From 607cbdab8f01bbb0ee2759e618981f536426eb59 Mon Sep 17 00:00:00 2001
From: Alexander Olofsson <ace@haxalot.com>
Date: Thu, 22 Jun 2023 14:28:43 +0200
Subject: [PATCH] lemmy: Fix handling of PostgreSQL password

---
 charts/lemmy/templates/NOTES.txt               |  4 ++++
 charts/lemmy/templates/_helpers.tpl            |  6 +++++-
 charts/lemmy/templates/deployment-backend.yaml | 18 ++++++++++++++++--
 3 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/charts/lemmy/templates/NOTES.txt b/charts/lemmy/templates/NOTES.txt
index 30e1b6e..9defee6 100644
--- a/charts/lemmy/templates/NOTES.txt
+++ b/charts/lemmy/templates/NOTES.txt
@@ -41,3 +41,7 @@ You can visit the service at the following URL;
 You can retrieve the default admin password with;
   kubectl get secrets --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "lemmy.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=backend" -o jsonpath="{.items[0].data.admin_password}" | base64 -d
 {{- end }}
+{{- if not (or .Values.postgresql.auth.existingSecret .Values.postgresql.auth.password) }}
+
+The postgres password might not be read correctly on first install, if Lemmy fails to start, an "upgrade" with the same values should resolve this.
+{{- end }}
diff --git a/charts/lemmy/templates/_helpers.tpl b/charts/lemmy/templates/_helpers.tpl
index 8e96513..bc53b5c 100644
--- a/charts/lemmy/templates/_helpers.tpl
+++ b/charts/lemmy/templates/_helpers.tpl
@@ -183,7 +183,11 @@ Set postgresql password
 {{-     .Values.postgresql.auth.password -}}
 {{-   else -}}
 {{-     $existing := lookup "v1" "Secret" .Release.Namespace (include "lemmy.postgresql.secret" .) -}}
-{{-     $existing.data.password | b64dec -}}
+{{-     if $existing -}}
+{{-       $existing.data.password | b64dec -}}
+{{-     else }}
+postgres
+{{-     end -}}
 {{-   end -}}
 {{- end -}}
 {{- end -}}
diff --git a/charts/lemmy/templates/deployment-backend.yaml b/charts/lemmy/templates/deployment-backend.yaml
index f4dc68f..47b4921 100644
--- a/charts/lemmy/templates/deployment-backend.yaml
+++ b/charts/lemmy/templates/deployment-backend.yaml
@@ -40,11 +40,25 @@ spec:
             {{- toYaml .Values.backend.securityContext | nindent 12 }}
           image: "{{ .Values.backend.image.repository | default .Values.image.repository }}:{{ .Values.backend.image.tag | default .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.backend.image.pullPolicy | default .Values.image.pullPolicy }}
-          {{- with .Values.backend.env }}
+          {{- if or (not .Values.postgresql.auth.password) .Values.backend.env }}
           env:
-            {{- range $key, $value := . }}
+            {{- if not .Values.postgresql.auth.password }}
+            - name: PGPASSWORD
+              valueFrom:
+                secretKeyRef:
+              {{- if .Values.postgresql.auth.existingSecret }}
+                  key: {{ .Values.postgresql.auth.secretKeys.userPasswordKey | default "password" }}
+                  name: {{ .Values.postgresql.auth.existingSecret }}
+              {{- else }}
+                  key: password
+                  name: {{ include "lemmy.postgresql.secret" . }}
+              {{- end }}
+            {{- end }}
+            {{- with .Values.backend.env }}
+              {{- range $key, $value := . }}
             - name: {{ $key }}
               value: {{ $value | toString | quote }}
+              {{- end }}
             {{- end }}
           {{- end }}
           {{- with .Values.backend.envFrom }}