mirror of
https://github.com/bitnami/charts.git
synced 2026-03-01 06:58:20 +08:00
c1a1349e8b
To allow multiple versions of this chart to coexist as subcharts we shouldn't only separate the helper functions by prefixing the chart name but also by suffixing incrementing function versions. This is officially recommended by Helm in https://helm.sh/docs/chart_template_guide/named_templates/. Signed-off-by: Yarden Shoham <git@yardenshoham.com> Signed-off-by: Alberto Otero <lorenzoa@vmware.com> Co-authored-by: Alberto Otero <lorenzoa@vmware.com>
407 lines
14 KiB
Smarty
407 lines
14 KiB
Smarty
{{/*
|
|
Copyright VMware, Inc.
|
|
SPDX-License-Identifier: APACHE-2.0
|
|
*/}}
|
|
|
|
{{/* vim: set filetype=mustache: */}}
|
|
|
|
{{/*
|
|
Create a default fully qualified app name for PostgreSQL Primary objects
|
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
|
*/}}
|
|
{{- define "postgresql.v1.primary.fullname" -}}
|
|
{{- if eq .Values.architecture "replication" -}}
|
|
{{- printf "%s-%s" (include "common.names.fullname" .) .Values.primary.name | trunc 63 | trimSuffix "-" -}}
|
|
{{- else -}}
|
|
{{- include "common.names.fullname" . -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Create a default fully qualified app name for PostgreSQL read-only replicas objects
|
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
|
*/}}
|
|
{{- define "postgresql.v1.readReplica.fullname" -}}
|
|
{{- printf "%s-%s" (include "common.names.fullname" .) .Values.readReplicas.name | trunc 63 | trimSuffix "-" -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Create the default FQDN for PostgreSQL primary headless service
|
|
We truncate at 63 chars because of the DNS naming spec.
|
|
*/}}
|
|
{{- define "postgresql.v1.primary.svc.headless" -}}
|
|
{{- printf "%s-hl" (include "postgresql.v1.primary.fullname" .) | trunc 63 | trimSuffix "-" -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Create the default FQDN for PostgreSQL read-only replicas headless service
|
|
We truncate at 63 chars because of the DNS naming spec.
|
|
*/}}
|
|
{{- define "postgresql.v1.readReplica.svc.headless" -}}
|
|
{{- printf "%s-hl" (include "postgresql.v1.readReplica.fullname" .) | trunc 63 | trimSuffix "-" -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the proper PostgreSQL image name
|
|
*/}}
|
|
{{- define "postgresql.v1.image" -}}
|
|
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the proper PostgreSQL metrics image name
|
|
*/}}
|
|
{{- define "postgresql.v1.metrics.image" -}}
|
|
{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the proper image name (for the init container volume-permissions image)
|
|
*/}}
|
|
{{- define "postgresql.v1.volumePermissions.image" -}}
|
|
{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the proper Docker Image Registry Secret Names
|
|
*/}}
|
|
{{- define "postgresql.v1.imagePullSecrets" -}}
|
|
{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) }}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the name for a custom user to create
|
|
*/}}
|
|
{{- define "postgresql.v1.username" -}}
|
|
{{- if .Values.global.postgresql.auth.username -}}
|
|
{{- .Values.global.postgresql.auth.username -}}
|
|
{{- else -}}
|
|
{{- .Values.auth.username -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the name for a custom database to create
|
|
*/}}
|
|
{{- define "postgresql.v1.database" -}}
|
|
{{- if .Values.global.postgresql.auth.database -}}
|
|
{{- printf "%s" (tpl .Values.global.postgresql.auth.database $) -}}
|
|
{{- else if .Values.auth.database -}}
|
|
{{- printf "%s" (tpl .Values.auth.database $) -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Get the password secret.
|
|
*/}}
|
|
{{- define "postgresql.v1.secretName" -}}
|
|
{{- if .Values.global.postgresql.auth.existingSecret -}}
|
|
{{- printf "%s" (tpl .Values.global.postgresql.auth.existingSecret $) -}}
|
|
{{- else if .Values.auth.existingSecret -}}
|
|
{{- printf "%s" (tpl .Values.auth.existingSecret $) -}}
|
|
{{- else -}}
|
|
{{- printf "%s" (include "common.names.fullname" .) -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Get the replication-password key.
|
|
*/}}
|
|
{{- define "postgresql.v1.replicationPasswordKey" -}}
|
|
{{- if or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret -}}
|
|
{{- if .Values.global.postgresql.auth.secretKeys.replicationPasswordKey -}}
|
|
{{- printf "%s" (tpl .Values.global.postgresql.auth.secretKeys.replicationPasswordKey $) -}}
|
|
{{- else if .Values.auth.secretKeys.replicationPasswordKey -}}
|
|
{{- printf "%s" (tpl .Values.auth.secretKeys.replicationPasswordKey $) -}}
|
|
{{- else -}}
|
|
{{- "replication-password" -}}
|
|
{{- end -}}
|
|
{{- else -}}
|
|
{{- "replication-password" -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Get the admin-password key.
|
|
*/}}
|
|
{{- define "postgresql.v1.adminPasswordKey" -}}
|
|
{{- if or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret -}}
|
|
{{- if .Values.global.postgresql.auth.secretKeys.adminPasswordKey -}}
|
|
{{- printf "%s" (tpl .Values.global.postgresql.auth.secretKeys.adminPasswordKey $) -}}
|
|
{{- else if .Values.auth.secretKeys.adminPasswordKey -}}
|
|
{{- printf "%s" (tpl .Values.auth.secretKeys.adminPasswordKey $) -}}
|
|
{{- end -}}
|
|
{{- else -}}
|
|
{{- "postgres-password" -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Get the user-password key.
|
|
*/}}
|
|
{{- define "postgresql.v1.userPasswordKey" -}}
|
|
{{- if or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret -}}
|
|
{{- if or (empty (include "postgresql.v1.username" .)) (eq (include "postgresql.v1.username" .) "postgres") -}}
|
|
{{- printf "%s" (include "postgresql.v1.adminPasswordKey" .) -}}
|
|
{{- else -}}
|
|
{{- if .Values.global.postgresql.auth.secretKeys.userPasswordKey -}}
|
|
{{- printf "%s" (tpl .Values.global.postgresql.auth.secretKeys.userPasswordKey $) -}}
|
|
{{- else if .Values.auth.secretKeys.userPasswordKey -}}
|
|
{{- printf "%s" (tpl .Values.auth.secretKeys.userPasswordKey $) -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
{{- else -}}
|
|
{{- "password" -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return true if a secret object should be created
|
|
*/}}
|
|
{{- define "postgresql.v1.createSecret" -}}
|
|
{{- $customUser := include "postgresql.v1.username" . -}}
|
|
{{- $postgresPassword := include "common.secrets.lookup" (dict "secret" (include "common.names.fullname" .) "key" .Values.auth.secretKeys.adminPasswordKey "defaultValue" (ternary (coalesce .Values.global.postgresql.auth.postgresPassword .Values.auth.postgresPassword .Values.global.postgresql.auth.password .Values.auth.password) (coalesce .Values.global.postgresql.auth.postgresPassword .Values.auth.postgresPassword) (or (empty $customUser) (eq $customUser "postgres"))) "context" $) -}}
|
|
{{- if and (not (or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret)) (or $postgresPassword .Values.auth.enablePostgresUser (and (not (empty $customUser)) (ne $customUser "postgres")) (eq .Values.architecture "replication") (and .Values.ldap.enabled (or .Values.ldap.bind_password .Values.ldap.bindpw))) -}}
|
|
{{- true -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return PostgreSQL service port
|
|
*/}}
|
|
{{- define "postgresql.v1.service.port" -}}
|
|
{{- if .Values.global.postgresql.service.ports.postgresql -}}
|
|
{{- .Values.global.postgresql.service.ports.postgresql -}}
|
|
{{- else -}}
|
|
{{- .Values.primary.service.ports.postgresql -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return PostgreSQL service port
|
|
*/}}
|
|
{{- define "postgresql.v1.readReplica.service.port" -}}
|
|
{{- if .Values.global.postgresql.service.ports.postgresql -}}
|
|
{{- .Values.global.postgresql.service.ports.postgresql -}}
|
|
{{- else -}}
|
|
{{- .Values.readReplicas.service.ports.postgresql -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Get the PostgreSQL primary configuration ConfigMap name.
|
|
*/}}
|
|
{{- define "postgresql.v1.primary.configmapName" -}}
|
|
{{- if .Values.primary.existingConfigmap -}}
|
|
{{- printf "%s" (tpl .Values.primary.existingConfigmap $) -}}
|
|
{{- else -}}
|
|
{{- printf "%s-configuration" (include "postgresql.v1.primary.fullname" .) -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return true if a configmap object should be created for PostgreSQL primary with the configuration
|
|
*/}}
|
|
{{- define "postgresql.v1.primary.createConfigmap" -}}
|
|
{{- if and (or .Values.primary.configuration .Values.primary.pgHbaConfiguration) (not .Values.primary.existingConfigmap) -}}
|
|
{{- true -}}
|
|
{{- else -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Get the PostgreSQL primary extended configuration ConfigMap name.
|
|
*/}}
|
|
{{- define "postgresql.v1.primary.extendedConfigmapName" -}}
|
|
{{- if .Values.primary.existingExtendedConfigmap -}}
|
|
{{- printf "%s" (tpl .Values.primary.existingExtendedConfigmap $) -}}
|
|
{{- else -}}
|
|
{{- printf "%s-extended-configuration" (include "postgresql.v1.primary.fullname" .) -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Get the PostgreSQL read replica extended configuration ConfigMap name.
|
|
*/}}
|
|
{{- define "postgresql.v1.readReplicas.extendedConfigmapName" -}}
|
|
{{- printf "%s-extended-configuration" (include "postgresql.v1.readReplica.fullname" .) -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return true if a configmap object should be created for PostgreSQL primary with the extended configuration
|
|
*/}}
|
|
{{- define "postgresql.v1.primary.createExtendedConfigmap" -}}
|
|
{{- if and .Values.primary.extendedConfiguration (not .Values.primary.existingExtendedConfigmap) -}}
|
|
{{- true -}}
|
|
{{- else -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return true if a configmap object should be created for PostgreSQL read replica with the extended configuration
|
|
*/}}
|
|
{{- define "postgresql.v1.readReplicas.createExtendedConfigmap" -}}
|
|
{{- if .Values.readReplicas.extendedConfiguration -}}
|
|
{{- true -}}
|
|
{{- else -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Create the name of the service account to use
|
|
*/}}
|
|
{{- define "postgresql.v1.serviceAccountName" -}}
|
|
{{- if .Values.serviceAccount.create -}}
|
|
{{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
|
|
{{- else -}}
|
|
{{ default "default" .Values.serviceAccount.name }}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return true if a configmap should be mounted with PostgreSQL configuration
|
|
*/}}
|
|
{{- define "postgresql.v1.mountConfigurationCM" -}}
|
|
{{- if or .Values.primary.configuration .Values.primary.pgHbaConfiguration .Values.primary.existingConfigmap -}}
|
|
{{- true -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Get the initialization scripts ConfigMap name.
|
|
*/}}
|
|
{{- define "postgresql.v1.initdb.scriptsCM" -}}
|
|
{{- if .Values.primary.initdb.scriptsConfigMap -}}
|
|
{{- printf "%s" (tpl .Values.primary.initdb.scriptsConfigMap $) -}}
|
|
{{- else -}}
|
|
{{- printf "%s-init-scripts" (include "postgresql.v1.primary.fullname" .) -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return true if TLS is enabled for LDAP connection
|
|
*/}}
|
|
{{- define "postgresql.v1.ldap.tls.enabled" -}}
|
|
{{- if and (kindIs "string" .Values.ldap.tls) (not (empty .Values.ldap.tls)) -}}
|
|
{{- true -}}
|
|
{{- else if and (kindIs "map" .Values.ldap.tls) .Values.ldap.tls.enabled -}}
|
|
{{- true -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Get the readiness probe command
|
|
*/}}
|
|
{{- define "postgresql.v1.readinessProbeCommand" -}}
|
|
{{- $customUser := include "postgresql.v1.username" . -}}
|
|
- |
|
|
{{- if (include "postgresql.v1.database" .) }}
|
|
exec pg_isready -U {{ default "postgres" $customUser | quote }} -d "dbname={{ include "postgresql.v1.database" . }} {{- if .Values.tls.enabled }} sslcert={{ include "postgresql.v1.tlsCert" . }} sslkey={{ include "postgresql.v1.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }}
|
|
{{- else }}
|
|
exec pg_isready -U {{ default "postgres" $customUser | quote }} {{- if .Values.tls.enabled }} -d "sslcert={{ include "postgresql.v1.tlsCert" . }} sslkey={{ include "postgresql.v1.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }}
|
|
{{- end }}
|
|
{{- if contains "bitnami/" .Values.image.repository }}
|
|
[ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
|
|
{{- end }}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Compile all warnings into a single message, and call fail.
|
|
*/}}
|
|
{{- define "postgresql.v1.validateValues" -}}
|
|
{{- $messages := list -}}
|
|
{{- $messages := append $messages (include "postgresql.v1.validateValues.ldapConfigurationMethod" .) -}}
|
|
{{- $messages := append $messages (include "postgresql.v1.validateValues.psp" .) -}}
|
|
{{- $messages := without $messages "" -}}
|
|
{{- $message := join "\n" $messages -}}
|
|
|
|
{{- if $message -}}
|
|
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap
|
|
*/}}
|
|
{{- define "postgresql.v1.validateValues.ldapConfigurationMethod" -}}
|
|
{{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) -}}
|
|
postgresql: ldap.url, ldap.server
|
|
You cannot set both `ldap.url` and `ldap.server` at the same time.
|
|
Please provide a unique way to configure LDAP.
|
|
More info at https://www.postgresql.org/docs/current/auth-ldap.html
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Validate values of Postgresql - If PSP is enabled RBAC should be enabled too
|
|
*/}}
|
|
{{- define "postgresql.v1.validateValues.psp" -}}
|
|
{{- if and .Values.psp.create (not .Values.rbac.create) -}}
|
|
postgresql: psp.create, rbac.create
|
|
RBAC should be enabled if PSP is enabled in order for PSP to work.
|
|
More info at https://kubernetes.io/docs/concepts/policy/pod-security-policy/#authorizing-policies
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the path to the cert file.
|
|
*/}}
|
|
{{- define "postgresql.v1.tlsCert" -}}
|
|
{{- if .Values.tls.autoGenerated -}}
|
|
{{- printf "/opt/bitnami/postgresql/certs/tls.crt" -}}
|
|
{{- else -}}
|
|
{{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/postgresql/certs/%s" -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the path to the cert key file.
|
|
*/}}
|
|
{{- define "postgresql.v1.tlsCertKey" -}}
|
|
{{- if .Values.tls.autoGenerated -}}
|
|
{{- printf "/opt/bitnami/postgresql/certs/tls.key" -}}
|
|
{{- else -}}
|
|
{{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/postgresql/certs/%s" -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the path to the CA cert file.
|
|
*/}}
|
|
{{- define "postgresql.v1.tlsCACert" -}}
|
|
{{- if .Values.tls.autoGenerated -}}
|
|
{{- printf "/opt/bitnami/postgresql/certs/ca.crt" -}}
|
|
{{- else -}}
|
|
{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.certCAFilename -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the path to the CRL file.
|
|
*/}}
|
|
{{- define "postgresql.v1.tlsCRL" -}}
|
|
{{- if .Values.tls.crlFilename -}}
|
|
{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.crlFilename -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return true if a TLS credentials secret object should be created
|
|
*/}}
|
|
{{- define "postgresql.v1.createTlsSecret" -}}
|
|
{{- if and .Values.tls.autoGenerated (not .Values.tls.certificatesSecret) -}}
|
|
{{- true -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the path to the CA cert file.
|
|
*/}}
|
|
{{- define "postgresql.v1.tlsSecretName" -}}
|
|
{{- if .Values.tls.autoGenerated -}}
|
|
{{- printf "%s-crt" (include "common.names.fullname" .) -}}
|
|
{{- else -}}
|
|
{{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }}
|
|
{{- end -}}
|
|
{{- end -}}
|