From 61545bcf1b8a9e3d3ef489344fb7cf448f10723d Mon Sep 17 00:00:00 2001
From: Simon Franken <mail@simon-franken.de>
Date: Wed, 18 Feb 2026 18:49:07 +0100
Subject: [PATCH] update

---
 timetracker-chart/templates/NOTES.txt         |  9 ++-
 timetracker-chart/templates/_helpers.tpl      | 15 ----
 .../templates/backend-deployment.yaml         | 20 ++++-
 .../templates/postgres-service.yaml           | 15 ----
 .../templates/postgres-statefulset.yaml       | 78 -------------------
 timetracker-chart/values.yaml                 | 35 +++------
 6 files changed, 36 insertions(+), 136 deletions(-)
 delete mode 100644 timetracker-chart/templates/postgres-service.yaml
 delete mode 100644 timetracker-chart/templates/postgres-statefulset.yaml

diff --git a/timetracker-chart/templates/NOTES.txt b/timetracker-chart/templates/NOTES.txt
index 1678295..7388a71 100644
--- a/timetracker-chart/templates/NOTES.txt
+++ b/timetracker-chart/templates/NOTES.txt
@@ -24,12 +24,13 @@ APP VERSION: {{ .Chart.AppVersion }}
 2. Check the status of the pods:
   kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "timetracker.name" . }},app.kubernetes.io/instance={{ .Release.Name }}"
 
-3. PostgreSQL Credentials:
-  Username: {{ .Values.postgresql.auth.username }}
-  Password: {{ .Values.postgresql.auth.password }}
-  Database: {{ .Values.postgresql.auth.database }}
+3. External PostgreSQL:
+  This chart requires an existing PostgreSQL database.
+  Configured connection: {{ .Values.postgresql.url }}
 
 IMPORTANT NOTES:
+- Ensure your external PostgreSQL database is reachable from within the cluster before installing.
+- Set postgresql.url in values.yaml to point to your existing database.
 - Make sure to change the OIDC configuration in values.yaml
 - Change the SESSION_SECRET from the default value for production
 - Configure ingress host and TLS settings for your environment
diff --git a/timetracker-chart/templates/_helpers.tpl b/timetracker-chart/templates/_helpers.tpl
index 6bd058c..a782d80 100644
--- a/timetracker-chart/templates/_helpers.tpl
+++ b/timetracker-chart/templates/_helpers.tpl
@@ -61,14 +61,6 @@ Create the name of the service account to use
 {{- end }}
 {{- end }}
 
-{{/*
-PostgreSQL labels
-*/}}
-{{- define "timetracker.postgresql.labels" -}}
-{{ include "timetracker.labels" . }}
-app.kubernetes.io/component: postgresql
-{{- end }}
-
 {{/*
 Backend labels
 */}}
@@ -101,10 +93,3 @@ Frontend selector labels
 app.kubernetes.io/component: frontend
 {{- end }}
 
-{{/*
-PostgreSQL selector labels
-*/}}
-{{- define "timetracker.postgresql.selectorLabels" -}}
-{{ include "timetracker.selectorLabels" . }}
-app.kubernetes.io/component: postgresql
-{{- end }}','description':'Creates a comprehensive helpers.tpl file with standard Kubernetes naming conventions and label helpers for timetracker application components'}] <|tool_calls_section_begin|><|tool_call_begin|>functions.create_new_file:48<|tool_call_argument_begin|>{
\ No newline at end of file
diff --git a/timetracker-chart/templates/backend-deployment.yaml b/timetracker-chart/templates/backend-deployment.yaml
index f05fb27..841b46d 100644
--- a/timetracker-chart/templates/backend-deployment.yaml
+++ b/timetracker-chart/templates/backend-deployment.yaml
@@ -30,8 +30,26 @@ spec:
               value: {{ .Values.backend.env.nodeEnv | quote }}
             - name: PORT
               value: {{ .Values.backend.env.port | quote }}
+            - name: PG_USERNAME
+              {{- if .Values.postgresql.auth.existingSecret }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.postgresql.auth.existingSecret }}
+                  key: username
+              {{- else }}
+              value: {{ .Values.postgresql.auth.username | quote }}
+              {{- end }}
+            - name: PG_PASSWORD
+              {{- if .Values.postgresql.auth.existingSecret }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.postgresql.auth.existingSecret }}
+                  key: password
+              {{- else }}
+              value: {{ .Values.postgresql.auth.password | quote }}
+              {{- end }}
             - name: DATABASE_URL
-              value: "postgresql://{{ .Values.postgresql.auth.username }}:{{ .Values.postgresql.auth.password }}@{{ include "timetracker.fullname" . }}-postgresql:5432/{{ .Values.postgresql.auth.database }}"
+              value: "postgresql://$(PG_USERNAME):$(PG_PASSWORD)@{{ .Values.postgresql.host }}:{{ .Values.postgresql.port }}/{{ .Values.postgresql.database }}"
             - name: OIDC_ISSUER_URL
               value: {{ .Values.backend.oidc.issuerUrl | quote }}
             - name: OIDC_CLIENT_ID
diff --git a/timetracker-chart/templates/postgres-service.yaml b/timetracker-chart/templates/postgres-service.yaml
deleted file mode 100644
index c49d79a..0000000
--- a/timetracker-chart/templates/postgres-service.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "timetracker.fullname" . }}-postgresql
-  labels:
-    {{- include "timetracker.postgresql.labels" . | nindent 4 }}
-spec:
-  type: ClusterIP
-  ports:
-    - port: 5432
-      targetPort: postgresql
-      protocol: TCP
-      name: postgresql
-  selector:
-    {{- include "timetracker.postgresql.selectorLabels" . | nindent 4 }}
\ No newline at end of file
diff --git a/timetracker-chart/templates/postgres-statefulset.yaml b/timetracker-chart/templates/postgres-statefulset.yaml
deleted file mode 100644
index 38a1c7a..0000000
--- a/timetracker-chart/templates/postgres-statefulset.yaml
+++ /dev/null
@@ -1,78 +0,0 @@
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: {{ include "timetracker.fullname" . }}-postgresql
-  labels:
-    {{- include "timetracker.postgresql.labels" . | nindent 4 }}
-spec:
-  serviceName: {{ include "timetracker.fullname" . }}-postgresql
-  replicas: 1
-  selector:
-    matchLabels:
-      {{- include "timetracker.postgresql.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      labels:
-        {{- include "timetracker.postgresql.selectorLabels" . | nindent 8 }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "timetracker.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      containers:
-        - name: postgresql
-          image: "{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }}"
-          imagePullPolicy: {{ .Values.postgresql.image.pullPolicy }}
-          env:
-            - name: POSTGRES_USER
-              value: {{ .Values.postgresql.auth.username | quote }}
-            - name: POSTGRES_PASSWORD
-              value: {{ .Values.postgresql.auth.password | quote }}
-            - name: POSTGRES_DB
-              value: {{ .Values.postgresql.auth.database | quote }}
-            - name: PGDATA
-              value: /var/lib/postgresql/data/pgdata
-          ports:
-            - name: postgresql
-              containerPort: 5432
-              protocol: TCP
-          livenessProbe:
-            exec:
-              command:
-                - pg_isready
-                - -U
-                - {{ .Values.postgresql.auth.username }}
-            initialDelaySeconds: 30
-            periodSeconds: 10
-            timeoutSeconds: 5
-            failureThreshold: 6
-          readinessProbe:
-            exec:
-              command:
-                - pg_isready
-                - -U
-                - {{ .Values.postgresql.auth.username }}
-            initialDelaySeconds: 5
-            periodSeconds: 5
-            timeoutSeconds: 3
-            failureThreshold: 3
-          resources:
-            {{- toYaml .Values.postgresql.resources | nindent 12 }}
-          volumeMounts:
-            - name: data
-              mountPath: /var/lib/postgresql/data
-  volumeClaimTemplates:
-    - metadata:
-        name: data
-      spec:
-        accessModes:
-          - {{ .Values.postgresql.persistence.accessMode }}
-        {{- if .Values.postgresql.persistence.storageClass }}
-        storageClassName: {{ .Values.postgresql.persistence.storageClass }}
-        {{- end }}
-        resources:
-          requests:
-            storage: {{ .Values.postgresql.persistence.size }}
\ No newline at end of file
diff --git a/timetracker-chart/values.yaml b/timetracker-chart/values.yaml
index b6e0f0d..5c0e296 100644
--- a/timetracker-chart/values.yaml
+++ b/timetracker-chart/values.yaml
@@ -1,31 +1,20 @@
 # Default values for timetracker
 
-# PostgreSQL Configuration
+# External PostgreSQL Configuration
+# PREREQUISITE: An existing PostgreSQL database must be provisioned before installing this chart.
 postgresql:
-  enabled: true
-  image:
-    repository: postgres
-    tag: "16-alpine"
-    pullPolicy: IfNotPresent
+  host: "postgres"
+  port: 5432
+  database: "timetracker"
 
+  # Provide credentials either inline or from an existing secret.
+  # If auth.existingSecret is set, username and password are read from that
+  # secret using the keys "username" and "password". The inline auth.username
+  # and auth.password values are ignored in that case.
   auth:
-    username: timetracker
-    password: timetracker_password
-    database: timetracker
-
-  persistence:
-    enabled: true
-    storageClass: ""
-    accessMode: ReadWriteOnce
-    size: 10Gi
-
-  resources:
-    limits:
-      cpu: 1000m
-      memory: 1Gi
-    requests:
-      cpu: 250m
-      memory: 256Mi
+    username: "timetracker"
+    password: "timetracker_password"
+    existingSecret: ""
 
 # Backend Configuration
 backend: