-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathvalues.yaml
More file actions
96 lines (84 loc) · 3.58 KB
/
values.yaml
File metadata and controls
96 lines (84 loc) · 3.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# -- name to use for templating certs
name: "app-postgres"
certificates:
server:
# -- enable using server certificates
enabled: false
# -- generate server certs using cert-manager. if true the following
# are ignored: certificates.serverTLSSecret, certificates.serverCASecret
generate: false
# -- name of existing Kubernetes Secret for the postgresql server TLS cert,
# ignored if certificates.generate is true
serverTLSSecret: ""
# -- name of existing Kubernetes Secret for the postgresql server Certificate
# Authority cert, ignored if certificates.generate is true
serverCASecret: ""
client:
# -- enable using client certificates
enabled: false
# -- generate client certs using cert-manager. if true the following are
# ignored: certificates.clientCASecret, certificates.replicationTLSSecret
generate: false
# -- name of existing Kubernetes Secret for the postgresql client Certificate
# Authority cert, ignored if certificates.generate is true
clientCASecret: ""
# -- name of existing Kubernetes Secret for the postgresql replication TLS
# cert ignored if certificates.generate is true
replicationTLSSecret: ""
user:
# -- create a certificate for a user to connect to postgres using CertManager
# requires server and client certificate generation enabled
enabled: false
# -- List of names of users to create a cert for, eg: the DbOwner specified earlier.
# This data populated into the commonName field of the certificate.
username:
- "app"
testApp:
## -- create a test deployment to verify db connectivity.
# Populates user and DB from the Initdb owner and database values
# Requires server, client, and user certificate generation to be enabled.
enabled: false
# -- this is required for testing the application.
# please change to your database's username in your postgresql clsuter
owner: app
# -- this is required for testing the application.
# please change to your database name in your postgresql clsuter
database: app
cnpgCluster:
# -- enable this to deploy the official CNPG cluster helm chart dep
# All other values here are passed directly to the their chart. See:
# https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/values.yaml
enabled: false
type: postgresql
version:
postgresql: "16"
mode: standalone
fullnameOverride: ""
# -- see: https://cloudnative-pg.io/docs/1.28/certificates#client-certificate
certificates: {}
## examples if using our certificates features of this chart.
## NOTE: app-postgres should be replaced with whatever you set Values.name to
# serverTLSSecret: "app-postgres-server-cert"
# serverCASecret: "app-postgres-server-ca-key-pair"
# clientCASecret: "app-postgres-client-ca-key-pair"
# replicationTLSSecret: "app-postgres-client-cert"
cluster:
# -- Number of instances
instances: 3
initdb:
# -- you should change this the name of your database in the postgres cluster
database: app
# -- you should change this the name of your database user in the postgres cluster
owner: app
postgresql:
# -- records for the pg_hba.conf file. ref: https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
pg_hba:
- hostnossl all all 0.0.0.0/0 reject
- hostssl all all 0.0.0.0/0 cert clientcert=verify-full
primaryUpdateStrategy: unsupervised
# this solves an issue with an old boto version
additionalEnv:
- name: AWS_REQUEST_CHECKSUM_CALCULATION
value: when_required
- name: AWS_RESPONSE_CHECKSUM_VALIDATION
value: when_required