mirror of
https://github.com/truecharts/library-charts.git
synced 2026-07-04 21:31:23 -03:00
inject cnpg secrets instead of DIY creation
This commit is contained in:
@@ -29,14 +29,14 @@ spec:
|
||||
instances: {{ $values.instances | default 2 }}
|
||||
|
||||
superuserSecret:
|
||||
name: {{ $cnpgClusterName }}-cnpg-superuser
|
||||
name: {{ $cnpgClusterName }}-superuser
|
||||
|
||||
bootstrap:
|
||||
initdb:
|
||||
database: {{ $values.database | default "app" }}
|
||||
owner: {{ $values.user | default "app" }}
|
||||
secret:
|
||||
name: {{ $cnpgClusterName }}-cnpg-user
|
||||
name: {{ $cnpgClusterName }}-user
|
||||
|
||||
primaryUpdateStrategy: {{ $values.primaryUpdateStrategy | default "unsupervised" }}
|
||||
|
||||
@@ -69,38 +69,43 @@ spec:
|
||||
inProgress: false
|
||||
reusePVC: on
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $cnpgClusterName }}-cnpgcreds
|
||||
{{- $dbprevious := lookup "v1" "Secret" .Release.Namespace "cnpgcreds" }}
|
||||
{{- $dbPass := "" }}
|
||||
{{- $pgPass := "" }}
|
||||
data:
|
||||
{{- $dbprevious := lookup "v1" "Secret" .Release.Namespace ( printf "cnpg-%s-user" $values.shortName ) }}
|
||||
{{- if $dbprevious }}
|
||||
{{- $dbPass = ( index $dbprevious.data "user-password" ) | b64dec }}
|
||||
{{- $pgPass = ( index $dbprevious.data "superuser-password" ) | b64dec }}
|
||||
user-password: {{ ( index $dbprevious.data "user-password" ) }}
|
||||
superuser-password: {{ ( index $dbprevious.data "superuser-password" ) }}
|
||||
{{- else }}
|
||||
{{- $dbPass = $values.password | default ( randAlphaNum 62 ) }}
|
||||
{{- $pgPass = $values.superUserPassword | default ( randAlphaNum 62 ) }}
|
||||
user-password: {{ $dbPass | b64enc | quote }}
|
||||
superuser-password: {{ $pgPass | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- $std := ( ( printf "postgresql://%v:%v@%v-rw:5432/%v" $values.user $dbPass $cnpgClusterName $values.database ) | b64enc | quote ) }}
|
||||
{{- $nossl := ( ( printf "postgresql://%v:%v@%v-rw:5432/%v?sslmode=disable" $values.user $dbPass $cnpgClusterName $values.database ) | b64enc | quote ) }}
|
||||
{{- $porthost := ( ( printf "%s-rw:5432" $cnpgClusterName ) | b64enc | quote ) }}
|
||||
{{- $host := ( ( printf "%s-rw" $cnpgClusterName ) | b64enc | quote ) }}
|
||||
{{- $jdbc := ( ( printf "jdbc:postgresql://%v-rw:5432/%v" $cnpgClusterName $values.database ) | b64enc | quote ) }}
|
||||
|
||||
std: {{ $std }}
|
||||
nossl: {{ $nossl }}
|
||||
porthost: {{ $porthost }}
|
||||
host: {{ $host }}
|
||||
jdbc: {{ $jdbc }}
|
||||
type: Opaque
|
||||
{{- $pgPass := "" }}
|
||||
{{- $pgprevious := lookup "v1" "Secret" .Release.Namespace ( printf "cnpg-%s-superuser" $values.shortName ) }}
|
||||
{{- if $pgprevious }}
|
||||
{{- $pgPass = ( index $dbprevious.data "superuser-password" ) | b64dec }}
|
||||
{{- else }}
|
||||
{{- $pgPass = $values.superUserPassword | default ( randAlphaNum 62 ) }}
|
||||
{{- end }}
|
||||
|
||||
{{- $std := ( ( printf "postgresql://%v:%v@%v-rw:5432/%v" $values.user $dbPass $cnpgClusterName $values.database ) | b64enc | quote ) }}
|
||||
{{- $nossl := ( ( printf "postgresql://%v:%v@%v-rw:5432/%v?sslmode=disable" $values.user $dbPass $cnpgClusterName $values.database ) | b64enc | quote ) }}
|
||||
{{- $porthost := ( ( printf "%s-rw:5432" $cnpgClusterName ) | b64enc | quote ) }}
|
||||
{{- $host := ( ( printf "%s-rw" $cnpgClusterName ) | b64enc | quote ) }}
|
||||
{{- $jdbc := ( ( printf "jdbc:postgresql://%v-rw:5432/%v" $cnpgClusterName $values.database ) | b64enc | quote ) }}
|
||||
|
||||
{{- $superuserSecret := include "tc.v1.common.class.cnpg.secret.postgres" (dict "pgPass" $pgPass ) | fromYaml -}}
|
||||
{{- if $superuserSecret -}}
|
||||
{{- $_ := set $.Values.secret ( printf "cnpg-%s-superuser" $values.shortName ) $superuserSecret -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $userSecret := include "tc.v1.common.class.cnpg.secret.user" (dict "values" $values "dbPass" $dbPass ) | fromYaml -}}
|
||||
{{- if $userSecret -}}
|
||||
{{- $_ := set $.Values.secret ( printf "cnpg-%s-user" $values.shortName ) $userSecret -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $urlSecret := include "tc.v1.common.class.cnpg.secret.urls" (dict "std" $std "nossl" $nossl "porthost" $porthost "host" $host "jdbc" $jdbc) | fromYaml -}}
|
||||
{{- if $urlSecret -}}
|
||||
{{- $_ := set $.Values.secret ( printf "cnpg-%s-urls" $values.shortName ) $urlSecret -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $_ := set $values.creds "password" ( $dbPass | quote ) }}
|
||||
{{- $_ := set $values.creds "superUserPassword" ( $pgPass | quote ) }}
|
||||
{{- $_ := set $values.creds "std" $std }}
|
||||
@@ -108,22 +113,46 @@ type: Opaque
|
||||
{{- $_ := set $values.creds "porthost" $porthost }}
|
||||
{{- $_ := set $values.creds "host" $host }}
|
||||
{{- $_ := set $values.creds "jdbc" $jdbc }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
||||
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{- define "tc.v1.common.class.cnpg.secret.postgres" -}}
|
||||
{{- $pgPass := .pgPass }}
|
||||
enabled: true
|
||||
data:
|
||||
username: {{ "postgres" | b64enc | quote }}
|
||||
password: {{ $pgPass | b64enc | quote }}
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $cnpgClusterName }}-cnpg-superuser
|
||||
type: kubernetes.io/basic-auth
|
||||
---
|
||||
apiVersion: v1
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{- define "tc.v1.common.class.cnpg.secret.user" -}}
|
||||
{{- $dbPass := .dbPass }}
|
||||
{{- $pgPass := .pgPass }}
|
||||
{{- $user := .user }}
|
||||
{{- $cnpgClusterName := .cnpgClusterName }}
|
||||
{{- $database := .database }}
|
||||
{{- $values := .values -}}
|
||||
enabled: true
|
||||
type: kubernetes.io/basic-auth
|
||||
data:
|
||||
username: {{ $values.user | b64enc | quote }}
|
||||
password: {{ $dbPass | b64enc | quote }}
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $cnpgClusterName }}-cnpg-user
|
||||
type: kubernetes.io/basic-auth
|
||||
{{- end -}}
|
||||
|
||||
{{- define "tc.v1.common.class.cnpg.secret.urls" -}}
|
||||
{{- $std := .std }}
|
||||
{{- $nossl := .nossl }}
|
||||
{{- $porthost := .porthost }}
|
||||
{{- $host := .host }}
|
||||
{{- $jdbc := .jdbc }}
|
||||
enabled: true
|
||||
data:
|
||||
std: {{ $std }}
|
||||
nossl: {{ $nossl }}
|
||||
porthost: {{ $porthost }}
|
||||
host: {{ $host }}
|
||||
jdbc: {{ $jdbc }}
|
||||
{{- end -}}
|
||||
|
||||
@@ -7,6 +7,7 @@
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- $cnpgClusterName := $values.name -}}
|
||||
{{- $cnpgName := $values.cnpgName -}}
|
||||
{{- $cnpgPoolerName := $values.poolerName -}}
|
||||
{{- $cnpgClusterLabels := $values.labels -}}
|
||||
{{- $cnpgClusterAnnotations := $values.annotations }}
|
||||
@@ -15,7 +16,7 @@
|
||||
apiVersion: {{ include "tc.v1.common.capabilities.cnpg.pooler.apiVersion" $ }}
|
||||
kind: Pooler
|
||||
metadata:
|
||||
name: {{ printf "%v-%v" $cnpgPoolerName $values.pooler.type }}
|
||||
name: {{ printf "%v-%v" $cnpgClusterName $values.pooler.type }}
|
||||
spec:
|
||||
cluster:
|
||||
name: {{ $cnpgClusterName }}
|
||||
@@ -33,7 +34,7 @@ spec:
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PodMonitor
|
||||
metadata:
|
||||
name: pooler-{{ printf "%v-%v" $cnpgClusterName $values.pooler.type }}
|
||||
name: {{ printf "%v-%v" $cnpgClusterName $values.pooler.type }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
|
||||
@@ -5,23 +5,16 @@
|
||||
{{- if $cnpg.enabled -}}
|
||||
{{- $cnpgValues := $cnpg -}}
|
||||
{{- $cnpgName := include "tc.v1.common.lib.chart.names.fullname" $ -}}
|
||||
{{- $_ := set $cnpgValues "shortName" $name -}}
|
||||
|
||||
{{/* set defaults */}}
|
||||
{{- if and (not $cnpgValues.nameOverride) (ne $name (include "tc.v1.common.lib.util.cnpg.primary" $)) -}}
|
||||
{{- $_ := set $cnpgValues "nameOverride" $name -}}
|
||||
{{- end -}}
|
||||
{{- $_ := set $cnpgValues "nameOverride" $name -}}
|
||||
|
||||
{{- if $cnpgValues.nameOverride -}}
|
||||
{{- $cnpgName = printf "%v-%v" $cnpgName $cnpgValues.nameOverride -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $cnpgPoolerName := printf "cnpg-pooler-%v" $cnpgName -}}
|
||||
{{- $cnpgName = printf "cnpg-%v" $cnpgName -}}
|
||||
{{- $cnpgName := printf "%v-cnpg-%v" $cnpgName $cnpgValues.nameOverride -}}
|
||||
|
||||
{{- $_ := set $cnpgValues "name" $cnpgName -}}
|
||||
|
||||
{{- $_ := set $ "ObjectValues" (dict "cnpg" $cnpgValues) -}}
|
||||
{{- $_ := set $cnpgValues "poolerName" $cnpgPoolerName -}}
|
||||
{{- include "tc.v1.common.class.cnpg.cluster" $ -}}
|
||||
|
||||
{{- $_ := set $cnpgValues.pooler "type" "rw" -}}
|
||||
|
||||
Reference in New Issue
Block a user