[bitnami/harbor] Added existingSecret parameter for external database (#31492)

2026-03-29 16:27:11 +08:00 · 2025-01-27 15:56:43 +01:00
parent 1041261ac0
commit 4cf749975f
8 changed files with 72 additions and 36 deletions
--- a/bitnami/harbor/templates/_helpers.tpl
+++ b/bitnami/harbor/templates/_helpers.tpl
@@ -129,17 +129,19 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this

 {{- define "harbor.database.rawPassword" -}}
 {{- if .Values.postgresql.enabled }}
-    {{- if .Values.global.postgresql }}
-        {{- if .Values.global.postgresql.auth }}
-            {{- coalesce .Values.global.postgresql.auth.postgresPassword .Values.postgresql.auth.postgresPassword -}}
-        {{- else -}}
-            {{- .Values.postgresql.auth.postgresPassword -}}
-        {{- end -}}
+  {{- if .Values.global.postgresql }}
+    {{- if .Values.global.postgresql.auth }}
+      {{- coalesce .Values.global.postgresql.auth.postgresPassword .Values.postgresql.auth.postgresPassword -}}
    {{- else -}}
-        {{- .Values.postgresql.auth.postgresPassword -}}
+      {{- .Values.postgresql.auth.postgresPassword -}}
    {{- end -}}
+  {{- else -}}
+    {{- .Values.postgresql.auth.postgresPassword -}}
+  {{- end -}}
 {{- else -}}
+  {{- if not .Values.externalDatabase.existingSecret -}}
    {{- .Values.externalDatabase.password -}}
+  {{- end -}}
 {{- end -}}
 {{- end -}}

@@ -426,10 +428,10 @@ harbor: PostgreSQL password
    Please set a password (--set postgresql.auth.postgresPassword="xxxx")
  {{- end -}}
 {{- else -}}
-  {{- if not .Values.externalDatabase.password -}}
+    {{- if and (not .Values.externalDatabase.password) (not .Values.externalDatabase.existingSecret) -}}
 harbor: External PostgreSQL password
    An external database password is required!.
-    Please set a password (--set externalDatabase.password="xxxx")
+    Please set a password (--set externalDatabase.password="xxxx") or using an existing secret
  {{- end -}}
 {{- end -}}
 {{- end -}}
--- a/bitnami/harbor/templates/core/core-dpl.yaml
+++ b/bitnami/harbor/templates/core/core-dpl.yaml
@@ -139,6 +139,13 @@ spec:
                  name: {{ include "harbor.jobservice" . }}
                  key: secret
                {{- end }}
+            {{- if and (not .Values.postgresql.enabled) .Values.externalDatabase.existingSecret }}
+            - name: POSTGRESQL_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.externalDatabase.existingSecret }}
+                  key: {{ .Values.externalDatabase.existingSecretPasswordKey }}
+            {{- end }}
            {{- if or .Values.core.configOverwriteJson .Values.core.configOverwriteJsonSecret }}
            - name: CONFIG_OVERWRITE_JSON
              valueFrom:
--- a/bitnami/harbor/templates/core/core-secret-envvars.yaml
+++ b/bitnami/harbor/templates/core/core-secret-envvars.yaml
@@ -15,7 +15,15 @@ SPDX-License-Identifier: APACHE-2.0
  {{- $_POSTGRESQL_PASSWORD := index $secret.data "POSTGRESQL_PASSWORD" | default "" -}}
  {{- $_REGISTRY_CREDENTIAL_PASSWORD := index $secret.data "REGISTRY_CREDENTIAL_PASSWORD" | default "" -}}
  {{- $_REGISTRY_CREDENTIAL_USERNAME := index $secret.data "REGISTRY_CREDENTIAL_USERNAME" | default "" -}}
-  {{- $existingEnvVarsSecretCore = dict "_REDIS_URL_CORE" ($_REDIS_URL_CORE | b64dec) "_REDIS_URL_REG" ($_REDIS_URL_REG | b64dec) "CSRF_KEY" ($_CSRF_KEY | b64dec) "HARBOR_ADMIN_PASSWORD" ($_HARBOR_ADMIN_PASSWORD | b64dec) "POSTGRESQL_PASSWORD" ($_POSTGRESQL_PASSWORD | b64dec) "REGISTRY_CREDENTIAL_PASSWORD" ($_REGISTRY_CREDENTIAL_PASSWORD | b64dec) "REGISTRY_CREDENTIAL_USERNAME" ($_REGISTRY_CREDENTIAL_USERNAME | b64dec) -}}
+  {{- $existingEnvVarsSecretCore = dict
+    "_REDIS_URL_CORE" ($_REDIS_URL_CORE | b64dec)
+    "_REDIS_URL_REG" ($_REDIS_URL_REG | b64dec)
+    "CSRF_KEY" ($_CSRF_KEY | b64dec)
+    "HARBOR_ADMIN_PASSWORD" ($_HARBOR_ADMIN_PASSWORD | b64dec)
+    "POSTGRESQL_PASSWORD" ($_POSTGRESQL_PASSWORD | b64dec)
+    "REGISTRY_CREDENTIAL_PASSWORD" ($_REGISTRY_CREDENTIAL_PASSWORD | b64dec)
+    "REGISTRY_CREDENTIAL_USERNAME" ($_REGISTRY_CREDENTIAL_USERNAME | b64dec)
+  -}}
 {{- end }}

 apiVersion: v1
--- a/bitnami/harbor/templates/exporter/exporter-dpl.yaml
+++ b/bitnami/harbor/templates/exporter/exporter-dpl.yaml
@@ -117,13 +117,21 @@ spec:
              value: {{ ternary "true" "false" .Values.exporter.image.debug | quote }}
            - name: HARBOR_DATABASE_PASSWORD
              valueFrom:
+                {{- if and .Values.externalDatabase.existingSecret (not .Values.postgresql.enabled) }}
+                secretKeyRef:
+                  name: {{ .Values.externalDatabase.existingSecret }}
+                  key: {{ .Values.externalDatabase.existingSecretPasswordKey }}
+                {{- else }}
+                {{- if .Values.core.existingEnvVarsSecret }}
                secretKeyRef:
-                  {{- if .Values.core.existingEnvVarsSecret }}
                  name: {{ .Values.core.existingEnvVarsSecret }}
-                  {{- else }}
-                  name: {{ printf "%s-envvars" (include "harbor.core" .) }}
-                  {{- end }}
                  key: POSTGRESQL_PASSWORD
+                {{- else }}
+                secretKeyRef:
+                  name: {{ printf "%s-envvars" (include "harbor.core" .) }}
+                  key: POSTGRESQL_PASSWORD
+                {{- end }}
+                {{- end }}
            - name: HARBOR_ADMIN_PASSWORD
              valueFrom:
                secretKeyRef: