Include logic to generated postgres-password if not set via values.yml

charts/bpndiscovery/templates/deployment.yaml

@@ -66,6 +66,8 @@ spec:
           envFrom:
             - secretRef:
                 name: {{ $sec_name }}
+            - secretRef:
+                name: {{ .Values.postgresql.auth.existingSecret }}
           resources:
 {{ .Values.bpndiscovery.resources | toYaml | indent 12 }}
       imagePullSecrets:

charts/bpndiscovery/templates/postgres-init.yaml

@@ -0,0 +1,48 @@
+# Copyright (c) 2023 Robert Bosch Manufacturing Solutions GmbH
+# Copyright (c) 2023 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+{{- if .Values.enablePostgres }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.postgresql.auth.existingSecret }}
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": pre-install
+type: Opaque
+# Check if secret exists
+{{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.postgresql.auth.existingSecret) }}
+{{ if $secret -}}
+data:
+  {{- $password:= ( .Values.postgresql.auth.password | b64enc) | default ( index $secret.data "password" ) | quote }}
+  postgres-password: {{ $password }}
+  password: {{ $password }}
+  SPRING_DATASOURCE_PASSWORD: {{ $password }}
+  SPRING_DATASOURCE_URL: {{ printf "jdbc:postgresql://%s-postgresql:%v/%s" .Release.Name .Values.postgresql.service.ports.postgresql .Values.postgresql.auth.database | b64enc }}
+  SPRING_DATASOURCE_USERNAME: {{ .Values.postgresql.auth.username | b64enc }}
+{{ else -}}
+stringData:
+  # Use provided value from values file or generate a random one if secret not exists.
+  {{- $password:= .Values.postgresql.auth.password | default ( randAlphaNum 32 ) | quote }}
+  postgres-password: {{ $password }}
+  password: {{ $password }}
+  SPRING_DATASOURCE_PASSWORD: {{ $password }}
+  SPRING_DATASOURCE_URL: {{ printf "jdbc:postgresql://%s-postgresql:%v/%s" .Release.Name .Values.postgresql.service.ports.postgresql .Values.postgresql.auth.database }}
+  SPRING_DATASOURCE_USERNAME: {{ .Values.postgresql.auth.username }}
+{{ end }}
+{{- end -}}

charts/bpndiscovery/templates/secret.yaml

@@ -25,11 +25,8 @@ metadata:
   name: {{ $sec_name }}
 type: Opaque
 data:
-  {{- if .Values.enablePostgres }}
-  SPRING_DATASOURCE_URL: {{ printf "jdbc:postgresql://%s-postgresql:%v/%s" .Release.Name .Values.postgresql.service.ports.postgresql .Values.postgresql.auth.database | b64enc }}
-  SPRING_DATASOURCE_USERNAME: {{ .Values.postgresql.auth.username | b64enc }}
-  SPRING_DATASOURCE_PASSWORD: {{ .Values.postgresql.auth.password | b64enc }}
-  {{- else }}
+  # If postgres enabled the environment values will be used from postgres-init.yaml
+  {{- if not .Values.enablePostgres }}
   SPRING_DATASOURCE_URL: {{ .Values.bpndiscovery.dataSource.url | b64enc }}
   SPRING_DATASOURCE_USERNAME: {{ .Values.bpndiscovery.dataSource.user | b64enc }}
   SPRING_DATASOURCE_PASSWORD: {{ .Values.bpndiscovery.dataSource.password | b64enc }}

charts/bpndiscovery/values.yaml

@@ -85,5 +85,8 @@ postgresql:
       postgresql: 5432
   auth:
     username: catenax
-    password: password
+    # if password is empty, the postgres password will be generated random via postgres-init
+    password:
     database: bpndiscovery
+    # -- Secret contains passwords for username postgres.
+    existingSecret: init-postgres