From 653c14e4945be0c305c8b6946ac70dc772976454 Mon Sep 17 00:00:00 2001 From: Neal Date: Mon, 9 Sep 2024 08:15:59 -0400 Subject: [PATCH] exposing pg_ident and shared_preload_libraries (#377) * Added `cluster.postgresql.pg_ident` * Added `cluster.postgresql.shared_preload_libraries` --------- Signed-off-by: Neal Signed-off-by: Itay Grudev Co-authored-by: Itay Grudev --- charts/cluster/README.md | 2 ++ charts/cluster/templates/cluster.yaml | 5 +++++ .../01-non_default_configuration_cluster-assert.yaml | 4 ++++ .../01-non_default_configuration_cluster.yaml | 4 ++++ .../timescale-minio-backup-restore/chainsaw-test.yaml | 8 ++++++++ charts/cluster/values.schema.json | 6 ++++++ charts/cluster/values.yaml | 4 ++++ 7 files changed, 33 insertions(+) diff --git a/charts/cluster/README.md b/charts/cluster/README.md index 439b926af..5b3fcd204 100644 --- a/charts/cluster/README.md +++ b/charts/cluster/README.md @@ -169,6 +169,8 @@ refer to the [CloudNativePG Documentation](https://cloudnative-pg.io/documentat | cluster.postgresUID | int | `-1` | The UID of the postgres user inside the image, defaults to 26 | | cluster.postgresql.parameters | object | `{}` | PostgreSQL configuration options (postgresql.conf) | | cluster.postgresql.pg_hba | list | `[]` | PostgreSQL Host Based Authentication rules (lines to be appended to the pg_hba.conf file) | +| cluster.postgresql.pg_ident | list | `[]` | PostgreSQL User Name Maps rules (lines to be appended to the pg_ident.conf file) | +| cluster.postgresql.shared_preload_libraries | list | `[]` | Lists of shared preload libraries to add to the default ones | | cluster.primaryUpdateMethod | string | `"switchover"` | Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated. It can be switchover (default) or restart. | | cluster.primaryUpdateStrategy | string | `"unsupervised"` | Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated: it can be automated (unsupervised - default) or manual (supervised) | | cluster.priorityClassName | string | `""` | | diff --git a/charts/cluster/templates/cluster.yaml b/charts/cluster/templates/cluster.yaml index cba20c073..8bea461bb 100644 --- a/charts/cluster/templates/cluster.yaml +++ b/charts/cluster/templates/cluster.yaml @@ -61,11 +61,16 @@ spec: {{- if eq .Values.type "timescaledb" }} - timescaledb {{- end }} + {{- with .Values.cluster.postgresql.shared_preload_libraries }} + {{- toYaml . | nindent 6 }} + {{- end }} {{- with .Values.cluster.postgresql }} parameters: {{- toYaml .parameters | nindent 6 }} pg_hba: {{- toYaml .pg_hba | nindent 6 }} + pg_ident: + {{- toYaml .pg_ident | nindent 6 }} {{ end }} managed: diff --git a/charts/cluster/test/postgresql-cluster-configuration/01-non_default_configuration_cluster-assert.yaml b/charts/cluster/test/postgresql-cluster-configuration/01-non_default_configuration_cluster-assert.yaml index c26a44faf..5f5c62a68 100644 --- a/charts/cluster/test/postgresql-cluster-configuration/01-non_default_configuration_cluster-assert.yaml +++ b/charts/cluster/test/postgresql-cluster-configuration/01-non_default_configuration_cluster-assert.yaml @@ -17,6 +17,10 @@ spec: max_connections: "42" pg_hba: - host all 1.2.3.4/32 trust + pg_ident: + - mymap /^(.*)@mydomain\.com$ \1 + shared_preload_libraries: + - pgaudit bootstrap: initdb: database: mydb diff --git a/charts/cluster/test/postgresql-cluster-configuration/01-non_default_configuration_cluster.yaml b/charts/cluster/test/postgresql-cluster-configuration/01-non_default_configuration_cluster.yaml index 96a3d429c..c86a5dceb 100644 --- a/charts/cluster/test/postgresql-cluster-configuration/01-non_default_configuration_cluster.yaml +++ b/charts/cluster/test/postgresql-cluster-configuration/01-non_default_configuration_cluster.yaml @@ -56,6 +56,10 @@ cluster: max_connections: "42" pg_hba: - host all 1.2.3.4/32 trust + pg_ident: + - mymap /^(.*)@mydomain\.com$ \1 + shared_preload_libraries: + - pgaudit initdb: database: mydb owner: dante diff --git a/charts/cluster/test/timescale-minio-backup-restore/chainsaw-test.yaml b/charts/cluster/test/timescale-minio-backup-restore/chainsaw-test.yaml index e0a8ee401..496153398 100644 --- a/charts/cluster/test/timescale-minio-backup-restore/chainsaw-test.yaml +++ b/charts/cluster/test/timescale-minio-backup-restore/chainsaw-test.yaml @@ -34,6 +34,8 @@ spec: - describe: apiVersion: postgresql.cnpg.io/v1 kind: Cluster + - podLogs: + selector: cnpg.io/cluster=timescale-cluster - name: Verify timescale extensions are installed timeouts: apply: 1s @@ -101,6 +103,12 @@ spec: recovery-backup-pitr ../../ - assert: file: ./07-recovery_backup_pitr_cluster-assert.yaml + catch: + - describe: + apiVersion: postgresql.cnpg.io/v1 + kind: Cluster + - podLogs: + selector: cnpg.io/cluster=recovery-backup-pitr-cluster - name: Verify the pre-backup data on the recovery cluster exists but not the post-backup data try: - apply: diff --git a/charts/cluster/values.schema.json b/charts/cluster/values.schema.json index 5703567a3..10f4eadb9 100644 --- a/charts/cluster/values.schema.json +++ b/charts/cluster/values.schema.json @@ -255,6 +255,12 @@ }, "pg_hba": { "type": "array" + }, + "pg_ident": { + "type": "array" + }, + "shared_preload_libraries": { + "type": "array" } } }, diff --git a/charts/cluster/values.yaml b/charts/cluster/values.yaml index c131fcb84..923225170 100644 --- a/charts/cluster/values.yaml +++ b/charts/cluster/values.yaml @@ -250,6 +250,10 @@ cluster: # -- PostgreSQL Host Based Authentication rules (lines to be appended to the pg_hba.conf file) pg_hba: [] # - host all all 10.244.0.0/16 md5 + pg_ident: [] + # - mymap /^(.*)@mydomain\.com$ \1 + shared_preload_libraries: [] + # - pgaudit # -- BootstrapInitDB is the configuration of the bootstrap process when initdb is used. # See: https://cloudnative-pg.io/documentation/current/bootstrap/