Add ability to use existing postgres server with infisical-standalone helm chart. Fixes #1765 #1766
Conversation
…re to get connection URI Signed-off-by: Razvan Valceanu <razvan.valceanu@metaminds.com>
Signed-off-by: Razvan Valceanu <razvan.valceanu@metaminds.com>
Signed-off-by: Razvan Valceanu <razvan.valceanu@metaminds.com>
|
While waiting for this to be approved I also tested this in my production environment. Works as intended. |
|
Hey @mpsOxygen, you should already be able to do this when you disable the in cluster Postgres and set your own postgres connection URL via |
|
Hello @maidul98, I know about kubeSecretRef: "infisical-secrets", but I now realize I did not explain my use case correctly. I use an operator to take care of postgres. When it spins up a postgres cluster for me, it creates a secret with all needed information (db name, user, pass, uri, etc). The password for example is randomly generated each time a cluster is spun up. Or it maybe even changes. The operator takes care of everything and puts it in a secret it creates and manages. All I need from my apps is to say: get your DB_CONNECTION_URI from the secret the operator created. So while I know about the secret that gives infisical it's ENVs, using it would mean to manually update it every time something changes. This patch fixes my problem because I just tell infisical the name of the secret the postgres operator uses to keep postgres connection info. |
|
Any updates on this? I am willing to make any changes necessary to the code to get it merged. |
|
I'm also using cnpg postgres and would like to see this one merged. |
|
Any updates on this? I am willing to make any changes necessary to the code to get it merged. |
There was a problem hiding this comment.
Thanks for the PR, i understand your usecase. Currently, we have:
{{- if .Values.postgresql.enabled }}
- name: DB_CONNECTION_URI
value: {{ include "infisical.postgresDBConnectionString" . }}
{{- end }}
I think what might make it user for the rest of the user is if we instead have the default connection URL be from {{ include "infisical.postgresDBConnectionString" . }} or user defined one. User defined one can be from the infisical-secret if defined or from the custom one you are adding here.
Does this make sense? If so, can you please make these changes? Thanks
|
It's not clear exactly what changes you want. The current PR leaves current functionality untouched, it just adds an option to enable defining a preexisting secret with the connection string. Could you be more specific please? |
|
I see what you are pointing out @mpsOxygen - I am facing the same issues with the chart. In my case, I still want to use the postgres server provided in the charts, but I do not want to expose my secrets in a values file. Which should leave me with an option to pass an existing secret. |
|
@davidshare You could just use the bitami Postgres chart functionality for that: https://artifacthub.io/packages/helm/bitnami/postgresql?modal=values The path is: postgresql.auth.existingSecret |
|
@mpsOxygen have you had clarity from @maidul98 ? I would love to see this merged to use easily with cnpg |
|
@cook1emr unfortunately no. |
Description 📣
This adds the option to use a existing Postgres instance with the infisical-standalone helm chart. It uses an existing secret to get the database connection URI.
Fixes: #1765
Type ✨
Tests 🛠️
I set the values and run helm template .