Allow using external Postgres and existing Secrets

helm/thingsboard/Chart.lock

@@ -0,0 +1,15 @@
+dependencies:
+- name: postgresql-ha
+ repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
+ version: 8.5.2
+- name: cassandra
+ repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
+ version: 9.1.8
+- name: kafka
+ repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
+ version: 15.3.4
+- name: redis
+ repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
+ version: 16.4.5
+digest: sha256:500d542b0c401c8ce13a6520183ec8735184e1f7db2c37b31a4b160c286df13a
+generated: "2023-12-07T15:27:49.860005046+01:00"

helm/thingsboard/Chart.yaml

@@ -25,14 +25,15 @@ home: https://github.com/thingsboard/thingsboard-ce-k8s/
 dependencies:
  - name: postgresql-ha
  version: 8.5.2
- repository: https://charts.bitnami.com/bitnami
+ repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
+ condition: postgresql-ha.enabled
  - name: cassandra
  version: 9.1.8
- repository: https://charts.bitnami.com/bitnami
+ repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
  condition: cassandra.enabled
  - name: kafka
  version: 15.3.4
- repository: https://charts.bitnami.com/bitnami
+ repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
  - name: redis
  version: 16.4.5
- repository: https://charts.bitnami.com/bitnami
+ repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami

helm/thingsboard/templates/_helpers.tpl

@@ -32,6 +32,61 @@ For helm 3.4- we need to work it around:
 {{- include "postgresql-ha.pgpool" (mustMerge (dict "Chart" (dict "Name" "postgresql-ha") "Values" (index .Values "postgresql-ha")) (deepCopy $deepDictCopy)) }}
 {{- end -}}
 
+{{/*
+Determine PostgreSQL host.
+*/}}
+{{- define "thingsboard.postgresql.host" -}}
+{{- if eq (index .Values "postgresql-ha" "enabled") true }}
+{{- include "thingsboard.pgpoolservicename" . }}
+{{- else }}
+{{- .Values.externalPostgres.host }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine PostgreSQL port.
+*/}}
+{{- define "thingsboard.postgresql.port" -}}
+{{- if eq (index .Values "postgresql-ha" "enabled") true }}
+{{- index .Values "postgresql-ha" "pgpool" "containerPort" }}
+{{- else }}
+{{- .Values.externalPostgres.port }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine PostgreSQL database.
+*/}}
+{{- define "thingsboard.postgresql.database" -}}
+{{- if eq (index .Values "postgresql-ha" "enabled") true }}
+{{- index .Values "postgresql-ha" "postgresql" "database" }}
+{{- else }}
+{{- .Values.externalPostgres.database }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine PostgreSQL username.
+*/}}
+{{- define "thingsboard.postgresql.username" -}}
+{{- if eq (index .Values "postgresql-ha" "enabled") true }}
+{{- index .Values "postgresql-ha" "postgresql" "username" }}
+{{- else }}
+{{- .Values.externalPostgres.username }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine PostgreSQL password.
+*/}}
+{{- define "thingsboard.postgresql.password" -}}
+{{- if eq (index .Values "postgresql-ha" "enabled") true }}
+{{- index .Values "postgresql-ha" "postgresql" "password" }}
+{{- else }}
+{{- .Values.externalPostgres.password }}
+{{- end }}
+{{- end }}
+
 {{/*
 Set the value of cassandra initdb configmap
 /*}}
@@ -125,3 +180,28 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{/*
+Use existing secrets of database credentials, where defined.
+*/}}
+{{- define "thingsboard.database.existingSecrets" -}}
+{{- if .Values.cassandra.dbUser.existingSecret }}
+- name: CASSANDRA_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.secrets.name" (dict "existingSecret" .Values.cassandra.dbUser.existingSecret "context" $) }}
+ key: {{ include "common.secrets.key" (dict "existingSecret" .Values.cassandra.dbUser.existingSecret "key" "cassandra-password") }}
+{{- end }}
+{{- if .Values.externalPostgres.existingSecret }}
+- name: SPRING_DATASOURCE_USERNAME
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.secrets.name" (dict "existingSecret" .Values.externalPostgres.existingSecret "context" $) }}
+ key: {{ include "common.secrets.key" (dict "existingSecret" .Values.externalPostgres.existingSecret "key" "username") }}
+- name: SPRING_DATASOURCE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.secrets.name" (dict "existingSecret" .Values.externalPostgres.existingSecret "context" $) }}
+ key: {{ include "common.secrets.key" (dict "existingSecret" .Values.externalPostgres.existingSecret "key" "password") }}
+{{- end }}
+{{- end }}

helm/thingsboard/templates/initializedb-job.yaml

@@ -30,10 +30,14 @@ spec:
  - name: check-db-ready
  image: postgres:{{ index .Values "postgresql-ha" "postgresqlImage" "tag" }}
  command: ['sh', '-c',
- 'until pg_isready -h {{ include "thingsboard.pgpoolservicename" . }} -p {{ index .Values "postgresql-ha" "pgpool" "containerPort" }};
+ 'until pg_isready -h {{ include "thingsboard.postgresql.host" . }} -p {{ include "thingsboard.postgresql.port" . }};
  do echo waiting for database; sleep 2; done;']
  containers:
  - name: init-db
+ {{- if or .Values.cassandra.dbUser.existingSecret (.Values.externalPostgres.existingSecret ) }}
+ env:
+ {{- include "thingsboard.database.existingSecrets" $ | indent 8 }}
+ {{- end }}
  envFrom:
  - configMapRef:
  name: '{{ .Release.Name }}-node-db-config'

helm/thingsboard/templates/node-db-configmap.yaml

@@ -27,12 +27,16 @@ data:
  CASSANDRA_URL: {{ .Release.Name }}-cassandra:9042
  CASSANDRA_USE_CREDENTIALS: 'true'
  CASSANDRA_USERNAME: {{ .Values.cassandra.dbUser.user }}
+{{- if (not .Values.cassandra.dbUser.existingSecret) -}}
  CASSANDRA_PASSWORD: {{ .Values.cassandra.dbUser.password }}
+{{- end }}
 {{ else }}
  DATABASE_TS_TYPE: sql
 {{- end }}
  SPRING_JPA_DATABASE_PLATFORM: org.hibernate.dialect.PostgreSQLDialect
  SPRING_DRIVER_CLASS_NAME: org.postgresql.Driver
- SPRING_DATASOURCE_URL: jdbc:postgresql://{{ include "thingsboard.pgpoolservicename" . }}:{{ index .Values "postgresql-ha" "pgpool" "containerPort" }}/{{ index .Values "postgresql-ha" "postgresql" "database" }}
- SPRING_DATASOURCE_USERNAME: {{ index .Values "postgresql-ha" "postgresql" "username" }}
- SPRING_DATASOURCE_PASSWORD: {{ index .Values "postgresql-ha" "postgresql" "password" }}
+ SPRING_DATASOURCE_URL: jdbc:postgresql://{{ include "thingsboard.postgresql.host" . }}:{{ include "thingsboard.postgresql.port" . }}/{{ include "thingsboard.postgresql.database" . }}
+{{- if not (.Values.externalPostgres.existingSecret ) }}
+ SPRING_DATASOURCE_USERNAME: {{ include "thingsboard.postgresql.username" . }}
+ SPRING_DATASOURCE_PASSWORD: {{ include "thingsboard.postgresql.password" . }}
+{{- end }}

helm/thingsboard/templates/node.yaml

@@ -83,6 +83,7 @@ spec:
  value: "{{ .Release.Name }}-redis-master"
  - name: REDIS_PASSWORD
  value: "{{ .Values.redis.auth.password }}"
+ {{- include "thingsboard.database.existingSecrets" $ | indent 10 }}
  envFrom:
  - configMapRef:
  name: {{ .Release.Name }}-node-db-config

helm/thingsboard/values.yaml

@@ -261,8 +261,12 @@ cassandra:
  replicaCount: 1
  dbUser:
  password: setplease
+ # OR use existing Secret with `cassandra-password` key in it.
+ # existingSecret:
+ # name: mysecret
 
 postgresql-ha:
+ enabled: true # set to false when using an external PostgreSQL instance and see externalPostgres keys
  nameOverride: pg
  postgresql:
  database: thingsboard
@@ -278,6 +282,20 @@ postgresql-ha:
  pgpoolImage:
  tag: 4
 
+
+# When using an external PostgreSQL instance and `postgresql-ha.enabled: false`
+externalPostgres:
+ host: localhost
+ port: 5432
+ database: thingsboard
+ username: thingsboard
+ password: setplease
+# # OR use existing Secret for username and password
+# existingSecret:
+# name: test-postgres-secret
+# username: username
+# password: password
+
 redis:
  # Set architecture to either standalone or replication
  architecture: standalone