enterprise-helm icon indicating copy to clipboard operation
enterprise-helm copied to clipboard
verified publisher icon coder

feat: add postgres.noPasswordEnv

Open johnstcn opened this issue 3 years ago • 0 comments

This PR adds a Helm flag postgres.noPasswordEnv, defaulting to false. If enabled:

  • The environment variable DB_PASSWORD is no longer set to the value of the key password of the Kubernetes secret named postgres.passwordSecret for containers in the coderd deployment.
  • The Kubernetes secret named postgres.passwordSecret is mounted under /run/secrets/{{ postgres.passwordSecret }} (~0400~ originally mounted 0400 but coderd is unable to read this)
  • The environment variable DB_PASSWORD_PATH is set to /run/secrets/{{ postgres.passwordSecret }}/password for containers in the coderd deployment.

Verification steps:

  • [x] Validated that Helm deploy with defaults does not change behaviour
  • [x] Validated that setting postgres.noPasswordEnv in Helm values causes Coder to read the postgresql password from the file specified by DB_PASSWORD_PATH.

johnstcn avatar Sep 09 '22 17:09 johnstcn