Use existing secrets for peerdb and peerdbUI password as well as nextauth. (#32)

* Update templates, values and readme to support providing your own secrets for peerdb.credentials.password, peerdbUI.credentials.password and peerdbUI.credentials.nexauth

* Update chart version to 0.9.1 per checklist

* Return datadog.enabled back to existing value

* Implement condition simplifications.

* chore: update docs

---------

Co-authored-by: Kunal Gupta <[email protected]>

Author: PurseChicken

peerdb-catalog/Chart.yaml

@@ -13,7 +13,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.9.0
+version: 0.9.1
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.

peerdb-catalog/README.md

@@ -1,6 +1,6 @@
 # peerdb-catalog
 
-![Version: 0.9.0](https://img.shields.io/badge/Version-0.9.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.30.9](https://img.shields.io/badge/AppVersion-v0.30.9-informational?style=flat-square)
+![Version: 0.9.1](https://img.shields.io/badge/Version-0.9.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.30.9](https://img.shields.io/badge/AppVersion-v0.30.9-informational?style=flat-square)
 
 A Helm chart for Kubernetes
 

peerdb/Chart.yaml

@@ -25,7 +25,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.9.0
+version: 0.9.1
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.

peerdb/README.md

@@ -1,6 +1,6 @@
 # peerdb
 
-![Version: 0.9.0](https://img.shields.io/badge/Version-0.9.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.30.9](https://img.shields.io/badge/AppVersion-v0.30.9-informational?style=flat-square)
+![Version: 0.9.1](https://img.shields.io/badge/Version-0.9.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.30.9](https://img.shields.io/badge/AppVersion-v0.30.9-informational?style=flat-square)
 
 Install PeerDB along with Temporal.
 
@@ -154,6 +154,7 @@ Install PeerDB along with Temporal.
 | global.peerdb.lowCost.nodeSelector | object | `{}` | Node selector that will be applied to all the lowCost=true peerdb components additively |
 | global.peerdb.lowCost.tolerations | list | `[]` | Tolerations that will be applied to all the lowCost=true peerdb components additively |
 | peerdb.credentials.password | string | `"peerdb"` |  |
+| peerdb.credentials.passwordExistingSecret | string | `""` | Use this existing secret for PeerDB Server Password. Must have `SERVER_PEERDB_PASSWORD` key. |
 | peerdb.deployment.annotations | object | `{}` | annotations that will be applied to the peerdb-server deployment, NOT the pods |
 | peerdb.deployment.labels | object | `{}` | labels that will be applied to the peerdb-server deployment, NOT the pods |
 | peerdb.enabled | bool | `true` |  |
@@ -181,8 +182,10 @@ Install PeerDB along with Temporal.
 | peerdb.service.targetPort | int | `9900` |  |
 | peerdb.service.type | string | `"ClusterIP"` |  |
 | peerdb.version | string | `"stable-v0.30.9"` | This version is overridden by .env file if the install_peerdb.sh script is being used In that case, either update the .env file or override it via values.customer.yaml when installing |
+| peerdbUI.credentials.nexauthExistingSecret | string | `""` | Use this existing secret for nexauth_secret. Must have `UI_NEXTAUTH_SECRET` key.  |
 | peerdbUI.credentials.nexauth_secret | string | `""` |  |
 | peerdbUI.credentials.password | string | `"_PEERDB_PASSWORD_"` |  |
+| peerdbUI.credentials.passwordExistingSecret | string | `""` | Use this existing secret for PeerDB UI Password. Must have `UI_PEERDB_PASSWORD` key.   |
 | peerdbUI.deployment.annotations | object | `{}` | annotations that will be applied to the peerdbUI deployment, NOT the pods |
 | peerdbUI.deployment.labels | object | `{}` | labels that will be applied to the peerdbUI deployment, NOT the pods |
 | peerdbUI.enabled | bool | `true` |  |

peerdb/templates/peerdb-server-deployment.yaml

@@ -53,7 +53,11 @@ spec:
           valueFrom:
             secretKeyRef:
               key: SERVER_PEERDB_PASSWORD
+              {{- if .Values.peerdb.credentials.passwordExistingSecret }}
+              name: {{ .Values.peerdb.credentials.passwordExistingSecret }}
+              {{- else }}
               name: peerdb-server-ui-secret
+              {{- end }}
         # flow server config
         - name: PEERDB_FLOW_SERVER_ADDRESS
           value: "http://flow-api:{{ .Values.flowApi.service.port }}"

peerdb/templates/peerdb-server-ui-secret.yaml

@@ -1,10 +1,18 @@
+{{- if not (and (.Values.peerdbUI.credentials.passwordExistingSecret .Values.peerdb.credentials.passwordExistingSecret .Values.peerdbUI.credentials.nexauthExistingSecret)) }}
 apiVersion: v1
 kind: Secret
 metadata:
   name: peerdb-server-ui-secret
   labels:
     {{- include "peerdb.common.labels" . | nindent 4 }}
 stringData:
+  {{- if not .Values.peerdbUI.credentials.passwordExistingSecret }}
   UI_PEERDB_PASSWORD: '{{ .Values.peerdbUI.credentials.password }}'
+  {{- end }}
+  {{- if not .Values.peerdb.credentials.passwordExistingSecret }}
   SERVER_PEERDB_PASSWORD: '{{ .Values.peerdb.credentials.password }}'
+  {{- end }}
+  {{- if not .Values.peerdbUI.credentials.nexauthExistingSecret }}
   UI_NEXTAUTH_SECRET: '{{ .Values.peerdbUI.credentials.nexauth_secret | default (randAlphaNum 60) }}'
+  {{- end }}
+{{- end }}

peerdb/templates/peerdb-ui-deployment.yaml

@@ -57,12 +57,20 @@ spec:
           valueFrom:
             secretKeyRef:
               key: UI_PEERDB_PASSWORD
+              {{- if .Values.peerdbUI.credentials.passwordExistingSecret }}
+              name: {{ .Values.peerdbUI.credentials.passwordExistingSecret }}
+              {{- else }}
               name: peerdb-server-ui-secret
+              {{- end }}
         - name: NEXTAUTH_SECRET
           valueFrom:
             secretKeyRef:
               key: UI_NEXTAUTH_SECRET
+              {{- if .Values.peerdbUI.credentials.nexauthExistingSecret }}
+              name: {{ .Values.peerdbUI.credentials.nexauthExistingSecret }}
+              {{- else }}
               name: peerdb-server-ui-secret
+              {{- end }}
         - name: NEXTAUTH_URL
           value: {{ .Values.peerdbUI.service.url }}
         {{- with .Values.peerdbUI.extraEnv -}}

peerdb/values.yaml

@@ -205,7 +205,11 @@ peerdbUI:
   enabled: true
   credentials:
     password: _PEERDB_PASSWORD_
+    # -- Use this existing secret for PeerDB UI Password. Must have `UI_PEERDB_PASSWORD` key.  
+    passwordExistingSecret: ''
     nexauth_secret: ''
+    # -- Use this existing secret for nexauth_secret. Must have `UI_NEXTAUTH_SECRET` key. 
+    nexauthExistingSecret: ''
   extraEnv: []
   lowCost: true
   pods:
@@ -316,6 +320,8 @@ peerdb:
     logDir: "/var/log/peerdb"
   credentials:
     password: "peerdb"
+    # -- Use this existing secret for PeerDB Server Password. Must have `SERVER_PEERDB_PASSWORD` key.
+    passwordExistingSecret: ''
   resources:
     requests:
       cpu: 0.1