Added ability to supply backend's database creds via secret.

TeamPiped · Mar 5, 2023 · b34176b · b34176b
1 parent 3c99665
commit b34176b
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 7 deletions.
diff --git a/charts/apps/piped/Chart.yaml b/charts/apps/piped/Chart.yaml
@@ -9,7 +9,7 @@ sources:
   - https://github.com/TeamPiped/piped-proxy
 keywords:
   - streaming
-version: 1.0.0
+version: 1.1.0
 appVersion: latest
 kubeVersion: ">=1.22.0-0"
 maintainers:
@@ -26,7 +26,5 @@ dependencies:
     condition: postgresql.enabled
 annotations:
   artifacthub.io/changes: |-
-    - kind: changed
-      description: Updated to common v1.3.2 which bumps kubeVersion to 1.22.
-    - kind: changed
-      description: Enabled the probes by default.
+    - kind: added
+      description: Ability to use a secret for backend database credentials
diff --git a/charts/apps/piped/templates/backend/configmap.yaml b/charts/apps/piped/templates/backend/configmap.yaml
@@ -58,13 +58,20 @@ data:
     hibernate.connection.url: {{.Values.backend.config.database.connection_url }}
     hibernate.connection.driver_class: {{.Values.backend.config.database.driver_class }}
     hibernate.dialect: {{.Values.backend.config.database.dialect }}
-    hibernate.connection.username: {{.Values.backend.config.database.username }}
-    hibernate.connection.password: {{.Values.backend.config.database.password }}
+    {{- if .Values.backend.config.database.secret }}
+    hibernate.connection.username: {{ include "common.getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" .Values.backend.config.database.secret "Key" "database.username" ) -}}
+    hibernate.connection.password: {{ include "common.getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" .Values.backend.config.database.secret "Key" "database.password") -}}
+    {{- end }}
     {{- else if .Values.postgresql.enabled }}
     hibernate.connection.url: jdbc:postgresql://piped-postgresql/{{ .Values.postgresql.auth.database}}
     hibernate.connection.driver_class: org.postgresql.Driver
     hibernate.dialect: org.hibernate.dialect.PostgreSQLDialect
     hibernate.connection.username: {{.Values.postgresql.auth.username }}
     hibernate.connection.password: {{.Values.postgresql.auth.password }}
+    {{- else if not (.Values.postgresql.enabled .Values.backend.config.database.secret) }}
+    hibernate.connection.username: {{.Values.backend.config.database.username }}
+    hibernate.connection.password: {{.Values.backend.config.database.password }}
+    {{- else }}
+     {{- fail "Unable to figure out database configuration for backend configmap."}}
     {{- end }}
     SENTRY_DSN:
diff --git a/charts/apps/piped/templates/common.yaml b/charts/apps/piped/templates/common.yaml
@@ -1,6 +1,13 @@
 ---
 {{- include "bjw-s.common.values.init" . }}
 
+{{- define "common.getValueFromSecret" }}
+{{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}}
+{{- if $obj }}
+{{- index $obj .Key | b64dec -}}
+{{- end -}}
+{{- end -}}
+
 {{- define "app-template.hardcodedValues" -}}
 
 # Set the nameOverride based on the release name if no override has been set

diff --git a/charts/apps/piped/values.yaml b/charts/apps/piped/values.yaml
@@ -107,6 +107,9 @@ backend:
     #  dialect: org.hibernate.dialect.PostgreSQLDialect
     #  username: piped
     #  password: changeme
+    #  Please only provide the secret name (it should already exist),
+    # it should only include database.username and database.password as others will be taken from above.
+    # secret: secret-name
 
 
   image: