Home Explore Help
Sign In
cecf
/
deploy
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: e4538f3d9b
Branches Tags
deploy
/
data
/
postgresql
/
templates
/
_helpers.tpl

_helpers.tpl 14 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406 
  1. {{/*
    2. 

  2. Copyright VMware, Inc.
    3. 

  3. SPDX-License-Identifier: APACHE-2.0
    4. 

  4. */}}
    5. 

  5. 

  6. {{/* vim: set filetype=mustache: */}}
    7. 

  7. 

  8. {{/*
    9. 

  9. Create a default fully qualified app name for PostgreSQL Primary objects
    10. 

  10. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
    11. 

  11. */}}
    12. 

  12. {{- define "postgresql.v1.primary.fullname" -}}
    13. 

  13. {{- if eq .Values.architecture "replication" -}}
    14. 

  14.     {{- printf "%s-%s" (include "common.names.fullname" .) .Values.primary.name | trunc 63 | trimSuffix "-" -}}
    15. 

  15. {{- else -}}
    16. 

  16.     {{- include "common.names.fullname" . -}}
    17. 

  17. {{- end -}}
    18. 

  18. {{- end -}}
    19. 

  19. 

  20. {{/*
    21. 

  21. Create a default fully qualified app name for PostgreSQL read-only replicas objects
    22. 

  22. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
    23. 

  23. */}}
    24. 

  24. {{- define "postgresql.v1.readReplica.fullname" -}}
    25. 

  25. {{- printf "%s-%s" (include "common.names.fullname" .) .Values.readReplicas.name | trunc 63 | trimSuffix "-" -}}
    26. 

  26. {{- end -}}
    27. 

  27. 

  28. {{/*
    29. 

  29. Create the default FQDN for PostgreSQL primary headless service
    30. 

  30. We truncate at 63 chars because of the DNS naming spec.
    31. 

  31. */}}
    32. 

  32. {{- define "postgresql.v1.primary.svc.headless" -}}
    33. 

  33. {{- printf "%s-hl" (include "postgresql.v1.primary.fullname" .) | trunc 63 | trimSuffix "-" -}}
    34. 

  34. {{- end -}}
    35. 

  35. 

  36. {{/*
    37. 

  37. Create the default FQDN for PostgreSQL read-only replicas headless service
    38. 

  38. We truncate at 63 chars because of the DNS naming spec.
    39. 

  39. */}}
    40. 

  40. {{- define "postgresql.v1.readReplica.svc.headless" -}}
    41. 

  41. {{- printf "%s-hl" (include "postgresql.v1.readReplica.fullname" .) | trunc 63 | trimSuffix "-" -}}
    42. 

  42. {{- end -}}
    43. 

  43. 

  44. {{/*
    45. 

  45. Return the proper PostgreSQL image name
    46. 

  46. */}}
    47. 

  47. {{- define "postgresql.v1.image" -}}
    48. 

  48. {{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
    49. 

  49. {{- end -}}
    50. 

  50. 

  51. {{/*
    52. 

  52. Return the proper PostgreSQL metrics image name
    53. 

  53. */}}
    54. 

  54. {{- define "postgresql.v1.metrics.image" -}}
    55. 

  55. {{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }}
    56. 

  56. {{- end -}}
    57. 

  57. 

  58. {{/*
    59. 

  59. Return the proper image name (for the init container volume-permissions image)
    60. 

  60. */}}
    61. 

  61. {{- define "postgresql.v1.volumePermissions.image" -}}
    62. 

  62. {{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
    63. 

  63. {{- end -}}
    64. 

  64. 

  65. {{/*
    66. 

  66. Return the proper Docker Image Registry Secret Names
    67. 

  67. */}}
    68. 

  68. {{- define "postgresql.v1.imagePullSecrets" -}}
    69. 

  69. {{ include "common.images.renderPullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "context" $) }}
    70. 

  70. {{- end -}}
    71. 

  71. 

  72. {{/*
    73. 

  73. Return the name for a custom user to create
    74. 

  74. */}}
    75. 

  75. {{- define "postgresql.v1.username" -}}
    76. 

  76. {{- if .Values.global.postgresql.auth.username -}}
    77. 

  77.     {{- .Values.global.postgresql.auth.username -}}
    78. 

  78. {{- else -}}
    79. 

  79.     {{- .Values.auth.username -}}
    80. 

  80. {{- end -}}
    81. 

  81. {{- end -}}
    82. 

  82. 

  83. {{/*
    84. 

  84. Return the name for a custom database to create
    85. 

  85. */}}
    86. 

  86. {{- define "postgresql.v1.database" -}}
    87. 

  87. {{- if .Values.global.postgresql.auth.database -}}
    88. 

  88.     {{- printf "%s" (tpl .Values.global.postgresql.auth.database $) -}}
    89. 

  89. {{- else if .Values.auth.database -}}
    90. 

  90.     {{- printf "%s" (tpl .Values.auth.database $) -}}
    91. 

  91. {{- end -}}
    92. 

  92. {{- end -}}
    93. 

  93. 

  94. {{/*
    95. 

  95. Get the password secret.
    96. 

  96. */}}
    97. 

  97. {{- define "postgresql.v1.secretName" -}}
    98. 

  98. {{- if .Values.global.postgresql.auth.existingSecret -}}
    99. 

  99.     {{- printf "%s" (tpl .Values.global.postgresql.auth.existingSecret $) -}}
    100. 

  100. {{- else if .Values.auth.existingSecret -}}
    101. 

  101.     {{- printf "%s" (tpl .Values.auth.existingSecret $) -}}
    102. 

  102. {{- else -}}
    103. 

  103.     {{- printf "%s" (include "common.names.fullname" .) -}}
    104. 

  104. {{- end -}}
    105. 

  105. {{- end -}}
    106. 

  106. 

  107. {{/*
    108. 

  108. Get the replication-password key.
    109. 

  109. */}}
    110. 

  110. {{- define "postgresql.v1.replicationPasswordKey" -}}
    111. 

  111. {{- if or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret -}}
    112. 

  112.     {{- if .Values.global.postgresql.auth.secretKeys.replicationPasswordKey -}}
    113. 

  113.         {{- printf "%s" (tpl .Values.global.postgresql.auth.secretKeys.replicationPasswordKey $) -}}
    114. 

  114.     {{- else if .Values.auth.secretKeys.replicationPasswordKey -}}
    115. 

  115.         {{- printf "%s" (tpl .Values.auth.secretKeys.replicationPasswordKey $) -}}
    116. 

  116.     {{- else -}}
    117. 

  117.         {{- "replication-password" -}}
    118. 

  118.     {{- end -}}
    119. 

  119. {{- else -}}
    120. 

  120.     {{- "replication-password" -}}
    121. 

  121. {{- end -}}
    122. 

  122. {{- end -}}
    123. 

  123. 

  124. {{/*
    125. 

  125. Get the admin-password key.
    126. 

  126. */}}
    127. 

  127. {{- define "postgresql.v1.adminPasswordKey" -}}
    128. 

  128. {{- if or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret -}}
    129. 

  129.     {{- if .Values.global.postgresql.auth.secretKeys.adminPasswordKey -}}
    130. 

  130.         {{- printf "%s" (tpl .Values.global.postgresql.auth.secretKeys.adminPasswordKey $) -}}
    131. 

  131.     {{- else if .Values.auth.secretKeys.adminPasswordKey -}}
    132. 

  132.         {{- printf "%s" (tpl .Values.auth.secretKeys.adminPasswordKey $) -}}
    133. 

  133.     {{- end -}}
    134. 

  134. {{- else -}}
    135. 

  135.     {{- "postgres-password" -}}
    136. 

  136. {{- end -}}
    137. 

  137. {{- end -}}
    138. 

  138. 

  139. {{/*
    140. 

  140. Get the user-password key.
    141. 

  141. */}}
    142. 

  142. {{- define "postgresql.v1.userPasswordKey" -}}
    143. 

  143. {{- if or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret -}}
    144. 

  144.     {{- if or (empty (include "postgresql.v1.username" .)) (eq (include "postgresql.v1.username" .) "postgres") -}}
    145. 

  145.         {{- printf "%s" (include "postgresql.v1.adminPasswordKey" .) -}}
    146. 

  146.     {{- else -}}
    147. 

  147.         {{- if .Values.global.postgresql.auth.secretKeys.userPasswordKey -}}
    148. 

  148.             {{- printf "%s" (tpl .Values.global.postgresql.auth.secretKeys.userPasswordKey $) -}}
    149. 

  149.         {{- else if .Values.auth.secretKeys.userPasswordKey -}}
    150. 

  150.             {{- printf "%s" (tpl .Values.auth.secretKeys.userPasswordKey $) -}}
    151. 

  151.         {{- end -}}
    152. 

  152.     {{- end -}}
    153. 

  153. {{- else -}}
    154. 

  154.     {{- "password" -}}
    155. 

  155. {{- end -}}
    156. 

  156. {{- end -}}
    157. 

  157. 

  158. {{/*
    159. 

  159. Return true if a secret object should be created
    160. 

  160. */}}
    161. 

  161. {{- define "postgresql.v1.createSecret" -}}
    162. 

  162. {{- $customUser := include "postgresql.v1.username" . -}}
    163. 

  163. {{- $postgresPassword := include "common.secrets.lookup" (dict "secret" (include "common.names.fullname" .) "key" .Values.auth.secretKeys.adminPasswordKey "defaultValue" (ternary (coalesce .Values.global.postgresql.auth.postgresPassword .Values.auth.postgresPassword .Values.global.postgresql.auth.password .Values.auth.password) (coalesce .Values.global.postgresql.auth.postgresPassword .Values.auth.postgresPassword) (or (empty $customUser) (eq $customUser "postgres"))) "context" $) -}}
    164. 

  164. {{- if and (not (or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret)) (or $postgresPassword .Values.auth.enablePostgresUser (and (not (empty $customUser)) (ne $customUser "postgres")) (eq .Values.architecture "replication") (and .Values.ldap.enabled (or .Values.ldap.bind_password .Values.ldap.bindpw))) -}}
    165. 

  165.     {{- true -}}
    166. 

  166. {{- end -}}
    167. 

  167. {{- end -}}
    168. 

  168. 

  169. {{/*
    170. 

  170. Return PostgreSQL service port
    171. 

  171. */}}
    172. 

  172. {{- define "postgresql.v1.service.port" -}}
    173. 

  173. {{- if .Values.global.postgresql.service.ports.postgresql -}}
    174. 

  174.     {{- .Values.global.postgresql.service.ports.postgresql -}}
    175. 

  175. {{- else -}}
    176. 

  176.     {{- .Values.primary.service.ports.postgresql -}}
    177. 

  177. {{- end -}}
    178. 

  178. {{- end -}}
    179. 

  179. 

  180. {{/*
    181. 

  181. Return PostgreSQL service port
    182. 

  182. */}}
    183. 

  183. {{- define "postgresql.v1.readReplica.service.port" -}}
    184. 

  184. {{- if .Values.global.postgresql.service.ports.postgresql -}}
    185. 

  185.     {{- .Values.global.postgresql.service.ports.postgresql -}}
    186. 

  186. {{- else -}}
    187. 

  187.     {{- .Values.readReplicas.service.ports.postgresql -}}
    188. 

  188. {{- end -}}
    189. 

  189. {{- end -}}
    190. 

  190. 

  191. {{/*
    192. 

  192. Get the PostgreSQL primary configuration ConfigMap name.
    193. 

  193. */}}
    194. 

  194. {{- define "postgresql.v1.primary.configmapName" -}}
    195. 

  195. {{- if .Values.primary.existingConfigmap -}}
    196. 

  196.     {{- printf "%s" (tpl .Values.primary.existingConfigmap $) -}}
    197. 

  197. {{- else -}}
    198. 

  198.     {{- printf "%s-configuration" (include "postgresql.v1.primary.fullname" .) -}}
    199. 

  199. {{- end -}}
    200. 

  200. {{- end -}}
    201. 

  201. 

  202. {{/*
    203. 

  203. Return true if a configmap object should be created for PostgreSQL primary with the configuration
    204. 

  204. */}}
    205. 

  205. {{- define "postgresql.v1.primary.createConfigmap" -}}
    206. 

  206. {{- if and (or .Values.primary.configuration .Values.primary.pgHbaConfiguration) (not .Values.primary.existingConfigmap) -}}
    207. 

  207.     {{- true -}}
    208. 

  208. {{- else -}}
    209. 

  209. {{- end -}}
    210. 

  210. {{- end -}}
    211. 

  211. 

  212. {{/*
    213. 

  213. Get the PostgreSQL primary extended configuration ConfigMap name.
    214. 

  214. */}}
    215. 

  215. {{- define "postgresql.v1.primary.extendedConfigmapName" -}}
    216. 

  216. {{- if .Values.primary.existingExtendedConfigmap -}}
    217. 

  217.     {{- printf "%s" (tpl .Values.primary.existingExtendedConfigmap $) -}}
    218. 

  218. {{- else -}}
    219. 

  219.     {{- printf "%s-extended-configuration" (include "postgresql.v1.primary.fullname" .) -}}
    220. 

  220. {{- end -}}
    221. 

  221. {{- end -}}
    222. 

  222. 

  223. {{/*
    224. 

  224. Get the PostgreSQL read replica extended configuration ConfigMap name.
    225. 

  225. */}}
    226. 

  226. {{- define "postgresql.v1.readReplicas.extendedConfigmapName" -}}
    227. 

  227.     {{- printf "%s-extended-configuration" (include "postgresql.v1.readReplica.fullname" .) -}}
    228. 

  228. {{- end -}}
    229. 

  229. 

  230. {{/*
    231. 

  231. Return true if a configmap object should be created for PostgreSQL primary with the extended configuration
    232. 

  232. */}}
    233. 

  233. {{- define "postgresql.v1.primary.createExtendedConfigmap" -}}
    234. 

  234. {{- if and .Values.primary.extendedConfiguration (not .Values.primary.existingExtendedConfigmap) -}}
    235. 

  235.     {{- true -}}
    236. 

  236. {{- else -}}
    237. 

  237. {{- end -}}
    238. 

  238. {{- end -}}
    239. 

  239. 

  240. {{/*
    241. 

  241. Return true if a configmap object should be created for PostgreSQL read replica with the extended configuration
    242. 

  242. */}}
    243. 

  243. {{- define "postgresql.v1.readReplicas.createExtendedConfigmap" -}}
    244. 

  244. {{- if .Values.readReplicas.extendedConfiguration -}}
    245. 

  245.     {{- true -}}
    246. 

  246. {{- else -}}
    247. 

  247. {{- end -}}
    248. 

  248. {{- end -}}
    249. 

  249. 

  250. {{/*
    251. 

  251.  Create the name of the service account to use
    252. 

  252.  */}}
    253. 

  253. {{- define "postgresql.v1.serviceAccountName" -}}
    254. 

  254. {{- if .Values.serviceAccount.create -}}
    255. 

  255.     {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
    256. 

  256. {{- else -}}
    257. 

  257.     {{ default "default" .Values.serviceAccount.name }}
    258. 

  258. {{- end -}}
    259. 

  259. {{- end -}}
    260. 

  260. 

  261. {{/*
    262. 

  262. Return true if a configmap should be mounted with PostgreSQL configuration
    263. 

  263. */}}
    264. 

  264. {{- define "postgresql.v1.mountConfigurationCM" -}}
    265. 

  265. {{- if or .Values.primary.configuration .Values.primary.pgHbaConfiguration .Values.primary.existingConfigmap -}}
    266. 

  266.     {{- true -}}
    267. 

  267. {{- end -}}
    268. 

  268. {{- end -}}
    269. 

  269. 

  270. {{/*
    271. 

  271. Get the initialization scripts ConfigMap name.
    272. 

  272. */}}
    273. 

  273. {{- define "postgresql.v1.initdb.scriptsCM" -}}
    274. 

  274. {{- if .Values.primary.initdb.scriptsConfigMap -}}
    275. 

  275.     {{- printf "%s" (tpl .Values.primary.initdb.scriptsConfigMap $) -}}
    276. 

  276. {{- else -}}
    277. 

  277.     {{- printf "%s-init-scripts" (include "postgresql.v1.primary.fullname" .) -}}
    278. 

  278. {{- end -}}
    279. 

  279. {{- end -}}
    280. 

  280. 

  281. {{/*
    282. 

  282. Return true if TLS is enabled for LDAP connection
    283. 

  283. */}}
    284. 

  284. {{- define "postgresql.v1.ldap.tls.enabled" -}}
    285. 

  285. {{- if and (kindIs "string" .Values.ldap.tls) (not (empty .Values.ldap.tls)) -}}
    286. 

  286.     {{- true -}}
    287. 

  287. {{- else if and (kindIs "map" .Values.ldap.tls) .Values.ldap.tls.enabled -}}
    288. 

  288.     {{- true -}}
    289. 

  289. {{- end -}}
    290. 

  290. {{- end -}}
    291. 

  291. 

  292. {{/*
    293. 

  293. Get the readiness probe command
    294. 

  294. */}}
    295. 

  295. {{- define "postgresql.v1.readinessProbeCommand" -}}
    296. 

  296. {{- $customUser := include "postgresql.v1.username" . -}}
    297. 

  297. - |
    298. 

  298. {{- if (include "postgresql.v1.database" .) }}
    299. 

  299.   exec pg_isready -U {{ default "postgres" $customUser | quote }} -d "dbname={{ include "postgresql.v1.database" . }} {{- if .Values.tls.enabled }} sslcert={{ include "postgresql.v1.tlsCert" . }} sslkey={{ include "postgresql.v1.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }}
    300. 

  300. {{- else }}
    301. 

  301.   exec pg_isready -U {{ default "postgres" $customUser | quote }} {{- if .Values.tls.enabled }} -d "sslcert={{ include "postgresql.v1.tlsCert" . }} sslkey={{ include "postgresql.v1.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }}
    302. 

  302. {{- end }}
    303. 

  303. {{- if contains "bitnami/" .Values.image.repository }}
    304. 

  304.   [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
    305. 

  305. {{- end }}
    306. 

  306. {{- end -}}
    307. 

  307. 

  308. {{/*
    309. 

  309. Compile all warnings into a single message, and call fail.
    310. 

  310. */}}
    311. 

  311. {{- define "postgresql.v1.validateValues" -}}
    312. 

  312. {{- $messages := list -}}
    313. 

  313. {{- $messages := append $messages (include "postgresql.v1.validateValues.ldapConfigurationMethod" .) -}}
    314. 

  314. {{- $messages := append $messages (include "postgresql.v1.validateValues.psp" .) -}}
    315. 

  315. {{- $messages := without $messages "" -}}
    316. 

  316. {{- $message := join "\n" $messages -}}
    317. 

  317. 

  318. {{- if $message -}}
    319. 

  319. {{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
    320. 

  320. {{- end -}}
    321. 

  321. {{- end -}}
    322. 

  322. 

  323. {{/*
    324. 

  324. Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap
    325. 

  325. */}}
    326. 

  326. {{- define "postgresql.v1.validateValues.ldapConfigurationMethod" -}}
    327. 

  327. {{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) -}}
    328. 

  328. postgresql: ldap.url, ldap.server
    329. 

  329.     You cannot set both `ldap.url` and `ldap.server` at the same time.
    330. 

  330.     Please provide a unique way to configure LDAP.
    331. 

  331.     More info at https://www.postgresql.org/docs/current/auth-ldap.html
    332. 

  332. {{- end -}}
    333. 

  333. {{- end -}}
    334. 

  334. 

  335. {{/*
    336. 

  336. Validate values of Postgresql - If PSP is enabled RBAC should be enabled too
    337. 

  337. */}}
    338. 

  338. {{- define "postgresql.v1.validateValues.psp" -}}
    339. 

  339. {{- if and .Values.psp.create (not .Values.rbac.create) -}}
    340. 

  340. postgresql: psp.create, rbac.create
    341. 

  341.     RBAC should be enabled if PSP is enabled in order for PSP to work.
    342. 

  342.     More info at https://kubernetes.io/docs/concepts/policy/pod-security-policy/#authorizing-policies
    343. 

  343. {{- end -}}
    344. 

  344. {{- end -}}
    345. 

  345. 

  346. {{/*
    347. 

  347. Return the path to the cert file.
    348. 

  348. */}}
    349. 

  349. {{- define "postgresql.v1.tlsCert" -}}
    350. 

  350. {{- if .Values.tls.autoGenerated -}}
    351. 

  351.     {{- printf "/opt/bitnami/postgresql/certs/tls.crt" -}}
    352. 

  352. {{- else -}}
    353. 

  353.     {{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/postgresql/certs/%s" -}}
    354. 

  354. {{- end -}}
    355. 

  355. {{- end -}}
    356. 

  356. 

  357. {{/*
    358. 

  358. Return the path to the cert key file.
    359. 

  359. */}}
    360. 

  360. {{- define "postgresql.v1.tlsCertKey" -}}
    361. 

  361. {{- if .Values.tls.autoGenerated -}}
    362. 

  362.     {{- printf "/opt/bitnami/postgresql/certs/tls.key" -}}
    363. 

  363. {{- else -}}
    364. 

  364. {{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/postgresql/certs/%s" -}}
    365. 

  365. {{- end -}}
    366. 

  366. {{- end -}}
    367. 

  367. 

  368. {{/*
    369. 

  369. Return the path to the CA cert file.
    370. 

  370. */}}
    371. 

  371. {{- define "postgresql.v1.tlsCACert" -}}
    372. 

  372. {{- if .Values.tls.autoGenerated -}}
    373. 

  373.     {{- printf "/opt/bitnami/postgresql/certs/ca.crt" -}}
    374. 

  374. {{- else -}}
    375. 

  375.     {{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.certCAFilename -}}
    376. 

  376. {{- end -}}
    377. 

  377. {{- end -}}
    378. 

  378. 

  379. {{/*
    380. 

  380. Return the path to the CRL file.
    381. 

  381. */}}
    382. 

  382. {{- define "postgresql.v1.tlsCRL" -}}
    383. 

  383. {{- if .Values.tls.crlFilename -}}
    384. 

  384. {{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.crlFilename -}}
    385. 

  385. {{- end -}}
    386. 

  386. {{- end -}}
    387. 

  387. 

  388. {{/*
    389. 

  389. Return true if a TLS credentials secret object should be created
    390. 

  390. */}}
    391. 

  391. {{- define "postgresql.v1.createTlsSecret" -}}
    392. 

  392. {{- if and .Values.tls.autoGenerated (not .Values.tls.certificatesSecret) -}}
    393. 

  393.     {{- true -}}
    394. 

  394. {{- end -}}
    395. 

  395. {{- end -}}
    396. 

  396. 

  397. {{/*
    398. 

  398. Return the path to the CA cert file.
    399. 

  399. */}}
    400. 

  400. {{- define "postgresql.v1.tlsSecretName" -}}
    401. 

  401. {{- if .Values.tls.autoGenerated -}}
    402. 

  402.     {{- printf "%s-crt" (include "common.names.fullname" .) -}}
    403. 

  403. {{- else -}}
    404. 

  404.     {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }}
    405. 

  405. {{- end -}}
    406. 

  406. {{- end -}}
    407.