No possibility to take database user from secrets

[TheGeniesis]

Hi, I want to use unleash chart v1.1.1 to deploy it unleash v3.x on k8s.

I checked deployments file and I found that the database user is exposed which is against security policy in my current project.

Could you change it to take user from secrets?

Another thing is related to the way how I have to pass the database password. To make it work I have to point to existing secrets. I'm going to use deployments per env and feature branch. It's quite problematic to write additional scripts to create and manage secrets for temporary deployments. For now I found a hack to create dynamic secrets in this chart values.yaml

secrets:
  POSTGRESQL_PASSWORD: <my_password>

dbConfig:
  user: <my_user>
  useExistingSecret:
    # the deployment name is dynamic, I have to do additional work to put the correct name
    name: <set_externally_the unleash_release_name>
    key: POSTGRESQL_PASSWORD

It would be much better to move DATABASE_USER and DATABASE_PASS to secrets and then declare values.yaml:

secrets:
  DATABASE_USER: <my_user>
  DATABASE_PASS: <my_password>

For backward compatibility it will be good to add sth like (not tested): deployment.yaml

{{- if not hasKey .Values.secret "DATABASE_USER" }} 
            - name: DATABASE_USER
              value: "{{ .Values.dbConfig.user }}"
{{- end}}
{{- if not hasKey .Values.secret "DATABASE_PASS" }} 
            - name: DATABASE_PASS
              value: "{{ .Values.dbConfig.pass }}{{ end }}"
{{- end}}

[ivarconr]

This sounds like a great idea, as long as we are backward compatible i see no harm!

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.