[Shared Secrets] Praefect DB password should not be generated when external DB is used
Summary
Context: #2310 (comment 827631642)
Caution: with praefect=enabled but postgres=disabled, external database is used, and DB secrets are meant to be provided; gitlab's shared-secrets should not try to generate praefect DB password
E.g., when used with Zalando Postgres Operator, Gitlab's shared-secrets generate referenced DB secret before Postgres operator has chance to do so, and since such secret does to have labels expected by psql operator, it is therefore ignored; meaning database is inaccessible since password is invalid
When Praefect is enabled and a custom password is configured (via a Secret), shared-secrets should not generate the Secret.
Steps to reproduce
Use the configuration below and generate the Helm template. Note that the Shared Secrets ConfigMap includes commands at the end to generate the Praefect DB Secret, despite the fact that a preexisting one is defined in the configuraiton.
Configuration used
global:
praefect:
enabled: true
dbSecret:
secret: my-praefect-db-password
key: password
psql:
host: foo.psql.com
Current behavior
Shared Secrets generates Praefect DB Secret.
Expected behavior
Shared Secrets does not generate Praefect DB Secret.
Versions
- Chart:
5.7.0