apiVersion: v1
kind: Secret
metadata:
  name: {{ .Release.Name }}-db-credentials
  namespace: {{ .Values.global.namespace }}
type: Opaque
stringData:
  {{- if .Values.database }}
  # External database (e.g., AWS RDS)
  DB_HOST: {{ .Values.database.host | quote }}
  DB_PORT: {{ .Values.database.port | quote }}
  DB_NAME: {{ .Values.database.name | quote }}
  DB_USER: {{ .Values.database.user | quote }}
  DB_PASSWORD: {{ .Values.database.password | quote }}
  {{- else }}
  # In-cluster PostgreSQL
  DB_HOST: {{ printf "%s-%s-headless.%s.svc.cluster.local" .Release.Name .Values.postgres.name .Values.global.namespace }}
  DB_PORT: "{{ .Values.postgres.port }}"
  DB_NAME: {{ .Values.postgres.database | quote }}
  DB_USER: {{ .Values.postgres.user | quote }}
  DB_PASSWORD: {{ .Values.postgres.password | quote }}
  {{- end }}