Use Dependency check chart to create randomly Generate Postgresql Password

README.md

@@ -8,3 +8,5 @@ CI based on Github Actions, Kind and Chart-testing tool. See [Youtube video](htt
 
 Add the repo:
 `helm repo add evryfs-oss https://evryfs.github.io/helm-charts/`
+
+this repo contains charts for the following deployments

charts/dependency-track/templates/backend/deployment.yaml

@@ -44,8 +44,8 @@ spec:
         - name: ALPINE_DATABASE_PASSWORD
           valueFrom:
             secretKeyRef:
-              name: {{ .Release.Name }}-postgresql
-              key: postgresql-password
+              name: {{- if .Values.postgresql.existingSecret }} {{ .Values.postgresql.existingSecret }} {{ else }} {{ .Release.Name }}-postgresql {{- end }}
+              key: {{ .Values.postgresql.secretKey }}
         - name: ALPINE_DATABASE_USERNAME
           value: {{ .Values.postgresql.postgresqlUsername }}
         {{- end }}

charts/dependency-track/templates/secret-postgres.yaml

@@ -0,0 +1,41 @@
+{{- if .Values.createPostgresqlSecret -}}
+{{- $relname := printf "%s-%s" .Release.Name "postgresql" -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{- if .Values.postgresql.existingSecret }} {{ .Values.postgresql.existingSecret }} {{ else }} {{ $relname }} {{- end }}
+  labels: {{- include "backend.labels.standard" . | nindent 4 }}
+  annotations:
+type: Opaque
+data:
+  {{- if .Release.IsUpgrade }}
+      # check to see if secret already exists in namespace.    
+    {{- if (index (lookup "v1" "Secret" .Release.Namespace $relname ) ) }}
+      postgresql-postgres-password: {{ index (lookup "v1" "Secret" .Release.Namespace $relname ).data "postgresql-password" }}
+      {{ .Values.postgresql.secretKey }}: {{ index (lookup "v1" "Secret" .Release.Namespace $relname ).data "postgresql-password" }}
+    {{- else if (index (lookup "v1" "Secret" .Release.Namespace .Values.postgresql.existingSecret ) ) }}
+      postgresql-postgres-password: {{ index (lookup "v1" "Secret" .Release.Namespace .Values.postgresql.existingSecret ).data "postgresql-password" }}
+      {{ .Values.postgresql.secretKey }}: {{ index (lookup "v1" "Secret" .Release.Namespace .Values.postgresql.existingSecret ).data "postgresql-password" }}
+    {{ else }}
+    # if a secret isn't found when perfroming an upgrade create a new secret.
+      {{- if .Values.postgresql.postgresqlPassword }}
+        postgresql-postgres-password: {{ .Values.postgresql.postgresqlPassword | b64enc | quote }}
+        {{ .Values.postgresql.secretKey }}: {{ .Values.postgresql.postgresqlPassword | b64enc | quote }}
+      {{- else }}
+        {{- $postgresRandomPassword := randAlphaNum 16 | b64enc | quote }}
+        postgresql-postgres-password: {{ $postgresRandomPassword }}
+        {{ .Values.postgresql.secretKey }}: {{ $postgresRandomPassword }}
+      {{- end }}
+    {{- end }}
+  {{ else }}
+# Perform normal install operation
+    {{- if .Values.postgresql.postgresqlPassword }}
+      postgresql-postgres-password: {{ .Values.postgresql.postgresqlPassword | b64enc | quote }}
+      {{ .Values.postgresql.secretKey }}: {{ .Values.postgresql.postgresqlPassword | b64enc | quote }}
+    {{- else }}
+      {{- $postgresRandomPassword := randAlphaNum 16 | b64enc | quote }}
+      postgresql-postgres-password: {{ $postgresRandomPassword }}
+      {{ .Values.postgresql.secretKey }}: {{ $postgresRandomPassword }}
+    {{- end }}
+  {{- end }}
+{{- end }}

charts/dependency-track/values.yaml

@@ -158,10 +158,14 @@ ingress:
     ## allow large bom.xml uploads:
     # nginx.ingress.kubernetes.io/proxy-body-size: 10m
   host: chart-example.local
+
+createPostgresqlSecret: true # create the postgresql secret in Dependency Track chart, outside of the postgresql chart.
 
 # Postgres variables
 postgresql:
   enabled: true
   postgresqlUsername: deptrack
-  postgresqlPassword: deptrack
+  postgresqlPassword: ""
   postgresqlDatabase: deptrack
+  existingSecret: deptrack-postgresql # This is the full name of the secret that will be created 
+  secretKey: postgresql-password