Add Helmcharts for Kubernetes deployment#10
Conversation
Co-authored-by: Copilot <copilot@github.com>
…/v3 to v3.2.0' (#10) from renovate/go-dependencies into main Reviewed-on: https://git.at.oechsler.it/samuel/dash/pulls/10
|
Hey, welcome and thanks for your contribution of the Helm charts! I'll take a proper look at your changes over the next few days and get back to you with feedback. |
| # Secrets for internal Postgres are intentionally shared with Dash to avoid drift. | ||
| # NOTE: This section is deprecated and must match dash.secrets.* when postgres.enabled=true. | ||
| secrets: | ||
| name: "dash-secrets" | ||
| keys: | ||
| password: POSTGRES_PASSWORD |
There was a problem hiding this comment.
Hey, small question, since this is the first time we're adding Helm charts, I'm wondering why there's already a deprecated section (postgres.secrets.keys in values.yaml). Can you shed some light on that? Everything else looks good to me!
There was a problem hiding this comment.
This was a note to myself, just for the sake of completeness. At first, I had set it up so that there was one secret for the dashboard and one for Postgres, but this sometimes led to a mismatch because the two secrets weren’t in sync.
In fact, this part can even be removed since postgres.secrets.keys.* is no longer routed through the Helm chart and has thus become obsolete. The note was only meant to explain where the secret for Postgres is now, but I think that’s actually more confusing.
There was a problem hiding this comment.
I added another commit to the PR and removed the confusing part.
modified: helm/dash/templates/NOTES.txt modified: helm/dash/templates/_validate.tpl modified: helm/dash/templates/externalsecret.yaml modified: helm/dash/templates/secret-blueprint.yaml modified: helm/dash/values.yaml Deleted "deprecated" part of the values.yaml. This section is no longer necessary because the dashboard and Postgres now use a shared secret.
|
LGTM, will merge it. |
2 participants
The Helm chart in helm/dash deploys the Dash application and (optionally) an internal PostgreSQL, wiring configuration via Kubernetes resources.
postgres.enabled=true, it also deploys a Postgres StatefulSet + Service (see postgres-statefulset.yaml and postgres-service.yaml).dash.secrets.name). Postgres readsPOSTGRES_PASSWORDfrom that Secret, and Dash buildsDATABASE_URLfromPOSTGRES_PASSWORDplus the chart’s Postgres host/user/db settings to avoid credential drift.postgres.enabled=false, the chart does not deploy Postgres and Dash expectsDATABASE_URLto be provided in the shared Secret.