lemmy: Fix handling of PostgreSQL password

This commit is contained in:
Alexander Olofsson 2023-06-22 14:28:43 +02:00
parent 92f42871e4
commit 607cbdab8f
No known key found for this signature in database
GPG key ID: D439C9470CB04C73
3 changed files with 25 additions and 3 deletions

View file

@ -41,3 +41,7 @@ You can visit the service at the following URL;
You can retrieve the default admin password with; You can retrieve the default admin password with;
kubectl get secrets --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "lemmy.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=backend" -o jsonpath="{.items[0].data.admin_password}" | base64 -d kubectl get secrets --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "lemmy.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=backend" -o jsonpath="{.items[0].data.admin_password}" | base64 -d
{{- end }} {{- end }}
{{- if not (or .Values.postgresql.auth.existingSecret .Values.postgresql.auth.password) }}
The postgres password might not be read correctly on first install, if Lemmy fails to start, an "upgrade" with the same values should resolve this.
{{- end }}

View file

@ -183,7 +183,11 @@ Set postgresql password
{{- .Values.postgresql.auth.password -}} {{- .Values.postgresql.auth.password -}}
{{- else -}} {{- else -}}
{{- $existing := lookup "v1" "Secret" .Release.Namespace (include "lemmy.postgresql.secret" .) -}} {{- $existing := lookup "v1" "Secret" .Release.Namespace (include "lemmy.postgresql.secret" .) -}}
{{- if $existing -}}
{{- $existing.data.password | b64dec -}} {{- $existing.data.password | b64dec -}}
{{- else }}
postgres
{{- end -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}

View file

@ -40,13 +40,27 @@ spec:
{{- toYaml .Values.backend.securityContext | nindent 12 }} {{- toYaml .Values.backend.securityContext | nindent 12 }}
image: "{{ .Values.backend.image.repository | default .Values.image.repository }}:{{ .Values.backend.image.tag | default .Values.image.tag | default .Chart.AppVersion }}" image: "{{ .Values.backend.image.repository | default .Values.image.repository }}:{{ .Values.backend.image.tag | default .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.backend.image.pullPolicy | default .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.backend.image.pullPolicy | default .Values.image.pullPolicy }}
{{- with .Values.backend.env }} {{- if or (not .Values.postgresql.auth.password) .Values.backend.env }}
env: env:
{{- if not .Values.postgresql.auth.password }}
- name: PGPASSWORD
valueFrom:
secretKeyRef:
{{- if .Values.postgresql.auth.existingSecret }}
key: {{ .Values.postgresql.auth.secretKeys.userPasswordKey | default "password" }}
name: {{ .Values.postgresql.auth.existingSecret }}
{{- else }}
key: password
name: {{ include "lemmy.postgresql.secret" . }}
{{- end }}
{{- end }}
{{- with .Values.backend.env }}
{{- range $key, $value := . }} {{- range $key, $value := . }}
- name: {{ $key }} - name: {{ $key }}
value: {{ $value | toString | quote }} value: {{ $value | toString | quote }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }}
{{- with .Values.backend.envFrom }} {{- with .Values.backend.envFrom }}
envFrom: envFrom:
{{- toYaml . | nindent 12 }} {{- toYaml . | nindent 12 }}