Trang chủ Khám phá Trợ giúp
Đăng nhập
cecf
/
deploy
5
0
Fork 0
Các tập tin Các vấn đề 0 Yêu cầu kéo về 0 Wiki
Tree: e4538f3d9b
Branches Tags
deploy
/
superset
/
charts
/
postgresql
/
templates
/
_helpers.tpl

_helpers.tpl 14 KB
Lịch sử Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399 
  1. {{/* vim: set filetype=mustache: */}}
    2. 

  2. 

  3. {{/*
    4. 

  4. Create a default fully qualified app name for PostgreSQL Primary objects
    5. 

  5. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
    6. 

  6. */}}
    7. 

  7. {{- define "postgresql.primary.fullname" -}}
    8. 

  8. {{- if eq .Values.architecture "replication" }}
    9. 

  9.     {{- printf "%s-%s" (include "common.names.fullname" .) .Values.primary.name | trunc 63 | trimSuffix "-" -}}
    10. 

  10. {{- else -}}
    11. 

  11.     {{- include "common.names.fullname" . -}}
    12. 

  12. {{- end -}}
    13. 

  13. {{- end -}}
    14. 

  14. 

  15. {{/*
    16. 

  16. Create a default fully qualified app name for PostgreSQL read-only replicas objects
    17. 

  17. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
    18. 

  18. */}}
    19. 

  19. {{- define "postgresql.readReplica.fullname" -}}
    20. 

  20. {{- printf "%s-%s" (include "common.names.fullname" .) .Values.readReplicas.name | trunc 63 | trimSuffix "-" -}}
    21. 

  21. {{- end -}}
    22. 

  22. 

  23. {{/*
    24. 

  24. Create the default FQDN for PostgreSQL primary headless service
    25. 

  25. We truncate at 63 chars because of the DNS naming spec.
    26. 

  26. */}}
    27. 

  27. {{- define "postgresql.primary.svc.headless" -}}
    28. 

  28. {{- printf "%s-hl" (include "postgresql.primary.fullname" .) | trunc 63 | trimSuffix "-" }}
    29. 

  29. {{- end -}}
    30. 

  30. 

  31. {{/*
    32. 

  32. Create the default FQDN for PostgreSQL read-only replicas headless service
    33. 

  33. We truncate at 63 chars because of the DNS naming spec.
    34. 

  34. */}}
    35. 

  35. {{- define "postgresql.readReplica.svc.headless" -}}
    36. 

  36. {{- printf "%s-hl" (include "postgresql.readReplica.fullname" .) | trunc 63 | trimSuffix "-" }}
    37. 

  37. {{- end -}}
    38. 

  38. 

  39. {{/*
    40. 

  40. Return the proper PostgreSQL image name
    41. 

  41. */}}
    42. 

  42. {{- define "postgresql.image" -}}
    43. 

  43. {{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
    44. 

  44. {{- end -}}
    45. 

  45. 

  46. {{/*
    47. 

  47. Return the proper PostgreSQL metrics image name
    48. 

  48. */}}
    49. 

  49. {{- define "postgresql.metrics.image" -}}
    50. 

  50. {{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }}
    51. 

  51. {{- end -}}
    52. 

  52. 

  53. {{/*
    54. 

  54. Return the proper image name (for the init container volume-permissions image)
    55. 

  55. */}}
    56. 

  56. {{- define "postgresql.volumePermissions.image" -}}
    57. 

  57. {{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
    58. 

  58. {{- end -}}
    59. 

  59. 

  60. {{/*
    61. 

  61. Return the proper Docker Image Registry Secret Names
    62. 

  62. */}}
    63. 

  63. {{- define "postgresql.imagePullSecrets" -}}
    64. 

  64. {{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) }}
    65. 

  65. {{- end -}}
    66. 

  66. 

  67. {{/*
    68. 

  68. Return the name for a custom user to create
    69. 

  69. */}}
    70. 

  70. {{- define "postgresql.username" -}}
    71. 

  71. {{- if .Values.global.postgresql.auth.username }}
    72. 

  72.     {{- .Values.global.postgresql.auth.username -}}
    73. 

  73. {{- else -}}
    74. 

  74.     {{- .Values.auth.username -}}
    75. 

  75. {{- end -}}
    76. 

  76. {{- end -}}
    77. 

  77. 

  78. {{/*
    79. 

  79. Return the name for a custom database to create
    80. 

  80. */}}
    81. 

  81. {{- define "postgresql.database" -}}
    82. 

  82. {{- if .Values.global.postgresql.auth.database }}
    83. 

  83.     {{- .Values.global.postgresql.auth.database -}}
    84. 

  84. {{- else if .Values.auth.database -}}
    85. 

  85.     {{- .Values.auth.database -}}
    86. 

  86. {{- end -}}
    87. 

  87. {{- end -}}
    88. 

  88. 

  89. {{/*
    90. 

  90. Get the password secret.
    91. 

  91. */}}
    92. 

  92. {{- define "postgresql.secretName" -}}
    93. 

  93. {{- if .Values.global.postgresql.auth.existingSecret }}
    94. 

  94.     {{- printf "%s" (tpl .Values.global.postgresql.auth.existingSecret $) -}}
    95. 

  95. {{- else if .Values.auth.existingSecret -}}
    96. 

  96.     {{- printf "%s" (tpl .Values.auth.existingSecret $) -}}
    97. 

  97. {{- else -}}
    98. 

  98.     {{- printf "%s" (include "common.names.fullname" .) -}}
    99. 

  99. {{- end -}}
    100. 

  100. {{- end -}}
    101. 

  101. 

  102. {{/*
    103. 

  103. Get the replication-password key.
    104. 

  104. */}}
    105. 

  105. {{- define "postgresql.replicationPasswordKey" -}}
    106. 

  106. {{- if or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret }}
    107. 

  107.     {{- if .Values.global.postgresql.auth.secretKeys.replicationPasswordKey }}
    108. 

  108.         {{- printf "%s" (tpl .Values.global.postgresql.auth.secretKeys.replicationPasswordKey $) -}}
    109. 

  109.     {{- else if .Values.auth.secretKeys.replicationPasswordKey -}}
    110. 

  110.         {{- printf "%s" (tpl .Values.auth.secretKeys.replicationPasswordKey $) -}}
    111. 

  111.     {{- else -}}
    112. 

  112.         {{- "replication-password" -}}
    113. 

  113.     {{- end -}}
    114. 

  114. {{- else -}}
    115. 

  115.     {{- "replication-password" -}}
    116. 

  116. {{- end -}}
    117. 

  117. {{- end -}}
    118. 

  118. 

  119. {{/*
    120. 

  120. Get the admin-password key.
    121. 

  121. */}}
    122. 

  122. {{- define "postgresql.adminPasswordKey" -}}
    123. 

  123. {{- if or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret }}
    124. 

  124.     {{- if .Values.global.postgresql.auth.secretKeys.adminPasswordKey }}
    125. 

  125.         {{- printf "%s" (tpl .Values.global.postgresql.auth.secretKeys.adminPasswordKey $) -}}
    126. 

  126.     {{- else if .Values.auth.secretKeys.adminPasswordKey -}}
    127. 

  127.         {{- printf "%s" (tpl .Values.auth.secretKeys.adminPasswordKey $) -}}
    128. 

  128.     {{- end -}}
    129. 

  129. {{- else -}}
    130. 

  130.     {{- "postgres-password" -}}
    131. 

  131. {{- end -}}
    132. 

  132. {{- end -}}
    133. 

  133. 

  134. {{/*
    135. 

  135. Get the user-password key.
    136. 

  136. */}}
    137. 

  137. {{- define "postgresql.userPasswordKey" -}}
    138. 

  138. {{- if or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret }}
    139. 

  139.     {{- if or (empty (include "postgresql.username" .)) (eq (include "postgresql.username" .) "postgres") }}
    140. 

  140.         {{- printf "%s" (include "postgresql.adminPasswordKey" .) -}}
    141. 

  141.     {{- else -}}
    142. 

  142.         {{- if .Values.global.postgresql.auth.secretKeys.userPasswordKey }}
    143. 

  143.             {{- printf "%s" (tpl .Values.global.postgresql.auth.secretKeys.userPasswordKey $) -}}
    144. 

  144.         {{- else if .Values.auth.secretKeys.userPasswordKey -}}
    145. 

  145.             {{- printf "%s" (tpl .Values.auth.secretKeys.userPasswordKey $) -}}
    146. 

  146.         {{- end -}}
    147. 

  147.     {{- end -}}
    148. 

  148. {{- else -}}
    149. 

  149.     {{- ternary "password" "postgres-password" (and (not (empty (include "postgresql.username" .))) (ne (include "postgresql.username" .) "postgres")) -}}
    150. 

  150. {{- end -}}
    151. 

  151. {{- end -}}
    152. 

  152. 

  153. {{/*
    154. 

  154. Return true if a secret object should be created
    155. 

  155. */}}
    156. 

  156. {{- define "postgresql.createSecret" -}}
    157. 

  157. {{- if not (or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret) -}}
    158. 

  158.     {{- true -}}
    159. 

  159. {{- end -}}
    160. 

  160. {{- end -}}
    161. 

  161. 

  162. {{/*
    163. 

  163. Return PostgreSQL service port
    164. 

  164. */}}
    165. 

  165. {{- define "postgresql.service.port" -}}
    166. 

  166. {{- if .Values.global.postgresql.service.ports.postgresql }}
    167. 

  167.     {{- .Values.global.postgresql.service.ports.postgresql -}}
    168. 

  168. {{- else -}}
    169. 

  169.     {{- .Values.primary.service.ports.postgresql -}}
    170. 

  170. {{- end -}}
    171. 

  171. {{- end -}}
    172. 

  172. 

  173. {{/*
    174. 

  174. Return PostgreSQL service port
    175. 

  175. */}}
    176. 

  176. {{- define "postgresql.readReplica.service.port" -}}
    177. 

  177. {{- if .Values.global.postgresql.service.ports.postgresql }}
    178. 

  178.     {{- .Values.global.postgresql.service.ports.postgresql -}}
    179. 

  179. {{- else -}}
    180. 

  180.     {{- .Values.readReplicas.service.ports.postgresql -}}
    181. 

  181. {{- end -}}
    182. 

  182. {{- end -}}
    183. 

  183. 

  184. {{/*
    185. 

  185. Get the PostgreSQL primary configuration ConfigMap name.
    186. 

  186. */}}
    187. 

  187. {{- define "postgresql.primary.configmapName" -}}
    188. 

  188. {{- if .Values.primary.existingConfigmap -}}
    189. 

  189.     {{- printf "%s" (tpl .Values.primary.existingConfigmap $) -}}
    190. 

  190. {{- else -}}
    191. 

  191.     {{- printf "%s-configuration" (include "postgresql.primary.fullname" .) -}}
    192. 

  192. {{- end -}}
    193. 

  193. {{- end -}}
    194. 

  194. 

  195. {{/*
    196. 

  196. Return true if a configmap object should be created for PostgreSQL primary with the configuration
    197. 

  197. */}}
    198. 

  198. {{- define "postgresql.primary.createConfigmap" -}}
    199. 

  199. {{- if and (or .Values.primary.configuration .Values.primary.pgHbaConfiguration) (not .Values.primary.existingConfigmap) }}
    200. 

  200.     {{- true -}}
    201. 

  201. {{- else -}}
    202. 

  202. {{- end -}}
    203. 

  203. {{- end -}}
    204. 

  204. 

  205. {{/*
    206. 

  206. Get the PostgreSQL primary extended configuration ConfigMap name.
    207. 

  207. */}}
    208. 

  208. {{- define "postgresql.primary.extendedConfigmapName" -}}
    209. 

  209. {{- if .Values.primary.existingExtendedConfigmap -}}
    210. 

  210.     {{- printf "%s" (tpl .Values.primary.existingExtendedConfigmap $) -}}
    211. 

  211. {{- else -}}
    212. 

  212.     {{- printf "%s-extended-configuration" (include "postgresql.primary.fullname" .) -}}
    213. 

  213. {{- end -}}
    214. 

  214. {{- end -}}
    215. 

  215. 

  216. {{/*
    217. 

  217. Get the PostgreSQL read replica extended configuration ConfigMap name.
    218. 

  218. */}}
    219. 

  219. {{- define "postgresql.readReplicas.extendedConfigmapName" -}}
    220. 

  220.     {{- printf "%s-extended-configuration" (include "postgresql.readReplica.fullname" .) -}}
    221. 

  221. {{- end -}}
    222. 

  222. 

  223. {{/*
    224. 

  224. Return true if a configmap object should be created for PostgreSQL primary with the extended configuration
    225. 

  225. */}}
    226. 

  226. {{- define "postgresql.primary.createExtendedConfigmap" -}}
    227. 

  227. {{- if and .Values.primary.extendedConfiguration (not .Values.primary.existingExtendedConfigmap) }}
    228. 

  228.     {{- true -}}
    229. 

  229. {{- else -}}
    230. 

  230. {{- end -}}
    231. 

  231. {{- end -}}
    232. 

  232. 

  233. {{/*
    234. 

  234. Return true if a configmap object should be created for PostgreSQL read replica with the extended configuration
    235. 

  235. */}}
    236. 

  236. {{- define "postgresql.readReplicas.createExtendedConfigmap" -}}
    237. 

  237. {{- if .Values.readReplicas.extendedConfiguration }}
    238. 

  238.     {{- true -}}
    239. 

  239. {{- else -}}
    240. 

  240. {{- end -}}
    241. 

  241. {{- end -}}
    242. 

  242. 

  243. {{/*
    244. 

  244.  Create the name of the service account to use
    245. 

  245.  */}}
    246. 

  246. {{- define "postgresql.serviceAccountName" -}}
    247. 

  247. {{- if .Values.serviceAccount.create -}}
    248. 

  248.     {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
    249. 

  249. {{- else -}}
    250. 

  250.     {{ default "default" .Values.serviceAccount.name }}
    251. 

  251. {{- end -}}
    252. 

  252. {{- end -}}
    253. 

  253. 

  254. {{/*
    255. 

  255. Return true if a configmap should be mounted with PostgreSQL configuration
    256. 

  256. */}}
    257. 

  257. {{- define "postgresql.mountConfigurationCM" -}}
    258. 

  258. {{- if or .Values.primary.configuration .Values.primary.pgHbaConfiguration .Values.primary.existingConfigmap }}
    259. 

  259.     {{- true -}}
    260. 

  260. {{- end -}}
    261. 

  261. {{- end -}}
    262. 

  262. 

  263. {{/*
    264. 

  264. Get the initialization scripts ConfigMap name.
    265. 

  265. */}}
    266. 

  266. {{- define "postgresql.initdb.scriptsCM" -}}
    267. 

  267. {{- if .Values.primary.initdb.scriptsConfigMap -}}
    268. 

  268.     {{- printf "%s" (tpl .Values.primary.initdb.scriptsConfigMap $) -}}
    269. 

  269. {{- else -}}
    270. 

  270.     {{- printf "%s-init-scripts" (include "postgresql.primary.fullname" .) -}}
    271. 

  271. {{- end -}}
    272. 

  272. {{- end -}}
    273. 

  273. 

  274. {/*
    275. 

  275. Return true if TLS is enabled for LDAP connection
    276. 

  276. */}}
    277. 

  277. {{- define "postgresql.ldap.tls.enabled" -}}
    278. 

  278. {{- if and (kindIs "string" .Values.ldap.tls) (not (empty .Values.ldap.tls)) }}
    279. 

  279.     {{- true -}}
    280. 

  280. {{- else if and (kindIs "map" .Values.ldap.tls) .Values.ldap.tls.enabled }}
    281. 

  281.     {{- true -}}
    282. 

  282. {{- end -}}
    283. 

  283. {{- end -}}
    284. 

  284. 

  285. {{/*
    286. 

  286. Get the readiness probe command
    287. 

  287. */}}
    288. 

  288. {{- define "postgresql.readinessProbeCommand" -}}
    289. 

  289. {{- $customUser := include "postgresql.username" . }}
    290. 

  290. - |
    291. 

  291. {{- if (include "postgresql.database" .) }}
    292. 

  292.   exec pg_isready -U {{ default "postgres" $customUser | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if .Values.tls.enabled }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }}
    293. 

  293. {{- else }}
    294. 

  294.   exec pg_isready -U {{ default "postgres" $customUser | quote }} {{- if .Values.tls.enabled }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }}
    295. 

  295. {{- end }}
    296. 

  296. {{- if contains "bitnami/" .Values.image.repository }}
    297. 

  297.   [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
    298. 

  298. {{- end -}}
    299. 

  299. {{- end -}}
    300. 

  300. 

  301. {{/*
    302. 

  302. Compile all warnings into a single message, and call fail.
    303. 

  303. */}}
    304. 

  304. {{- define "postgresql.validateValues" -}}
    305. 

  305. {{- $messages := list -}}
    306. 

  306. {{- $messages := append $messages (include "postgresql.validateValues.ldapConfigurationMethod" .) -}}
    307. 

  307. {{- $messages := append $messages (include "postgresql.validateValues.psp" .) -}}
    308. 

  308. {{- $messages := without $messages "" -}}
    309. 

  309. {{- $message := join "\n" $messages -}}
    310. 

  310. 

  311. {{- if $message -}}
    312. 

  312. {{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
    313. 

  313. {{- end -}}
    314. 

  314. {{- end -}}
    315. 

  315. 

  316. {{/*
    317. 

  317. Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap
    318. 

  318. */}}
    319. 

  319. {{- define "postgresql.validateValues.ldapConfigurationMethod" -}}
    320. 

  320. {{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) }}
    321. 

  321. postgresql: ldap.url, ldap.server
    322. 

  322.     You cannot set both `ldap.url` and `ldap.server` at the same time.
    323. 

  323.     Please provide a unique way to configure LDAP.
    324. 

  324.     More info at https://www.postgresql.org/docs/current/auth-ldap.html
    325. 

  325. {{- end -}}
    326. 

  326. {{- end -}}
    327. 

  327. 

  328. {{/*
    329. 

  329. Validate values of Postgresql - If PSP is enabled RBAC should be enabled too
    330. 

  330. */}}
    331. 

  331. {{- define "postgresql.validateValues.psp" -}}
    332. 

  332. {{- if and .Values.psp.create (not .Values.rbac.create) }}
    333. 

  333. postgresql: psp.create, rbac.create
    334. 

  334.     RBAC should be enabled if PSP is enabled in order for PSP to work.
    335. 

  335.     More info at https://kubernetes.io/docs/concepts/policy/pod-security-policy/#authorizing-policies
    336. 

  336. {{- end -}}
    337. 

  337. {{- end -}}
    338. 

  338. 

  339. {{/*
    340. 

  340. Return the path to the cert file.
    341. 

  341. */}}
    342. 

  342. {{- define "postgresql.tlsCert" -}}
    343. 

  343. {{- if .Values.tls.autoGenerated }}
    344. 

  344.     {{- printf "/opt/bitnami/postgresql/certs/tls.crt" -}}
    345. 

  345. {{- else -}}
    346. 

  346.     {{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/postgresql/certs/%s" -}}
    347. 

  347. {{- end -}}
    348. 

  348. {{- end -}}
    349. 

  349. 

  350. {{/*
    351. 

  351. Return the path to the cert key file.
    352. 

  352. */}}
    353. 

  353. {{- define "postgresql.tlsCertKey" -}}
    354. 

  354. {{- if .Values.tls.autoGenerated }}
    355. 

  355.     {{- printf "/opt/bitnami/postgresql/certs/tls.key" -}}
    356. 

  356. {{- else -}}
    357. 

  357. {{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/postgresql/certs/%s" -}}
    358. 

  358. {{- end -}}
    359. 

  359. {{- end -}}
    360. 

  360. 

  361. {{/*
    362. 

  362. Return the path to the CA cert file.
    363. 

  363. */}}
    364. 

  364. {{- define "postgresql.tlsCACert" -}}
    365. 

  365. {{- if .Values.tls.autoGenerated }}
    366. 

  366.     {{- printf "/opt/bitnami/postgresql/certs/ca.crt" -}}
    367. 

  367. {{- else -}}
    368. 

  368.     {{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.certCAFilename -}}
    369. 

  369. {{- end -}}
    370. 

  370. {{- end -}}
    371. 

  371. 

  372. {{/*
    373. 

  373. Return the path to the CRL file.
    374. 

  374. */}}
    375. 

  375. {{- define "postgresql.tlsCRL" -}}
    376. 

  376. {{- if .Values.tls.crlFilename -}}
    377. 

  377. {{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.crlFilename -}}
    378. 

  378. {{- end -}}
    379. 

  379. {{- end -}}
    380. 

  380. 

  381. {{/*
    382. 

  382. Return true if a TLS credentials secret object should be created
    383. 

  383. */}}
    384. 

  384. {{- define "postgresql.createTlsSecret" -}}
    385. 

  385. {{- if and .Values.tls.autoGenerated (not .Values.tls.certificatesSecret) }}
    386. 

  386.     {{- true -}}
    387. 

  387. {{- end -}}
    388. 

  388. {{- end -}}
    389. 

  389. 

  390. {{/*
    391. 

  391. Return the path to the CA cert file.
    392. 

  392. */}}
    393. 

  393. {{- define "postgresql.tlsSecretName" -}}
    394. 

  394. {{- if .Values.tls.autoGenerated }}
    395. 

  395.     {{- printf "%s-crt" (include "common.names.fullname" .) -}}
    396. 

  396. {{- else -}}
    397. 

  397.     {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }}
    398. 

  398. {{- end -}}
    399. 

  399. {{- end -}}
    400.