allow to provide the users password in an existing secret

cockroachdb/templates/job.init.yaml

@@ -145,7 +145,7 @@ spec:
 
                       {{- range $user := .Values.init.provisioning.users }}
                         CREATE USER IF NOT EXISTS {{ $user.name }} WITH
-                        {{- if $user.password }}
+                        {{- if or $user.password $user.passwordSecretName }}
                           PASSWORD '${{ $user.name }}_PASSWORD'
                         {{- else }}
                           PASSWORD null
@@ -211,6 +211,12 @@ spec:
               secretKeyRef:
                 name: {{ $secretName }}
                 key: {{ $user.name }}-password
+        {{- else if $user.passwordSecretName }}
+          - name: {{ $user.name }}_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: {{ $user.passwordSecretName }}
+                key: {{ $user.passwordSecretKey | default (printf "%s-password" $user.name) }}
         {{- end }}
         {{- end }}
         {{- range $clusterSetting, $clusterSettingValue := .Values.init.provisioning.clusterSettings }}

cockroachdb/values.yaml

@@ -407,6 +407,10 @@ init:
     #   password:
     #   # https://www.cockroachlabs.com/docs/stable/create-user.html#parameters
     #   options: [LOGIN]
+    #   # existing secret name containing the password. Ignored in password is defined.
+    #   passwordSecretName:
+    #   # password secret key. Defaults to $name-password. Ignored in password is defined.
+    #   passwordSecretKey:
     databases: []
     # - name:
     #   # https://www.cockroachlabs.com/docs/stable/create-database.html#parameters