From 92f991fdd1a707ac7ed2f70558f472716200d5f8 Mon Sep 17 00:00:00 2001 From: Mario Trangoni Date: Wed, 4 Sep 2024 03:17:54 +0200 Subject: [PATCH] feat( cluster ): Added support to customise pg_hba (#321) Signed-off-by: Mario Trangoni Signed-off-by: Itay Grudev Co-authored-by: Itay Grudev --- charts/cluster/README.md | 3 ++- charts/cluster/templates/cluster.yaml | 4 +++- .../01-non_default_configuration_cluster-assert.yaml | 2 ++ .../01-non_default_configuration_cluster.yaml | 5 ++++- charts/cluster/values.schema.json | 10 +++++++++- charts/cluster/values.yaml | 11 +++++++---- 6 files changed, 27 insertions(+), 8 deletions(-) diff --git a/charts/cluster/README.md b/charts/cluster/README.md index 7c96796d8..bf30859ce 100644 --- a/charts/cluster/README.md +++ b/charts/cluster/README.md @@ -166,7 +166,8 @@ refer to the [CloudNativePG Documentation](https://cloudnative-pg.io/documentat | cluster.monitoring.prometheusRule.excludeRules | list | `[]` | Exclude specified rules | | cluster.postgresGID | int | `26` | The GID of the postgres user inside the image, defaults to 26 | | cluster.postgresUID | int | `26` | The UID of the postgres user inside the image, defaults to 26 | -| cluster.postgresql | object | `{}` | Configuration of the PostgreSQL server. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration | +| cluster.postgresql.parameters | object | `{}` | PostgreSQL configuration options (postgresql.conf) | +| cluster.postgresql.pg_hba | list | `[]` | PostgreSQL Host Based Authentication rules (lines to be appended to the pg_hba.conf file) | | cluster.primaryUpdateMethod | string | `"switchover"` | Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated. It can be switchover (default) or restart. | | cluster.primaryUpdateStrategy | string | `"unsupervised"` | Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated: it can be automated (unsupervised - default) or manual (supervised) | | cluster.priorityClassName | string | `""` | | diff --git a/charts/cluster/templates/cluster.yaml b/charts/cluster/templates/cluster.yaml index e3ada58c4..14ed47a55 100644 --- a/charts/cluster/templates/cluster.yaml +++ b/charts/cluster/templates/cluster.yaml @@ -63,7 +63,9 @@ spec: {{- end }} {{- with .Values.cluster.postgresql }} parameters: - {{- toYaml . | nindent 6 }} + {{- toYaml .parameters | nindent 6 }} + pg_hba: + {{- toYaml .pg_hba | nindent 6 }} {{ end }} managed: diff --git a/charts/cluster/test/postgresql-cluster-configuration/01-non_default_configuration_cluster-assert.yaml b/charts/cluster/test/postgresql-cluster-configuration/01-non_default_configuration_cluster-assert.yaml index 921d354aa..c26a44faf 100644 --- a/charts/cluster/test/postgresql-cluster-configuration/01-non_default_configuration_cluster-assert.yaml +++ b/charts/cluster/test/postgresql-cluster-configuration/01-non_default_configuration_cluster-assert.yaml @@ -15,6 +15,8 @@ spec: postgresql: parameters: max_connections: "42" + pg_hba: + - host all 1.2.3.4/32 trust bootstrap: initdb: database: mydb diff --git a/charts/cluster/test/postgresql-cluster-configuration/01-non_default_configuration_cluster.yaml b/charts/cluster/test/postgresql-cluster-configuration/01-non_default_configuration_cluster.yaml index 07a96e617..96a3d429c 100644 --- a/charts/cluster/test/postgresql-cluster-configuration/01-non_default_configuration_cluster.yaml +++ b/charts/cluster/test/postgresql-cluster-configuration/01-non_default_configuration_cluster.yaml @@ -52,7 +52,10 @@ cluster: - pg_monitor - pg_signal_backend postgresql: - max_connections: "42" + parameters: + max_connections: "42" + pg_hba: + - host all 1.2.3.4/32 trust initdb: database: mydb owner: dante diff --git a/charts/cluster/values.schema.json b/charts/cluster/values.schema.json index 4841efa1e..5d7ca9b65 100644 --- a/charts/cluster/values.schema.json +++ b/charts/cluster/values.schema.json @@ -245,7 +245,15 @@ "type": "integer" }, "postgresql": { - "type": "object" + "type": "object", + "properties": { + "parameters": { + "type": "object" + }, + "pg_hba": { + "type": "array" + } + } }, "primaryUpdateMethod": { "type": "string" diff --git a/charts/cluster/values.yaml b/charts/cluster/values.yaml index 8dcb78a43..395925880 100644 --- a/charts/cluster/values.yaml +++ b/charts/cluster/values.yaml @@ -229,10 +229,13 @@ cluster: # usage: GAUGE # description: "Cache hit ratio" - # -- Configuration of the PostgreSQL server. - # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration - postgresql: {} - # max_connections: 300 + postgresql: + # -- PostgreSQL configuration options (postgresql.conf) + parameters: {} + # max_connections: 300 + # -- PostgreSQL Host Based Authentication rules (lines to be appended to the pg_hba.conf file) + pg_hba: [] + # - host all all 10.244.0.0/16 md5 # -- BootstrapInitDB is the configuration of the bootstrap process when initdb is used. # See: https://cloudnative-pg.io/documentation/current/bootstrap/