chore(postgresql-cluster): generate password random

Author: EamonZhang

addons/postgresql-cluster/15/chart/postgresql-cluster/README.md

@@ -1,17 +1,90 @@
+## CREATE PG INSTANCE
 
 ```
-dataname:
-  dbname: dbn
-  username: admin
-  password: R3Dv0NEmwZkhhz
+#  create or update pg instance template yaml
 networkPolicy.allowNamespaces:
  - mx-test1 
 service.type: ClusterIP
 metrics.enabled: true
 backup:
+  # whether BackUP should be enabled
   enabled: true
+  # Cron schedule for doing base backups
+  scheduleCronJob: "20 0 * * 0"
+  Amount of base backups to retain
+  retainBackups: 2
   s3:
     awsAccessKeyID: DO9l771LqiwZkhhz
     awsSecretAccessKey: R3Dv0NEmJBo8JFdn1q8jz49ArWwpDjFn
     walGS3Prefix: mx-test
-```
+```
+
+## Create app user and database
+
+- Login PG with admin user & password
+
+- CREATE APP USER
+```
+CREATE USER `my_user` WITH CONNECTION LIMIT `conn_limit` LOGIN ENCRYPTED PASSWORD 'password';
+```
+- CREATE APP DATABASE
+```
+CREATE DATABASE `my_db` OWNER `my_user`;
+```
+- CREATE EXTENSIONS
+```
+CREATE EXTENSION pg_buffercache;
+```
+
+## Network Access
+
+Default access allow policy: only namespace scope.
+
+- allow `mx-test1` namespace access 
+```
+networkPolicy.allowNamespaces:
+ - mx-test1 
+```
+
+ - Assign external network IP address
+```
+ service.type: LoadBlance
+```
+
+ ## Manger backup your data `Very important`
+ 
+`Strongly recommend enabling this feature.`
+`Strongly recommend enabling this feature.`
+`Strongly recommend enabling this feature.`
+
+PG data backup use S3 as backenp store. Choose an independent storage space `outside of the current environment` as your backup space.
+```
+backup:
+  # whether BackUP should be enabled
+  enabled: true
+  # Cron schedule for doing base backups
+  scheduleCronJob: "20 0 * * 0"
+  Amount of base backups to retain
+  retainBackups: 2
+  s3:
+    awsAccessKeyID: DO9l771LqiwZkhhz
+    awsSecretAccessKey: R3Dv0NEmJBo8JFdn1q8jz49ArWwpDjFn
+    walGS3Prefix: mx-test
+```
+
+You can modify multiple content at once, there is no need to modify part of it each time.
+
+# Plans
+
+| Resource Specification | Cores | MEMORY | Storage SIZE |
+| :---: | :---: | :---: | :---: | 
+| standard-10 | 1C | 2G | 10G |  
+| standard-20 | 2C | 4G | 20G | 
+| standard-50 | 2C | 8G | 50G | 
+| standard-100 | 4C | 16G | 100G |  
+| standard-200 | 8C | 32G | 200G |  
+| standard-400 | 16C | 64G | 400G | 
+| standard-800 | 32C | 128G | 800G | 
+
+In order to obtain a better experience, it is recommended not to exceed 80% usage of resource utilization for a long period of time. If there is a need for larger resource scale, please apply for private customization.
+

addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl

@@ -107,6 +107,16 @@ Create patroni envs.
     secretKeyRef:
       name: {{ template "patroni.fullname" . }}
       key: password-rewind
+- name: ADMIN_USER
+  valueFrom:
+    secretKeyRef:
+      name: {{ template "patroni.fullname" . }}
+      key: admin-user
+- name: ADMIN_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ template "patroni.fullname" . }}
+      key: admin-password
 - name: PATRONI_SCOPE
   value: {{ template "patroni.fullname" . }}
 - name: PATRONI_NAME
@@ -123,21 +133,6 @@ Create patroni envs.
   value: '0.0.0.0:5432'
 - name: PATRONI_RESTAPI_LISTEN
   value: '0.0.0.0:8008'
-- name: DATABASE_NAME
-  valueFrom:
-    secretKeyRef:
-      name: {{ template "patroni.fullname" . }}
-      key: data-name
-- name: DATABASE_USER
-  valueFrom:
-    secretKeyRef:
-      name: {{ template "patroni.fullname" . }}
-      key: data-user
-- name: DATABASE_PASSWORD
-  valueFrom:
-    secretKeyRef:
-      name: {{ template "patroni.fullname" . }}
-      key: data-password
 {{- end -}}
 
 {{/*
@@ -178,3 +173,66 @@ Create walg envs.
   value: ""
 {{- end }}
 {{- end }}
+
+{{/*
+Generate random password 
+*/}}
+
+{{/*
+Get the super user  password ;
+*/}}
+{{- define "credentials.superuserValue" }}
+{{- if .Values.credentials.superuser }}                                         
+    {{- .Values.credentials.superuser -}}
+{{- else -}}
+  {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-superuser")  -}}
+{{- end -}}
+{{- end }}
+
+{{/*
+Get the rewind password ;
+*/}}
+{{- define "credentials.rewindValue" }}
+{{- if .Values.credentials.rewind }}                                         
+    {{- .Values.credentials.rewind -}}
+{{- else -}}
+  {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-rewind")  -}}
+{{- end -}}
+{{- end }}
+
+{{/*
+Get the replication password ;
+*/}}
+{{- define "credentials.replicationValue" }}
+{{- if .Values.credentials.replication }}                                         
+    {{- .Values.credentials.replication -}}
+{{- else -}}
+  {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-replication")  -}}
+{{- end -}}
+{{- end }}
+
+{{/*
+Get the administrator password ;
+*/}}
+{{- define "adminRole.passwordValue" }}
+{{- if .Values.adminRole.password }}
+    {{- .Values.adminRole.password -}}
+{{- else -}}
+  {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-replication")  -}}
+{{- end -}}
+{{- end }}
+
+{{/*
+Returns the available value for certain key in an existing secret (if it exists),
+otherwise it generates a random value.
+*/}}
+{{- define "getValueFromSecret" }}
+{{- $len := (default 16 .Length) | int -}}
+{{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}}
+{{- if $obj }}
+{{- index $obj .Key | b64dec -}}
+{{- else -}}
+{{- randAlphaNum $len -}}
+{{- end -}}
+{{- end }}
+

addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml

@@ -10,10 +10,9 @@ metadata:
     heritage: {{ .Release.Service }}
     cluster-name: {{ template "patroni.fullname" . }}
 type: Opaque
-data:
-  password-superuser: {{ .Values.credentials.superuser | b64enc }}
-  password-rewind: {{ .Values.credentials.rewind | b64enc }}
-  password-replication: {{ .Values.credentials.replication | b64enc }} 
-  data-user: {{ .Values.database.username | b64enc }}
-  data-name: {{ .Values.database.dbname | b64enc }}
-  data-password: {{ .Values.database.password | b64enc }}
+data: 
+  password-superuser: {{ include "credentials.superuserValue" . | b64enc | quote }}
+  password-rewind: {{ include "credentials.rewindValue" . | b64enc | quote }}
+  password-replication: {{ include "credentials.replicationValue" . | b64enc | quote  }} 
+  admin-user: {{ .Values.adminRole.username | b64enc }}
+  admin-password: {{ .Values.adminRole.password | b64enc }}

addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml

@@ -17,14 +17,13 @@ image:
 # https://github.com/zalando/patroni/blob/master/docs/SETTINGS.rst#postgresql
 # https://github.com/zalando/spilo/blob/master/ENVIRONMENT.rst
 credentials:
-  superuser: tea
-  rewind: cola
-  replication: reppasswd
+  superuser: ""
+  rewind: ""
+  replication: ""
 
-database:
-  dbname: db1
-  username: us1
-  password: 111w
+adminRole:
+  username: administrator
+  password: ""
 
 # Distribution Configuration stores
 # Please note that only one of the following stores should be enabled.
@@ -126,22 +125,21 @@ postInitScript: |
   #!/bin/bash
   set -Eeu
   # Create monitor user
-  psql -w -c  "CREATE USER tea_mon WITH ROLE pg_monitor"
-  # Create init database & user 
-  if [[( -n "$DATABASE_USER") &&  ( -n "$DATABASE_PASSWORD") && ( -n "$DATABASE_NAME")]]; then
-    echo "Creating user ${DATABASE_USER}"
-    psql -w -c "create user ${DATABASE_USER} WITH LOGIN ENCRYPTED PASSWORD '${DATABASE_PASSWORD}'"
-    echo "Creating database ${DATABASE_NAME} "
-    psql -w -c "CREATE DATABASE ${DATABASE_NAME} OWNER ${DATABASE_USER} CONNECTION LIMIT 1000"
-    psql -w -d ${DATABASE_NAME} -c "create extension postgis ; create extension pg_stat_statements ; create extension pg_buffercache ;"
-    psql -w -c  "CHECKPOINT;CHECKPOINT;"
+  psql -w -c  "CREATE USER tea_mon WITH ROLE pg_monitor;create extension pg_stat_statements;create extension pg_buffercache ;"
+  # Create admin  user 
+  if [[( -n "$ADMIN_USER") &&  ( -n "$ADMIN_PASSWORD")]]; then
+     echo "Creating user ${ADMIN_USER}"
+    # psql -w -c "CREATE USER ${ADMIN_USER} WITH NOSUPERUSER CREATEDB CREATEROLE REPLICATION CONNECTION LIMIT 10 LOGIN ENCRYPTED PASSWORD '${ADMIN_PASSWORD}'"
   else
-    echo "Skipping user creation"
-    echo "Skipping database creation"
+    echo "Skipping create admin user"
   fi
+  psql -w -c  "CHECKPOINT;CHECKPOINT;"
+  #norm user 
+  #
+  #
 postgresql: 
   config: |-
-    log_min_duration_statement = 1008
+    log_min_duration_statement = 1000
     max_wal_size = 4GB
     min_wal_size = 4GB
     max_connections = 1005
@@ -249,25 +247,25 @@ metrics:
       memory: 512Mi
 backup:
   # Specifies whether Wal-G should be enabled
-  enabled: true
+  enabled: false
   # Cron schedule for doing base backups
   scheduleCronJob: "20 0 * * 0"
   # Amount of base backups to retain
   retainBackups: 2
   # Name of the secret that holds the credentials to the bucket
   kubernetesSecret:
   # Maximum size of the WAL segments accumulated after the base backup to
-  # consider WAL-E restore instead of pg_basebackup
+  # consider WAL-G restore instead of pg_basebackup
   backupThresholdMegabytes: 1024
   # Maximum ratio (in percents) of the accumulated WAL files to the base backup
-  # to consider WAL-E restore instead of pg_basebackup
+  # to consider WAL-G restore instead of pg_basebackup
   backupThresholdPercentage: 30
   s3:
     used: true
-    awsAccessKeyID: "minioadmin"
-    awsSecretAccessKey: "minioadmin"
-    walGS3Prefix: "s3://pg1"
-    awsEndpoint: "http://10.10.2.11:9000"
+    awsAccessKeyID: ""
+    awsSecretAccessKey: ""
+    walGS3Prefix: "s3://xx"
+    awsEndpoint: "http://xxxx:9000"
     awsS3ForcePathStyle: "true"
     awsRegion: dx-1
 

addons/postgresql-cluster/15/meta.yaml

@@ -13,22 +13,14 @@ tags: postgresql-cluster
 bindable: true
 instances_retrievable: true
 bindings_retrievable: true
-plan_updateable: false
+plan_updateable: true
 allow_parameters:
-- name: "dataname"
-  description: "database config for values.yaml"
 - name: "networkPolicy.allowNamespaces"
   description: "networkPolicy allowNamespaces config for values.yaml"
 - name: "service.type"
   description: "service type config for values.yaml"
 - name: "metrics.enabled"
   description: "Whether to enable metrics. default true"
-- name: "backup.enabled"
-  description: "Whether to use S3 for backup your data. default true . ps: Make sure there is a available S3 "
-- name: "backup.s3.awsAccessKeyID"
-  description: "S3 awsAccessKeyID"
-- name: "backup.s3.awsSecretAccessKey"
-  description: "S3 awsSecretAccessKey"
-- name: "backup.s3.walGS3Prefix"
-  description: "S3 walGS3Prefix : etc . s3://bucket001"
+- name: "backup"
+  description: "Whether to use S3 for backup your data. default false . ps: Make sure there is a available S3 "
 archive: false