Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / refs/heads/main / . / charts / postgresql / templates / _helpers.tpl
blob: 81893806405c95a1e4ad7df6d3017de5a56ce2e5 [file] [log] [blame]
Giorgi Lekveishvili8c99d622023-05-30 14:40:50 +0400[diff] [blame]1{{/* vim: set filetype=mustache: */}}
2
3{{/*
4Create a default fully qualified app name for PostgreSQL Primary objects
5We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
6*/}}
7{{- define "postgresql.primary.fullname" -}}
8{{- if eq .Values.architecture "replication" }}
9 {{- printf "%s-%s" (include "common.names.fullname" .) .Values.primary.name | trunc 63 | trimSuffix "-" -}}
10{{- else -}}
11 {{- include "common.names.fullname" . -}}
12{{- end -}}
13{{- end -}}
14
15{{/*
16Create a default fully qualified app name for PostgreSQL read-only replicas objects
17We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
18*/}}
19{{- define "postgresql.readReplica.fullname" -}}
20{{- printf "%s-%s" (include "common.names.fullname" .) .Values.readReplicas.name | trunc 63 | trimSuffix "-" -}}
21{{- end -}}
22
23{{/*
24Create the default FQDN for PostgreSQL primary headless service
25We truncate at 63 chars because of the DNS naming spec.
26*/}}
27{{- define "postgresql.primary.svc.headless" -}}
28{{- printf "%s-hl" (include "postgresql.primary.fullname" .) | trunc 63 | trimSuffix "-" }}
29{{- end -}}
30
31{{/*
32Create the default FQDN for PostgreSQL read-only replicas headless service
33We truncate at 63 chars because of the DNS naming spec.
34*/}}
35{{- define "postgresql.readReplica.svc.headless" -}}
36{{- printf "%s-hl" (include "postgresql.readReplica.fullname" .) | trunc 63 | trimSuffix "-" }}
37{{- end -}}
38
39{{/*
40Return the proper PostgreSQL image name
41*/}}
42{{- define "postgresql.image" -}}
43{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
44{{- end -}}
45
46{{/*
47Return the proper PostgreSQL metrics image name
48*/}}
49{{- define "postgresql.metrics.image" -}}
50{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }}
51{{- end -}}
52
53{{/*
54Return the proper image name (for the init container volume-permissions image)
55*/}}
56{{- define "postgresql.volumePermissions.image" -}}
57{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
58{{- end -}}
59
60{{/*
61Return the proper Docker Image Registry Secret Names
62*/}}
63{{- define "postgresql.imagePullSecrets" -}}
64{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) }}
65{{- end -}}
66
67{{/*
68Return the name for a custom user to create
69*/}}
70{{- define "postgresql.username" -}}
71{{- if .Values.global.postgresql.auth.username }}
72 {{- .Values.global.postgresql.auth.username -}}
73{{- else -}}
74 {{- .Values.auth.username -}}
75{{- end -}}
76{{- end -}}
77
78{{/*
79Return the name for a custom database to create
80*/}}
81{{- define "postgresql.database" -}}
82{{- if .Values.global.postgresql.auth.database }}
83 {{- printf "%s" (tpl .Values.global.postgresql.auth.database $) -}}
84{{- else if .Values.auth.database -}}
85 {{- printf "%s" (tpl .Values.auth.database $) -}}
86{{- end -}}
87{{- end -}}
88
89{{/*
90Get the password secret.
91*/}}
92{{- define "postgresql.secretName" -}}
93{{- if .Values.global.postgresql.auth.existingSecret }}
94 {{- printf "%s" (tpl .Values.global.postgresql.auth.existingSecret $) -}}
95{{- else if .Values.auth.existingSecret -}}
96 {{- printf "%s" (tpl .Values.auth.existingSecret $) -}}
97{{- else -}}
98 {{- printf "%s" (include "common.names.fullname" .) -}}
99{{- end -}}
100{{- end -}}
101
102{{/*
103Get the replication-password key.
104*/}}
105{{- define "postgresql.replicationPasswordKey" -}}
106{{- if or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret }}
107 {{- if .Values.global.postgresql.auth.secretKeys.replicationPasswordKey }}
108 {{- printf "%s" (tpl .Values.global.postgresql.auth.secretKeys.replicationPasswordKey $) -}}
109 {{- else if .Values.auth.secretKeys.replicationPasswordKey -}}
110 {{- printf "%s" (tpl .Values.auth.secretKeys.replicationPasswordKey $) -}}
111 {{- else -}}
112 {{- "replication-password" -}}
113 {{- end -}}
114{{- else -}}
115 {{- "replication-password" -}}
116{{- end -}}
117{{- end -}}
118
119{{/*
120Get the admin-password key.
121*/}}
122{{- define "postgresql.adminPasswordKey" -}}
123{{- if or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret }}
124 {{- if .Values.global.postgresql.auth.secretKeys.adminPasswordKey }}
125 {{- printf "%s" (tpl .Values.global.postgresql.auth.secretKeys.adminPasswordKey $) -}}
126 {{- else if .Values.auth.secretKeys.adminPasswordKey -}}
127 {{- printf "%s" (tpl .Values.auth.secretKeys.adminPasswordKey $) -}}
128 {{- end -}}
129{{- else -}}
130 {{- "postgres-password" -}}
131{{- end -}}
132{{- end -}}
133
134{{/*
135Get the user-password key.
136*/}}
137{{- define "postgresql.userPasswordKey" -}}
138{{- if or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret }}
139 {{- if or (empty (include "postgresql.username" .)) (eq (include "postgresql.username" .) "postgres") }}
140 {{- printf "%s" (include "postgresql.adminPasswordKey" .) -}}
141 {{- else -}}
142 {{- if .Values.global.postgresql.auth.secretKeys.userPasswordKey }}
143 {{- printf "%s" (tpl .Values.global.postgresql.auth.secretKeys.userPasswordKey $) -}}
144 {{- else if .Values.auth.secretKeys.userPasswordKey -}}
145 {{- printf "%s" (tpl .Values.auth.secretKeys.userPasswordKey $) -}}
146 {{- end -}}
147 {{- end -}}
148{{- else -}}
149 {{- ternary "password" "postgres-password" (and (not (empty (include "postgresql.username" .))) (ne (include "postgresql.username" .) "postgres")) -}}
150{{- end -}}
151{{- end -}}
152
153{{/*
154Return true if a secret object should be created
155*/}}
156{{- define "postgresql.createSecret" -}}
157{{- if not (or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret) -}}
158 {{- true -}}
159{{- end -}}
160{{- end -}}
161
162{{/*
163Return PostgreSQL service port
164*/}}
165{{- define "postgresql.service.port" -}}
166{{- if .Values.global.postgresql.service.ports.postgresql }}
167 {{- .Values.global.postgresql.service.ports.postgresql -}}
168{{- else -}}
169 {{- .Values.primary.service.ports.postgresql -}}
170{{- end -}}
171{{- end -}}
172
173{{/*
174Return PostgreSQL service port
175*/}}
176{{- define "postgresql.readReplica.service.port" -}}
177{{- if .Values.global.postgresql.service.ports.postgresql }}
178 {{- .Values.global.postgresql.service.ports.postgresql -}}
179{{- else -}}
180 {{- .Values.readReplicas.service.ports.postgresql -}}
181{{- end -}}
182{{- end -}}
183
184{{/*
185Get the PostgreSQL primary configuration ConfigMap name.
186*/}}
187{{- define "postgresql.primary.configmapName" -}}
188{{- if .Values.primary.existingConfigmap -}}
189 {{- printf "%s" (tpl .Values.primary.existingConfigmap $) -}}
190{{- else -}}
191 {{- printf "%s-configuration" (include "postgresql.primary.fullname" .) -}}
192{{- end -}}
193{{- end -}}
194
195{{/*
196Return true if a configmap object should be created for PostgreSQL primary with the configuration
197*/}}
198{{- define "postgresql.primary.createConfigmap" -}}
199{{- if and (or .Values.primary.configuration .Values.primary.pgHbaConfiguration) (not .Values.primary.existingConfigmap) }}
200 {{- true -}}
201{{- else -}}
202{{- end -}}
203{{- end -}}
204
205{{/*
206Get the PostgreSQL primary extended configuration ConfigMap name.
207*/}}
208{{- define "postgresql.primary.extendedConfigmapName" -}}
209{{- if .Values.primary.existingExtendedConfigmap -}}
210 {{- printf "%s" (tpl .Values.primary.existingExtendedConfigmap $) -}}
211{{- else -}}
212 {{- printf "%s-extended-configuration" (include "postgresql.primary.fullname" .) -}}
213{{- end -}}
214{{- end -}}
215
216{{/*
217Get the PostgreSQL read replica extended configuration ConfigMap name.
218*/}}
219{{- define "postgresql.readReplicas.extendedConfigmapName" -}}
220 {{- printf "%s-extended-configuration" (include "postgresql.readReplica.fullname" .) -}}
221{{- end -}}
222
223{{/*
224Return true if a configmap object should be created for PostgreSQL primary with the extended configuration
225*/}}
226{{- define "postgresql.primary.createExtendedConfigmap" -}}
227{{- if and .Values.primary.extendedConfiguration (not .Values.primary.existingExtendedConfigmap) }}
228 {{- true -}}
229{{- else -}}
230{{- end -}}
231{{- end -}}
232
233{{/*
234Return true if a configmap object should be created for PostgreSQL read replica with the extended configuration
235*/}}
236{{- define "postgresql.readReplicas.createExtendedConfigmap" -}}
237{{- if .Values.readReplicas.extendedConfiguration }}
238 {{- true -}}
239{{- else -}}
240{{- end -}}
241{{- end -}}
242
243{{/*
244 Create the name of the service account to use
245 */}}
246{{- define "postgresql.serviceAccountName" -}}
247{{- if .Values.serviceAccount.create -}}
248 {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
249{{- else -}}
250 {{ default "default" .Values.serviceAccount.name }}
251{{- end -}}
252{{- end -}}
253
254{{/*
255Return true if a configmap should be mounted with PostgreSQL configuration
256*/}}
257{{- define "postgresql.mountConfigurationCM" -}}
258{{- if or .Values.primary.configuration .Values.primary.pgHbaConfiguration .Values.primary.existingConfigmap }}
259 {{- true -}}
260{{- end -}}
261{{- end -}}
262
263{{/*
264Get the initialization scripts ConfigMap name.
265*/}}
266{{- define "postgresql.initdb.scriptsCM" -}}
267{{- if .Values.primary.initdb.scriptsConfigMap -}}
268 {{- printf "%s" (tpl .Values.primary.initdb.scriptsConfigMap $) -}}
269{{- else -}}
270 {{- printf "%s-init-scripts" (include "postgresql.primary.fullname" .) -}}
271{{- end -}}
272{{- end -}}
273
274{/*
275Return true if TLS is enabled for LDAP connection
276*/}}
277{{- define "postgresql.ldap.tls.enabled" -}}
278{{- if and (kindIs "string" .Values.ldap.tls) (not (empty .Values.ldap.tls)) }}
279 {{- true -}}
280{{- else if and (kindIs "map" .Values.ldap.tls) .Values.ldap.tls.enabled }}
281 {{- true -}}
282{{- end -}}
283{{- end -}}
284
285{{/*
286Get the readiness probe command
287*/}}
288{{- define "postgresql.readinessProbeCommand" -}}
289{{- $customUser := include "postgresql.username" . }}
290- |
291{{- if (include "postgresql.database" .) }}
292 exec pg_isready -U {{ default "postgres" $customUser | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if .Values.tls.enabled }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }}
293{{- else }}
294 exec pg_isready -U {{ default "postgres" $customUser | quote }} {{- if .Values.tls.enabled }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }}
295{{- end }}
296{{- if contains "bitnami/" .Values.image.repository }}
297 [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
298{{- end -}}
299{{- end -}}
300
301{{/*
302Compile all warnings into a single message, and call fail.
303*/}}
304{{- define "postgresql.validateValues" -}}
305{{- $messages := list -}}
306{{- $messages := append $messages (include "postgresql.validateValues.ldapConfigurationMethod" .) -}}
307{{- $messages := append $messages (include "postgresql.validateValues.psp" .) -}}
308{{- $messages := without $messages "" -}}
309{{- $message := join "\n" $messages -}}
310
311{{- if $message -}}
312{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
313{{- end -}}
314{{- end -}}
315
316{{/*
317Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap
318*/}}
319{{- define "postgresql.validateValues.ldapConfigurationMethod" -}}
320{{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) }}
321postgresql: ldap.url, ldap.server
322 You cannot set both `ldap.url` and `ldap.server` at the same time.
323 Please provide a unique way to configure LDAP.
324 More info at https://www.postgresql.org/docs/current/auth-ldap.html
325{{- end -}}
326{{- end -}}
327
328{{/*
329Validate values of Postgresql - If PSP is enabled RBAC should be enabled too
330*/}}
331{{- define "postgresql.validateValues.psp" -}}
332{{- if and .Values.psp.create (not .Values.rbac.create) }}
333postgresql: psp.create, rbac.create
334 RBAC should be enabled if PSP is enabled in order for PSP to work.
335 More info at https://kubernetes.io/docs/concepts/policy/pod-security-policy/#authorizing-policies
336{{- end -}}
337{{- end -}}
338
339{{/*
340Return the path to the cert file.
341*/}}
342{{- define "postgresql.tlsCert" -}}
343{{- if .Values.tls.autoGenerated }}
344 {{- printf "/opt/bitnami/postgresql/certs/tls.crt" -}}
345{{- else -}}
346 {{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/postgresql/certs/%s" -}}
347{{- end -}}
348{{- end -}}
349
350{{/*
351Return the path to the cert key file.
352*/}}
353{{- define "postgresql.tlsCertKey" -}}
354{{- if .Values.tls.autoGenerated }}
355 {{- printf "/opt/bitnami/postgresql/certs/tls.key" -}}
356{{- else -}}
357{{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/postgresql/certs/%s" -}}
358{{- end -}}
359{{- end -}}
360
361{{/*
362Return the path to the CA cert file.
363*/}}
364{{- define "postgresql.tlsCACert" -}}
365{{- if .Values.tls.autoGenerated }}
366 {{- printf "/opt/bitnami/postgresql/certs/ca.crt" -}}
367{{- else -}}
368 {{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.certCAFilename -}}
369{{- end -}}
370{{- end -}}
371
372{{/*
373Return the path to the CRL file.
374*/}}
375{{- define "postgresql.tlsCRL" -}}
376{{- if .Values.tls.crlFilename -}}
377{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.crlFilename -}}
378{{- end -}}
379{{- end -}}
380
381{{/*
382Return true if a TLS credentials secret object should be created
383*/}}
384{{- define "postgresql.createTlsSecret" -}}
385{{- if and .Values.tls.autoGenerated (not .Values.tls.certificatesSecret) }}
386 {{- true -}}
387{{- end -}}
388{{- end -}}
389
390{{/*
391Return the path to the CA cert file.
392*/}}
393{{- define "postgresql.tlsSecretName" -}}
394{{- if .Values.tls.autoGenerated }}
395 {{- printf "%s-crt" (include "common.names.fullname" .) -}}
396{{- else -}}
397 {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }}
398{{- end -}}
399{{- end -}}