Skip to content

[bitnami/harbor] Feature/external db url secret#4736

Merged
FraPazGal merged 6 commits intobitnami:masterfrom
voor:feature/external-db-url-secret
Dec 16, 2020
Merged

[bitnami/harbor] Feature/external db url secret#4736
FraPazGal merged 6 commits intobitnami:masterfrom
voor:feature/external-db-url-secret

Conversation

@voor
Copy link
Copy Markdown
Contributor

@voor voor commented Dec 16, 2020

TL;DR

  • Allow Postgres endpoints to be defined via environment secretKeyRef
  • Disable SSL by default (no longer nil) for external database
    connections

Detail

This change allows you to define the Postgres endpoint as a secret
value, rather than providing passwords in raw values files. A new secret
template is created for notary to introduce relevant environment
variables for the notary service.

Additionally, the default configuration for externalDatabase.sslmode
was configured as nil. This change explicitly sets disable for both
values.yaml and values-production.yaml.

Chart version received a patch version bump. This could potentially
be seen as a minor version bump, depending on your interpretation of
semantic versioning.

Co-authored-by: @conzetti

Checklist

  • Chart version bumped in Chart.yaml according to semver.
  • Variables are documented in the README.md
  • Title of the PR starts with chart name (e.g. [bitnami/chart])
  • If the chart contains a values-production.yaml apart from values.yaml, ensure that you implement the changes in both files

⚠️ Keep in mind that if you want to make changes to the kubeapps chart, please implement them in the kubeapps repository. This is only a synchronized mirror.

conzetti and others added 3 commits December 4, 2020 16:19
@conzetti @voor
[bitnami/harbor] Define external psql endpoint via secret, set sslmode
d7f2c68 
TL;DR
=====
- Allow Postgres endpoints to be defined via environment secretKeyRef
- Disable SSL by default (no longer `nil`) for external database
  connections

Detail
======
This change allows you to define the Postgres endpoint as a secret
value, rather than providing passwords in raw values files. A new secret
template is created for notary to introduce relevant environment
variables for the notary service.

Additionally, the default configuration for `externalDatabase.sslmode`
was configured as `nil`. This change explicitly sets `disable` for both
`values.yaml` and `values-production.yaml`.

Chart version received a patch version bump. This _could_ potentially
be seen as a minor version bump, depending on your interpretation of
semantic versioning.

Co-authored-by: Robert Van Voorhees <rvanvoorhees@vmware.com>
@voor
Merge remote-tracking branch 'upstream/master' into feature/external-…
7957f60 
…db-url-secret
@voor
Bump chart version.
8de1501
FraPazGal
FraPazGal reviewed Dec 16, 2020
View reviewed changes
Copy link
Copy Markdown
Contributor

@FraPazGal FraPazGal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello @voor,

Thank you very much for opening this PR, it looks good! Could you please take a look at my comments?

voor and others added 2 commits December 16, 2020 10:18
@voor
Update bitnami/harbor/Chart.yaml
351c82a 
Co-authored-by: Francisco de Paz Galán <fdepaz@vmware.com>
@voor
Update bitnami/harbor/templates/notary/notary-secret-envvars.yaml
0bf8e4c 
Co-authored-by: Francisco de Paz Galán <fdepaz@vmware.com>
@voor
Copy link
Copy Markdown
Contributor Author

voor commented Dec 16, 2020

@FraPazGal thank you for the review, added in all suggestions.

FraPazGal
FraPazGal approved these changes Dec 16, 2020
View reviewed changes
Copy link
Copy Markdown
Contributor

@FraPazGal FraPazGal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@FraPazGal FraPazGal merged commit 2df2176 into bitnami:master Dec 16, 2020
MissakaI pushed a commit to MissakaI/bitnami-helm-charts that referenced this pull request Dec 24, 2020
@voor @conzetti @MissakaI
[bitnami/harbor] Feature/external db url secret (bitnami#4736)
4b0a77a 
* [bitnami/harbor] Define external psql endpoint via secret, set sslmode

TL;DR
=====
- Allow Postgres endpoints to be defined via environment secretKeyRef
- Disable SSL by default (no longer `nil`) for external database
  connections

Detail
======
This change allows you to define the Postgres endpoint as a secret
value, rather than providing passwords in raw values files. A new secret
template is created for notary to introduce relevant environment
variables for the notary service.

Additionally, the default configuration for `externalDatabase.sslmode`
was configured as `nil`. This change explicitly sets `disable` for both
`values.yaml` and `values-production.yaml`.

Chart version received a patch version bump. This _could_ potentially
be seen as a minor version bump, depending on your interpretation of
semantic versioning.

Co-authored-by: Robert Van Voorhees <rvanvoorhees@vmware.com>

* Bump chart version.

* Update bitnami/harbor/Chart.yaml

Co-authored-by: Francisco de Paz Galán <fdepaz@vmware.com>

* Update bitnami/harbor/templates/notary/notary-secret-envvars.yaml

Co-authored-by: Francisco de Paz Galán <fdepaz@vmware.com>

* Need this for all values since it's referencing the data file not stringdata now.

Co-authored-by: conzetti <conzetti@gmail.com>
Co-authored-by: Francisco de Paz Galán <fdepaz@vmware.com>
@marcosbc marcosbc mentioned this pull request Jan 19, 2021
Closed
4 tasks
@voor voor deleted the feature/external-db-url-secret branch September 9, 2025 21:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@FraPazGal FraPazGal FraPazGal approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@voor @FraPazGal @conzetti