github/infisical
1
0
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2026-01-08 23:18:05 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add support for existing pg secret

Browse Source
This commit is contained in:
Maidul Islam
2024-10-09 23:43:37 -07:00
parent fd254fbeec
commit f186ce9649
4 changed files with 35 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
helm-charts/infisical-standalone-postgres/templates/infisical.yaml
View File

@@ -55,6 +55,13 @@ spec:
ports:
- containerPort: 8080
env:
{{- if .Values.postgresql.useExistingPostgresSecret.enabled }}
- name: DB_CONNECTION_URI
valueFrom:
secretKeyRef:
name: {{ .Values.postgresql.useExistingPostgresSecret.existingConnectionStringSecret.name }}
key: {{ .Values.postgresql.useExistingPostgresSecret.existingConnectionStringSecret.key }}
{{- end }}
{{- if .Values.postgresql.enabled }}
- name: DB_CONNECTION_URI
value: {{ include "infisical.postgresDBConnectionString" . }}

8
helm-charts/infisical-standalone-postgres/templates/jobs-rbac.yaml
View File

@@ -2,6 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: k8s-wait-for-infisical-schema-migration
namespace: {{ .Release.Namespace }}
rules:
- apiGroups: ["batch"]
resources: ["jobs"]
@@ -10,11 +11,12 @@ rules:
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: default
name: infisical-database-schema-migration
namespace: {{ .Release.Namespace }}
subjects:
- kind: ServiceAccount
name: default
namespace: {{ .Release.Namespace }}
name: {{ .Values.infisical.databaseSchemaMigrationJob.serviceAccountName | default "default" }}
namespace: {{ .Values.infisical.databaseSchemaMigrationJob.serviceAccountNamespace | default .Release.Namespace }}
roleRef:
kind: Role
name: k8s-wait-for-infisical-schema-migration

8
helm-charts/infisical-standalone-postgres/templates/schema-migration-job.yaml
View File

@@ -16,6 +16,7 @@ spec:
app.kubernetes.io/instance: {{ .Release.Name | quote }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
spec:
serviceAccountName: {{ .Values.infisical.databaseSchemaMigrationJob.serviceAccountName | default "default" }}
{{- if $infisicalValues.image.imagePullSecrets }}
imagePullSecrets:
{{- toYaml $infisicalValues.image.imagePullSecrets | nindent 6 }}
@@ -26,6 +27,13 @@ spec:
image: "{{ $infisicalValues.image.repository }}:{{ $infisicalValues.image.tag }}"
command: ["npm", "run", "migration:latest"]
env:
{{- if .Values.postgresql.useExistingPostgresSecret.enabled }}
- name: DB_CONNECTION_URI
valueFrom:
secretKeyRef:
name: {{ .Values.postgresql.useExistingPostgresSecret.existingConnectionStringSecret.name }}
key: {{ .Values.postgresql.useExistingPostgresSecret.existingConnectionStringSecret.key }}
{{- end }}
{{- if .Values.postgresql.enabled }}
- name: DB_CONNECTION_URI
value: {{ include "infisical.postgresDBConnectionString" . }}

15
helm-charts/infisical-standalone-postgres/values.yaml
View File

@@ -5,6 +5,10 @@ infisical:
enabled: true
name: infisical
autoDatabaseSchemaMigration: true
databaseSchemaMigrationJob:
serviceAccountNamespace: default
serviceAccountName: default
fullnameOverride: ""
podAnnotations: {}
deploymentAnnotations: {}
@@ -18,6 +22,7 @@ infisical:
affinity: {}
kubeSecretRef: "infisical-secrets"
service:
annotations: {}
type: ClusterIP
@@ -43,6 +48,7 @@ ingress:
# - some.domain.com
postgresql:
# -- When enabled, this will start up a in cluster Postgres
enabled: true
name: "postgresql"
fullnameOverride: "postgresql"
@@ -50,6 +56,15 @@ postgresql:
username: infisical
password: root
database: infisicalDB
useExistingPostgresSecret:
# -- When this is enabled, postgresql.enabled needs to be false
enabled: false
# -- The name from where to get the existing postgresql connection string
existingConnectionStringSecret:
# -- The name of the secret that contains the postgres connection string
name: ""
# -- Secret key name that contains the postgres connection string
key: ""
redis:
enabled: true