mirror of
https://github.com/bitnami/charts.git
synced 2026-02-19 11:37:23 +08:00
[bitnami/postgresql] Update README with documentation of required keys for auth secrets (#9670)
* [bitnami/postgresql] Update values.yaml with more detailed documentation on auth secrets Signed-off-by: shakti-garg <shakti.garg@gmail.com> * [bitnami/postgresql] regenerate README documentation using readme-generator tool Signed-off-by: shakti-garg <shakti.garg@gmail.com> * [bitnami/postgresql] bump up patch version of chart Signed-off-by: shakti-garg <shakti.garg@gmail.com>
This commit is contained in:
shakti-garg
@@ -94,61 +94,61 @@ kubectl delete pvc -l release=my-release
|
||||
|
||||
### PostgreSQL common parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------ | -------------------------------------------------------------------------------------------------------------------- | -------------------------- |
|
||||
| `image.registry` | PostgreSQL image registry | `docker.io` |
|
||||
| `image.repository` | PostgreSQL image repository | `bitnami/postgresql` |
|
||||
| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `14.2.0-debian-10-r57` |
|
||||
| `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify image pull secrets | `[]` |
|
||||
| `image.debug` | Specify if debug values should be set | `false` |
|
||||
| `auth.enablePostgresUser` | Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user | `true` |
|
||||
| `auth.postgresPassword` | Password for the "postgres" admin user | `""` |
|
||||
| `auth.username` | Name for a custom user to create | `""` |
|
||||
| `auth.password` | Password for the custom user to create | `""` |
|
||||
| `auth.database` | Name for a custom database to create | `""` |
|
||||
| `auth.replicationUsername` | Name of the replication user | `repl_user` |
|
||||
| `auth.replicationPassword` | Password for the replication user | `""` |
|
||||
| `auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials | `""` |
|
||||
| `auth.usePasswordFiles` | Mount credentials as a files instead of using an environment variable | `false` |
|
||||
| `architecture` | PostgreSQL architecture (`standalone` or `replication`) | `standalone` |
|
||||
| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` |
|
||||
| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `readReplicas.replicaCount`. | `0` |
|
||||
| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` |
|
||||
| `containerPorts.postgresql` | PostgreSQL container port | `5432` |
|
||||
| `audit.logHostname` | Log client hostnames | `false` |
|
||||
| `audit.logConnections` | Add client log-in operations to the log file | `false` |
|
||||
| `audit.logDisconnections` | Add client log-outs operations to the log file | `false` |
|
||||
| `audit.pgAuditLog` | Add operations to log using the pgAudit extension | `""` |
|
||||
| `audit.pgAuditLogCatalog` | Log catalog using pgAudit | `off` |
|
||||
| `audit.clientMinMessages` | Message log level to share with the user | `error` |
|
||||
| `audit.logLinePrefix` | Template for log line prefix (default if not set) | `""` |
|
||||
| `audit.logTimezone` | Timezone for the log timestamps | `""` |
|
||||
| `ldap.enabled` | Enable LDAP support | `false` |
|
||||
| `ldap.url` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn` | `""` |
|
||||
| `ldap.server` | IP address or name of the LDAP server. | `""` |
|
||||
| `ldap.port` | Port number on the LDAP server to connect to | `""` |
|
||||
| `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `""` |
|
||||
| `ldap.suffix` | String to append to the user name when forming the DN to bind | `""` |
|
||||
| `ldap.baseDN` | Root DN to begin the search for the user in | `""` |
|
||||
| `ldap.bindDN` | DN of user to bind to LDAP | `""` |
|
||||
| `ldap.bind_password` | Password for the user to bind to LDAP | `""` |
|
||||
| `ldap.search_attr` | Attribute to match against the user name in the search | `""` |
|
||||
| `ldap.search_filter` | The search filter to use when doing search+bind authentication | `""` |
|
||||
| `ldap.scheme` | Set to `ldaps` to use LDAPS | `""` |
|
||||
| `ldap.tls` | Set to `1` to use TLS encryption | `""` |
|
||||
| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql/data` |
|
||||
| `postgresqlSharedPreloadLibraries` | Shared preload libraries (comma-separated list) | `pgaudit` |
|
||||
| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for PostgreSQL pod(s) | `true` |
|
||||
| `shmVolume.sizeLimit` | Set this to enable a size limit on the shm tmpfs | `""` |
|
||||
| `tls.enabled` | Enable TLS traffic support | `false` |
|
||||
| `tls.autoGenerated` | Generate automatically self-signed TLS certificates | `false` |
|
||||
| `tls.preferServerCiphers` | Whether to use the server's TLS cipher preferences rather than the client's | `true` |
|
||||
| `tls.certificatesSecret` | Name of an existing secret that contains the certificates | `""` |
|
||||
| `tls.certFilename` | Certificate filename | `""` |
|
||||
| `tls.certKeyFilename` | Certificate key filename | `""` |
|
||||
| `tls.certCAFilename` | CA Certificate filename | `""` |
|
||||
| `tls.crlFilename` | File containing a Certificate Revocation List | `""` |
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
|
||||
| `image.registry` | PostgreSQL image registry | `docker.io` |
|
||||
| `image.repository` | PostgreSQL image repository | `bitnami/postgresql` |
|
||||
| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `14.2.0-debian-10-r58` |
|
||||
| `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify image pull secrets | `[]` |
|
||||
| `image.debug` | Specify if debug values should be set | `false` |
|
||||
| `auth.enablePostgresUser` | Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user | `true` |
|
||||
| `auth.postgresPassword` | Password for the "postgres" admin user. Ignored if `auth.existingSecret` with key `postgres-password` is provided | `""` |
|
||||
| `auth.username` | Name for a custom user to create | `""` |
|
||||
| `auth.password` | Password for the custom user to create. Ignored if `auth.existingSecret` with key `password` is provided | `""` |
|
||||
| `auth.database` | Name for a custom database to create | `""` |
|
||||
| `auth.replicationUsername` | Name of the replication user | `repl_user` |
|
||||
| `auth.replicationPassword` | Password for the replication user. Ignored if `auth.existingSecret` with key `replication-password` is provided | `""` |
|
||||
| `auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials. The secret must contain the keys `postgres-password` (which is the password for "postgres" admin user), `password` (which is the password for the custom user to create when `auth.username` is set) and `replication-password` (which is the password for replication user). `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret. The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case. | `""` |
|
||||
| `auth.usePasswordFiles` | Mount credentials as a files instead of using an environment variable | `false` |
|
||||
| `architecture` | PostgreSQL architecture (`standalone` or `replication`) | `standalone` |
|
||||
| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` |
|
||||
| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `readReplicas.replicaCount`. | `0` |
|
||||
| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` |
|
||||
| `containerPorts.postgresql` | PostgreSQL container port | `5432` |
|
||||
| `audit.logHostname` | Log client hostnames | `false` |
|
||||
| `audit.logConnections` | Add client log-in operations to the log file | `false` |
|
||||
| `audit.logDisconnections` | Add client log-outs operations to the log file | `false` |
|
||||
| `audit.pgAuditLog` | Add operations to log using the pgAudit extension | `""` |
|
||||
| `audit.pgAuditLogCatalog` | Log catalog using pgAudit | `off` |
|
||||
| `audit.clientMinMessages` | Message log level to share with the user | `error` |
|
||||
| `audit.logLinePrefix` | Template for log line prefix (default if not set) | `""` |
|
||||
| `audit.logTimezone` | Timezone for the log timestamps | `""` |
|
||||
| `ldap.enabled` | Enable LDAP support | `false` |
|
||||
| `ldap.url` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn` | `""` |
|
||||
| `ldap.server` | IP address or name of the LDAP server. | `""` |
|
||||
| `ldap.port` | Port number on the LDAP server to connect to | `""` |
|
||||
| `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `""` |
|
||||
| `ldap.suffix` | String to append to the user name when forming the DN to bind | `""` |
|
||||
| `ldap.baseDN` | Root DN to begin the search for the user in | `""` |
|
||||
| `ldap.bindDN` | DN of user to bind to LDAP | `""` |
|
||||
| `ldap.bind_password` | Password for the user to bind to LDAP | `""` |
|
||||
| `ldap.search_attr` | Attribute to match against the user name in the search | `""` |
|
||||
| `ldap.search_filter` | The search filter to use when doing search+bind authentication | `""` |
|
||||
| `ldap.scheme` | Set to `ldaps` to use LDAPS | `""` |
|
||||
| `ldap.tls` | Set to `1` to use TLS encryption | `""` |
|
||||
| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql/data` |
|
||||
| `postgresqlSharedPreloadLibraries` | Shared preload libraries (comma-separated list) | `pgaudit` |
|
||||
| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for PostgreSQL pod(s) | `true` |
|
||||
| `shmVolume.sizeLimit` | Set this to enable a size limit on the shm tmpfs | `""` |
|
||||
| `tls.enabled` | Enable TLS traffic support | `false` |
|
||||
| `tls.autoGenerated` | Generate automatically self-signed TLS certificates | `false` |
|
||||
| `tls.preferServerCiphers` | Whether to use the server's TLS cipher preferences rather than the client's | `true` |
|
||||
| `tls.certificatesSecret` | Name of an existing secret that contains the certificates | `""` |
|
||||
| `tls.certFilename` | Certificate filename | `""` |
|
||||
| `tls.certKeyFilename` | Certificate key filename | `""` |
|
||||
| `tls.certCAFilename` | CA Certificate filename | `""` |
|
||||
| `tls.crlFilename` | File containing a Certificate Revocation List | `""` |
|
||||
|
||||
|
||||
### PostgreSQL Primary parameters
|
||||
@@ -391,7 +391,7 @@ kubectl delete pvc -l release=my-release
|
||||
| `metrics.enabled` | Start a prometheus exporter | `false` |
|
||||
| `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `docker.io` |
|
||||
| `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `bitnami/postgres-exporter` |
|
||||
| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.10.1-debian-10-r75` |
|
||||
| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.10.1-debian-10-r76` |
|
||||
| `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` |
|
||||
| `metrics.image.pullSecrets` | Specify image pull secrets | `[]` |
|
||||
| `metrics.customMetrics` | Define additional custom metrics | `{}` |
|
||||
|
||||
@@ -113,13 +113,13 @@ auth:
|
||||
## @param auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user
|
||||
##
|
||||
enablePostgresUser: true
|
||||
## @param auth.postgresPassword Password for the "postgres" admin user
|
||||
## @param auth.postgresPassword Password for the "postgres" admin user. Ignored if `auth.existingSecret` with key `postgres-password` is provided
|
||||
##
|
||||
postgresPassword: ""
|
||||
## @param auth.username Name for a custom user to create
|
||||
##
|
||||
username: ""
|
||||
## @param auth.password Password for the custom user to create
|
||||
## @param auth.password Password for the custom user to create. Ignored if `auth.existingSecret` with key `password` is provided
|
||||
##
|
||||
password: ""
|
||||
## @param auth.database Name for a custom database to create
|
||||
@@ -128,16 +128,10 @@ auth:
|
||||
## @param auth.replicationUsername Name of the replication user
|
||||
##
|
||||
replicationUsername: repl_user
|
||||
## @param auth.replicationPassword Password for the replication user
|
||||
## @param auth.replicationPassword Password for the replication user. Ignored if `auth.existingSecret` with key `replication-password` is provided
|
||||
##
|
||||
replicationPassword: ""
|
||||
## @param auth.existingSecret Name of existing secret to use for PostgreSQL credentials
|
||||
## `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret
|
||||
## The secret must contain the keys `postgres-password` (which is the password for "postgres" admin user),
|
||||
## `password` (which is the password for the custom user to create when `auth.username` is set),
|
||||
## and `replication-password` (which is the password for replication user).
|
||||
## The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and
|
||||
## picked from this secret in this case.
|
||||
## @param auth.existingSecret Name of existing secret to use for PostgreSQL credentials. The secret must contain the keys `postgres-password` (which is the password for "postgres" admin user), `password` (which is the password for the custom user to create when `auth.username` is set) and `replication-password` (which is the password for replication user). `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret. The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case.
|
||||
## The value is evaluated as a template.
|
||||
##
|
||||
existingSecret: ""
|
||||
|
||||
Reference in New Issue
Block a user