diff --git a/bitnami/postgresql-ha/Chart.yaml b/bitnami/postgresql-ha/Chart.yaml index 818ad35d27..e508b2dea5 100644 --- a/bitnami/postgresql-ha/Chart.yaml +++ b/bitnami/postgresql-ha/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: postgresql-ha -version: 3.2.1 +version: 3.2.2 appVersion: 11.7.0 description: Chart for PostgreSQL with HA architecture (using Replication Manager (repmgr) and Pgpool). keywords: diff --git a/bitnami/postgresql-ha/README.md b/bitnami/postgresql-ha/README.md index 2495acf165..0e79c62bbf 100644 --- a/bitnami/postgresql-ha/README.md +++ b/bitnami/postgresql-ha/README.md @@ -92,7 +92,9 @@ The following table lists the configurable parameters of the PostgreSQL HA chart | `postgresql.pdb.maxUnavailable` | Maximum number / percentage of pods that may be made unavailable | `nil` | | `postgresql.username` | PostgreSQL username | `postgres` | | `postgresql.password` | PostgreSQL password | `nil` | +| `postgresql.postgresPassword` | PostgreSQL password for the `postgres` user when `username` is not `postgres` | `nil` | | `postgresql.database` | PostgreSQL database | `postgres` | +| `postgresql.usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | | `postgresql.upgradeRepmgrExtension` | Upgrade repmgr extension in the database | `false` | | `postgresql.pgHbaTrustAll` | Configures PostgreSQL HBA to trust every user | `false` | | `postgresql.repmgrUsername` | PostgreSQL repmgr username | `repmgr` | @@ -140,11 +142,11 @@ The following table lists the configurable parameters of the PostgreSQL HA chart | `pgpool.pdb.maxUnavailable` | Maximum number / percentage of pods that may be made unavailable | `nil` | | `pgpool.adminUsername` | Pgpool Admin username | `admin` | | `pgpool.adminPassword` | Pgpool Admin password | `nil` | -| `pgpool.maxPool` | The maximum number of cached connections in each child process | `15` | -| `pgpool.numInitChildren` | The number of preforked Pgpool-II server processes. | `32` | +| `pgpool.maxPool` | The maximum number of cached connections in each child process | `15` | +| `pgpool.numInitChildren` | The number of preforked Pgpool-II server processes. | `32` | | `pgpool.configuration` | Content of pgpool.conf | `nil` | | `pgpool.configurationCM` | ConfigMap with the Pgpool configuration file (Note: Overrides `pgpol.configuration`) | `nil` (The value is evaluated as a template) | -| `pgpool.useLoadBalancing` | If true, use Pgpool Load-Balancing | `true` | +| `pgpool.useLoadBalancing` | If true, use Pgpool Load-Balancing | `true` | | **LDAP** | | | | `ldap.enabled` | Enable LDAP support | `false` | | `ldap.existingSecret` | Name of existing secret to use for LDAP passwords | `nil` | diff --git a/bitnami/postgresql-ha/templates/_helpers.tpl b/bitnami/postgresql-ha/templates/_helpers.tpl index ac7ccc00fa..b00498718c 100644 --- a/bitnami/postgresql-ha/templates/_helpers.tpl +++ b/bitnami/postgresql-ha/templates/_helpers.tpl @@ -233,6 +233,25 @@ Also, we can't use a single if because lazy evaluation is not an option {{- end -}} {{- end -}} +{{/* +Return PostgreSQL postgres user password +*/}} +{{- define "postgresql-ha.postgresqlPostgresPassword" -}} +{{- if .Values.global }} + {{- if .Values.global.postgresql }} + {{- if .Values.global.postgresql.postgresPassword }} + {{- .Values.global.postgresql.postgresPassword -}} + {{- else -}} + {{- ternary (randAlphaNum 10) .Values.postgresql.postgresPassword (empty .Values.postgresql.postgresPassword) -}} + {{- end -}} + {{- else -}} + {{- ternary (randAlphaNum 10) .Values.postgresql.postgresPassword (empty .Values.postgresql.postgresPassword) -}} + {{- end -}} +{{- else -}} + {{- ternary (randAlphaNum 10) .Values.postgresql.postgresPassword (empty .Values.postgresql.postgresPassword) -}} +{{- end -}} +{{- end -}} + {{/* Return the PostgreSQL password */}} diff --git a/bitnami/postgresql-ha/templates/postgresql/secrets.yaml b/bitnami/postgresql-ha/templates/postgresql/secrets.yaml index 33bd4eef99..2e5fb4613b 100644 --- a/bitnami/postgresql-ha/templates/postgresql/secrets.yaml +++ b/bitnami/postgresql-ha/templates/postgresql/secrets.yaml @@ -7,6 +7,9 @@ metadata: app.kubernetes.io/component: postgresql type: Opaque data: + {{- if and (include "postgresql-ha.postgresqlPostgresPassword" .) (not (eq (include "postgresql-ha.postgresqlUsername" .) "postgres")) }} + postgresql-postgres-password: {{ include "postgresql-ha.postgresqlPostgresPassword" . | b64enc | quote }} + {{- end }} postgresql-password: {{ (include "postgresql-ha.postgresqlPassword" .) | b64enc | quote }} repmgr-password: {{ (include "postgresql-ha.postgresqlRepmgrPassword" .) | b64enc | quote }} {{- end -}} diff --git a/bitnami/postgresql-ha/templates/postgresql/statefulset.yaml b/bitnami/postgresql-ha/templates/postgresql/statefulset.yaml index e5c1a57407..578b9d54b9 100644 --- a/bitnami/postgresql-ha/templates/postgresql/statefulset.yaml +++ b/bitnami/postgresql-ha/templates/postgresql/statefulset.yaml @@ -93,6 +93,18 @@ spec: value: {{ .Values.persistence.mountPath | quote }} - name: PGDATA value: {{ printf "%s/%s" .Values.persistence.mountPath "data" | quote }} + {{- if and .Values.postgresql.postgresPassword (not (eq .Values.postgresql.username "postgres")) }} + {{- if .Values.postgresql.usePasswordFile }} + - name: POSTGRES_POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" + {{- else }} + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql-ha.postgresqlSecretName" . }} + key: postgresql-postgres-password + {{- end }} + {{- end }} - name: POSTGRES_USER value: {{ (include "postgresql-ha.postgresqlUsername" .) | quote }} {{- if .Values.postgresql.usePasswordFile }} diff --git a/bitnami/postgresql-ha/values-production.yaml b/bitnami/postgresql-ha/values-production.yaml index 3591c2f1ba..983a0b2738 100644 --- a/bitnami/postgresql-ha/values-production.yaml +++ b/bitnami/postgresql-ha/values-production.yaml @@ -29,7 +29,7 @@ postgresqlImage: registry: docker.io repository: bitnami/postgresql-repmgr - tag: 11.7.0-debian-10-r97 + tag: 11.7.0-debian-10-r102 ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## @@ -51,7 +51,7 @@ postgresqlImage: pgpoolImage: registry: docker.io repository: bitnami/pgpool - tag: 4.1.1-debian-10-r77 + tag: 4.1.1-debian-10-r82 ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## @@ -90,7 +90,7 @@ volumePermissionsImage: metricsImage: registry: docker.io repository: bitnami/postgres-exporter - tag: 0.8.0-debian-10-r99 + tag: 0.8.0-debian-10-r104 ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## @@ -219,6 +219,13 @@ postgresql: # password: # database: + ## PostgreSQL admin password (used when `postgresql.username` is not `postgres`) + ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) + # postgresPassword: + + ## Mount PostgreSQL secret as a file instead of passing environment variable + # usePasswordFile: false + ## Upgrade repmgr extension in the database ## upgradeRepmgrExtension: false diff --git a/bitnami/postgresql-ha/values.yaml b/bitnami/postgresql-ha/values.yaml index 8618f3f8f5..a3149b1cae 100644 --- a/bitnami/postgresql-ha/values.yaml +++ b/bitnami/postgresql-ha/values.yaml @@ -29,7 +29,7 @@ postgresqlImage: registry: docker.io repository: bitnami/postgresql-repmgr - tag: 11.7.0-debian-10-r97 + tag: 11.7.0-debian-10-r102 ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## @@ -51,7 +51,7 @@ postgresqlImage: pgpoolImage: registry: docker.io repository: bitnami/pgpool - tag: 4.1.1-debian-10-r77 + tag: 4.1.1-debian-10-r82 ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## @@ -90,7 +90,7 @@ volumePermissionsImage: metricsImage: registry: docker.io repository: bitnami/postgres-exporter - tag: 0.8.0-debian-10-r99 + tag: 0.8.0-debian-10-r104 ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## @@ -219,6 +219,13 @@ postgresql: # password: # database: + ## PostgreSQL admin password (used when `postgresql.username` is not `postgres`) + ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) + # postgresPassword: + + ## Mount PostgreSQL secret as a file instead of passing environment variable + # usePasswordFile: false + ## Upgrade repmgr extension in the database ## upgradeRepmgrExtension: false