mirror of
https://github.com/bitnami/charts.git
synced 2026-02-10 20:27:38 +08:00
[bitnami/postgresql] fix(backup): mount secrets with password file (#33144)
* [bitnami/postgresql] fix(backup): mount secrets with password file Signed-off-by: Fran Mulero <francisco-jose.mulero@broadcom.com> * Update CHANGELOG.md Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> * Remove unnecessary 'and' Signed-off-by: Fran Mulero <francisco-jose.mulero@broadcom.com> * Update CHANGELOG.md Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> * Update CHANGELOG.md Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> * Update CHANGELOG.md Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> --------- Signed-off-by: Fran Mulero <francisco-jose.mulero@broadcom.com> Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> Co-authored-by: Bitnami Bot <bitnami.bot@broadcom.com>
This commit is contained in:
Fran Mulero
@@ -1,8 +1,12 @@
|
||||
# Changelog
|
||||
|
||||
## 16.6.5 (2025-04-24)
|
||||
## 16.6.6 (2025-04-24)
|
||||
|
||||
* [bitnami/postgresql] Release 16.6.5 ([#33165](https://github.com/bitnami/charts/pull/33165))
|
||||
* [bitnami/postgresql] fix(backup): mount secrets with password file ([#33144](https://github.com/bitnami/charts/pull/33144))
|
||||
|
||||
## <small>16.6.5 (2025-04-24)</small>
|
||||
|
||||
* [bitnami/postgresql] Release 16.6.5 (#33165) ([67bec6a](https://github.com/bitnami/charts/commit/67bec6a685cbec208524c7f67397e2a55549b187)), closes [#33165](https://github.com/bitnami/charts/issues/33165)
|
||||
|
||||
## <small>16.6.4 (2025-04-23)</small>
|
||||
|
||||
|
||||
@@ -36,4 +36,4 @@ maintainers:
|
||||
name: postgresql
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/postgresql
|
||||
version: 16.6.5
|
||||
version: 16.6.6
|
||||
|
||||
@@ -691,52 +691,52 @@ If you already have data in it, you will fail to sync to standby nodes for all c
|
||||
|
||||
### Backup parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| `backup.enabled` | Enable the logical dump of the database "regularly" | `false` |
|
||||
| `backup.cronjob.schedule` | Set the cronjob parameter schedule | `@daily` |
|
||||
| `backup.cronjob.timeZone` | Set the cronjob parameter timeZone | `""` |
|
||||
| `backup.cronjob.concurrencyPolicy` | Set the cronjob parameter concurrencyPolicy | `Allow` |
|
||||
| `backup.cronjob.failedJobsHistoryLimit` | Set the cronjob parameter failedJobsHistoryLimit | `1` |
|
||||
| `backup.cronjob.successfulJobsHistoryLimit` | Set the cronjob parameter successfulJobsHistoryLimit | `3` |
|
||||
| `backup.cronjob.startingDeadlineSeconds` | Set the cronjob parameter startingDeadlineSeconds | `""` |
|
||||
| `backup.cronjob.ttlSecondsAfterFinished` | Set the cronjob parameter ttlSecondsAfterFinished | `""` |
|
||||
| `backup.cronjob.restartPolicy` | Set the cronjob parameter restartPolicy | `OnFailure` |
|
||||
| `backup.cronjob.podSecurityContext.enabled` | Enable PodSecurityContext for CronJob/Backup | `true` |
|
||||
| `backup.cronjob.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `backup.cronjob.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `backup.cronjob.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `backup.cronjob.podSecurityContext.fsGroup` | Group ID for the CronJob | `1001` |
|
||||
| `backup.cronjob.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `backup.cronjob.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
|
||||
| `backup.cronjob.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `backup.cronjob.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
|
||||
| `backup.cronjob.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `backup.cronjob.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `backup.cronjob.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
|
||||
| `backup.cronjob.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `backup.cronjob.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `backup.cronjob.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `backup.cronjob.command` | Set backup container's command to run | `["/bin/sh","-c","pg_dumpall --clean --if-exists --load-via-partition-root --quote-all-identifiers --no-password --file=${PGDUMP_DIR}/pg_dumpall-$(date '+%Y-%m-%d-%H-%M').pgdump"]` |
|
||||
| `backup.cronjob.labels` | Set the cronjob labels | `{}` |
|
||||
| `backup.cronjob.annotations` | Set the cronjob annotations | `{}` |
|
||||
| `backup.cronjob.nodeSelector` | Node labels for PostgreSQL backup CronJob pod assignment | `{}` |
|
||||
| `backup.cronjob.tolerations` | Tolerations for PostgreSQL backup CronJob pods assignment | `[]` |
|
||||
| `backup.cronjob.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if backup.cronjob.resources is set (backup.cronjob.resources is recommended for production). | `nano` |
|
||||
| `backup.cronjob.resources` | Set container requests and limits for different resources like CPU or memory | `{}` |
|
||||
| `backup.cronjob.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
|
||||
| `backup.cronjob.storage.enabled` | Enable using a `PersistentVolumeClaim` as backup data volume | `true` |
|
||||
| `backup.cronjob.storage.existingClaim` | Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) | `""` |
|
||||
| `backup.cronjob.storage.resourcePolicy` | Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted | `""` |
|
||||
| `backup.cronjob.storage.storageClass` | PVC Storage Class for the backup data volume | `""` |
|
||||
| `backup.cronjob.storage.accessModes` | PV Access Mode | `["ReadWriteOnce"]` |
|
||||
| `backup.cronjob.storage.size` | PVC Storage Request for the backup data volume | `8Gi` |
|
||||
| `backup.cronjob.storage.annotations` | PVC annotations | `{}` |
|
||||
| `backup.cronjob.storage.mountPath` | Path to mount the volume at | `/backup/pgdump` |
|
||||
| `backup.cronjob.storage.subPath` | Subdirectory of the volume to mount at | `""` |
|
||||
| `backup.cronjob.storage.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` |
|
||||
| `backup.cronjob.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the backup container | `[]` |
|
||||
| `backup.cronjob.extraVolumes` | Optionally specify extra list of additional volumes for the backup container | `[]` |
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `backup.enabled` | Enable the logical dump of the database "regularly" | `false` |
|
||||
| `backup.cronjob.schedule` | Set the cronjob parameter schedule | `@daily` |
|
||||
| `backup.cronjob.timeZone` | Set the cronjob parameter timeZone | `""` |
|
||||
| `backup.cronjob.concurrencyPolicy` | Set the cronjob parameter concurrencyPolicy | `Allow` |
|
||||
| `backup.cronjob.failedJobsHistoryLimit` | Set the cronjob parameter failedJobsHistoryLimit | `1` |
|
||||
| `backup.cronjob.successfulJobsHistoryLimit` | Set the cronjob parameter successfulJobsHistoryLimit | `3` |
|
||||
| `backup.cronjob.startingDeadlineSeconds` | Set the cronjob parameter startingDeadlineSeconds | `""` |
|
||||
| `backup.cronjob.ttlSecondsAfterFinished` | Set the cronjob parameter ttlSecondsAfterFinished | `""` |
|
||||
| `backup.cronjob.restartPolicy` | Set the cronjob parameter restartPolicy | `OnFailure` |
|
||||
| `backup.cronjob.podSecurityContext.enabled` | Enable PodSecurityContext for CronJob/Backup | `true` |
|
||||
| `backup.cronjob.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `backup.cronjob.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `backup.cronjob.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `backup.cronjob.podSecurityContext.fsGroup` | Group ID for the CronJob | `1001` |
|
||||
| `backup.cronjob.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `backup.cronjob.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
|
||||
| `backup.cronjob.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `backup.cronjob.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
|
||||
| `backup.cronjob.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `backup.cronjob.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `backup.cronjob.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
|
||||
| `backup.cronjob.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `backup.cronjob.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `backup.cronjob.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `backup.cronjob.command` | Set backup container's command to run | `["/bin/bash","-c","PGPASSWORD=\"${PGPASSWORD:-$(< \"$PGPASSWORD_FILE\")}\" pg_dumpall --clean --if-exists --load-via-partition-root --quote-all-identifiers --no-password --file=\"${PGDUMP_DIR}/pg_dumpall-$(date '+%Y-%m-%d-%H-%M').pgdump\""]` |
|
||||
| `backup.cronjob.labels` | Set the cronjob labels | `{}` |
|
||||
| `backup.cronjob.annotations` | Set the cronjob annotations | `{}` |
|
||||
| `backup.cronjob.nodeSelector` | Node labels for PostgreSQL backup CronJob pod assignment | `{}` |
|
||||
| `backup.cronjob.tolerations` | Tolerations for PostgreSQL backup CronJob pods assignment | `[]` |
|
||||
| `backup.cronjob.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if backup.cronjob.resources is set (backup.cronjob.resources is recommended for production). | `nano` |
|
||||
| `backup.cronjob.resources` | Set container requests and limits for different resources like CPU or memory | `{}` |
|
||||
| `backup.cronjob.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
|
||||
| `backup.cronjob.storage.enabled` | Enable using a `PersistentVolumeClaim` as backup data volume | `true` |
|
||||
| `backup.cronjob.storage.existingClaim` | Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) | `""` |
|
||||
| `backup.cronjob.storage.resourcePolicy` | Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted | `""` |
|
||||
| `backup.cronjob.storage.storageClass` | PVC Storage Class for the backup data volume | `""` |
|
||||
| `backup.cronjob.storage.accessModes` | PV Access Mode | `["ReadWriteOnce"]` |
|
||||
| `backup.cronjob.storage.size` | PVC Storage Request for the backup data volume | `8Gi` |
|
||||
| `backup.cronjob.storage.annotations` | PVC annotations | `{}` |
|
||||
| `backup.cronjob.storage.mountPath` | Path to mount the volume at | `/backup/pgdump` |
|
||||
| `backup.cronjob.storage.subPath` | Subdirectory of the volume to mount at | `""` |
|
||||
| `backup.cronjob.storage.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` |
|
||||
| `backup.cronjob.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the backup container | `[]` |
|
||||
| `backup.cronjob.extraVolumes` | Optionally specify extra list of additional volumes for the backup container | `[]` |
|
||||
|
||||
### Password update job
|
||||
|
||||
|
||||
@@ -60,7 +60,7 @@ spec:
|
||||
value: {{ $customUser | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.auth.usePasswordFiles }}
|
||||
- name: PGPASSFILE
|
||||
- name: PGPASSWORD_FILE
|
||||
value: {{ printf "/opt/bitnami/postgresql/secrets/%s" (include "postgresql.v1.adminPasswordKey" .) }}
|
||||
{{- else }}
|
||||
- name: PGPASSWORD
|
||||
@@ -97,6 +97,10 @@ spec:
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
{{- if .Values.auth.usePasswordFiles }}
|
||||
- name: postgresql-password
|
||||
mountPath: /opt/bitnami/postgresql/secrets/
|
||||
{{- end }}
|
||||
{{- if .Values.backup.cronjob.extraVolumeMounts }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.backup.cronjob.extraVolumeMounts "context" $) | nindent 14 }}
|
||||
{{- end }}
|
||||
@@ -132,6 +136,11 @@ spec:
|
||||
{{- end }}
|
||||
- name: empty-dir
|
||||
emptyDir: {}
|
||||
{{- if .Values.auth.usePasswordFiles }}
|
||||
- name: postgresql-password
|
||||
secret:
|
||||
secretName: {{ include "postgresql.v1.secretName" . }}
|
||||
{{- end }}
|
||||
{{- if .Values.backup.cronjob.extraVolumes }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.backup.cronjob.extraVolumes "context" $ ) | nindent 12 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -1357,9 +1357,9 @@ backup:
|
||||
type: "RuntimeDefault"
|
||||
## @param backup.cronjob.command Set backup container's command to run
|
||||
command:
|
||||
- /bin/sh
|
||||
- /bin/bash
|
||||
- -c
|
||||
- "pg_dumpall --clean --if-exists --load-via-partition-root --quote-all-identifiers --no-password --file=${PGDUMP_DIR}/pg_dumpall-$(date '+%Y-%m-%d-%H-%M').pgdump"
|
||||
- PGPASSWORD="${PGPASSWORD:-$(< "$PGPASSWORD_FILE")}" pg_dumpall --clean --if-exists --load-via-partition-root --quote-all-identifiers --no-password --file="${PGDUMP_DIR}/pg_dumpall-$(date '+%Y-%m-%d-%H-%M').pgdump"
|
||||
## @param backup.cronjob.labels Set the cronjob labels
|
||||
labels: {}
|
||||
## @param backup.cronjob.annotations Set the cronjob annotations
|
||||
|
||||
Reference in New Issue
Block a user