Add explicit admin user to Patroni

In this PS we explicitly define the admin user rather than letting patroni use the default username and password. Change-Id: I9885314902c3a60e709f96e2850a719ff9586b3d
2020-01-23 20:09:26 +00:00 · 2020-01-23 20:09:26 +00:00 · cf7b8dbb3d
commit cf7b8dbb3d
parent 5e5d873911
2 changed files with 12 additions and 2 deletions
--- a/postgresql/templates/statefulset.yaml
+++ b/postgresql/templates/statefulset.yaml
@ -328,9 +328,9 @@ spec:
              value: $(PATRONI_KUBERNETES_POD_IP):{{ tuple "postgresql" "internal" "postgresql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
            - name: PATRONI_POSTGRESQL_LISTEN
              value: 0.0.0.0:{{ tuple "postgresql" "internal" "postgresql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-            - name: PATRONI_admin_PASSWORD
+            - name: PATRONI_{{ .Values.endpoints.postgresql.auth.admin.username }}_PASSWORD
              value: $(PATRONI_SUPERUSER_PASSWORD)
-            - name: PATRONI_admin_OPTIONS
+            - name: PATRONI_{{ .Values.endpoints.postgresql.auth.admin.username }}_OPTIONS
              value: 'createrole,createdb'
            - name: PGSSLROOTCERT
              value: {{ .Values.secrets.pki.client_cert_path }}/ca.crt
--- a/postgresql/values.yaml
+++ b/postgresql/values.yaml
@ -237,6 +237,12 @@ conf:
      - name: {{ tuple "postgresql" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
        port: {{ tuple "postgresql" "internal" "postgresql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
    bootstrap:
+      users:
+        {{ .Values.endpoints.postgresql.auth.admin.username }}:
+          password: {{ .Values.endpoints.postgresql.auth.admin.password }}
+          options:
+          - createrole
+          - createdb
      dcs:
        ttl: 30
        loop_wait: 10
@ -294,6 +300,10 @@ conf:
           Patroni moves this directory to a backup under the parent directory
           (/var/lib/postgresql) under certain failure recovery scenarios, so
           /var/lib/postgres itself must be exposed to the pod as a pvc mount.*/}}
+      authentication:
+        superuser:
+          username: {{ .Values.endpoints.postgresql.auth.admin.username }}
+          password: {{ .Values.endpoints.postgresql.auth.admin.password }}
      data_dir: '{{ .Values.storage.mount.path }}/pgdata'
      pgpass: '{{ .Values.storage.mount.path }}/pgpass'
      callbacks: