From b6de99a242c6edb65bf15d9786cb8529b63b7b81 Mon Sep 17 00:00:00 2001
From: Jorgen Evens <jorgen@evens.eu>
Date: Tue, 9 Aug 2022 17:00:20 +0200
Subject: [PATCH] feat(postgresql): provide credentials using secrets

- Compatible with `postgresql.existingSecret` in the postgresql chart.
- Uses dependent environment variables for `POSTGRES_STRING` connection strings
---
 .../charts/alerts/templates/deployment.yaml         |  7 +++++++
 .../charts/chalice/templates/deployment.yaml        |  7 +++++++
 .../openreplay/charts/db/templates/deployment.yaml  | 13 +++++++++++--
 .../charts/ender/templates/deployment.yaml          | 11 ++++++++++-
 .../charts/frontend/templates/deployment.yaml       | 11 ++++++++++-
 .../charts/http/templates/deployment.yaml           | 11 ++++++++++-
 .../charts/integrations/templates/deployment.yaml   | 11 ++++++++++-
 .../charts/utilities/templates/report-cron.yaml     |  7 +++++++
 .../utilities/templates/sessions-cleaner-cron.yaml  |  7 +++++++
 .../charts/utilities/templates/telemetry-cron.yaml  |  7 +++++++
 scripts/helmcharts/openreplay/templates/job.yaml    |  9 ++++++++-
 11 files changed, 94 insertions(+), 7 deletions(-)

diff --git a/scripts/helmcharts/openreplay/charts/alerts/templates/deployment.yaml b/scripts/helmcharts/openreplay/charts/alerts/templates/deployment.yaml
index 24d40bf21..55f81f410 100644
--- a/scripts/helmcharts/openreplay/charts/alerts/templates/deployment.yaml
+++ b/scripts/helmcharts/openreplay/charts/alerts/templates/deployment.yaml
@@ -58,7 +58,14 @@ spec:
             - name: pg_user
               value: '{{ .Values.global.postgresql.postgresqlUser }}'
             - name: pg_password
+              {{- if .Values.global.postgresql.existingSecret }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.global.postgresql.existingSecret }}
+                  key: postgresql-postgres-password
+              {{- else }}
               value: '{{ .Values.global.postgresql.postgresqlPassword }}'
+              {{- end}}
             - name: SITE_URL
               value: 'https://{{ .Values.global.domainName }}'
             - name: S3_HOST
diff --git a/scripts/helmcharts/openreplay/charts/chalice/templates/deployment.yaml b/scripts/helmcharts/openreplay/charts/chalice/templates/deployment.yaml
index f4c04f4ad..a9f1c02e9 100644
--- a/scripts/helmcharts/openreplay/charts/chalice/templates/deployment.yaml
+++ b/scripts/helmcharts/openreplay/charts/chalice/templates/deployment.yaml
@@ -68,7 +68,14 @@ spec:
             - name: pg_user
               value: '{{ .Values.global.postgresql.postgresqlUser }}'
             - name: pg_password
+              {{- if .Values.global.postgresql.existingSecret }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.global.postgresql.existingSecret }}
+                  key: postgresql-postgres-password
+              {{- else }}
               value: '{{ .Values.global.postgresql.postgresqlPassword }}'
+              {{- end}}
             - name: SITE_URL
               value: 'https://{{ .Values.global.domainName }}'
             - name: S3_HOST
diff --git a/scripts/helmcharts/openreplay/charts/db/templates/deployment.yaml b/scripts/helmcharts/openreplay/charts/db/templates/deployment.yaml
index 3ffd981a9..02831fa73 100644
--- a/scripts/helmcharts/openreplay/charts/db/templates/deployment.yaml
+++ b/scripts/helmcharts/openreplay/charts/db/templates/deployment.yaml
@@ -53,10 +53,19 @@ spec:
               value: '{{ .Values.global.kafka.kafkaHost }}:{{ .Values.global.kafka.kafkaPort }}'
             - name: KAFKA_USE_SSL
               value: '{{ .Values.global.kafka.kafkaUseSsl }}'
-            - name: POSTGRES_STRING
-              value: 'postgres://{{ .Values.global.postgresql.postgresqlUser }}:{{ .Values.global.postgresql.postgresqlPassword }}@{{ .Values.global.postgresql.postgresqlHost }}:{{ .Values.global.postgresql.postgresqlPort }}/{{ .Values.global.postgresql.postgresqlDatabase }}'
+            - name: pg_password
+              {{- if .Values.global.postgresql.existingSecret }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.global.postgresql.existingSecret }}
+                  key: postgresql-postgres-password
+              {{- else }}
+              value: '{{ .Values.global.postgresql.postgresqlPassword }}'
+              {{- end}}
             - name: QUICKWIT_ENABLED
               value: '{{ .Values.global.quickwit.enabled }}'
+            - name: POSTGRES_STRING
+              value: 'postgres://{{ .Values.global.postgresql.postgresqlUser }}:$(pg_password)@{{ .Values.global.postgresql.postgresqlHost }}:{{ .Values.global.postgresql.postgresqlPort }}/{{ .Values.global.postgresql.postgresqlDatabase }}'
             {{- range $key, $val := .Values.env }}
             - name: {{ $key }}
               value: '{{ $val }}'
diff --git a/scripts/helmcharts/openreplay/charts/ender/templates/deployment.yaml b/scripts/helmcharts/openreplay/charts/ender/templates/deployment.yaml
index 808578b76..22713eee8 100644
--- a/scripts/helmcharts/openreplay/charts/ender/templates/deployment.yaml
+++ b/scripts/helmcharts/openreplay/charts/ender/templates/deployment.yaml
@@ -51,8 +51,17 @@ spec:
               value: '{{ .Values.global.kafka.kafkaHost }}:{{ .Values.global.kafka.kafkaPort }}'
             - name: KAFKA_USE_SSL
               value: '{{ .Values.global.kafka.kafkaUseSsl }}'
+            - name: pg_password
+              {{- if .Values.global.postgresql.existingSecret }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.global.postgresql.existingSecret }}
+                  key: postgresql-postgres-password
+              {{- else }}
+              value: '{{ .Values.global.postgresql.postgresqlPassword }}'
+              {{- end}}
             - name: POSTGRES_STRING
-              value: 'postgres://{{ .Values.global.postgresql.postgresqlUser }}:{{ .Values.global.postgresql.postgresqlPassword }}@{{ .Values.global.postgresql.postgresqlHost }}:{{ .Values.global.postgresql.postgresqlPort }}/{{ .Values.global.postgresql.postgresqlDatabase }}'
+              value: 'postgres://{{ .Values.global.postgresql.postgresqlUser }}:$(pg_password)@{{ .Values.global.postgresql.postgresqlHost }}:{{ .Values.global.postgresql.postgresqlPort }}/{{ .Values.global.postgresql.postgresqlDatabase }}'
             {{- range $key, $val := .Values.env }}
             - name: {{ $key }}
               value: '{{ $val }}'
diff --git a/scripts/helmcharts/openreplay/charts/frontend/templates/deployment.yaml b/scripts/helmcharts/openreplay/charts/frontend/templates/deployment.yaml
index 92d1b7002..7ee425824 100644
--- a/scripts/helmcharts/openreplay/charts/frontend/templates/deployment.yaml
+++ b/scripts/helmcharts/openreplay/charts/frontend/templates/deployment.yaml
@@ -57,8 +57,17 @@ spec:
               value: '{{ .Values.global.kafka.kafkaHost }}:{{ .Values.global.kafka.kafkaPort }}'
             - name: KAFKA_USE_SSL
               value: '{{ .Values.global.kafka.kafkaUseSsl }}'
+            - name: pg_password
+              {{- if .Values.global.postgresql.existingSecret }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.global.postgresql.existingSecret }}
+                  key: postgresql-postgres-password
+              {{- else }}
+              value: '{{ .Values.global.postgresql.postgresqlPassword }}'
+              {{- end}}
             - name: POSTGRES_STRING
-              value: 'postgres://{{ .Values.global.postgresql.postgresqlUser }}:{{ .Values.global.postgresql.postgresqlPassword }}@{{ .Values.global.postgresql.postgresqlHost }}:{{ .Values.global.postgresql.postgresqlPort }}/{{ .Values.global.postgresql.postgresqlDatabase }}'
+              value: 'postgres://{{ .Values.global.postgresql.postgresqlUser }}:$(pg_password)@{{ .Values.global.postgresql.postgresqlHost }}:{{ .Values.global.postgresql.postgresqlPort }}/{{ .Values.global.postgresql.postgresqlDatabase }}'
             # We need to check what is the object store endpoint.
             # There can be 4 options
             # 1. Using minio inside kube clster
diff --git a/scripts/helmcharts/openreplay/charts/http/templates/deployment.yaml b/scripts/helmcharts/openreplay/charts/http/templates/deployment.yaml
index d0f18cba6..5a835e3fe 100644
--- a/scripts/helmcharts/openreplay/charts/http/templates/deployment.yaml
+++ b/scripts/helmcharts/openreplay/charts/http/templates/deployment.yaml
@@ -57,8 +57,17 @@ spec:
               value: '{{ .Values.global.kafka.kafkaHost }}:{{ .Values.global.kafka.kafkaPort }}'
             - name: KAFKA_USE_SSL
               value: '{{ .Values.global.kafka.kafkaUseSsl }}'
+            - name: pg_password
+              {{- if .Values.global.postgresql.existingSecret }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.global.postgresql.existingSecret }}
+                  key: postgresql-postgres-password
+              {{- else }}
+              value: '{{ .Values.global.postgresql.postgresqlPassword }}'
+              {{- end}}
             - name: POSTGRES_STRING
-              value: 'postgres://{{ .Values.global.postgresql.postgresqlUser }}:{{ .Values.global.postgresql.postgresqlPassword }}@{{ .Values.global.postgresql.postgresqlHost }}:{{ .Values.global.postgresql.postgresqlPort }}/{{ .Values.global.postgresql.postgresqlDatabase }}'
+              value: 'postgres://{{ .Values.global.postgresql.postgresqlUser }}:$(pg_password)@{{ .Values.global.postgresql.postgresqlHost }}:{{ .Values.global.postgresql.postgresqlPort }}/{{ .Values.global.postgresql.postgresqlDatabase }}'
             # We need to check what is the object store endpoint.
             # There can be 4 options
             # 1. Using minio inside kube clster
diff --git a/scripts/helmcharts/openreplay/charts/integrations/templates/deployment.yaml b/scripts/helmcharts/openreplay/charts/integrations/templates/deployment.yaml
index 910db4bae..618d32f47 100644
--- a/scripts/helmcharts/openreplay/charts/integrations/templates/deployment.yaml
+++ b/scripts/helmcharts/openreplay/charts/integrations/templates/deployment.yaml
@@ -51,8 +51,17 @@ spec:
               value: '{{ .Values.global.kafka.kafkaHost }}:{{ .Values.global.kafka.kafkaPort }}'
             - name: KAFKA_USE_SSL
               value: '{{ .Values.global.kafka.kafkaUseSsl }}'
+            - name: pg_password
+              {{- if .Values.global.postgresql.existingSecret }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.global.postgresql.existingSecret }}
+                  key: postgresql-postgres-password
+              {{- else }}
+              value: '{{ .Values.global.postgresql.postgresqlPassword }}'
+              {{- end}}
             - name: POSTGRES_STRING
-              value: 'postgres://{{ .Values.global.postgresql.postgresqlUser }}:{{ .Values.global.postgresql.postgresqlPassword }}@{{ .Values.global.postgresql.postgresqlHost }}:{{ .Values.global.postgresql.postgresqlPort }}/{{ .Values.global.postgresql.postgresqlDatabase }}'
+              value: 'postgres://{{ .Values.global.postgresql.postgresqlUser }}:$(pg_password)@{{ .Values.global.postgresql.postgresqlHost }}:{{ .Values.global.postgresql.postgresqlPort }}/{{ .Values.global.postgresql.postgresqlDatabase }}'
             {{- range $key, $val := .Values.env }}
             - name: {{ $key }}
               value: '{{ $val }}'
diff --git a/scripts/helmcharts/openreplay/charts/utilities/templates/report-cron.yaml b/scripts/helmcharts/openreplay/charts/utilities/templates/report-cron.yaml
index 0126ba37f..96e17acf5 100644
--- a/scripts/helmcharts/openreplay/charts/utilities/templates/report-cron.yaml
+++ b/scripts/helmcharts/openreplay/charts/utilities/templates/report-cron.yaml
@@ -31,7 +31,14 @@ spec:
               - name: pg_user
                 value: '{{ .Values.global.postgresql.postgresqlUser }}'
               - name: pg_password
+                {{- if .Values.global.postgresql.existingSecret }}
+                valueFrom:
+                  secretKeyRef:
+                    name: {{ .Values.global.postgresql.existingSecret }}
+                    key: postgresql-postgres-password
+                {{- else }}
                 value: '{{ .Values.global.postgresql.postgresqlPassword }}'
+                {{- end}}
               - name: SITE_URL
                 value: 'https://{{ .Values.global.domainName }}'
               - name: S3_HOST
diff --git a/scripts/helmcharts/openreplay/charts/utilities/templates/sessions-cleaner-cron.yaml b/scripts/helmcharts/openreplay/charts/utilities/templates/sessions-cleaner-cron.yaml
index 8043fdaea..74e65b281 100644
--- a/scripts/helmcharts/openreplay/charts/utilities/templates/sessions-cleaner-cron.yaml
+++ b/scripts/helmcharts/openreplay/charts/utilities/templates/sessions-cleaner-cron.yaml
@@ -31,7 +31,14 @@ spec:
               - name: pg_user
                 value: '{{ .Values.global.postgresql.postgresqlUser }}'
               - name: pg_password
+                {{- if .Values.global.postgresql.existingSecret }}
+                valueFrom:
+                  secretKeyRef:
+                    name: {{ .Values.global.postgresql.existingSecret }}
+                    key: postgresql-postgres-password
+                {{- else }}
                 value: '{{ .Values.global.postgresql.postgresqlPassword }}'
+                {{- end}}
               - name: SITE_URL
                 value: 'https://{{ .Values.global.domainName }}'
               - name: S3_HOST
diff --git a/scripts/helmcharts/openreplay/charts/utilities/templates/telemetry-cron.yaml b/scripts/helmcharts/openreplay/charts/utilities/templates/telemetry-cron.yaml
index 0183d106f..8b81ee057 100644
--- a/scripts/helmcharts/openreplay/charts/utilities/templates/telemetry-cron.yaml
+++ b/scripts/helmcharts/openreplay/charts/utilities/templates/telemetry-cron.yaml
@@ -31,7 +31,14 @@ spec:
               - name: pg_user
                 value: '{{ .Values.global.postgresql.postgresqlUser }}'
               - name: pg_password
+                {{- if .Values.global.postgresql.existingSecret }}
+                valueFrom:
+                  secretKeyRef:
+                    name: {{ .Values.global.postgresql.existingSecret }}
+                    key: postgresql-postgres-password
+                {{- else }}
                 value: '{{ .Values.global.postgresql.postgresqlPassword }}'
+                {{- end}}
               - name: SITE_URL
                 value: 'https://{{ .Values.global.domainName }}'
               - name: S3_HOST
diff --git a/scripts/helmcharts/openreplay/templates/job.yaml b/scripts/helmcharts/openreplay/templates/job.yaml
index d77a1b962..aaadc2eb7 100644
--- a/scripts/helmcharts/openreplay/templates/job.yaml
+++ b/scripts/helmcharts/openreplay/templates/job.yaml
@@ -91,7 +91,14 @@ spec:
           - name: PGUSER
             value: "{{ .Values.global.postgresql.postgresqlUser }}"
           - name: PGPASSWORD
-            value: "{{ .Values.global.postgresql.postgresqlPassword }}"
+            {{- if .Values.global.postgresql.existingSecret }}
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Values.global.postgresql.existingSecret }}
+                key: postgresql-postgres-password
+            {{- else }}
+            value: '{{ .Values.global.postgresql.postgresqlPassword }}'
+            {{- end}}
         image: bitnami/postgresql:13.3.0-debian-10-r53
         command: 
         - /bin/bash