Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Helm chart improvements including allowing user password to be pulled from K8s secret #753

Merged
merged 8 commits into from
Sep 14, 2024
Merged

Helm chart improvements including allowing user password to be pulled from K8s secret #753

merged 8 commits into from
Sep 14, 2024

Conversation

Speissi
Copy link
Contributor

@Speissi Speissi commented Jun 10, 2024
edited
Loading

What

  • Make the configs for min_pool_size and sever_lifetime configurable under the user section.
  • Allow enabling `server_tls``
  • Change statement_timeout to use default 0 if not specified
  • Allow pulling user password from existing K8s secret

Why

  • Currently, the global server_lifetime gets overwritten by the hardcoded server_lifetime value under the user section, which can cause confusion. So, if it is not explicitly set in the values.yaml, it should not be set per user at all, and the global value should be respected.
  • min_pool_size should also be configurable and if not set the default value will be 3 as per the original version of the chart.
  • If the DB cluster does not access insecure connections the connection will fail without server_tls = true.
  • statement_timeout has default value of 0 and should be explicitly enabled.
  • Passing plain password in Helm values should be avoided.

@Speissi Speissi changed the title Helm chart: make user-specific min_pool_size and server_lifetime configurable Helm chart improvements including allowing user password to be pulled from K8s secret Jun 10, 2024
@Speissi
Copy link
Contributor Author

Speissi commented Jun 10, 2024

Checking out the workflow https://github.com/postgresml/pgcat/blob/main/.github/workflows/generate-chart-readme.yaml Has this ever worked? I don't think there is a README.md for the chart? Also the paths are a bit funky if this is expected to work. For example

readme-generator --values "charts/${chart}/values.yaml" --readme "charts/${chart}/README.md" --schema "/tmp/schema.json"

charts/${chart}/values.yaml translates into 'charts/pgcat/templates/values.yaml' which does not seem right and should probably be charts/pgcat/values.yaml

@drdrsh
Copy link
Collaborator

drdrsh commented Sep 14, 2024

The README hook appears to broken. I have some ideas on how to fix, I will merge this as is and fix the hook later

@drdrsh drdrsh merged commit efbab1c into postgresml:main Sep 14, 2024
2 of 3 checks passed
pseudomuto added a commit to pseudomuto/pgcat that referenced this pull request Oct 10, 2024
@pseudomuto
[Helm]: Generalize Password Lookup
d18b690 
Generalizing the secret lookup functionality that was added in postgresml#753 to
work for `admin_password`, `auth_query_password`, `server_password`, and
really any other one.

It works by creating a `pgcat.password` template which expects an object
containing values for the `password` and `secret` keys. `password` is a
literal value normally supplied via `.Values.xyz` value. `secret` is an
object with a key and name property that effectively functions like a
_secretKeyRef_.

When the literal value is not blank, that is used. Otherwise an attempt
is made to lookup to supplied key from the named secret and use that.
This is exactly how the current implementation of `user_password` works,
which avoids any breaking changes. See the function definition for more
details.

> Note: it seems like `user_passwordSecret` was added (camelCase name)
while all the other ones are _snake_case_. I elected to use snake case for
the new values, but left `user_passwordSecret` as is to avoid any
breaking changes.
@pseudomuto pseudomuto mentioned this pull request Oct 10, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Speissi @drdrsh