From efbab1c333edbd1b418195413f6121557c580884 Mon Sep 17 00:00:00 2001 From: Shijun Wang <2675460+Speissi@users.noreply.github.com> Date: Sat, 14 Sep 2024 17:57:17 +0300 Subject: [PATCH] Helm chart improvements including allowing user password to be pulled from K8s secret (#753) * Make user min_pool_size configurable * Set user server_lifetime only if specified * Increment chart version * Use default instea of or * Allow enabling server_tls * statement_timeout default value * Allow pulling password from existing secret --------- Co-authored-by: Mostafa Abdelraouf <mostafa.mohmmed@gmail.com> --- charts/pgcat/Chart.yaml | 2 +- charts/pgcat/templates/secret.yaml | 17 ++++++++++++++--- charts/pgcat/values.yaml | 7 ++++++- 3 files changed, 21 insertions(+), 5 deletions(-) diff --git a/charts/pgcat/Chart.yaml b/charts/pgcat/Chart.yaml index e05b239f..49df3e11 100644 --- a/charts/pgcat/Chart.yaml +++ b/charts/pgcat/Chart.yaml @@ -5,4 +5,4 @@ maintainers: - name: Wildcard email: support@w6d.io appVersion: "1.2.0" -version: 0.2.0 +version: 0.2.1 diff --git a/charts/pgcat/templates/secret.yaml b/charts/pgcat/templates/secret.yaml index 05711ea9..358f4e97 100644 --- a/charts/pgcat/templates/secret.yaml +++ b/charts/pgcat/templates/secret.yaml @@ -15,6 +15,7 @@ stringData: connect_timeout = {{ .Values.configuration.general.connect_timeout }} idle_timeout = {{ .Values.configuration.general.idle_timeout | int }} server_lifetime = {{ .Values.configuration.general.server_lifetime | int }} + server_tls = {{ .Values.configuration.general.server_tls }} idle_client_in_transaction_timeout = {{ .Values.configuration.general.idle_client_in_transaction_timeout | int }} healthcheck_timeout = {{ .Values.configuration.general.healthcheck_timeout }} healthcheck_delay = {{ .Values.configuration.general.healthcheck_delay }} @@ -58,11 +59,21 @@ stringData: ## [pools.{{ $pool.name | quote }}.users.{{ $index }}] username = {{ $user.username | quote }} + {{- if $user.password }} password = {{ $user.password | quote }} + {{- else if and $user.passwordSecret.name $user.passwordSecret.key }} + {{- $secret := (lookup "v1" "Secret" $.Release.Namespace $user.passwordSecret.name) }} + {{- if $secret }} + {{- $password := index $secret.data $user.passwordSecret.key | b64dec }} + password = {{ $password | quote }} + {{- end }} + {{- end }} pool_size = {{ $user.pool_size }} - statement_timeout = {{ $user.statement_timeout }} - min_pool_size = 3 - server_lifetime = 60000 + statement_timeout = {{ default 0 $user.statement_timeout }} + min_pool_size = {{ default 3 $user.min_pool_size }} + {{- if $user.server_lifetime }} + server_lifetime = {{ $user.server_lifetime }} + {{- end }} {{- if and $user.server_username $user.server_password }} server_username = {{ $user.server_username | quote }} server_password = {{ $user.server_password | quote }} diff --git a/charts/pgcat/values.yaml b/charts/pgcat/values.yaml index e87c576b..20a4e27b 100644 --- a/charts/pgcat/values.yaml +++ b/charts/pgcat/values.yaml @@ -175,6 +175,9 @@ configuration: # Max connection lifetime before it's closed, even if actively used. server_lifetime: 86400000 # 24 hours + # Whether to use TLS for server connections or not. + server_tls: false + # How long a client is allowed to be idle while in a transaction (ms). idle_client_in_transaction_timeout: 0 # milliseconds @@ -315,7 +318,9 @@ configuration: # ## Credentials for users that may connect to this cluster # ## @param users [array] # ## @param users[0].username Name of the env var (required) - # ## @param users[0].password Value for the env var (required) + # ## @param users[0].password Value for the env var (required) leave empty to use existing secret see passwordSecret.name and passwordSecret.key + # ## @param users[0].passwordSecret.name Name of the secret containing the password + # ## @param users[0].passwordSecret.key Key in the secret containing the password # ## @param users[0].pool_size Maximum number of server connections that can be established for this user # ## @param users[0].statement_timeout Maximum query duration. Dangerous, but protects against DBs that died in a non-obvious way. # users: []