1 {{/* vim: set filetype=mustache: */}}
4 Create a default fully qualified app name for PostgreSQL Primary objects
5 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
7 {{- define "postgresql.primary.fullname" -}}
8 {{- if eq .Values.architecture "replication" }}
9 {{- printf "%s-%s" (include "common.names.fullname" .) .Values.primary.name | trunc 63 | trimSuffix "-" -}}
11 {{- include "common.names.fullname" . -}}
16 Create a default fully qualified app name for PostgreSQL read-only replicas objects
17 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
19 {{- define "postgresql.readReplica.fullname" -}}
20 {{- printf "%s-%s" (include "common.names.fullname" .) .Values.readReplicas.name | trunc 63 | trimSuffix "-" -}}
24 Create the default FQDN for PostgreSQL primary headless service
25 We truncate at 63 chars because of the DNS naming spec.
27 {{- define "postgresql.primary.svc.headless" -}}
28 {{- printf "%s-hl" (include "postgresql.primary.fullname" .) | trunc 63 | trimSuffix "-" }}
32 Create the default FQDN for PostgreSQL read-only replicas headless service
33 We truncate at 63 chars because of the DNS naming spec.
35 {{- define "postgresql.readReplica.svc.headless" -}}
36 {{- printf "%s-hl" (include "postgresql.readReplica.fullname" .) | trunc 63 | trimSuffix "-" }}
40 Return the proper PostgreSQL image name
42 {{- define "postgresql.image" -}}
43 {{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
47 Return the proper PostgreSQL metrics image name
49 {{- define "postgresql.metrics.image" -}}
50 {{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }}
54 Return the proper image name (for the init container volume-permissions image)
56 {{- define "postgresql.volumePermissions.image" -}}
57 {{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
61 Return the proper Docker Image Registry Secret Names
63 {{- define "postgresql.imagePullSecrets" -}}
64 {{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) }}
68 Return the name for a custom user to create
70 {{- define "postgresql.username" -}}
71 {{- if .Values.global.postgresql.auth.username }}
72 {{- .Values.global.postgresql.auth.username -}}
74 {{- .Values.auth.username -}}
79 Return the name for a custom database to create
81 {{- define "postgresql.database" -}}
82 {{- if .Values.global.postgresql.auth.database }}
83 {{- .Values.global.postgresql.auth.database -}}
84 {{- else if .Values.auth.database -}}
85 {{- .Values.auth.database -}}
90 Get the password secret.
92 {{- define "postgresql.secretName" -}}
93 {{- if .Values.global.postgresql.auth.existingSecret }}
94 {{- printf "%s" (tpl .Values.global.postgresql.auth.existingSecret $) -}}
95 {{- else if .Values.auth.existingSecret -}}
96 {{- printf "%s" (tpl .Values.auth.existingSecret $) -}}
98 {{- printf "%s" (include "common.names.fullname" .) -}}
103 Get the replication-password key.
105 {{- define "postgresql.replicationPasswordKey" -}}
106 {{- if or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret }}
107 {{- if .Values.global.postgresql.auth.secretKeys.replicationPasswordKey }}
108 {{- printf "%s" (tpl .Values.global.postgresql.auth.secretKeys.replicationPasswordKey $) -}}
109 {{- else if .Values.auth.secretKeys.replicationPasswordKey -}}
110 {{- printf "%s" (tpl .Values.auth.secretKeys.replicationPasswordKey $) -}}
112 {{- "replication-password" -}}
115 {{- "replication-password" -}}
120 Get the admin-password key.
122 {{- define "postgresql.adminPasswordKey" -}}
123 {{- if or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret }}
124 {{- if .Values.global.postgresql.auth.secretKeys.adminPasswordKey }}
125 {{- printf "%s" (tpl .Values.global.postgresql.auth.secretKeys.adminPasswordKey $) -}}
126 {{- else if .Values.auth.secretKeys.adminPasswordKey -}}
127 {{- printf "%s" (tpl .Values.auth.secretKeys.adminPasswordKey $) -}}
130 {{- "postgres-password" -}}
135 Get the user-password key.
137 {{- define "postgresql.userPasswordKey" -}}
138 {{- if or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret }}
139 {{- if or (empty (include "postgresql.username" .)) (eq (include "postgresql.username" .) "postgres") }}
140 {{- printf "%s" (include "postgresql.adminPasswordKey" .) -}}
142 {{- if .Values.global.postgresql.auth.secretKeys.userPasswordKey }}
143 {{- printf "%s" (tpl .Values.global.postgresql.auth.secretKeys.userPasswordKey $) -}}
144 {{- else if .Values.auth.secretKeys.userPasswordKey -}}
145 {{- printf "%s" (tpl .Values.auth.secretKeys.userPasswordKey $) -}}
149 {{- ternary "password" "postgres-password" (and (not (empty (include "postgresql.username" .))) (ne (include "postgresql.username" .) "postgres")) -}}
154 Return true if a secret object should be created
156 {{- define "postgresql.createSecret" -}}
157 {{- if not (or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret) -}}
163 Return PostgreSQL service port
165 {{- define "postgresql.service.port" -}}
166 {{- if .Values.global.postgresql.service.ports.postgresql }}
167 {{- .Values.global.postgresql.service.ports.postgresql -}}
169 {{- .Values.primary.service.ports.postgresql -}}
174 Return PostgreSQL service port
176 {{- define "postgresql.readReplica.service.port" -}}
177 {{- if .Values.global.postgresql.service.ports.postgresql }}
178 {{- .Values.global.postgresql.service.ports.postgresql -}}
180 {{- .Values.readReplicas.service.ports.postgresql -}}
185 Get the PostgreSQL primary configuration ConfigMap name.
187 {{- define "postgresql.primary.configmapName" -}}
188 {{- if .Values.primary.existingConfigmap -}}
189 {{- printf "%s" (tpl .Values.primary.existingConfigmap $) -}}
191 {{- printf "%s-configuration" (include "postgresql.primary.fullname" .) -}}
196 Return true if a configmap object should be created for PostgreSQL primary with the configuration
198 {{- define "postgresql.primary.createConfigmap" -}}
199 {{- if and (or .Values.primary.configuration .Values.primary.pgHbaConfiguration) (not .Values.primary.existingConfigmap) }}
206 Get the PostgreSQL primary extended configuration ConfigMap name.
208 {{- define "postgresql.primary.extendedConfigmapName" -}}
209 {{- if .Values.primary.existingExtendedConfigmap -}}
210 {{- printf "%s" (tpl .Values.primary.existingExtendedConfigmap $) -}}
212 {{- printf "%s-extended-configuration" (include "postgresql.primary.fullname" .) -}}
217 Get the PostgreSQL read replica extended configuration ConfigMap name.
219 {{- define "postgresql.readReplicas.extendedConfigmapName" -}}
220 {{- printf "%s-extended-configuration" (include "postgresql.readReplica.fullname" .) -}}
224 Return true if a configmap object should be created for PostgreSQL primary with the extended configuration
226 {{- define "postgresql.primary.createExtendedConfigmap" -}}
227 {{- if and .Values.primary.extendedConfiguration (not .Values.primary.existingExtendedConfigmap) }}
234 Return true if a configmap object should be created for PostgreSQL read replica with the extended configuration
236 {{- define "postgresql.readReplicas.createExtendedConfigmap" -}}
237 {{- if .Values.readReplicas.extendedConfiguration }}
244 Create the name of the service account to use
246 {{- define "postgresql.serviceAccountName" -}}
247 {{- if .Values.serviceAccount.create -}}
248 {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
250 {{ default "default" .Values.serviceAccount.name }}
255 Return true if a configmap should be mounted with PostgreSQL configuration
257 {{- define "postgresql.mountConfigurationCM" -}}
258 {{- if or .Values.primary.configuration .Values.primary.pgHbaConfiguration .Values.primary.existingConfigmap }}
264 Get the initialization scripts ConfigMap name.
266 {{- define "postgresql.initdb.scriptsCM" -}}
267 {{- if .Values.primary.initdb.scriptsConfigMap -}}
268 {{- printf "%s" (tpl .Values.primary.initdb.scriptsConfigMap $) -}}
270 {{- printf "%s-init-scripts" (include "postgresql.primary.fullname" .) -}}
275 Return true if TLS is enabled for LDAP connection
277 {{- define "postgresql.ldap.tls.enabled" -}}
278 {{- if and (kindIs "string" .Values.ldap.tls) (not (empty .Values.ldap.tls)) }}
280 {{- else if and (kindIs "map" .Values.ldap.tls) .Values.ldap.tls.enabled }}
286 Get the readiness probe command
288 {{- define "postgresql.readinessProbeCommand" -}}
289 {{- $customUser := include "postgresql.username" . }}
291 {{- if (include "postgresql.database" .) }}
292 exec pg_isready -U {{ default "postgres" $customUser | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if .Values.tls.enabled }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }}
294 exec pg_isready -U {{ default "postgres" $customUser | quote }} {{- if .Values.tls.enabled }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }}
296 {{- if contains "bitnami/" .Values.image.repository }}
297 [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
302 Compile all warnings into a single message, and call fail.
304 {{- define "postgresql.validateValues" -}}
305 {{- $messages := list -}}
306 {{- $messages := append $messages (include "postgresql.validateValues.ldapConfigurationMethod" .) -}}
307 {{- $messages := append $messages (include "postgresql.validateValues.psp" .) -}}
308 {{- $messages := without $messages "" -}}
309 {{- $message := join "\n" $messages -}}
312 {{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
317 Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap
319 {{- define "postgresql.validateValues.ldapConfigurationMethod" -}}
320 {{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) }}
321 postgresql: ldap.url, ldap.server
322 You cannot set both `ldap.url` and `ldap.server` at the same time.
323 Please provide a unique way to configure LDAP.
324 More info at https://www.postgresql.org/docs/current/auth-ldap.html
329 Validate values of Postgresql - If PSP is enabled RBAC should be enabled too
331 {{- define "postgresql.validateValues.psp" -}}
332 {{- if and .Values.psp.create (not .Values.rbac.create) }}
333 postgresql: psp.create, rbac.create
334 RBAC should be enabled if PSP is enabled in order for PSP to work.
335 More info at https://kubernetes.io/docs/concepts/policy/pod-security-policy/#authorizing-policies
340 Return the path to the cert file.
342 {{- define "postgresql.tlsCert" -}}
343 {{- if .Values.tls.autoGenerated }}
344 {{- printf "/opt/bitnami/postgresql/certs/tls.crt" -}}
346 {{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/postgresql/certs/%s" -}}
351 Return the path to the cert key file.
353 {{- define "postgresql.tlsCertKey" -}}
354 {{- if .Values.tls.autoGenerated }}
355 {{- printf "/opt/bitnami/postgresql/certs/tls.key" -}}
357 {{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/postgresql/certs/%s" -}}
362 Return the path to the CA cert file.
364 {{- define "postgresql.tlsCACert" -}}
365 {{- if .Values.tls.autoGenerated }}
366 {{- printf "/opt/bitnami/postgresql/certs/ca.crt" -}}
368 {{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.certCAFilename -}}
373 Return the path to the CRL file.
375 {{- define "postgresql.tlsCRL" -}}
376 {{- if .Values.tls.crlFilename -}}
377 {{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.crlFilename -}}
382 Return true if a TLS credentials secret object should be created
384 {{- define "postgresql.createTlsSecret" -}}
385 {{- if and .Values.tls.autoGenerated (not .Values.tls.certificatesSecret) }}
391 Return the path to the CA cert file.
393 {{- define "postgresql.tlsSecretName" -}}
394 {{- if .Values.tls.autoGenerated }}
395 {{- printf "%s-crt" (include "common.names.fullname" .) -}}
397 {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }}