mirror of
https://github.com/bitnami/charts.git
synced 2026-02-28 07:28:01 +08:00
[bitnami/postgresql-ha] Add option to set postgres user password (#2518)
* [bitnami/postgresql-ha] Add documentation for usePasswordFile option The `postgresql.usePasswordFile` option was previously added to mount passwords as a volume rather than in environment variables but was not documented. * [bitnami/postgresql-ha] Add postgresqlPassword option When `postgresql.username` is not `postgres`, a new user is created that only has permissions for the database created with `postgresql.database` and the `postgres` user does not have a password and cannot be accessed remotely. This commit adds the `postgresql.postgresPassword` property that can be used to specify the password for the `postgres` user when `postgresql.username` is set to a different user. Resolves #2470.
This commit is contained in:
Michael Smith
@@ -1,6 +1,6 @@
|
||||
apiVersion: v1
|
||||
name: postgresql-ha
|
||||
version: 3.2.1
|
||||
version: 3.2.2
|
||||
appVersion: 11.7.0
|
||||
description: Chart for PostgreSQL with HA architecture (using Replication Manager (repmgr) and Pgpool).
|
||||
keywords:
|
||||
|
||||
@@ -92,7 +92,9 @@ The following table lists the configurable parameters of the PostgreSQL HA chart
|
||||
| `postgresql.pdb.maxUnavailable` | Maximum number / percentage of pods that may be made unavailable | `nil` |
|
||||
| `postgresql.username` | PostgreSQL username | `postgres` |
|
||||
| `postgresql.password` | PostgreSQL password | `nil` |
|
||||
| `postgresql.postgresPassword` | PostgreSQL password for the `postgres` user when `username` is not `postgres` | `nil` |
|
||||
| `postgresql.database` | PostgreSQL database | `postgres` |
|
||||
| `postgresql.usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` |
|
||||
| `postgresql.upgradeRepmgrExtension` | Upgrade repmgr extension in the database | `false` |
|
||||
| `postgresql.pgHbaTrustAll` | Configures PostgreSQL HBA to trust every user | `false` |
|
||||
| `postgresql.repmgrUsername` | PostgreSQL repmgr username | `repmgr` |
|
||||
@@ -140,11 +142,11 @@ The following table lists the configurable parameters of the PostgreSQL HA chart
|
||||
| `pgpool.pdb.maxUnavailable` | Maximum number / percentage of pods that may be made unavailable | `nil` |
|
||||
| `pgpool.adminUsername` | Pgpool Admin username | `admin` |
|
||||
| `pgpool.adminPassword` | Pgpool Admin password | `nil` |
|
||||
| `pgpool.maxPool` | The maximum number of cached connections in each child process | `15` |
|
||||
| `pgpool.numInitChildren` | The number of preforked Pgpool-II server processes. | `32` |
|
||||
| `pgpool.maxPool` | The maximum number of cached connections in each child process | `15` |
|
||||
| `pgpool.numInitChildren` | The number of preforked Pgpool-II server processes. | `32` |
|
||||
| `pgpool.configuration` | Content of pgpool.conf | `nil` |
|
||||
| `pgpool.configurationCM` | ConfigMap with the Pgpool configuration file (Note: Overrides `pgpol.configuration`) | `nil` (The value is evaluated as a template) |
|
||||
| `pgpool.useLoadBalancing` | If true, use Pgpool Load-Balancing | `true` |
|
||||
| `pgpool.useLoadBalancing` | If true, use Pgpool Load-Balancing | `true` |
|
||||
| **LDAP** | | |
|
||||
| `ldap.enabled` | Enable LDAP support | `false` |
|
||||
| `ldap.existingSecret` | Name of existing secret to use for LDAP passwords | `nil` |
|
||||
|
||||
@@ -233,6 +233,25 @@ Also, we can't use a single if because lazy evaluation is not an option
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return PostgreSQL postgres user password
|
||||
*/}}
|
||||
{{- define "postgresql-ha.postgresqlPostgresPassword" -}}
|
||||
{{- if .Values.global }}
|
||||
{{- if .Values.global.postgresql }}
|
||||
{{- if .Values.global.postgresql.postgresPassword }}
|
||||
{{- .Values.global.postgresql.postgresPassword -}}
|
||||
{{- else -}}
|
||||
{{- ternary (randAlphaNum 10) .Values.postgresql.postgresPassword (empty .Values.postgresql.postgresPassword) -}}
|
||||
{{- end -}}
|
||||
{{- else -}}
|
||||
{{- ternary (randAlphaNum 10) .Values.postgresql.postgresPassword (empty .Values.postgresql.postgresPassword) -}}
|
||||
{{- end -}}
|
||||
{{- else -}}
|
||||
{{- ternary (randAlphaNum 10) .Values.postgresql.postgresPassword (empty .Values.postgresql.postgresPassword) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the PostgreSQL password
|
||||
*/}}
|
||||
|
||||
@@ -7,6 +7,9 @@ metadata:
|
||||
app.kubernetes.io/component: postgresql
|
||||
type: Opaque
|
||||
data:
|
||||
{{- if and (include "postgresql-ha.postgresqlPostgresPassword" .) (not (eq (include "postgresql-ha.postgresqlUsername" .) "postgres")) }}
|
||||
postgresql-postgres-password: {{ include "postgresql-ha.postgresqlPostgresPassword" . | b64enc | quote }}
|
||||
{{- end }}
|
||||
postgresql-password: {{ (include "postgresql-ha.postgresqlPassword" .) | b64enc | quote }}
|
||||
repmgr-password: {{ (include "postgresql-ha.postgresqlRepmgrPassword" .) | b64enc | quote }}
|
||||
{{- end -}}
|
||||
|
||||
@@ -93,6 +93,18 @@ spec:
|
||||
value: {{ .Values.persistence.mountPath | quote }}
|
||||
- name: PGDATA
|
||||
value: {{ printf "%s/%s" .Values.persistence.mountPath "data" | quote }}
|
||||
{{- if and .Values.postgresql.postgresPassword (not (eq .Values.postgresql.username "postgres")) }}
|
||||
{{- if .Values.postgresql.usePasswordFile }}
|
||||
- name: POSTGRES_POSTGRES_PASSWORD_FILE
|
||||
value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password"
|
||||
{{- else }}
|
||||
- name: POSTGRES_POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "postgresql-ha.postgresqlSecretName" . }}
|
||||
key: postgresql-postgres-password
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- name: POSTGRES_USER
|
||||
value: {{ (include "postgresql-ha.postgresqlUsername" .) | quote }}
|
||||
{{- if .Values.postgresql.usePasswordFile }}
|
||||
|
||||
@@ -29,7 +29,7 @@
|
||||
postgresqlImage:
|
||||
registry: docker.io
|
||||
repository: bitnami/postgresql-repmgr
|
||||
tag: 11.7.0-debian-10-r97
|
||||
tag: 11.7.0-debian-10-r102
|
||||
## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
||||
##
|
||||
@@ -51,7 +51,7 @@ postgresqlImage:
|
||||
pgpoolImage:
|
||||
registry: docker.io
|
||||
repository: bitnami/pgpool
|
||||
tag: 4.1.1-debian-10-r77
|
||||
tag: 4.1.1-debian-10-r82
|
||||
## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
||||
##
|
||||
@@ -90,7 +90,7 @@ volumePermissionsImage:
|
||||
metricsImage:
|
||||
registry: docker.io
|
||||
repository: bitnami/postgres-exporter
|
||||
tag: 0.8.0-debian-10-r99
|
||||
tag: 0.8.0-debian-10-r104
|
||||
## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
||||
##
|
||||
@@ -219,6 +219,13 @@ postgresql:
|
||||
# password:
|
||||
# database:
|
||||
|
||||
## PostgreSQL admin password (used when `postgresql.username` is not `postgres`)
|
||||
## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!)
|
||||
# postgresPassword:
|
||||
|
||||
## Mount PostgreSQL secret as a file instead of passing environment variable
|
||||
# usePasswordFile: false
|
||||
|
||||
## Upgrade repmgr extension in the database
|
||||
##
|
||||
upgradeRepmgrExtension: false
|
||||
|
||||
@@ -29,7 +29,7 @@
|
||||
postgresqlImage:
|
||||
registry: docker.io
|
||||
repository: bitnami/postgresql-repmgr
|
||||
tag: 11.7.0-debian-10-r97
|
||||
tag: 11.7.0-debian-10-r102
|
||||
## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
||||
##
|
||||
@@ -51,7 +51,7 @@ postgresqlImage:
|
||||
pgpoolImage:
|
||||
registry: docker.io
|
||||
repository: bitnami/pgpool
|
||||
tag: 4.1.1-debian-10-r77
|
||||
tag: 4.1.1-debian-10-r82
|
||||
## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
||||
##
|
||||
@@ -90,7 +90,7 @@ volumePermissionsImage:
|
||||
metricsImage:
|
||||
registry: docker.io
|
||||
repository: bitnami/postgres-exporter
|
||||
tag: 0.8.0-debian-10-r99
|
||||
tag: 0.8.0-debian-10-r104
|
||||
## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
||||
##
|
||||
@@ -219,6 +219,13 @@ postgresql:
|
||||
# password:
|
||||
# database:
|
||||
|
||||
## PostgreSQL admin password (used when `postgresql.username` is not `postgres`)
|
||||
## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!)
|
||||
# postgresPassword:
|
||||
|
||||
## Mount PostgreSQL secret as a file instead of passing environment variable
|
||||
# usePasswordFile: false
|
||||
|
||||
## Upgrade repmgr extension in the database
|
||||
##
|
||||
upgradeRepmgrExtension: false
|
||||
|
||||
Reference in New Issue
Block a user