From 0db78dfe832a2ff52c302110381da17e210c36cc Mon Sep 17 00:00:00 2001 From: Shijun Wang Date: Mon, 10 Jun 2024 09:13:26 +0300 Subject: [PATCH 1/7] Make user min_pool_size configurable --- charts/pgcat/templates/secret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/pgcat/templates/secret.yaml b/charts/pgcat/templates/secret.yaml index 05711ea9..a55eb3ef 100644 --- a/charts/pgcat/templates/secret.yaml +++ b/charts/pgcat/templates/secret.yaml @@ -61,7 +61,7 @@ stringData: password = {{ $user.password | quote }} pool_size = {{ $user.pool_size }} statement_timeout = {{ $user.statement_timeout }} - min_pool_size = 3 + min_pool_size = {{ or $user.min_pool_size 3}} server_lifetime = 60000 {{- if and $user.server_username $user.server_password }} server_username = {{ $user.server_username | quote }} From a5656ab0f4d6ca44894ac1904eebeccf36bd916c Mon Sep 17 00:00:00 2001 From: Shijun Wang Date: Mon, 10 Jun 2024 09:14:08 +0300 Subject: [PATCH 2/7] Set user server_lifetime only if specified --- charts/pgcat/templates/secret.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/pgcat/templates/secret.yaml b/charts/pgcat/templates/secret.yaml index a55eb3ef..92c7a9bc 100644 --- a/charts/pgcat/templates/secret.yaml +++ b/charts/pgcat/templates/secret.yaml @@ -62,7 +62,9 @@ stringData: pool_size = {{ $user.pool_size }} statement_timeout = {{ $user.statement_timeout }} min_pool_size = {{ or $user.min_pool_size 3}} - server_lifetime = 60000 + {{- if $user.server_lifetime}} + server_lifetime = {{ $user.server_lifetime }} + {{- end }} {{- if and $user.server_username $user.server_password }} server_username = {{ $user.server_username | quote }} server_password = {{ $user.server_password | quote }} From 108fc5599bd33fbed2ec01956ca9b65ef844da63 Mon Sep 17 00:00:00 2001 From: Shijun Wang Date: Mon, 10 Jun 2024 09:18:47 +0300 Subject: [PATCH 3/7] Increment chart version --- charts/pgcat/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/pgcat/Chart.yaml b/charts/pgcat/Chart.yaml index c77d29c0..63fadd23 100644 --- a/charts/pgcat/Chart.yaml +++ b/charts/pgcat/Chart.yaml @@ -5,4 +5,4 @@ maintainers: - name: Wildcard email: support@w6d.io appVersion: "1.1.1" -version: 0.1.0 +version: 0.1.1 From 83433fd3572629734d3286582fc7d7dde1a3fd45 Mon Sep 17 00:00:00 2001 From: Shijun Wang Date: Mon, 10 Jun 2024 11:55:26 +0300 Subject: [PATCH 4/7] Use default instea of or --- charts/pgcat/templates/secret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/pgcat/templates/secret.yaml b/charts/pgcat/templates/secret.yaml index 92c7a9bc..02888411 100644 --- a/charts/pgcat/templates/secret.yaml +++ b/charts/pgcat/templates/secret.yaml @@ -61,7 +61,7 @@ stringData: password = {{ $user.password | quote }} pool_size = {{ $user.pool_size }} statement_timeout = {{ $user.statement_timeout }} - min_pool_size = {{ or $user.min_pool_size 3}} + min_pool_size = {{ default 3 $user.min_pool_size }} {{- if $user.server_lifetime}} server_lifetime = {{ $user.server_lifetime }} {{- end }} From f73e37244fd969b7fb1fa719003c0a97f6981cea Mon Sep 17 00:00:00 2001 From: Shijun Wang Date: Mon, 10 Jun 2024 16:04:49 +0300 Subject: [PATCH 5/7] Allow enabling server_tls --- charts/pgcat/templates/secret.yaml | 1 + charts/pgcat/values.yaml | 3 +++ 2 files changed, 4 insertions(+) diff --git a/charts/pgcat/templates/secret.yaml b/charts/pgcat/templates/secret.yaml index 02888411..c8ef71f1 100644 --- a/charts/pgcat/templates/secret.yaml +++ b/charts/pgcat/templates/secret.yaml @@ -15,6 +15,7 @@ stringData: connect_timeout = {{ .Values.configuration.general.connect_timeout }} idle_timeout = {{ .Values.configuration.general.idle_timeout | int }} server_lifetime = {{ .Values.configuration.general.server_lifetime | int }} + server_tls = {{ .Values.configuration.general.server_tls }} idle_client_in_transaction_timeout = {{ .Values.configuration.general.idle_client_in_transaction_timeout | int }} healthcheck_timeout = {{ .Values.configuration.general.healthcheck_timeout }} healthcheck_delay = {{ .Values.configuration.general.healthcheck_delay }} diff --git a/charts/pgcat/values.yaml b/charts/pgcat/values.yaml index 86be4104..cf826966 100644 --- a/charts/pgcat/values.yaml +++ b/charts/pgcat/values.yaml @@ -175,6 +175,9 @@ configuration: # Max connection lifetime before it's closed, even if actively used. server_lifetime: 86400000 # 24 hours + # Whether to use TLS for server connections or not. + server_tls: false + # How long a client is allowed to be idle while in a transaction (ms). idle_client_in_transaction_timeout: 0 # milliseconds From a9f7366230f6d391f0a51162fa2b307bca75d2c2 Mon Sep 17 00:00:00 2001 From: Shijun Wang Date: Mon, 10 Jun 2024 16:05:30 +0300 Subject: [PATCH 6/7] statement_timeout default value --- charts/pgcat/templates/secret.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/pgcat/templates/secret.yaml b/charts/pgcat/templates/secret.yaml index c8ef71f1..6f7918d0 100644 --- a/charts/pgcat/templates/secret.yaml +++ b/charts/pgcat/templates/secret.yaml @@ -61,9 +61,9 @@ stringData: username = {{ $user.username | quote }} password = {{ $user.password | quote }} pool_size = {{ $user.pool_size }} - statement_timeout = {{ $user.statement_timeout }} + statement_timeout = {{ default 0 $user.statement_timeout }} min_pool_size = {{ default 3 $user.min_pool_size }} - {{- if $user.server_lifetime}} + {{- if $user.server_lifetime }} server_lifetime = {{ $user.server_lifetime }} {{- end }} {{- if and $user.server_username $user.server_password }} From b5436dd0c715604ea62ca5f59146cbff532a466d Mon Sep 17 00:00:00 2001 From: Shijun Wang Date: Mon, 10 Jun 2024 16:05:48 +0300 Subject: [PATCH 7/7] Allow pulling password from existing secret --- charts/pgcat/templates/secret.yaml | 8 ++++++++ charts/pgcat/values.yaml | 4 +++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/charts/pgcat/templates/secret.yaml b/charts/pgcat/templates/secret.yaml index 6f7918d0..358f4e97 100644 --- a/charts/pgcat/templates/secret.yaml +++ b/charts/pgcat/templates/secret.yaml @@ -59,7 +59,15 @@ stringData: ## [pools.{{ $pool.name | quote }}.users.{{ $index }}] username = {{ $user.username | quote }} + {{- if $user.password }} password = {{ $user.password | quote }} + {{- else if and $user.passwordSecret.name $user.passwordSecret.key }} + {{- $secret := (lookup "v1" "Secret" $.Release.Namespace $user.passwordSecret.name) }} + {{- if $secret }} + {{- $password := index $secret.data $user.passwordSecret.key | b64dec }} + password = {{ $password | quote }} + {{- end }} + {{- end }} pool_size = {{ $user.pool_size }} statement_timeout = {{ default 0 $user.statement_timeout }} min_pool_size = {{ default 3 $user.min_pool_size }} diff --git a/charts/pgcat/values.yaml b/charts/pgcat/values.yaml index cf826966..e29d9f86 100644 --- a/charts/pgcat/values.yaml +++ b/charts/pgcat/values.yaml @@ -310,7 +310,9 @@ configuration: # ## Credentials for users that may connect to this cluster # ## @param users [array] # ## @param users[0].username Name of the env var (required) - # ## @param users[0].password Value for the env var (required) + # ## @param users[0].password Value for the env var (required) leave empty to use existing secret see passwordSecret.name and passwordSecret.key + # ## @param users[0].passwordSecret.name Name of the secret containing the password + # ## @param users[0].passwordSecret.key Key in the secret containing the password # ## @param users[0].pool_size Maximum number of server connections that can be established for this user # ## @param users[0].statement_timeout Maximum query duration. Dangerous, but protects against DBs that died in a non-obvious way. # users: []