fix: bootstrap postgresqlPassword (#437)

it needs to be provided as it can't be changed after initial deployment
redkubes · Jun 16, 2021 · 91359cd · 91359cd
1 parent 317ca42
commit 91359cd
Show file tree

Hide file tree

Showing 15 changed files with 39 additions and 10 deletions.
diff --git a/profiles/common/env/charts/drone.yaml b/profiles/common/env/charts/drone.yaml
@@ -1,3 +1,3 @@
 charts:
     drone:
-        enabled: false
+        enabled: true
diff --git a/profiles/common/env/charts/gitea.yaml b/profiles/common/env/charts/gitea.yaml
@@ -1,3 +1,3 @@
 charts:
     gitea:
-        enabled: false
+        enabled: true
diff --git a/profiles/common/env/charts/keycloak.yaml b/profiles/common/env/charts/keycloak.yaml
@@ -1,5 +1,6 @@
 charts:
     keycloak:
+        enabled: true
         idp:
             alias: redkubes-azure
             clientID: otomi

diff --git a/profiles/common/env/charts/kubeapps.yaml b/profiles/common/env/charts/kubeapps.yaml
@@ -0,0 +1,3 @@
+charts:
+    kubeapps:
+        enabled: true
diff --git a/profiles/common/env/charts/secrets.gitea.yaml b/profiles/common/env/charts/secrets.gitea.yaml
@@ -0,0 +1,3 @@
+charts:
+    gitea:
+        postgresqlPassword: LrFNTOV78Yubm7CGk3CPGchP4EbPlQw
diff --git a/profiles/common/env/charts/secrets.keycloak.yaml b/profiles/common/env/charts/secrets.keycloak.yaml
@@ -2,3 +2,4 @@ charts:
     keycloak:
         idp:
             clientSecret: 'mnf9adfgjwr23m4das'
+        postgresqlPassword: kz5Fh7GeOOUp1TcaFd8kkun6dTx4clj
diff --git a/profiles/common/env/charts/secrets.kubeapps.yaml b/profiles/common/env/charts/secrets.kubeapps.yaml
@@ -0,0 +1,3 @@
+charts:
+    kubeapps:
+        postgresqlPassword: gGdkDyR2Oaj3SOPdsCWtaYP1zjD898Z
diff --git a/tests/fixtures/env/charts/kubeapps.yaml b/tests/fixtures/env/charts/kubeapps.yaml
@@ -0,0 +1,3 @@
+charts:
+    kubeapps:
+        enabled: true
diff --git a/tests/fixtures/env/charts/secrets.gitea.yaml b/tests/fixtures/env/charts/secrets.gitea.yaml
@@ -2,3 +2,4 @@ charts:
     gitea:
         admin:
             password: bladibla
+        postgresqlPassword: postgresqlPassword
diff --git a/tests/fixtures/env/charts/secrets.keycloak.yaml b/tests/fixtures/env/charts/secrets.keycloak.yaml
@@ -2,3 +2,4 @@ charts:
     keycloak:
         idp:
             clientSecret: somsecretvalue
+        postgresqlPassword: postgresqlPassword
diff --git a/tests/fixtures/env/charts/secrets.kubeapps.yaml b/tests/fixtures/env/charts/secrets.kubeapps.yaml
@@ -0,0 +1,3 @@
+charts:
+    kubeapps:
+        postgresqlPassword: postgresqlPassword
diff --git a/values-schema.yaml b/values-schema.yaml
@@ -1031,6 +1031,10 @@ properties:
             type: string
           postgresqlPassword:
             type: string
+            description: Once set and deployed it cannot be changed with manual intervention.
+        required:
+          - enabled
+          - postgresqlPassword
       harbor:
         additionalProperties: false
         properties:
@@ -1300,6 +1304,7 @@ properties:
                 type: string
           postgresqlPassword:
             type: string
+            description: Once set and deployed it cannot be changed with manual intervention.
           resources:
             additionalProperties: false
             properties:
@@ -1312,6 +1317,9 @@ properties:
               - default
               - otomi
             type: string
+        required:
+          - enabled
+          - postgresqlPassword
       kubeapps:
         additionalProperties: false
         properties:
@@ -1320,6 +1328,10 @@ properties:
             type: boolean
           postgresqlPassword:
             type: string
+            description: Once set and deployed it cannot be changed with manual intervention.
+        required:
+          - enabled
+          - postgresqlPassword
       kubernetes-external-secrets:
         additionalProperties: false
         properties:

diff --git a/values/gitea/gitea.gotmpl b/values/gitea/gitea.gotmpl
@@ -8,7 +8,6 @@
 {{- $giteaDomain := printf "gitea.%s" $v.cluster.domainSuffix }}
 {{- $stage := $v.charts | get "cert-manager.stage" "production" }}
 {{- $skipVerify := eq $stage "staging" }}
-{{- $rnd := randAlpha 32 }}
 
 nameOverride: gitea
 fullnameOverride: gitea
@@ -96,8 +95,8 @@ postgresql:
     size: 1Gi
   global:
     postgresql:
-      postgresqlPassword: {{ $g | get "postgresqlPassword" $rnd }}
-      postgresqlPostgresPassword: {{ $g | get "postgresqlPassword" $rnd }}
+      postgresqlPassword: {{ $g | get "postgresqlPassword" }}
+      postgresqlPostgresPassword: {{ $g | get "postgresqlPassword" }}
   resources:
     limits:
       memory: 512Mi

diff --git a/values/keycloak/keycloak.gotmpl b/values/keycloak/keycloak.gotmpl
@@ -99,7 +99,7 @@ postgresql:
     enabled: true
     fsGroup: 1001
     runAsUser: 1001
-  postgresqlPassword: {{ $k | get "postgresqlPassword" (randAlpha 32) }}
+  postgresqlPassword: {{ $k | get "postgresqlPassword" }}
   persistence:
     enabled: {{ $k | get "postgresql.persistence.enabled" (eq $dbVendor "postgres") }} 
   metrics:

diff --git a/values/kubeapps/kubeapps.gotmpl b/values/kubeapps/kubeapps.gotmpl
@@ -1,6 +1,5 @@
 {{- $v := .Values }}
 {{- $k := $v | get "charts.kubeapps" dict }}
-{{- $rnd := randAlpha 32 }}
 assetsvc:
   resources:
     limits:
@@ -24,10 +23,10 @@ metrics:
 
 postgresql:
   existingSecret: null
-  postgresqlPassword: {{ $k | get "postgresqlPassword" $rnd }}
-  postgresqlPostgresPassword: {{ $k | get "postgresqlPassword" $rnd }}
+  postgresqlPassword: {{ $k | get "postgresqlPassword" }}
+  postgresqlPostgresPassword: {{ $k | get "postgresqlPassword" }}
   replication:
-    password: {{ $k | get "postgresqlPassword" $rnd }}
+    password: {{ $k | get "postgresqlPassword" }}
   resources:
     limits:
       memory: 768Mi