Skip to content

Commit ea896db

Browse files
javsalgarBitnami Containers
andauthored
[bitnami/postgresql] feat: ✨ Add password update job (#30444)
* [bitnami/postgresql] feat: ✨ Add password update job Signed-off-by: Javier J. Salmerón García <[email protected]> * fix: 🐛 Set correct references Signed-off-by: Javier J. Salmerón García <[email protected]> * chore: 🔧 Add missing elements Signed-off-by: Javier J. Salmerón García <[email protected]> * Update CHANGELOG.md Signed-off-by: Bitnami Containers <[email protected]> --------- Signed-off-by: Javier J. Salmerón García <[email protected]> Signed-off-by: Bitnami Containers <[email protected]> Co-authored-by: Bitnami Containers <[email protected]>
1 parent d9d2d92 commit ea896db

File tree

12 files changed

+589
-12
lines changed

12 files changed

+589
-12
lines changed

bitnami/postgresql/CHANGELOG.md

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,12 @@
11
# Changelog
22

3-
## 16.1.2 (2024-11-06)
3+
## 16.2.0 (2024-11-13)
44

5-
* [bitnami/postgresql] Release 16.1.2 ([#30250](https://github.com/bitnami/charts/pull/30250))
5+
* [bitnami/postgresql] feat: :sparkles: Add password update job ([#30444](https://github.com/bitnami/charts/pull/30444))
6+
7+
## <small>16.1.2 (2024-11-06)</small>
8+
9+
* [bitnami/postgresql] Release 16.1.2 (#30250) ([423c554](https://github.com/bitnami/charts/commit/423c55454743745dc486e426089141fa814fd401)), closes [#30250](https://github.com/bitnami/charts/issues/30250)
610

711
## <small>16.1.1 (2024-11-04)</small>
812

bitnami/postgresql/Chart.lock

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
dependencies:
22
- name: common
33
repository: oci://registry-1.docker.io/bitnamicharts
4-
version: 2.26.0
5-
digest: sha256:5ff7837915aef0067bd32271ee2b10c990774c16c4b6fe0a7c5eb6e53530ce08
6-
generated: "2024-10-16T12:20:00.574957406Z"
4+
version: 2.27.0
5+
digest: sha256:b711ab5874abf868a0c64353a790f17771758cee6f802acb9819be004c8460af
6+
generated: "2024-11-13T13:17:51.58819475+01:00"

bitnami/postgresql/Chart.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,4 +35,4 @@ maintainers:
3535
name: postgresql
3636
sources:
3737
- https://github.com/bitnami/charts/tree/main/bitnami/postgresql
38-
version: 16.1.2
38+
version: 16.2.0

bitnami/postgresql/README.md

Lines changed: 94 additions & 0 deletions
Large diffs are not rendered by default.

bitnami/postgresql/templates/_helpers.tpl

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -166,6 +166,44 @@ Return true if a secret object should be created
166166
{{- end -}}
167167
{{- end -}}
168168

169+
{{/*
170+
Return true if a secret object should be created for PostgreSQL
171+
*/}}
172+
{{- define "postgresql.v1.createPreviousSecret" -}}
173+
{{- if and .Values.passwordUpdateJob.previousPasswords.postgresPassword (not .Values.passwordUpdateJob.previousPasswords.existingSecret) }}
174+
{{- true -}}
175+
{{- end -}}
176+
{{- end -}}
177+
178+
{{/*
179+
Return the secret with previous PostgreSQL credentials
180+
*/}}
181+
{{- define "postgresql.v1.update-job.previousSecretName" -}}
182+
{{- if .Values.passwordUpdateJob.previousPasswords.existingSecret -}}
183+
{{- /* The secret with the new password is managed externally */ -}}
184+
{{- tpl .Values.passwordUpdateJob.previousPasswords.existingSecret $ -}}
185+
{{- else if .Values.passwordUpdateJob.previousPasswords.postgresPassword -}}
186+
{{- /* The secret with the new password is managed externally */ -}}
187+
{{- printf "%s-previous-secret" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
188+
{{- else -}}
189+
{{- /* The secret with the new password is managed by the helm chart. We use the current secret name as it has the old password */ -}}
190+
{{- include "common.names.fullname" . -}}
191+
{{- end -}}
192+
{{- end -}}
193+
194+
{{/*
195+
Return the secret with new PostgreSQL credentials
196+
*/}}
197+
{{- define "postgresql.v1.update-job.newSecretName" -}}
198+
{{- if and (not .Values.passwordUpdateJob.previousPasswords.existingSecret) (not .Values.passwordUpdateJob.previousPasswords.postgresPassword) -}}
199+
{{- /* The secret with the new password is managed by the helm chart. We create a new secret as the current one has the old password */ -}}
200+
{{- printf "%s-new-secret" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
201+
{{- else -}}
202+
{{- /* The secret with the new password is managed externally */ -}}
203+
{{- include "postgresql.v1.secretName" . -}}
204+
{{- end -}}
205+
{{- end -}}
206+
169207
{{/*
170208
Return PostgreSQL service port
171209
*/}}

bitnami/postgresql/templates/primary/statefulset.yaml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,14 +31,17 @@ spec:
3131
name: {{ include "postgresql.v1.primary.fullname" . }}
3232
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
3333
app.kubernetes.io/component: primary
34-
{{- if or (include "postgresql.v1.primary.createConfigmap" .) (include "postgresql.v1.primary.createExtendedConfigmap" .) .Values.primary.podAnnotations }}
34+
{{- if or .Values.passwordUpdateJob.enabled (include "postgresql.v1.primary.createConfigmap" .) (include "postgresql.v1.primary.createExtendedConfigmap" .) .Values.primary.podAnnotations }}
3535
annotations:
3636
{{- if (include "postgresql.v1.primary.createConfigmap" .) }}
3737
checksum/configuration: {{ pick (include (print $.Template.BasePath "/primary/configmap.yaml") . | fromYaml) "data" | toYaml | sha256sum }}
3838
{{- end }}
3939
{{- if (include "postgresql.v1.primary.createExtendedConfigmap" .) }}
4040
checksum/extended-configuration: {{ pick (include (print $.Template.BasePath "/primary/extended-configmap.yaml") . | fromYaml) "data" | toYaml | sha256sum }}
4141
{{- end }}
42+
{{- if .Values.passwordUpdateJob.enabled }}
43+
charts.bitnami.com/password-last-update: {{ now | date "20060102150405" | quote }}
44+
{{- end }}
4245
{{- if .Values.primary.podAnnotations }}
4346
{{- include "common.tplvalues.render" ( dict "value" .Values.primary.podAnnotations "context" $ ) | nindent 8 }}
4447
{{- end }}

bitnami/postgresql/templates/read/statefulset.yaml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,11 +32,14 @@ spec:
3232
name: {{ include "postgresql.v1.readReplica.fullname" . }}
3333
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
3434
app.kubernetes.io/component: read
35-
{{- if or (include "postgresql.v1.readReplicas.createExtendedConfigmap" .) .Values.readReplicas.podAnnotations }}
35+
{{- if or .Values.passwordUpdateJob.enabled (include "postgresql.v1.readReplicas.createExtendedConfigmap" .) .Values.readReplicas.podAnnotations }}
3636
annotations:
3737
{{- if (include "postgresql.v1.readReplicas.createExtendedConfigmap" .) }}
3838
checksum/extended-configuration: {{ pick (include (print $.Template.BasePath "/primary/extended-configmap.yaml") . | fromYaml) "data" | toYaml | sha256sum }}
3939
{{- end }}
40+
{{- if .Values.passwordUpdateJob.enabled }}
41+
charts.bitnami.com/password-last-update: {{ now | date "20060102150405" | quote }}
42+
{{- end }}
4043
{{- if .Values.readReplicas.podAnnotations }}
4144
{{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.podAnnotations "context" $ ) | nindent 8 }}
4245
{{- end }}

bitnami/postgresql/templates/secrets.yaml

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,21 +6,24 @@ SPDX-License-Identifier: APACHE-2.0
66
{{- $host := include "postgresql.v1.primary.fullname" . }}
77
{{- $port := include "postgresql.v1.service.port" . }}
88
{{- $customUser := include "postgresql.v1.username" . }}
9-
{{- $postgresPassword := include "common.secrets.lookup" (dict "secret" (include "postgresql.v1.secretName" .) "key" (coalesce .Values.global.postgresql.auth.secretKeys.adminPasswordKey .Values.auth.secretKeys.adminPasswordKey) "defaultValue" (ternary (coalesce .Values.global.postgresql.auth.password .Values.auth.password .Values.global.postgresql.auth.postgresPassword .Values.auth.postgresPassword) (coalesce .Values.global.postgresql.auth.postgresPassword .Values.auth.postgresPassword) (or (empty $customUser) (eq $customUser "postgres"))) "context" $) | trimAll "\"" | b64dec }}
9+
{{- $postgresPassword := (ternary (coalesce .Values.global.postgresql.auth.password .Values.auth.password .Values.global.postgresql.auth.postgresPassword .Values.auth.postgresPassword) (coalesce .Values.global.postgresql.auth.postgresPassword .Values.auth.postgresPassword) (or (empty $customUser) (eq $customUser "postgres"))) }}
10+
{{- if (not $postgresPassword) }}
11+
{{- $postgresPassword = include "common.secrets.lookup" (dict "secret" (include "postgresql.v1.secretName" .) "key" (coalesce .Values.global.postgresql.auth.secretKeys.adminPasswordKey .Values.auth.secretKeys.adminPasswordKey) "defaultValue" (ternary (coalesce .Values.global.postgresql.auth.password .Values.auth.password .Values.global.postgresql.auth.postgresPassword .Values.auth.postgresPassword) (coalesce .Values.global.postgresql.auth.postgresPassword .Values.auth.postgresPassword) (or (empty $customUser) (eq $customUser "postgres"))) "context" $) | trimAll "\"" | b64dec }}
12+
{{- end }}
1013
{{- if and (not $postgresPassword) .Values.auth.enablePostgresUser }}
1114
{{- $postgresPassword = randAlphaNum 10 }}
1215
{{- end }}
1316
{{- $replicationPassword := "" }}
1417
{{- if eq .Values.architecture "replication" }}
15-
{{- $replicationPassword = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.v1.secretName" .) "key" (coalesce .Values.global.postgresql.auth.secretKeys.replicationPasswordKey .Values.auth.secretKeys.replicationPasswordKey) "providedValues" (list "auth.replicationPassword") "context" $) | trimAll "\"" | b64dec }}
18+
{{- $replicationPassword = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.v1.secretName" .) "key" (coalesce .Values.global.postgresql.auth.secretKeys.replicationPasswordKey .Values.auth.secretKeys.replicationPasswordKey) "providedValues" (list "auth.replicationPassword") "honorProvidedValues" true "context" $) | trimAll "\"" | b64dec }}
1619
{{- end }}
1720
{{- $ldapPassword := "" }}
1821
{{- if and .Values.ldap.enabled (or .Values.ldap.bind_password .Values.ldap.bindpw) }}
1922
{{- $ldapPassword = coalesce .Values.ldap.bind_password .Values.ldap.bindpw }}
2023
{{- end }}
2124
{{- $password := "" }}
2225
{{- if and (not (empty $customUser)) (ne $customUser "postgres") }}
23-
{{- $password = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.v1.secretName" .) "key" (coalesce .Values.global.postgresql.auth.secretKeys.userPasswordKey .Values.auth.secretKeys.userPasswordKey) "providedValues" (list "global.postgresql.auth.password" "auth.password") "context" $) | trimAll "\"" | b64dec }}
26+
{{- $password = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.v1.secretName" .) "key" (coalesce .Values.global.postgresql.auth.secretKeys.userPasswordKey .Values.auth.secretKeys.userPasswordKey) "providedValues" (list "global.postgresql.auth.password" "auth.password") "honorProvidedValues" true "context" $) | trimAll "\"" | b64dec }}
2427
{{- end }}
2528
{{- $database := include "postgresql.v1.database" . }}
2629
{{- if (include "postgresql.v1.createSecret" .) }}

0 commit comments

Comments
 (0)