| Giorgi Lekveishvili | 8c99d62 | 2023-05-30 14:40:50 +0400 | [diff] [blame] | 1 | {{- $host := include "postgresql.primary.fullname" . }} |
| 2 | {{- $port := include "postgresql.service.port" . }} |
| 3 | {{- $postgresPassword := "" }} |
| 4 | {{- if .Values.auth.enablePostgresUser }} |
| 5 | {{- $postgresPassword = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" $.Values.auth.secretKeys.adminPasswordKey "providedValues" (list "global.postgresql.auth.postgresPassword" "auth.postgresPassword") "context" $) | trimAll "\"" | b64dec }} |
| 6 | {{- end }} |
| 7 | {{- $replicationPassword := "" }} |
| 8 | {{- if eq .Values.architecture "replication" }} |
| 9 | {{- $replicationPassword = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" $.Values.auth.secretKeys.replicationPasswordKey "providedValues" (list "auth.replicationPassword") "context" $) | trimAll "\"" | b64dec }} |
| 10 | {{- end }} |
| 11 | {{- $ldapPassword := "" }} |
| 12 | {{- if and .Values.ldap.enabled (or .Values.ldap.bind_password .Values.ldap.bindpw) }} |
| 13 | {{- $ldapPassword = coalesce .Values.ldap.bind_password .Values.ldap.bindpw }} |
| 14 | {{- end }} |
| 15 | {{- $customUser := include "postgresql.username" . }} |
| 16 | {{- $password := "" }} |
| 17 | {{- if not (empty (include "postgresql.username" .)) }} |
| 18 | {{- $password = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" $.Values.auth.secretKeys.userPasswordKey "providedValues" (list "global.postgresql.auth.password" "auth.password") "context" $) | trimAll "\"" | b64dec }} |
| 19 | {{- end }} |
| 20 | {{- $database := include "postgresql.database" . }} |
| 21 | {{- if (include "postgresql.createSecret" .) }} |
| 22 | apiVersion: v1 |
| 23 | kind: Secret |
| 24 | metadata: |
| 25 | name: {{ include "common.names.fullname" . }} |
| 26 | namespace: {{ .Release.Namespace | quote }} |
| 27 | labels: {{- include "common.labels.standard" . | nindent 4 }} |
| 28 | {{- if .Values.commonLabels }} |
| 29 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} |
| 30 | {{- end }} |
| 31 | {{- if .Values.commonAnnotations }} |
| 32 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} |
| 33 | {{- end }} |
| 34 | type: Opaque |
| 35 | data: |
| 36 | {{- if .Values.auth.enablePostgresUser }} |
| 37 | postgres-password: {{ $postgresPassword | b64enc | quote }} |
| 38 | {{- end }} |
| 39 | {{- if not (empty (include "postgresql.username" .)) }} |
| 40 | password: {{ $password | b64enc | quote }} |
| 41 | {{- end }} |
| 42 | {{- if eq .Values.architecture "replication" }} |
| 43 | replication-password: {{ $replicationPassword | b64enc | quote }} |
| 44 | {{- end }} |
| 45 | # We don't auto-generate LDAP password when it's not provided as we do for other passwords |
| 46 | {{- if and .Values.ldap.enabled (or .Values.ldap.bind_password .Values.ldap.bindpw) }} |
| 47 | ldap-password: {{ $ldapPassword | b64enc | quote }} |
| 48 | {{- end }} |
| 49 | {{- end }} |
| 50 | {{- if .Values.serviceBindings.enabled }} |
| 51 | {{- if .Values.auth.enablePostgresUser }} |
| 52 | --- |
| 53 | apiVersion: v1 |
| 54 | kind: Secret |
| 55 | metadata: |
| 56 | name: {{ include "common.names.fullname" . }}-svcbind-postgres |
| 57 | namespace: {{ .Release.Namespace | quote }} |
| 58 | labels: {{- include "common.labels.standard" . | nindent 4 }} |
| 59 | {{- if .Values.commonLabels }} |
| 60 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} |
| 61 | {{- end }} |
| 62 | {{- if .Values.commonAnnotations }} |
| 63 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} |
| 64 | {{- end }} |
| 65 | type: servicebinding.io/postgresql |
| 66 | data: |
| 67 | provider: {{ print "bitnami" | b64enc | quote }} |
| 68 | type: {{ print "postgresql" | b64enc | quote }} |
| 69 | host: {{ $host | b64enc | quote }} |
| 70 | port: {{ $port | b64enc | quote }} |
| 71 | username: {{ print "postgres" | b64enc | quote }} |
| 72 | database: {{ print "postgres" | b64enc | quote }} |
| 73 | password: {{ $postgresPassword | b64enc | quote }} |
| 74 | uri: {{ printf "postgresql://postgres:%s@%s:%s/postgres" $postgresPassword $host $port | b64enc | quote }} |
| 75 | {{- end }} |
| 76 | {{- if and (not (empty $customUser)) (ne $customUser "postgres") }} |
| 77 | --- |
| 78 | apiVersion: v1 |
| 79 | kind: Secret |
| 80 | metadata: |
| 81 | name: {{ include "common.names.fullname" . }}-svcbind-custom-user |
| 82 | namespace: {{ .Release.Namespace | quote }} |
| 83 | labels: {{- include "common.labels.standard" . | nindent 4 }} |
| 84 | {{- if .Values.commonLabels }} |
| 85 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} |
| 86 | {{- end }} |
| 87 | {{- if .Values.commonAnnotations }} |
| 88 | annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} |
| 89 | {{- end }} |
| 90 | type: servicebinding.io/postgresql |
| 91 | data: |
| 92 | provider: {{ print "bitnami" | b64enc | quote }} |
| 93 | type: {{ print "postgresql" | b64enc | quote }} |
| 94 | host: {{ $host | b64enc | quote }} |
| 95 | port: {{ $port | b64enc | quote }} |
| 96 | username: {{ $customUser | b64enc | quote }} |
| 97 | password: {{ $password | b64enc | quote }} |
| 98 | {{- if $database }} |
| 99 | database: {{ $database | b64enc | quote }} |
| 100 | {{- end }} |
| 101 | uri: {{ printf "postgresql://%s:%s@%s:%s/%s" $customUser $password $host $port $database | b64enc | quote }} |
| 102 | {{- end }} |
| 103 | {{- end }} |