postgres-ng: allow using custom secrets

common/postgresql-ng/ci/test-values.yaml

@@ -4,5 +4,9 @@ global:
   registry: keppel.example.com/ccloud
   registryAlternateRegion: keppel.example.org/ccloud
 
+tableOwner: acme-user
 users:
   acme-user:
+  acme-user2:
+    secretName: mySecret
+    secretKey: myKey

common/postgresql-ng/templates/deployment.yaml

@@ -53,7 +53,7 @@ spec:
         - name: DEPLOYMENT_NAME
           value: {{ $deployment_name }}
         - name: USERS
-          value: {{ keys (.Values.users | required ".Values.users must be configured") | sortAlpha | join " " | quote }}
+          value: "{{ range $user, $settings := (.Values.users | required ".Values.users must be configured") }}{{ if and (typeIs "map[string]interface {}" $settings) (hasKey $settings "secretName") }}{{ $user }} {{ end }}{{ end }}"
         command: [ ash, -c, {{ .Files.Get "bin/init-generate-secrets.sh" | quote }} ]
 
       containers:
@@ -87,8 +87,13 @@ spec:
         - name: USER_PASSWORD_{{ $user | replace "-" "_" }}
           valueFrom:
             secretKeyRef:
+        {{- if not (and (typeIs "map[string]interface {}" $settings) (and (hasKey $settings "secretName") (hasKey $settings "secretKey"))) }}
               name: {{ $.Release.Name }}-pguser-{{ $user }}
               key: postgres-password
+        {{- else }}
+              name: {{ $settings.secretName }}
+              key:  {{ $settings.secretKey }}
+        {{- end }}
         {{- end }}
 
         ports:

common/postgresql-ng/values.yaml

@@ -44,6 +44,9 @@ users:
     # For example, a read-only application user would need `GRANT CONNECT,SELECT ON DATABASE "%PGDATABASE%"`
     #grant:
     #- '"GRANT CONNECT,SELECT ON DATABASE "%PGDATABASE%"'
+    # If auto generating secrets doesn't work for you, you can also create them manually and refence them here:
+    #secretName: mySecret
+    #secretKey: myKey
 
 # Set the database owner and alter the table owner to this user.
 # tableOwner: acme-user