From dc9345576e47210f8f176a31369abe460a4cf3f9 Mon Sep 17 00:00:00 2001 From: Axel FAUVEL Date: Wed, 20 Mar 2024 11:20:41 +0100 Subject: [PATCH] [bitnami/postgresql] Add a NetworkPolicy to allow backup pods to access primary nodes (#24363) * [bitnami/postgresql] Add a NetworkPolicy to allow backup pods to access primary node Signed-off-by: Axel FAUVEL * [bitnami/postgresql] Bump chart version Signed-off-by: Axel FAUVEL * [bitnami/postgresql] Remove duplicated key Signed-off-by: Axel FAUVEL --------- Signed-off-by: Axel FAUVEL --- bitnami/postgresql/Chart.yaml | 2 +- bitnami/postgresql/README.md | 1 + .../templates/backup/networkpolicy.yaml | 28 +++++++++++++++++++ bitnami/postgresql/values.yaml | 4 +++ 4 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 bitnami/postgresql/templates/backup/networkpolicy.yaml diff --git a/bitnami/postgresql/Chart.yaml b/bitnami/postgresql/Chart.yaml index bcc455aed0682d..c844bdfbf168f0 100644 --- a/bitnami/postgresql/Chart.yaml +++ b/bitnami/postgresql/Chart.yaml @@ -35,4 +35,4 @@ maintainers: name: postgresql sources: - https://github.com/bitnami/charts/tree/main/bitnami/postgresql -version: 15.0.0 +version: 15.1.0 diff --git a/bitnami/postgresql/README.md b/bitnami/postgresql/README.md index 45c8898c24c89d..9f2469c555e574 100644 --- a/bitnami/postgresql/README.md +++ b/bitnami/postgresql/README.md @@ -638,6 +638,7 @@ If you already have data in it, you will fail to sync to standby nodes for all c | `backup.cronjob.nodeSelector` | Node labels for PostgreSQL backup CronJob pod assignment | `{}` | | `backup.cronjob.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if backup.cronjob.resources is set (backup.cronjob.resources is recommended for production). | `nano` | | `backup.cronjob.resources` | Set container requests and limits for different resources like CPU or memory | `{}` | +| `backup.cronjob.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | | `backup.cronjob.storage.existingClaim` | Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) | `""` | | `backup.cronjob.storage.resourcePolicy` | Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted | `""` | | `backup.cronjob.storage.storageClass` | PVC Storage Class for the backup data volume | `""` | diff --git a/bitnami/postgresql/templates/backup/networkpolicy.yaml b/bitnami/postgresql/templates/backup/networkpolicy.yaml new file mode 100644 index 00000000000000..77fff3c31b1ac5 --- /dev/null +++ b/bitnami/postgresql/templates/backup/networkpolicy.yaml @@ -0,0 +1,28 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.backup.cronjob.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ include "postgresql.v1.primary.fullname" . }}-pgdumpall + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: pg_dumpall + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.backup.cronjob.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: pg_dumpall + policyTypes: + - Egress + egress: + - ports: + - port: 5432 + protocol: TCP +{{- end }} diff --git a/bitnami/postgresql/values.yaml b/bitnami/postgresql/values.yaml index b394131cee691f..cfdae442487250 100644 --- a/bitnami/postgresql/values.yaml +++ b/bitnami/postgresql/values.yaml @@ -1319,6 +1319,10 @@ backup: ## limits: ## cpu: 2 ## memory: 1024Mi + networkPolicy: + ## @param backup.cronjob.networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true storage: ## @param backup.cronjob.storage.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) ## If defined, PVC must be created manually before volume will be bound