diff --git a/postgresql/templates/statefulset.yaml b/postgresql/templates/statefulset.yaml index aa372ab56..b0e257eba 100644 --- a/postgresql/templates/statefulset.yaml +++ b/postgresql/templates/statefulset.yaml @@ -328,9 +328,9 @@ spec: value: $(PATRONI_KUBERNETES_POD_IP):{{ tuple "postgresql" "internal" "postgresql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - name: PATRONI_POSTGRESQL_LISTEN value: 0.0.0.0:{{ tuple "postgresql" "internal" "postgresql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - - name: PATRONI_admin_PASSWORD + - name: PATRONI_{{ .Values.endpoints.postgresql.auth.admin.username }}_PASSWORD value: $(PATRONI_SUPERUSER_PASSWORD) - - name: PATRONI_admin_OPTIONS + - name: PATRONI_{{ .Values.endpoints.postgresql.auth.admin.username }}_OPTIONS value: 'createrole,createdb' - name: PGSSLROOTCERT value: {{ .Values.secrets.pki.client_cert_path }}/ca.crt diff --git a/postgresql/values.yaml b/postgresql/values.yaml index f3b58e4b6..402d24d50 100644 --- a/postgresql/values.yaml +++ b/postgresql/values.yaml @@ -237,6 +237,12 @@ conf: - name: {{ tuple "postgresql" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} port: {{ tuple "postgresql" "internal" "postgresql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} bootstrap: + users: + {{ .Values.endpoints.postgresql.auth.admin.username }}: + password: {{ .Values.endpoints.postgresql.auth.admin.password }} + options: + - createrole + - createdb dcs: ttl: 30 loop_wait: 10 @@ -294,6 +300,10 @@ conf: Patroni moves this directory to a backup under the parent directory (/var/lib/postgresql) under certain failure recovery scenarios, so /var/lib/postgres itself must be exposed to the pod as a pvc mount.*/}} + authentication: + superuser: + username: {{ .Values.endpoints.postgresql.auth.admin.username }} + password: {{ .Values.endpoints.postgresql.auth.admin.password }} data_dir: '{{ .Values.storage.mount.path }}/pgdata' pgpass: '{{ .Values.storage.mount.path }}/pgpass' callbacks: