diff options
| author |   Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-03-10 23:53:31 +0100 |
|---|---|---|
| committer | Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-03-10 23:53:31 +0100 |
| commit | 17547340d42db38a0bca7bca934b01964991301b (patch) | |
| tree | 5ab91e46b33eae8cf060b0e24f6f16f9a1888cff /kubernetes/common/postgres/templates | |
| parent | b8316cdbeaed1c4929531da836f24639c745ab66 (diff) | |
[COMMON] Allow special characters in postgress passwords
Postgres image that we are currently using uses sed to replace
passwords placeholders with their actual values at startup time.
This apprach is very fragile and leads to issues if & happens to be a
part of password as it has a special meaning in sed.
To fix this issue let's just extract the setup.sql file from the
container and process it on our own in init container using envsubst
and then mount it to the main container to be used.
Issue-ID: OOM-2317
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ifd51d8f0af0099958caa209185fb7a87a0480bd2
Diffstat (limited to 'kubernetes/common/postgres/templates')
| -rw-r--r-- | kubernetes/common/postgres/templates/_deployment.tpl | 40 |
1 files changed, 37 insertions, 3 deletions
diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl index 3777c1b2e4..361e64847e 100644 --- a/kubernetes/common/postgres/templates/_deployment.tpl +++ b/kubernetes/common/postgres/templates/_deployment.tpl @@ -40,6 +40,34 @@ spec: name: "{{ index $dot.Values "container" "name" $pgMode }}" spec: initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: PG_PRIMARY_USER + value: primaryuser + - name: PG_PRIMARY_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }} + - name: PG_USER + {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }} + - name: PG_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }} + - name: PG_DATABASE + value: "{{ $dot.Values.config.pgDatabase }}" + - name: PG_ROOT_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input/setup.sql + name: config + subPath: setup.sql + - mountPath: /config + name: pgconf + image: "{{ $dot.Values.global.envsubstImage }}" + imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} + name: {{ include "common.name" $dot }}-update-config + - name: init-sysctl command: - /bin/sh @@ -98,9 +126,12 @@ spec: - name: PG_ROOT_PASSWORD {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }} volumeMounts: - - name: pool-hba-conf + - name: config mountPath: /pgconf/pool_hba.conf subPath: pool_hba.conf + - name: pgconf + mountPath: /pgconf/setup.sql + subPath: setup.sql - mountPath: /pgdata name: {{ include "common.fullname" $dot }}-data - mountPath: /backup @@ -129,7 +160,10 @@ spec: {{- else }} emptyDir: {} {{ end }} - - name: pool-hba-conf + - name: config configMap: name: {{ include "common.fullname" $dot }} -{{- end -}}
\ No newline at end of file + - name: pgconf + emptyDir: + medium: Memory +{{- end -}} |