From 231a4603e4f93579f9da22537ca5287e16b03ec7 Mon Sep 17 00:00:00 2001
From: acidsugarx <jazer23569@gmail.com>
Date: Mon, 27 Oct 2025 22:47:53 +0400
Subject: [PATCH] feature: added a option to use an existing secret for
 postresql installation

---
 dev/helm/README.md                            | 25 +++++++++++
 dev/helm/templates/_helpers.tpl               | 42 ++++++++++++++++---
 dev/helm/templates/deployment.yaml            | 14 +++++++
 .../templates/postgresql-statefulset.yaml     | 23 +++++++++-
 dev/helm/values.yaml                          | 17 ++++++++
 5 files changed, 114 insertions(+), 7 deletions(-)

diff --git a/dev/helm/README.md b/dev/helm/README.md
index 16f3429d..08ea8f5e 100644
--- a/dev/helm/README.md
+++ b/dev/helm/README.md
@@ -126,6 +126,8 @@ The following table lists the configurable parameters of the Wiki.js chart and t
 | `postgresql.postgresqlPassword`        | External postgres password                  | `nil`                                                      |
 | `postgresql.existingSecret`            | Provide an existing `Secret` for postgres   | `nil`                                                      |
 | `postgresql.existingSecretKey`         | The postgres password key in the existing `Secret`   | `postgresql-password`                              |
+| `postgresql.existingSecretUserKey`     | The postgres username key in the existing `Secret`   | `postgresql-username`                            |
+| `postgresql.existingSecretDatabaseKey` | The postgres database name key in the existing `Secret` | `postgresql-database`                           |
 | `postgresql.postgresqlPort`            | External postgres port                      | `5432`                                                     |
 | `postgresql.ssl`                       | Enable external postgres SSL connection     | `false`                                                   |
 | `postgresql.ca`                        | Certificate of Authority content for postgres  | `nil`                                                     |
@@ -182,6 +184,29 @@ data:
   {{ template "wiki.postgresql.secretKey" . }}: "{{ .Values.postgresql.postgresqlPassword | b64enc }}"
 ```
 
+### Using an existing PostgreSQL secret with built-in PostgreSQL
+
+When using the built-in PostgreSQL (default behavior with `postgresql.enabled: true`), you can still use an existing Kubernetes secret for the database credentials by setting:
+
+- `postgresql.existingSecret`: Name of the existing secret containing the credentials
+- `postgresql.existingSecretKey`: Key in the secret containing the password (defaults to `postgresql-password`)
+- `postgresql.existingSecretUserKey`: Key in the secret containing the username (defaults to `postgresql-username`)
+- `postgresql.existingSecretDatabaseKey`: Key in the secret containing the database name (defaults to `postgresql-database`)
+
+Example usage:
+```bash
+# Create your existing secret
+kubectl create secret generic my-postgres-secret \
+  --from-literal=postgresql-username=postgres \
+  --from-literal=postgresql-password=yourpassword \
+  --from-literal=postgresql-database=wiki
+
+# Deploy with existing secret
+helm install my-release requarks/wiki \
+  --set postgresql.enabled=true \
+  --set postgresql.existingSecret=my-postgres-secret
+```
+
 ## Persistence
 
 Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube.
diff --git a/dev/helm/templates/_helpers.tpl b/dev/helm/templates/_helpers.tpl
index 3654b658..1684409a 100644
--- a/dev/helm/templates/_helpers.tpl
+++ b/dev/helm/templates/_helpers.tpl
@@ -92,10 +92,25 @@ Set postgres host
 Set postgres secret
 */}}
 {{- define "wiki.postgresql.secret" -}}
-{{- if .Values.postgresql.enabled -}}
-{{- include "wiki.postgresql.fullname" . -}}
+{{- if and .Values.postgresql.enabled .Values.postgresql.existingSecret -}}
+    {{- .Values.postgresql.existingSecret -}}
+{{- else if .Values.postgresql.enabled -}}
+    {{- include "wiki.postgresql.fullname" . -}}
+{{- else -}}
+    {{- template "wiki.fullname" . -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set postgres secretUserKey
+*/}}
+{{- define "wiki.postgresql.secretUserKey" -}}
+{{- if and .Values.postgresql.enabled .Values.postgresql.existingSecret -}}
+    {{- default "postgresql-username" .Values.postgresql.existingSecretUserKey | quote -}}
+{{- else if .Values.postgresql.enabled -}}
+    "postgresql-username"
 {{- else -}}
-{{- template "wiki.fullname" . -}}
+    {{- default "postgresql-username" .Values.postgresql.existingSecretUserKey | quote -}}
 {{- end -}}
 {{- end -}}
 
@@ -103,9 +118,24 @@ Set postgres secret
 Set postgres secretKey
 */}}
 {{- define "wiki.postgresql.secretKey" -}}
-{{- if .Values.postgresql.enabled -}}
-"postgresql-password"
+{{- if and .Values.postgresql.enabled .Values.postgresql.existingSecret -}}
+    {{- default "postgresql-password" .Values.postgresql.existingSecretKey | quote -}}
+{{- else if .Values.postgresql.enabled -}}
+    "postgresql-password"
+{{- else -}}
+    {{- default "postgresql-password" .Values.postgresql.existingSecretKey | quote -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set postgres secretDatabaseKey
+*/}}
+{{- define "wiki.postgresql.secretDatabaseKey" -}}
+{{- if and .Values.postgresql.enabled .Values.postgresql.existingSecret -}}
+    {{- default "postgresql-database" .Values.postgresql.existingSecretDatabaseKey | quote -}}
+{{- else if .Values.postgresql.enabled -}}
+    "postgresql-database"
 {{- else -}}
-{{- default "postgresql-password" .Values.postgresql.existingSecretKey | quote -}}
+    {{- default "postgresql-database" .Values.postgresql.existingSecretDatabaseKey | quote -}}
 {{- end -}}
 {{- end -}}
diff --git a/dev/helm/templates/deployment.yaml b/dev/helm/templates/deployment.yaml
index 7dac0271..49b83afc 100644
--- a/dev/helm/templates/deployment.yaml
+++ b/dev/helm/templates/deployment.yaml
@@ -62,9 +62,23 @@ spec:
             - name: DB_PORT
               value: "{{ default "5432" .Values.postgresql.postgresqlPort }}"
             - name: DB_NAME
+            {{- if .Values.postgresql.existingSecret }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.postgresql.existingSecret }}
+                  key: {{ template "wiki.postgresql.secretDatabaseKey" . }}
+            {{- else }}
               value: {{ default "wiki" .Values.postgresql.postgresqlDatabase }}
+            {{- end }}
             - name: DB_USER
+            {{- if .Values.postgresql.existingSecret }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.postgresql.existingSecret }}
+                  key: {{ template "wiki.postgresql.secretUserKey" . }}
+            {{- else }}
               value: {{ default "postgres" .Values.postgresql.postgresqlUser }}
+            {{- end }}
             - name: DB_SSL
               value: "{{ default "false" .Values.postgresql.ssl }}"
             - name: DB_SSL_CA
diff --git a/dev/helm/templates/postgresql-statefulset.yaml b/dev/helm/templates/postgresql-statefulset.yaml
index cd9892f3..5e656df5 100644
--- a/dev/helm/templates/postgresql-statefulset.yaml
+++ b/dev/helm/templates/postgresql-statefulset.yaml
@@ -37,20 +37,41 @@ spec:
               name: postgresql
           env:
             - name: POSTGRES_DB
+            {{- if .Values.postgresql.existingSecret }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.postgresql.existingSecret }}
+                  key: {{ default "postgresql-database" .Values.postgresql.existingSecretDatabaseKey | quote }}
+            {{- else }}
               valueFrom:
                 secretKeyRef:
                   name: {{ include "wiki.postgresql.fullname" . }}
                   key: postgresql-database
+            {{- end }}
             - name: POSTGRES_USER
+            {{- if .Values.postgresql.existingSecret }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.postgresql.existingSecret }}
+                  key: {{ default "postgresql-username" .Values.postgresql.existingSecretUserKey | quote }}
+            {{- else }}
               valueFrom:
                 secretKeyRef:
                   name: {{ include "wiki.postgresql.fullname" . }}
                   key: postgresql-username
+            {{- end }}
             - name: POSTGRES_PASSWORD
+            {{- if .Values.postgresql.existingSecret }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.postgresql.existingSecret }}
+                  key: {{ default "postgresql-password" .Values.postgresql.existingSecretKey | quote }}
+            {{- else }}
               valueFrom:
                 secretKeyRef:
                   name: {{ include "wiki.postgresql.fullname" . }}
                   key: postgresql-password
+            {{- end }}
             - name: PGDATA
               value: /var/lib/postgresql/data/pgdata
           livenessProbe:
@@ -87,4 +108,4 @@ spec:
         {{- else }}
           emptyDir: {}
         {{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/dev/helm/values.yaml b/dev/helm/values.yaml
index 80bd16fe..7372e99c 100644
--- a/dev/helm/values.yaml
+++ b/dev/helm/values.yaml
@@ -186,6 +186,23 @@ postgresql:
   ##
   postgresqlPassword: "postgres"
 
+  ## Use existing secret for PostgreSQL credentials
+  ## If set, the chart will not create a new secret and will use the existing one
+  ##
+  # existingSecret: "my-existing-postgres-secret"
+
+  ## Key in the existing secret containing the password
+  ##
+  # existingSecretKey: "postgresql-password"
+
+  ## Key in the existing secret containing the username (defaults to "postgresql-username")
+  ##
+  # existingSecretUserKey: "postgresql-username"
+
+  ## Key in the existing secret containing the database name (defaults to "postgresql-database")
+  ##
+  # existingSecretDatabaseKey: "postgresql-database"
+
   ## Persistent Volume Storage configuration.
   ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes
   ##