.password + name: {{ include "frost-server.db.secret" . }} + key: {{ .Values.frost.db.secretPasswordKey }} {{- else if contains "keycloak" (lower .Values.frost.auth.provider) }} # KeyCloak auth requested - name: auth_provider diff --git a/helm/frost-server/templates/mqtt-deployment.yaml b/helm/frost-server/templates/mqtt-deployment.yaml index 1fadd4c3f..c56ca1276 100644 --- a/helm/frost-server/templates/mqtt-deployment.yaml +++ b/helm/frost-server/templates/mqtt-deployment.yaml @@ -155,13 +155,13 @@ spec: - name: persistence_db_username valueFrom: secretKeyRef: - name: {{ include "frost-server.fullName" . }} - key: db.username + name: {{ include "frost-server.db.secret" . }} + key: {{ .Values.frost.db.secretUsernameKey }} - name: persistence_db_password valueFrom: secretKeyRef: - name: {{ include "frost-server.fullName" . }} - key: db.password + name: {{ include "frost-server.db.secret" . }} + key: {{ .Values.frost.db.secretPasswordKey }} # Plugin-Loading settings {{- if .Values.frost.plugins.providedPlugins }} @@ -324,13 +324,13 @@ spec: - name: auth_db_username valueFrom: secretKeyRef: - name: {{ include "frost-server.fullName" . }} - key: db.username + name: {{ include "frost-server.db.secret" . }} + key: {{ .Values.frost.db.secretUsernameKey }} - name: auth_db_password valueFrom: secretKeyRef: - name: {{ include "frost-server.fullName" . }} - key: db.password + name: {{ include "frost-server.db.secret" . }} + key: {{ .Values.frost.db.secretPasswordKey }} {{- else if contains "keycloak" (lower .Values.frost.auth.provider) }} # KeyCloak auth requested - name: auth_provider diff --git a/helm/frost-server/templates/secret.yaml b/helm/frost-server/templates/secret.yaml index 7c981caf8..09999152e 100644 --- a/helm/frost-server/templates/secret.yaml +++ b/helm/frost-server/templates/secret.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.frost.db.existingSecret -}} apiVersion: v1 kind: Secret metadata: @@ -9,4 +10,5 @@ metadata: app: {{ include "frost-server.name" . }} data: db.username: {{ .Values.frost.db.username }} - db.password: {{ .Values.frost.db.password }} \ No newline at end of file + db.password: {{ .Values.frost.db.password }} +{{- end -}} diff --git a/helm/frost-server/values.yaml b/helm/frost-server/values.yaml index 03a954d2e..162a3f5dc 100644 --- a/helm/frost-server/values.yaml +++ b/helm/frost-server/values.yaml @@ -286,6 +286,10 @@ frost: transactionRole: false countMode: "FULL" database: sensorthings + # Set this to your own created secret if needed + existingSecret: + secretUsernameKey: db.username + secretPasswordKey: db.password username: c2Vuc29ydGhpbmdz password: bm93eW91Y2FuY2hhbmdlaXQ= securityContext: