thingsboard-ce-k8s icon indicating copy to clipboard operation
thingsboard-ce-k8s copied to clipboard

Published 20 hours ago verified publisher icon thingsboard

Allow using external Postgres and existing Secrets

Open adrianAzoitei opened this issue 1 year ago • 3 comments

Why was this needed

Support for an external PostgreSQL instance is implicit, but confusing to configure. Users still have to deploy the postgresql-ha subchart and just use a serviceName pointing to an external PostgreSQL. Specifying credentials is done via values.yaml or --set at the command line, which could be insecure, depending on who else has access to the server. Using existing Secrets is a pretty common pattern for this.

What was implemented

  • allow disabling postgresql-ha
  • add keys and templates for rendering credentials and connection details for external PostgreSQL
  • reuse existing secret approach for Cassandra as used in subchart

How it was tested

Ran helm template with the following overriding values:

cassandra:
  enabled: true
  dbUser:
  #   user: setplease
  #   password: setplease
    existingSecret: test-cassandra-secret

postgresql-ha:
  enabled: false

externalPostgres:
  host: localhost
  port: 5432
  database: thingsboard
  # existingSecret:
  #   name: test-postgres-secret
  #   username: username
  #   password: password

adrianAzoitei avatar Dec 08 '23 09:12 adrianAzoitei

I committed charts/ by mistake, will remove them.

adrianAzoitei avatar Dec 08 '23 16:12 adrianAzoitei

@pon0marev

adrianAzoitei avatar Dec 21 '23 10:12 adrianAzoitei

I committed charts/ by mistake, will remove them.

Done

adrianAzoitei avatar Feb 18 '24 09:02 adrianAzoitei