Skip to content

.Values.*.*DbUrls should be incorporated into chaingraph-secrets #54

New issue
New issue
Open
Open
.Values.*.*DbUrls should be incorporated into chaingraph-secrets#54
Labels
good first issueGood for newcomers
@bitjson

Description

@bitjson
bitjson
opened on Jan 26, 2023

Instead of just dropping the values of .Values.hasura.overrideDbUrl, .Values.hasura.metadataDbUrl, and .Values.postgres.externalDbUrl directly into environment variables, those environment variables should be set from the chaingraph-secrets object like postgresConnectionString. This ensures that other systems never unintentionally leak the connection information. (Secrets don't get automatically logged or displayed in many places, simple environment variables do.)

E.g. see difference in treatment here:

chaingraph/charts/chaingraph/templates/hasura.yaml

Lines 23 to 57 in ee3c284

name: hasura
env:
- name: HASURA_GRAPHQL_DATABASE_URL
{{ if .Values.hasura.overrideDbUrl }}
value: {{ .Values.hasura.overrideDbUrl }}
{{ else if .Values.postgres.externalDbUrl }}
value: {{ .Values.postgres.externalDbUrl }}
{{ else }}
valueFrom:
secretKeyRef:
name: chaingraph-secrets
key: postgresConnectionString
{{ end }}
- name: HASURA_GRAPHQL_METADATA_DATABASE_URL
{{ if .Values.hasura.metadataDbUrl }}
value: {{ .Values.hasura.metadataDbUrl }}
{{ else if .Values.hasura.overrideDbUrl }}
value: {{ .Values.hasura.overrideDbUrl }}
{{ else if .Values.postgres.externalDbUrl }}
value: {{ .Values.postgres.externalDbUrl }}
{{ else }}
valueFrom:
secretKeyRef:
name: chaingraph-secrets
key: postgresConnectionString
{{ end }}
- name: HASURA_GRAPHQL_ADMIN_SECRET
{{ if .Values.hasura.adminSecretKey }}
value: {{ .Values.hasura.adminSecretKey }}
{{ else }}
valueFrom:
secretKeyRef:
name: chaingraph-secrets
key: adminSecretKey
{{ end }}

And the chart documentation will also need to be updated to better explain how to add/modify those values.

Metadata

Metadata

Assignees

No one assigned

    Labels

    good first issueGood for newcomers

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions