Re: [tractusx-dev] Helm Charts: Using the auto-generated PosgtreSQL cred

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [tractusx-dev] Helm Charts: Using the auto-generated PosgtreSQL credentials

From: Florian Rusch <F.Rusch@xxxxxxxxxx>
Date: Wed, 9 Aug 2023 07:17:34 +0000
Accept-language: en-GB, en-US
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cluetec.de; dmarc=pass action=none header.from=cluetec.de; dkim=pass header.d=cluetec.de; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=006YGBCeOIG76fMf3550PoyeB/lrishBnHSKCwptsIE=; b=IRBzLoDigZxlu/r4DWsFGlDOAGdRbBvr/UyqfxajVUpdJvhpn8b1QfYhhJq6+fILFftEwFvEDjHOzqtDuUDXz2xtCKM9sddL1NygOxy2LZ7w44uKSy5HkYFLzlYP+9nyxXE51fVIHewe2Q5gbnPBAvuCL9DYE8so1G+R/4LGsodrFIiJ+SGL9t6Z2rGnW/iEJ2lzBcIONiFSn8COHU7epnkY7lQtQU+FLAVxrkRQTlF+8U7CRUtKxtKMy7KeNvcNm2nB8mYHfvE+FFWkZdj50enLFeeKSmU29whYjkCm7Jn2HdruShZ+pLLMGhkLtzfRcyuFruHV3OGFuJXdxolqFg==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=d+DM4MH4Mo7F9OVY5wovpCAZqFEbVIwLs0WOSwjXAlYVjWdvVBQecnr01Q5HKgm+W5bs2zf3dsCgkpaQWV8zFG+Wqz1aOf0rsRQ5JyaoO11Og3gwaHeHw9F8stAjBBJSrLjdubLUHJJ3xZUt5zLw/iW3re9CBXx2fUzjFn6vRobqk0cRlyZfN/FcPwJMLiw+iNvCmx5Rg0rjDocfDv1Ns5ct2Vjc2xzN54PkjxPgktFFUb7wo1MOyCc6S20TYzcgcdNIWJg2PaRDx2VIgI4Qp46aoP38ocMuKhphvgDgL0Hgs5Q1L2SbrUdUA/ttT2AVkDq5130ZJR0MUzxqk6BtNQ==
Delivered-to: tractusx-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/tractusx-dev/>
List-help: <mailto:tractusx-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/tractusx-dev>, <mailto:tractusx-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/tractusx-dev>, <mailto:tractusx-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: AQHZyoche9hg1ngGR0mxOoZ0l/dIZa/heg+AgAAFGDg=
Thread-topic: [tractusx-dev] Helm Charts: Using the auto-generated PosgtreSQL credentials

Good morning everyone,

since most of my day job is with Helm Charts, I would also like to throw my two pennies in the round.

@sebastian.bezold@xxxxxxxxxxxxxxxxx I agree with your approach.

To summarize briefly, we need to support two different deployment types:

1. application + chart dependency DB.

2. application + external provided DB.

For the 1st type: I would also just use the secret created by the dependency chart.

For the 2nd type: I like the mechanism that the bitnami/gitea chart uses. There, in the values.yaml, they introduced a separate section called "externalDatabase" where they provide the possibility to enter all the needed information like username, password, host, ... .

What I don't like there is that everything except the password must be configured in the values directly. I like the approach of being able to put everything else in the "existingSecret" secret as well. This allows to have a mechanism or process that automatically provides the database for you and all you have to do is use the secret created (this is perhaps a rather rare use-case for sure).

Since you mentioned JDBC URIs in particular: Depending on the application itself, how it needs to be configured, I would allow users/operators/administrators to decide for themselves if they want to configure the JDBC URI directly or use the separate configurations. Here I would always use the JDBC URI before the separate configs, because in the most cases it’s more precise than the separate configs.

If the user is given separate configs, you can also build a JDBC URI in the _helpers.tpl if the application needs it.

If you like to create an example or need someone for reviews of helm chart, I always happy to help out!

Viele Grüße/Best regards

Florian Rusch
DevSecOps Specialist

cluetec GmbH
Wilhelm-Schickard-Str. 9
76131 Karlsruhe | Deutschland
Telefon: +49 721 83179-226

Mobile: +49 160 996 856 80

F.Rusch@xxxxxxxxxx | www.cluetec.de

Geschäftsführer: Matthias Helferich, Thomas Rieger, Hermann Schäfer
Handelsregister: Mannheim HRB 109205, USt-ID-Nr.: DE213118929

From: tractusx-dev <tractusx-dev-bounces@xxxxxxxxxxx> on behalf of Paul Latzelsperger via tractusx-dev <tractusx-dev@xxxxxxxxxxx>
Date: Wednesday, 9. August 2023 at 08:06
To: tractusx developer discussions <tractusx-dev@xxxxxxxxxxx>
Cc: Paul Latzelsperger <paul.latzelsperger@xxxxxxxxxxxxx>
Subject: Re: [tractusx-dev] Helm Charts: Using the auto-generated PosgtreSQL credentials

Achtung: Diese E-Mail stammt von einem externen Absender. Bitte vermeide es, Anhänge oder externe Links zu öffnen

Good morning,

We (Tx-EDC) are using Postgres with multiple JDBC Datasources in our project, and although we may not do exactly what you outlined, I could give a short walkthrough in the upcoming office hours?

Best

Paul

On 09.08.2023, at 08:02, sebastian.bezold--- via tractusx-dev <tractusx-dev@xxxxxxxxxxx> wrote:

Hi all,

over time, I got multiple questions on how to handle PostgreSQL credentials and the JDBC (or equivalent for non-Java) connection string in Helm Charts.

Since we do not maintain an application using PostgreSQL in the System Team, I would ask you guys, if you can provide a good example on how this is handled.

What the (imo) best case solution should provide:

Picking up the auto-generated credentials from the bitnami postgres dependency, without any configuration needed
Automatically configuring the proper connection string, without any configuration needed.
Still enable overwriting username and password
Enable “external” DB overwrite. -> do not use PostgreSQL as direct Chart dependency, but configure connection and credentials to externally provided service

If anyone already achieved that, I would be great, if you can share a link to the Chart and the template files that contain this config.

Thanks in advance and happy coding

Sebastian

Mit freundlichen Grüßen / Kind regards

Sebastian Bezold

Software Engineer

Mercedes-Benz Tech Innovation GmbH (ehemals/formerly Daimler TSS GmbH)

Wilhelm-Runge-Straße 11

89081 Ulm/Germany

Sebastian.Bezold@xxxxxxxxxxxxxxxxx

www.mercedes-benz-techinnovation.com

<image001.jpg><image002.png> <image003.png> <image004.png> <image005.png> <image006.png> <image007.jpg>

Mercedes-Benz Tech Innovation GmbH

Sitz und Registergericht/Domicile and Register Court: Ulm, HRB-Nr./Commercial Register No.: 3844

Geschäftsführung/Management: Daniel Geisel (Vorsitzender/Chairperson), Isabelle Krautwald

If you are not the addressee, please inform us immediately that you have received this e-mail by mistake, and delete it. We thank you for your support.

_______________________________________________
tractusx-dev mailing list
tractusx-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org

Follow-Ups:
- Re: [tractusx-dev] Helm Charts: Using the auto-generated PosgtreSQL credentials
  - From: Gurschler Evelyn, FG-222

References:
- [tractusx-dev] Helm Charts: Using the auto-generated PosgtreSQL credentials
  - From: sebastian.bezold
- Re: [tractusx-dev] Helm Charts: Using the auto-generated PosgtreSQL credentials
  - From: Paul Latzelsperger

Prev by Date: Re: [tractusx-dev] Helm Charts: Using the auto-generated PosgtreSQL credentials
Next by Date: Re: [tractusx-dev] Helm Charts: Using the auto-generated PosgtreSQL credentials
Previous by thread: Re: [tractusx-dev] Helm Charts: Using the auto-generated PosgtreSQL credentials
Next by thread: Re: [tractusx-dev] Helm Charts: Using the auto-generated PosgtreSQL credentials
Index(es):
- Date
- Thread

Breadcrumbs