صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
cecf
/
deploy
5
0
انشعاب 0
پرونده‌ها مشکلات 0 درخواست واکشی 0 ویکی
درخت: e4538f3d9b
شاخه‌ها تگ‌ها
deploy
/
data
/
postgresql
/
templates
/
secrets.yaml

secrets.yaml 5.0 KB
تاريخچه خام

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899 
  1. {{- /*
    2. 

  2. Copyright VMware, Inc.
    3. 

  3. SPDX-License-Identifier: APACHE-2.0
    4. 

  4. */}}
    5. 

  5. 

  6. {{- $host := include "postgresql.v1.primary.fullname" . }}
    7. 

  7. {{- $port := include "postgresql.v1.service.port" . }}
    8. 

  8. {{- $customUser := include "postgresql.v1.username" . }}
    9. 

  9. {{- $postgresPassword := include "common.secrets.lookup" (dict "secret" (include "postgresql.v1.secretName" .) "key" (coalesce .Values.global.postgresql.auth.secretKeys.adminPasswordKey .Values.auth.secretKeys.adminPasswordKey) "defaultValue" (ternary (coalesce .Values.global.postgresql.auth.password .Values.auth.password .Values.global.postgresql.auth.postgresPassword .Values.auth.postgresPassword) (coalesce .Values.global.postgresql.auth.postgresPassword .Values.auth.postgresPassword) (or (empty $customUser) (eq $customUser "postgres"))) "context" $) | trimAll "\"" | b64dec }}
    10. 

  10. {{- if and (not $postgresPassword) .Values.auth.enablePostgresUser }}
    11. 

  11. {{- $postgresPassword = randAlphaNum 10 }}
    12. 

  12. {{- end }}
    13. 

  13. {{- $replicationPassword := "" }}
    14. 

  14. {{- if eq .Values.architecture "replication" }}
    15. 

  15. {{- $replicationPassword = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.v1.secretName" .) "key" (coalesce .Values.global.postgresql.auth.secretKeys.replicationPasswordKey .Values.auth.secretKeys.replicationPasswordKey) "providedValues" (list "auth.replicationPassword") "context" $) | trimAll "\"" | b64dec }}
    16. 

  16. {{- end }}
    17. 

  17. {{- $ldapPassword := "" }}
    18. 

  18. {{- if and .Values.ldap.enabled (or .Values.ldap.bind_password .Values.ldap.bindpw) }}
    19. 

  19. {{- $ldapPassword = coalesce .Values.ldap.bind_password .Values.ldap.bindpw }}
    20. 

  20. {{- end }}
    21. 

  21. {{- $password := "" }}
    22. 

  22. {{- if and (not (empty $customUser)) (ne $customUser "postgres") }}
    23. 

  23. {{- $password = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.v1.secretName" .) "key" (coalesce .Values.global.postgresql.auth.secretKeys.userPasswordKey .Values.auth.secretKeys.userPasswordKey) "providedValues" (list "global.postgresql.auth.password" "auth.password") "context" $) | trimAll "\"" | b64dec }}
    24. 

  24. {{- end }}
    25. 

  25. {{- $database := include "postgresql.v1.database" . }}
    26. 

  26. {{- if (include "postgresql.v1.createSecret" .) }}
    27. 

  27. apiVersion: v1
    28. 

  28. kind: Secret
    29. 

  29. metadata:
    30. 

  30.   name: {{ include "common.names.fullname" . }}
    31. 

  31.   namespace: {{ .Release.Namespace | quote }}
    32. 

  32.   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
    33. 

  33.   {{- if .Values.commonAnnotations }}
    34. 

  34.   annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
    35. 

  35.   {{- end }}
    36. 

  36. type: Opaque
    37. 

  37. data:
    38. 

  38.   {{- if $postgresPassword }}
    39. 

  39.   postgres-password: {{ $postgresPassword | b64enc | quote }}
    40. 

  40.   {{- end }}
    41. 

  41.   {{- if $password }}
    42. 

  42.   password: {{ $password | b64enc | quote }}
    43. 

  43.   {{- end }}
    44. 

  44.   {{- if $replicationPassword }}
    45. 

  45.   replication-password: {{ $replicationPassword | b64enc | quote }}
    46. 

  46.   {{- end }}
    47. 

  47.   # We don't auto-generate LDAP password when it's not provided as we do for other passwords
    48. 

  48.   {{- if and .Values.ldap.enabled (or .Values.ldap.bind_password .Values.ldap.bindpw) }}
    49. 

  49.   ldap-password: {{ $ldapPassword  | b64enc | quote }}
    50. 

  50.   {{- end }}
    51. 

  51. {{- end }}
    52. 

  52. {{- if .Values.serviceBindings.enabled }}
    53. 

  53. {{- if $postgresPassword }}
    54. 

  54. ---
    55. 

  55. apiVersion: v1
    56. 

  56. kind: Secret
    57. 

  57. metadata:
    58. 

  58.   name: {{ include "common.names.fullname" . }}-svcbind-postgres
    59. 

  59.   namespace: {{ .Release.Namespace | quote }}
    60. 

  60.   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
    61. 

  61.   {{- if .Values.commonAnnotations }}
    62. 

  62.   annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
    63. 

  63.   {{- end }}
    64. 

  64. type: servicebinding.io/postgresql
    65. 

  65. data:
    66. 

  66.   provider: {{ print "bitnami" | b64enc | quote }}
    67. 

  67.   type: {{ print "postgresql" | b64enc | quote }}
    68. 

  68.   host: {{ $host | b64enc | quote }}
    69. 

  69.   port: {{ $port | b64enc | quote }}
    70. 

  70.   username: {{ print "postgres" | b64enc | quote }}
    71. 

  71.   database: {{ print "postgres" | b64enc | quote }}
    72. 

  72.   password: {{ $postgresPassword | b64enc | quote }}
    73. 

  73.   uri: {{ printf "postgresql://postgres:%s@%s:%s/postgres" $postgresPassword $host $port | b64enc | quote }}
    74. 

  74. {{- end }}
    75. 

  75. {{- if $password }}
    76. 

  76. ---
    77. 

  77. apiVersion: v1
    78. 

  78. kind: Secret
    79. 

  79. metadata:
    80. 

  80.   name: {{ include "common.names.fullname" . }}-svcbind-custom-user
    81. 

  81.   namespace: {{ .Release.Namespace | quote }}
    82. 

  82.   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
    83. 

  83.   {{- if .Values.commonAnnotations }}
    84. 

  84.   annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
    85. 

  85.   {{- end }}
    86. 

  86. type: servicebinding.io/postgresql
    87. 

  87. data:
    88. 

  88.   provider: {{ print "bitnami" | b64enc | quote }}
    89. 

  89.   type: {{ print "postgresql" | b64enc | quote }}
    90. 

  90.   host: {{ $host | b64enc | quote }}
    91. 

  91.   port: {{ $port | b64enc | quote }}
    92. 

  92.   username: {{ $customUser | b64enc | quote }}
    93. 

  93.   password: {{ $password | b64enc | quote }}
    94. 

  94.   {{- if $database }}
    95. 

  95.   database: {{ $database | b64enc | quote }}
    96. 

  96.   {{- end }}
    97. 

  97.   uri: {{ printf "postgresql://%s:%s@%s:%s/%s" $customUser $password $host $port $database | b64enc | quote }}
    98. 

  98. {{- end }}
    99. 

  99. {{- end }}
    100.