From f8bed6196fcfef9c228febe579a44e6346d8e871 Mon Sep 17 00:00:00 2001 From: Max Roby Date: Mon, 13 Nov 2023 10:22:30 +0100 Subject: [PATCH 1/3] add options to enable the postgres user --- charts/cloudnative-pg-cluster/Chart.yaml | 2 +- charts/cloudnative-pg-cluster/README.md | 4 +++- charts/cloudnative-pg-cluster/templates/cnpg_cluster.yaml | 2 ++ charts/cloudnative-pg-cluster/values.yaml | 8 ++++++++ 4 files changed, 14 insertions(+), 2 deletions(-) diff --git a/charts/cloudnative-pg-cluster/Chart.yaml b/charts/cloudnative-pg-cluster/Chart.yaml index 04c6e08..2c17a52 100644 --- a/charts/cloudnative-pg-cluster/Chart.yaml +++ b/charts/cloudnative-pg-cluster/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: cnpg-cluster description: Create postgres tenant clusters managed by the CNPG Operator type: application -version: 0.3.7 +version: 0.3.8 maintainers: - name: "cloudymax" diff --git a/charts/cloudnative-pg-cluster/README.md b/charts/cloudnative-pg-cluster/README.md index 8f742e0..339d2ed 100644 --- a/charts/cloudnative-pg-cluster/README.md +++ b/charts/cloudnative-pg-cluster/README.md @@ -1,6 +1,6 @@ # cnpg-cluster -![Version: 0.3.7](https://img.shields.io/badge/Version-0.3.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.3.8](https://img.shields.io/badge/Version-0.3.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) Create postgres tenant clusters managed by the CNPG Operator @@ -34,6 +34,7 @@ Create postgres tenant clusters managed by the CNPG Operator | certificates.server.serverTLSSecret | string | `""` | name of existing Kubernetes Secret for the postgresql server TLS cert, ignored if certificates.generate is true | | certificates.user.enabled | bool | `false` | create a certificate for a user to connect to postgres using CertManager requires server and client certificate generation enabled | | certificates.user.username | string | `"app"` | name of the user to create a cert for, eg: the DbOwner specified earlier. This data populated into the commonName field of the certificate. | +| enableSuperuserAccess | bool | `false` | CNPG disables the postgres superuser by default must be explicitly enabled | | externalClusters | list | `[]` | | | imageName | string | `"ghcr.io/cloudnative-pg/postgresql:16.0"` | image to use for all tenant pods | | instances | int | `3` | number of postgres replicas minimum 1 required | @@ -46,6 +47,7 @@ Create postgres tenant clusters managed by the CNPG Operator | scheduledBackup.spec.cluster.name | string | `"pg-backup"` | | | scheduledBackup.spec.schedule | string | `"0 0 0 * * *"` | crontab style schedule to run the backups | | storage.size | string | `"1Gi"` | how much storage to allocate to the postgresql cluster | +| superuserSecret | string | `nil` | name of existing secret to use as superuser redentials will be randomly generated if not specified. | | testApp.enabled | bool | `false` | | ---------------------------------------------- diff --git a/charts/cloudnative-pg-cluster/templates/cnpg_cluster.yaml b/charts/cloudnative-pg-cluster/templates/cnpg_cluster.yaml index d1d6d60..0c3ac93 100644 --- a/charts/cloudnative-pg-cluster/templates/cnpg_cluster.yaml +++ b/charts/cloudnative-pg-cluster/templates/cnpg_cluster.yaml @@ -6,6 +6,8 @@ metadata: spec: instances: {{ .Values.instances }} imageName: {{ .Values.imageName }} + enableSuperuserAccess: {{ .Values.enableSuperuserAccess }} + superuserSecret: {{ .Values.superuserSecret }} primaryUpdateStrategy: {{ .Values.primaryUpdateStrategy }} {{- if .Values.backup }} {{- with .Values.backup }} diff --git a/charts/cloudnative-pg-cluster/values.yaml b/charts/cloudnative-pg-cluster/values.yaml index 2aeed2b..2099353 100644 --- a/charts/cloudnative-pg-cluster/values.yaml +++ b/charts/cloudnative-pg-cluster/values.yaml @@ -7,6 +7,14 @@ instances: 3 # -- image to use for all tenant pods imageName: ghcr.io/cloudnative-pg/postgresql:16.0 +# -- CNPG disables the postgres superuser by default +# must be explicitly enabled +enableSuperuserAccess: false + +# -- name of existing secret to use as superuser redentials +# will be randomly generated if not specified. +superuserSecret: null + # Examples of rolling update strategy: # unsupervised: automated update of the primary once all # replicas have been upgraded (default) From 9bb28905d949b79ded347ac5fbc2b2a22728fbd3 Mon Sep 17 00:00:00 2001 From: JesseBot Date: Mon, 13 Nov 2023 10:24:26 +0100 Subject: [PATCH 2/3] Update charts/cloudnative-pg-cluster/values.yaml --- charts/cloudnative-pg-cluster/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/cloudnative-pg-cluster/values.yaml b/charts/cloudnative-pg-cluster/values.yaml index 2099353..bc5dd35 100644 --- a/charts/cloudnative-pg-cluster/values.yaml +++ b/charts/cloudnative-pg-cluster/values.yaml @@ -13,7 +13,7 @@ enableSuperuserAccess: false # -- name of existing secret to use as superuser redentials # will be randomly generated if not specified. -superuserSecret: null +superuserSecret: "" # Examples of rolling update strategy: # unsupervised: automated update of the primary once all From 5e60157dba979a3a7d81c0788677f6251bc3a81b Mon Sep 17 00:00:00 2001 From: JesseBot Date: Mon, 13 Nov 2023 10:25:03 +0100 Subject: [PATCH 3/3] Update charts/cloudnative-pg-cluster/README.md --- charts/cloudnative-pg-cluster/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/cloudnative-pg-cluster/README.md b/charts/cloudnative-pg-cluster/README.md index 339d2ed..3126e7f 100644 --- a/charts/cloudnative-pg-cluster/README.md +++ b/charts/cloudnative-pg-cluster/README.md @@ -47,7 +47,7 @@ Create postgres tenant clusters managed by the CNPG Operator | scheduledBackup.spec.cluster.name | string | `"pg-backup"` | | | scheduledBackup.spec.schedule | string | `"0 0 0 * * *"` | crontab style schedule to run the backups | | storage.size | string | `"1Gi"` | how much storage to allocate to the postgresql cluster | -| superuserSecret | string | `nil` | name of existing secret to use as superuser redentials will be randomly generated if not specified. | +| superuserSecret | string | `""` | name of existing secret to use as superuser redentials will be randomly generated if not specified. | | testApp.enabled | bool | `false` | | ----------------------------------------------