mirror of
https://github.com/bitnami/charts.git
synced 2026-03-11 15:37:20 +08:00
Fix postgres secret keys (#15023)
* [bitnami/postgresql] Fix postgres secretKeys Signed-off-by: David Gomez <dgomezleon@vmware.com> * [bitnami/postgresql] Fix descriptions Signed-off-by: David Gomez <dgomezleon@vmware.com> * [bitnami/postgresql] Update NOTES Signed-off-by: David Gomez <dgomezleon@vmware.com> * [bitnami/nginx] Fix NOTES Signed-off-by: David Gomez <dgomezleon@vmware.com> * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> --------- Signed-off-by: David Gomez <dgomezleon@vmware.com> Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com>
This commit is contained in:
David Gomez
@@ -106,12 +106,12 @@ kubectl delete pvc -l release=my-release
|
||||
| `image.pullSecrets` | Specify image pull secrets | `[]` |
|
||||
| `image.debug` | Specify if debug values should be set | `false` |
|
||||
| `auth.enablePostgresUser` | Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user | `true` |
|
||||
| `auth.postgresPassword` | Password for the "postgres" admin user. Ignored if `auth.existingSecret` with key `postgres-password` is provided | `""` |
|
||||
| `auth.postgresPassword` | Password for the "postgres" admin user. Ignored if `auth.existingSecret` is provided | `""` |
|
||||
| `auth.username` | Name for a custom user to create | `""` |
|
||||
| `auth.password` | Password for the custom user to create. Ignored if `auth.existingSecret` with key `password` is provided | `""` |
|
||||
| `auth.password` | Password for the custom user to create. Ignored if `auth.existingSecret` is provided | `""` |
|
||||
| `auth.database` | Name for a custom database to create | `""` |
|
||||
| `auth.replicationUsername` | Name of the replication user | `repl_user` |
|
||||
| `auth.replicationPassword` | Password for the replication user. Ignored if `auth.existingSecret` with key `replication-password` is provided | `""` |
|
||||
| `auth.replicationPassword` | Password for the replication user. Ignored if `auth.existingSecret` is provided | `""` |
|
||||
| `auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials. `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret. The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case. | `""` |
|
||||
| `auth.secretKeys.adminPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `postgres-password` |
|
||||
| `auth.secretKeys.userPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `password` |
|
||||
@@ -458,7 +458,6 @@ kubectl delete pvc -l release=my-release
|
||||
| `metrics.prometheusRule.rules` | PrometheusRule definitions | `[]` |
|
||||
|
||||
|
||||
|
||||
```console
|
||||
helm install my-release \
|
||||
--set auth.postgresPassword=secretpassword
|
||||
|
||||
@@ -39,17 +39,17 @@ PostgreSQL can be accessed via port {{ include "postgresql.service.port" . }} on
|
||||
|
||||
To get the password for "postgres" run:
|
||||
|
||||
export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "postgresql.secretName" . }} -o jsonpath="{.data.postgres-password}" | base64 -d)
|
||||
export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "postgresql.secretName" . }} -o jsonpath="{.data.{{include "postgresql.adminPasswordKey" .}}}" | base64 -d)
|
||||
|
||||
To get the password for "{{ $customUser }}" run:
|
||||
|
||||
export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "postgresql.secretName" . }} -o jsonpath="{.data.password}" | base64 -d)
|
||||
export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "postgresql.secretName" . }} -o jsonpath="{.data.{{include "postgresql.userPasswordKey" .}}}" | base64 -d)
|
||||
|
||||
{{- else }}
|
||||
|
||||
To get the password for "{{ default "postgres" $customUser }}" run:
|
||||
|
||||
export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "postgresql.secretName" . }} -o jsonpath="{.data.{{ ternary "password" "postgres-password" (and (not (empty $customUser)) (ne $customUser "postgres")) }}}" | base64 -d)
|
||||
export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "postgresql.secretName" . }} -o jsonpath="{.data.{{ ternary "password" (include "postgresql.adminPasswordKey" .) (and (not (empty $customUser)) (ne $customUser "postgres")) }}}" | base64 -d)
|
||||
|
||||
{{- end }}
|
||||
|
||||
|
||||
@@ -2,11 +2,11 @@
|
||||
{{- $port := include "postgresql.service.port" . }}
|
||||
{{- $postgresPassword := "" }}
|
||||
{{- if .Values.auth.enablePostgresUser }}
|
||||
{{- $postgresPassword = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" "postgres-password" "providedValues" (list "global.postgresql.auth.postgresPassword" "auth.postgresPassword") "context" $) | trimAll "\"" | b64dec }}
|
||||
{{- $postgresPassword = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" $.Values.auth.secretKeys.adminPasswordKey "providedValues" (list "global.postgresql.auth.postgresPassword" "auth.postgresPassword") "context" $) | trimAll "\"" | b64dec }}
|
||||
{{- end }}
|
||||
{{- $replicationPassword := "" }}
|
||||
{{- if eq .Values.architecture "replication" }}
|
||||
{{- $replicationPassword = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" "replication-password" "providedValues" (list "auth.replicationPassword") "context" $) | trimAll "\"" | b64dec }}
|
||||
{{- $replicationPassword = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" $.Values.auth.secretKeys.replicationPasswordKey "providedValues" (list "auth.replicationPassword") "context" $) | trimAll "\"" | b64dec }}
|
||||
{{- end }}
|
||||
{{- $ldapPassword := "" }}
|
||||
{{- if and .Values.ldap.enabled (or .Values.ldap.bind_password .Values.ldap.bindpw) }}
|
||||
@@ -15,7 +15,7 @@
|
||||
{{- $customUser := include "postgresql.username" . }}
|
||||
{{- $password := "" }}
|
||||
{{- if not (empty (include "postgresql.username" .)) }}
|
||||
{{- $password = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" "password" "providedValues" (list "global.postgresql.auth.password" "auth.password") "context" $) | trimAll "\"" | b64dec }}
|
||||
{{- $password = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" $.Values.auth.secretKeys.userPasswordKey "providedValues" (list "global.postgresql.auth.password" "auth.password") "context" $) | trimAll "\"" | b64dec }}
|
||||
{{- end }}
|
||||
{{- $database := include "postgresql.database" . }}
|
||||
{{- if (include "postgresql.createSecret" .) }}
|
||||
|
||||
@@ -122,13 +122,13 @@ auth:
|
||||
## @param auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user
|
||||
##
|
||||
enablePostgresUser: true
|
||||
## @param auth.postgresPassword Password for the "postgres" admin user. Ignored if `auth.existingSecret` with key `postgres-password` is provided
|
||||
## @param auth.postgresPassword Password for the "postgres" admin user. Ignored if `auth.existingSecret` is provided
|
||||
##
|
||||
postgresPassword: ""
|
||||
## @param auth.username Name for a custom user to create
|
||||
##
|
||||
username: ""
|
||||
## @param auth.password Password for the custom user to create. Ignored if `auth.existingSecret` with key `password` is provided
|
||||
## @param auth.password Password for the custom user to create. Ignored if `auth.existingSecret` is provided
|
||||
##
|
||||
password: ""
|
||||
## @param auth.database Name for a custom database to create
|
||||
@@ -137,7 +137,7 @@ auth:
|
||||
## @param auth.replicationUsername Name of the replication user
|
||||
##
|
||||
replicationUsername: repl_user
|
||||
## @param auth.replicationPassword Password for the replication user. Ignored if `auth.existingSecret` with key `replication-password` is provided
|
||||
## @param auth.replicationPassword Password for the replication user. Ignored if `auth.existingSecret` is provided
|
||||
##
|
||||
replicationPassword: ""
|
||||
## @param auth.existingSecret Name of existing secret to use for PostgreSQL credentials. `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret. The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case.
|
||||
|
||||
Reference in New Issue
Block a user