fix: install DB job to use external credentials when available

Author: vape-egt-digital

tbmq/templates/_helpers.tpl

@@ -76,12 +76,15 @@
 {{/*Return redis cluster configurations environment variables for tbmq services*/}}
 {{- define "tbmq.redis.configuration.ref"}}
 - configMapRef:
-    name: {{ .Release.Name }}-redis-config
-{{- end}}
+    name: {{ .Values.externalRedis.existingConfigMap | default (printf "%s-redis-config" .Release.Name) }}
+{{- end }}
 
 {{/*Returns redis cluster secret name*/}}
 {{- define "tbmq.redis.secretName" -}}
 {{- $redis := index .Values "redis-cluster" }}
+{{- if not $redis.enabled -}}
+{{- .Values.externalRedis.existingSecret -}}
+{{- else -}}
 {{- if $redis.existingSecret }}
 {{- $redis.existingSecret }}
 {{- else if $redis.fullnameOverride }}
@@ -92,18 +95,19 @@
 {{- printf "%s-redis-cluster" .Release.Name }}
 {{- end }}
 {{- end }}
+{{- end }}
 
 {{/*Returns redis cluster secret key*/}}
 {{- define "tbmq.redis.secretKey" -}}
 {{- $redis := index .Values "redis-cluster" }}
-{{- if $redis.existingSecret -}}
+{{- if not $redis.enabled }}
+{{- .Values.externalRedis.existingSecretKey -}}
+{{- else if $redis.existingSecret}}
 {{ $redis.existingSecretPasswordKey | default "REDIS_PASSWORD" }}
 {{- else -}}
 redis-password
-{{- end -}}
 {{- end }}
-
-
+{{- end }}
 
 {{/*Return redis cluster nodes*/}}
 {{- define "tbmq.redis.nodes" -}}
@@ -119,13 +123,17 @@ redis-password
 {{/*Return postgresql configurations environment variables for tbmq services*/}}
 {{- define "tbmq.postgres.configuration.ref"}}
 - configMapRef:
-    name: {{ .Release.Name }}-postgres-config
-{{- end}}
+    name: {{ .Values.externalPostgresql.existingConfigMap | default (printf "%s-postgres-config" .Release.Name) }}
+{{- end }}
 
 {{/*Return postgresql secret name*/}}
 {{- define "tbmq.postgres.secretName" -}}
 {{- if not .Values.postgresql.enabled }}
+{{- if .Values.externalPostgresql.existingSecret }}
+{{- .Values.externalPostgresql.existingSecret }}
+{{- else -}}
 {{- printf "%s-postgres-external" .Release.Name }}
+{{- end }}
 {{- else if .Values.postgresql.auth.existingSecret }}
 {{- .Values.postgresql.auth.existingSecret }}
 {{- else if .Values.postgresql.fullnameOverride }}
@@ -137,10 +145,15 @@ redis-password
 {{- end }}
 {{- end }}
 
+
 {{/*Return postgresql secret key*/}}
-{{- define "tbmq.postgres.secretKey" -}}
+{{- define "tbmq.postgres.secretPasswordKey" -}}
 {{- if not .Values.postgresql.enabled -}}
+{{- if .Values.externalPostgresql.existingSecretPasswordKey -}}
+{{- .Values.externalPostgresql.existingSecretPasswordKey -}}
+{{- else -}}
 external-postgres-password
+{{- end }}
 {{- else if .Values.postgresql.auth.existingSecret }}
     {{- if and .Values.postgresql.auth.enablePostgresUser (not .Values.postgresql.auth.username) -}}
         {{- .Values.postgresql.auth.secretKeys.adminPasswordKey }}
@@ -156,6 +169,17 @@ external-postgres-password
 {{- end -}}
 {{- end }}
 
+{{/*Return postgresql secret key*/}}
+{{- define "tbmq.postgres.secretUsernameKey" -}}
+{{- if not .Values.postgresql.enabled -}}
+{{- if .Values.externalPostgresql.existingSecretUsernameKey -}}
+{{- .Values.externalPostgresql.existingSecretUsernameKey -}}
+{{- else -}}
+external-postgres-username
+{{- end }}
+{{- end }}
+{{- end }}
+
 {{/*Return postgres host*/}}
 {{- define "tbmq.postgres.host" -}}
 {{- if .Values.postgresql.enabled -}}
@@ -204,8 +228,8 @@ external-postgres-password
 {{/*Return kafka configurations environment variables for tbmq services*/}}
 {{- define "tbmq.kafka.configuration.ref"}}
 - configMapRef:
-    name: {{ .Release.Name }}-kafka-config
-{{- end}}
+    name: {{ .Values.externalKafka.existingConfigMap | default (printf "%s-kafka-config" .Release.Name) }}
+{{- end }}
 
 {{/*Return kafka servers environment variables for tbmq services*/}}
 {{- define "tbmq.kafka.servers" -}}
@@ -238,15 +262,20 @@ external-postgres-password
       value: {{ include "tbmq.postgres.host" . | quote }}
     - name: PGDATABASE
       value: {{ include "tbmq.postgres.database" . | quote }}
-    - name: PGUSER
-      value: {{ include "tbmq.postgres.username" . | quote }}
     - name: QUERY_TO_VALIDATE_DATA
       value: {{ $query | quote }}
     - name: PGPASSWORD
       valueFrom:
         secretKeyRef:
           name: {{ include "tbmq.postgres.secretName" . }}
-          key: {{ include "tbmq.postgres.secretKey" . }}
+          key: {{ include "tbmq.postgres.secretPasswordKey" . }}
+    {{- if .Values.externalPostgresql.existingSecretUsernameKey }}
+    - name: PGUSER
+      valueFrom:
+          secretKeyRef:
+            name: {{ include "tbmq.postgres.secretName" . }}
+            key: {{ include "tbmq.postgres.secretUsernameKey" . }}
+    {{- end }}
   command:
     - bash
   args:

tbmq/templates/install/post-install-job.yml

@@ -74,8 +74,15 @@ spec:
           valueFrom:
             secretKeyRef:
               name: {{ include "tbmq.postgres.secretName" . }}
-              key: {{ include "tbmq.postgres.secretKey" . }}
-        {{- if index .Values "redis-cluster" "usePassword" }}
+              key: {{ include "tbmq.postgres.secretPasswordKey" . }}
+        {{- if .Values.externalPostgresql.existingSecretUsernameKey }}
+        - name: SPRING_DATASOURCE_USER
+          valueFrom:
+              secretKeyRef:
+                name: {{ include "tbmq.postgres.secretName" . }}
+                key: {{ include "tbmq.postgres.secretUsernameKey" . }}
+        {{- end }}
+        {{- if or (index .Values "redis-cluster" "usePassword") .Values.externalRedis.existingSecret }}
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:

tbmq/templates/kafka/kafka-configmap.yml

@@ -1,4 +1,4 @@
-{{- if empty .Values.kafka.existingConfigMap }}
+{{- if and (empty .Values.kafka.existingConfigMap) .Values.kafka.enabled }}
 {{- $namespace := .Release.Namespace -}}
 {{- $releaseName := .Release.Name }}
 apiVersion: v1

tbmq/templates/postgres/postgres-secret.yml

@@ -1,4 +1,4 @@
-{{- if not .Values.postgresql.enabled }}
+{{- if and (not .Values.postgresql.enabled) (not .Values.externalPostgresql.existingSecret) }}
 {{- $namespace := .Release.Namespace -}}
 {{- $releaseName := .Release.Name }}
 apiVersion: v1

tbmq/templates/redis/redis-configmap.yml

@@ -1,4 +1,4 @@
-{{- if empty (index .Values "redis-cluster" "existingConfigMap") }}
+{{- if and (empty (index .Values "redis-cluster" "existingConfigMap")) (index .Values "redis-cluster" "enabled") }}
 {{- $namespace := .Release.Namespace -}}
 {{- $releaseName := .Release.Name }}
 {{- $redisName := index .Values "redis-cluster" "nameOverride" }}

tbmq/templates/tbmq/tbmq-statefulset.yml

@@ -81,8 +81,15 @@ spec:
               valueFrom:
                 secretKeyRef:
                   name: {{ include "tbmq.postgres.secretName" . }}
-                  key: {{ include "tbmq.postgres.secretKey" . }}
-            {{- if index .Values "redis-cluster" "usePassword" }}
+                  key: {{ include "tbmq.postgres.secretPasswordKey" . }}
+            {{- if .Values.externalPostgresql.existingSecretUsernameKey }}
+            - name: SPRING_DATASOURCE_USER
+              valueFrom:
+                  secretKeyRef:
+                    name: {{ include "tbmq.postgres.secretName" . }}
+                    key: {{ include "tbmq.postgres.secretUsernameKey" . }}
+            {{- end }}
+            {{- if or (index .Values "redis-cluster" "usePassword") .Values.externalRedis.existingSecret }}
             - name: REDIS_PASSWORD
               valueFrom:
                 secretKeyRef:
@@ -144,4 +151,4 @@ spec:
         - name: {{ $releaseName }}-tbmq-node-logs
           emptyDir: { }
         - name: {{ printf "%s-tbmq-node-data" $releaseName }}
-          emptyDir: { }
+          emptyDir: { }

tbmq/values.yaml

@@ -368,9 +368,13 @@ tbmq-ie:
 # This section will bring bitnami/redis-cluster (https://artifacthub.io/packages/helm/bitnami/redis-cluster) into this chart.
 # If you want to add some extra configuration parameters, you can put them under the `redis-cluster` key, and they will be passed to bitnami/redis-cluster chart.
 redis-cluster:
+  enabled: true
   ## @param nameOverride String to partially override common.names.fullname template (will maintain the release name)
   ##
   nameOverride: "redis"
+  ## @param Should use password?
+  ##
+  usePassword: false
   ## @param password Redis® password (ignored if existingSecret set)
   ## Defaults to a random 10-character alphanumeric string if not set and usePassword is true
   ## ref: https://github.com/bitnami/containers/tree/main/bitnami/redis#setting-the-server-password-on-first-run
@@ -381,7 +385,7 @@ redis-cluster:
   existingSecret: ""
   ## @param existingSecretPasswordKey Name of key containing password to be retrieved from the existing secret
   ##
-  existingSecretPasswordKey: ""
+  existingSecretKey: ""
   ## Pod Disruption Budget configuration
   ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
   ##
@@ -396,7 +400,6 @@ redis-cluster:
   ## @section Redis® statefulset parameters
   ##
   redis:
-    enabled: true
     ## @param redis.useAOFPersistence Whether to use AOF Persistence mode or not
     ## It is strongly recommended to use this type when dealing with clusters
     ## ref: https://redis.io/topics/persistence#append-only-file
@@ -523,6 +526,18 @@ redis-cluster:
     ##
     resources: {}
 
+# If you're deploying Redis externally, configure this section
+externalRedis:
+  # param existingConfigMap Name of an existing ConfigMap that will override Redis configurations.
+  ##
+  existingConfigMap: ""
+  # @param existingSecret Name of existing secret object (for password authentication)
+  ##
+  existingSecret: ""
+  # @param existingSecretKey Name of key containing password to be retrieved from the existing secret
+  ##
+  existingSecretKey: ""
+
 # If you're deploying PostgreSQL externally, configure this section
 externalPostgresql:
   # @param host - External PostgreSQL server host
@@ -539,12 +554,28 @@ externalPostgresql:
   # @param database - PostgreSQL database name for TBMQ
   ##
   database: "thingsboard_mqtt_broker"
+  # param existingConfigMap Name of an existing ConfigMap that will override Postgres configurations.
+  ##
+  existingConfigMap: ""
+  # @param existingSecret - existing secret having the credentials to the Postgresql database instance
+  ##
+  existingSecret: ""
+  # @param existingSecretPasswordKey - key in existing secret having the credentials to the Postgresql database instance
+  ##
+  existingSecretPasswordKey: ""
+  # @param existingSecretUsernameKey - key in existing secret having the credentials to the Postgresql database instance
+  ##
+  existingSecretUsernameKey: ""
+
+externalKafka:
+  # Name of an existing ConfigMap that will override Kafka configurations.
+  existingConfigMap: ""
 
 # This section will bring bitnami/postgresql (https://artifacthub.io/packages/helm/bitnami/postgresql) into this chart.
 #  If you want to add some extra configuration parameters, you can put them under the `postgresql` key, and they will be passed to bitnami/postgresql chart
 postgresql:
   # @param enabled If enabled is set to true, externalPostgresql configuration will be ignored
-  enabled: true
+  enabled: false
   ## @param nameOverride String to partially override common.names.fullname template (will maintain the release name)
   ##
   nameOverride: "postgresql"
@@ -812,8 +843,6 @@ kafka:
       ##     memory: 1024Mi
       ##
       resources: {}
-  # Name of an existing ConfigMap that will override Kafka configurations.
-  existingConfigMap: ""
 # Load Balancer Configuration
 # This section defines the load balancer settings for TBMQ.
 # Supported types:
@@ -835,7 +864,7 @@ loadbalancer:
     annotations: {}
     ssl:
       # Hosts to be configured for the ingress.
-      hosts: {}
+      hosts: []
       # Secret name with the certificate for the ssl termination.
       secretName: ""
       # Enables HTTPS termination at the load balancer level.