Add explicit admin user to Patroni

In this PS we explicitly define the admin user rather than letting
patroni use the default username and password.

Change-Id: I9885314902c3a60e709f96e2850a719ff9586b3d
This commit is contained in:
Doug Aaser 2020-01-23 20:09:26 +00:00
parent 5e5d873911
commit cf7b8dbb3d
2 changed files with 12 additions and 2 deletions

View File

@ -328,9 +328,9 @@ spec:
value: $(PATRONI_KUBERNETES_POD_IP):{{ tuple "postgresql" "internal" "postgresql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} value: $(PATRONI_KUBERNETES_POD_IP):{{ tuple "postgresql" "internal" "postgresql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- name: PATRONI_POSTGRESQL_LISTEN - name: PATRONI_POSTGRESQL_LISTEN
value: 0.0.0.0:{{ tuple "postgresql" "internal" "postgresql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} value: 0.0.0.0:{{ tuple "postgresql" "internal" "postgresql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- name: PATRONI_admin_PASSWORD - name: PATRONI_{{ .Values.endpoints.postgresql.auth.admin.username }}_PASSWORD
value: $(PATRONI_SUPERUSER_PASSWORD) value: $(PATRONI_SUPERUSER_PASSWORD)
- name: PATRONI_admin_OPTIONS - name: PATRONI_{{ .Values.endpoints.postgresql.auth.admin.username }}_OPTIONS
value: 'createrole,createdb' value: 'createrole,createdb'
- name: PGSSLROOTCERT - name: PGSSLROOTCERT
value: {{ .Values.secrets.pki.client_cert_path }}/ca.crt value: {{ .Values.secrets.pki.client_cert_path }}/ca.crt

View File

@ -237,6 +237,12 @@ conf:
- name: {{ tuple "postgresql" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} - name: {{ tuple "postgresql" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
port: {{ tuple "postgresql" "internal" "postgresql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} port: {{ tuple "postgresql" "internal" "postgresql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
bootstrap: bootstrap:
users:
{{ .Values.endpoints.postgresql.auth.admin.username }}:
password: {{ .Values.endpoints.postgresql.auth.admin.password }}
options:
- createrole
- createdb
dcs: dcs:
ttl: 30 ttl: 30
loop_wait: 10 loop_wait: 10
@ -294,6 +300,10 @@ conf:
Patroni moves this directory to a backup under the parent directory Patroni moves this directory to a backup under the parent directory
(/var/lib/postgresql) under certain failure recovery scenarios, so (/var/lib/postgresql) under certain failure recovery scenarios, so
/var/lib/postgres itself must be exposed to the pod as a pvc mount.*/}} /var/lib/postgres itself must be exposed to the pod as a pvc mount.*/}}
authentication:
superuser:
username: {{ .Values.endpoints.postgresql.auth.admin.username }}
password: {{ .Values.endpoints.postgresql.auth.admin.password }}
data_dir: '{{ .Values.storage.mount.path }}/pgdata' data_dir: '{{ .Values.storage.mount.path }}/pgdata'
pgpass: '{{ .Values.storage.mount.path }}/pgpass' pgpass: '{{ .Values.storage.mount.path }}/pgpass'
callbacks: callbacks: