Add postgres secret with a key that is not postgresql-password

[dmosesson]

For a variety of reasons, we have the password to an externally managed postgres instance that we want to point dagster at in a key that is not named postgresql-password. Can this be made a parameter in the helm chart? The workarounds we have now are:

• hardcode what the password is now in the helm values
• manually managed the postgres secret for dagster to mirror (to try and sync an extra secret with kyverno)

We can't even overrride the value with the fromSecret options that dagster provides because things set with env take precedence. What is the right way to do this?

[darktempla]

100% agree on this on this allowing the ability to set the secret name (done) and secret key (todo) would give ultimate flexibility and is a pretty common pattern amongst other helm charts I have used.

I am using cloud native-pg to spin up a database and it auto-genarates a secret with all the connection details (as below).

apiVersion: v1
kind: Secret
data:
  dbname: <redacted>
  host: <redacted>
  jdbc-uri: <redacted>  
  password: <redacted>
  pgpass: <redacted>  
  port: <redacted>
  uri:<redacted>  
  user: <redacted>
  username: <redacted>

Introducing a new helm value postgresqlSecretKey (default = 'postgresql-password') would maintain backwards compatibility but also allow users to override it.

[wittenbergio]

I have the same issue, not the safest workaround, but you can declare again the environment variable for the password.
Since it's created after the original definition, the Pod uses this value.

- name: DAGSTER_PG_PASSWORD
  valueFrom:
    secretKeyRef:
      name: <cnpg-secret>
      key: password