(postgresql) set db admin password at startup
- Make the default to run the postgres database as the uid 999 which the default image maps to the 'postgres' user - If the database is already initialized, before starting postgres set the 'postgres' database user password to match the declared intended password Change-Id: I7b0ea7a86246b098f38ef4c03dd157731f61e066
This commit is contained in:
Scott Hussey
Scott Hussey
parent
2eb745d53a
commit
4a505e213c
@ -16,6 +16,25 @@ See the License for the specific language governing permissions and
|
|||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
set -ex
|
# Disable echo mode while setting the password
|
||||||
|
# unless we are in debug mode
|
||||||
|
{{- if .Values.conf.debug }}
|
||||||
|
set -x
|
||||||
|
{{- end }}
|
||||||
|
set -e
|
||||||
|
|
||||||
exec /docker-entrypoint.sh postgres -N {{ .Values.conf.postgresql.max_connections }} -B {{ .Values.conf.postgresql.shared_buffers }}
|
POSTGRES_DB=${POSTGRES_DB:-"postgres"}
|
||||||
|
|
||||||
|
# Check if the Postgres data directory exists before attempting to
|
||||||
|
# set the password
|
||||||
|
if [[ -d "$PGDATA" && -s "$PGDATA/PG_VERSION" ]]
|
||||||
|
then
|
||||||
|
postgres --single -D "$PGDATA" "$POSTGRES_DB" <<EOF
|
||||||
|
ALTER ROLE $POSTGRES_USER WITH PASSWORD '$POSTGRES_PASSWORD'
|
||||||
|
EOF
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
set -x
|
||||||
|
|
||||||
|
exec /docker-entrypoint.sh postgres -N {{ .Values.conf.postgresql.max_connections | quote }} -B {{ .Values.conf.postgresql.shared_buffers | quote }}
|
||||||
|
|||||||
@ -40,6 +40,8 @@ spec:
|
|||||||
{{ tuple $envAll "postgresql" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
{{ tuple $envAll "postgresql" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||||
spec:
|
spec:
|
||||||
serviceAccountName: {{ $serviceAccountName }}
|
serviceAccountName: {{ $serviceAccountName }}
|
||||||
|
securityContext:
|
||||||
|
{{ toYaml $envAll.Values.pod.security.server | indent 8 }}
|
||||||
affinity:
|
affinity:
|
||||||
{{ tuple $envAll "postgresql" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
{{ tuple $envAll "postgresql" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
|
|||||||
@ -19,6 +19,10 @@
|
|||||||
release_group: null
|
release_group: null
|
||||||
|
|
||||||
pod:
|
pod:
|
||||||
|
security:
|
||||||
|
server:
|
||||||
|
runAsUser: 999
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
affinity:
|
affinity:
|
||||||
anti:
|
anti:
|
||||||
type:
|
type:
|
||||||
@ -141,6 +145,7 @@ monitoring:
|
|||||||
scrape: true
|
scrape: true
|
||||||
|
|
||||||
conf:
|
conf:
|
||||||
|
debug: false
|
||||||
postgresql:
|
postgresql:
|
||||||
max_connections: 100
|
max_connections: 100
|
||||||
shared_buffers: 128MB
|
shared_buffers: 128MB
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user