From 93c13200ef6b8bcc4ed263333cf60fe36f7565dc Mon Sep 17 00:00:00 2001
From: Andreas 'count' Kotes <berlincount@users.noreply.github.com>
Date: Wed, 7 Aug 2024 13:24:50 +0200
Subject: [PATCH] [mattermost-team-edition] add existingSecret for externalDB

---
 charts/mattermost-team-edition/Chart.yaml        |  2 +-
 charts/mattermost-team-edition/README.md         | 16 ++++++++++++++++
 .../templates/deployment.yaml                    |  8 ++++++++
 .../templates/secret-mattermost-dbsecret.yaml    |  6 ++++--
 charts/mattermost-team-edition/values.yaml       |  4 ++++
 5 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/charts/mattermost-team-edition/Chart.yaml b/charts/mattermost-team-edition/Chart.yaml
index 917ddc42..53b0d471 100644
--- a/charts/mattermost-team-edition/Chart.yaml
+++ b/charts/mattermost-team-edition/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 description: Mattermost Team Edition server.
 type: application
 name: mattermost-team-edition
-version: 6.6.60
+version: 6.6.61
 appVersion: 9.10.1
 keywords:
   - mattermost
diff --git a/charts/mattermost-team-edition/README.md b/charts/mattermost-team-edition/README.md
index 63577084..498b218e 100644
--- a/charts/mattermost-team-edition/README.md
+++ b/charts/mattermost-team-edition/README.md
@@ -141,6 +141,8 @@ Parameter                             | Description
 `mysql.mysqlPassword`                 | User Password for Mysql (Required)                                                              | ""
 `mysql.mysqlDatabase`                 | Database name (Required)                                                                        | "mattermost"
 `externalDB.enabled`                  | Enables use of an preconfigured external database server                                        | `false`
+`externalDB.existingSecret`           | Uses an externally configured secret instead of externalDriverType + externalConnectionString   | ""
+`externalDB.existingSecretKey`        | The key in the existingSecret containing the necessary Connection String                        | ""
 `externalDB.externalDriverType`       | `"postgres"` or `"mysql"`                                                                       | ""
 `externalDB.externalConnectionString` | See the section about [external databases](#External-Databases).                                | ""
 `extraPodAnnotations`                 | Extra pod annotations to be used in the deployments                                             | `[]`
@@ -220,6 +222,20 @@ externalDB:
   externalConnectionString: "<USERNAME>:<PASSWORD>@tcp(<HOST>:3306)/<DATABASE_NAME>?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s"
 ```
 
+#### External Secret
+To use an externally configured secret, You need to set Mattermost **externalDB** config and the **existingSecret**
+
+**IMPORTANT:** Make sure the DB is already created before deploying Mattermost services
+
+Example when using **Percona Operator for PostgreSQL**:
+
+```yaml
+externalDB:
+  enabled: true
+  existingSecret: "mattermost-pguser-mattermost"
+  existingSecretKey: "uri"
+```
+
 #### Expose extra ports
 To use plugins that require extra ports to be exposed, you can use the following config
 
diff --git a/charts/mattermost-team-edition/templates/deployment.yaml b/charts/mattermost-team-edition/templates/deployment.yaml
index 488127a9..33fc7c19 100644
--- a/charts/mattermost-team-edition/templates/deployment.yaml
+++ b/charts/mattermost-team-edition/templates/deployment.yaml
@@ -66,8 +66,16 @@ spec:
         - name: MM_CONFIG
           valueFrom:
             secretKeyRef:
+              {{- if .Values.externalDB.existingSecret }}
+              name: {{ .Values.externalDB.existingSecret }}
+              {{- else }}
               name: {{ include "mattermost-team-edition.fullname" . }}-mattermost-dbsecret
+              {{- end }}
+              {{- if .Values.externalDB.existingSecretKey }}
+              key: {{ .Values.externalDB.existingSecretKey }}
+              {{- else }}
               key: mattermost.dbsecret
+              {{- end }}
         {{- if .Values.extraEnvVars }}
           {{- .Values.extraEnvVars | toYaml | nindent 8 }}
         {{- end }}
diff --git a/charts/mattermost-team-edition/templates/secret-mattermost-dbsecret.yaml b/charts/mattermost-team-edition/templates/secret-mattermost-dbsecret.yaml
index 97959ace..8588b9a5 100644
--- a/charts/mattermost-team-edition/templates/secret-mattermost-dbsecret.yaml
+++ b/charts/mattermost-team-edition/templates/secret-mattermost-dbsecret.yaml
@@ -1,3 +1,4 @@
+{{- if not .Values.externalDB.existingSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -9,8 +10,9 @@ metadata:
     helm.sh/chart:  {{ include "mattermost-team-edition.chart" . }}
 type: Opaque
 data:
-{{- if .Values.mysql.enabled }}
+  {{- if .Values.mysql.enabled }}
   mattermost.dbsecret: {{ tpl  "mysql://{{ .Values.mysql.mysqlUser }}:{{ .Values.mysql.mysqlPassword }}@tcp({{ .Release.Name }}-mysql:3306)/{{ .Values.mysql.mysqlDatabase }}?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s" . | b64enc }}
-{{- else }}
+  {{- else }}
   mattermost.dbsecret: {{ tpl "{{ .Values.externalDB.externalDriverType }}://{{ .Values.externalDB.externalConnectionString }}" . | b64enc }}
+  {{- end }}
 {{- end }}
diff --git a/charts/mattermost-team-edition/values.yaml b/charts/mattermost-team-edition/values.yaml
index 51a1a64c..43a5b311 100644
--- a/charts/mattermost-team-edition/values.yaml
+++ b/charts/mattermost-team-edition/values.yaml
@@ -88,6 +88,10 @@ route:
 externalDB:
   enabled: false
 
+  ## when externally configured
+  # existingSecret: secretname
+  # existingSecretKey: keywithfulluri
+
   ## postgres or mysql
   externalDriverType: ""