mirror of
https://github.com/bitnami/charts.git
synced 2026-03-16 06:47:30 +08:00
[bitnami/postgresql-ha] feat!: 🔒 ♻️ Refactor and enable networkPolicy (#22748)
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
committed by
GitHub
GitHub
parent
94ef9a9434
commit
9147d5d7c1
@@ -184,6 +184,12 @@ Additionally, if `persistence.resourcePolicy` is set to `keep`, you should manua
|
||||
| `postgresql.customLivenessProbe` | Override default liveness probe | `{}` |
|
||||
| `postgresql.customReadinessProbe` | Override default readiness probe | `{}` |
|
||||
| `postgresql.customStartupProbe` | Override default startup probe | `{}` |
|
||||
| `postgresql.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
|
||||
| `postgresql.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
|
||||
| `postgresql.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
|
||||
| `postgresql.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||
| `postgresql.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
|
||||
| `postgresql.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
|
||||
| `postgresql.pdb.create` | Specifies whether to create a Pod disruption budget for PostgreSQL with Repmgr | `false` |
|
||||
| `postgresql.pdb.minAvailable` | Minimum number / percentage of pods that should remain scheduled | `1` |
|
||||
| `postgresql.pdb.maxUnavailable` | Maximum number / percentage of pods that may be made unavailable | `""` |
|
||||
@@ -433,6 +439,12 @@ Additionally, if `persistence.resourcePolicy` is set to `keep`, you should manua
|
||||
| `pgpool.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
|
||||
| `pgpool.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` |
|
||||
| `pgpool.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `pgpool.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
|
||||
| `pgpool.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
|
||||
| `pgpool.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
|
||||
| `pgpool.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||
| `pgpool.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
|
||||
| `pgpool.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
|
||||
| `pgpool.pdb.create` | Specifies whether a Pod disruption budget should be created for Pgpool pods | `false` |
|
||||
| `pgpool.pdb.minAvailable` | Minimum number / percentage of pods that should remain scheduled | `1` |
|
||||
| `pgpool.pdb.maxUnavailable` | Maximum number / percentage of pods that may be made unavailable | `""` |
|
||||
@@ -657,10 +669,6 @@ Additionally, if `persistence.resourcePolicy` is set to `keep`, you should manua
|
||||
| `backup.cronjob.storage.mountPath` | Path to mount the volume at | `/backup/pgdump` |
|
||||
| `backup.cronjob.storage.subPath` | Subdirectory of the volume to mount at | `""` |
|
||||
| `backup.cronjob.storage.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` |
|
||||
| `networkPolicy.enabled` | Enable NetworkPolicy | `false` |
|
||||
| `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
|
||||
| `networkPolicy.egressRules.denyConnectionsToExternal` | Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53) | `false` |
|
||||
| `networkPolicy.egressRules.customRules` | Custom network policy rule | `{}` |
|
||||
|
||||
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
|
||||
|
||||
@@ -946,6 +954,12 @@ helm upgrade my-release oci://REGISTRY_NAME/REPOSITORY_NAME/postgresql-ha \
|
||||
> Note: you need to substitute the placeholders *[POSTGRES_PASSWORD]*, and *[REPMGR_PASSWORD]* with the values obtained from instructions in the installation notes.
|
||||
> Note: As general rule, it is always wise to do a backup before the upgrading procedures.
|
||||
|
||||
### To 13.0.0
|
||||
|
||||
This major version adapts the NetworkPolicy objects to the most recent Bitnami standards. Now there is a separate object for `pgpool` and for `postgresql`, being located in their corresponding sections. It is also enabled by default in other to comply with the best security standards.
|
||||
|
||||
Check the parameter section for the new value structure.
|
||||
|
||||
### To 12.0.0
|
||||
|
||||
This major version updates the PostgreSQL container image version used from 15 to 16, the new stable version. There are no major changes in the chart, but we recommend checking the [PostgreSQL 16 release notes](https://www.postgresql.org/docs/current/release-16.html) before upgrading.
|
||||
|
||||
Reference in New Issue
Block a user