Skip to content

Commit

Permalink
DEVOPS-640: Check that PGDATA and postgres mountPoint are in alignmen…
Browse files Browse the repository at this point in the history
…t if configured

Signed-off-by: Greg Nyahay <[email protected]>
  • Loading branch information
gnyahay committed Oct 24, 2024
1 parent 70d8725 commit 238d091
Show file tree
Hide file tree
Showing 3 changed files with 49 additions and 1 deletion.
2 changes: 1 addition & 1 deletion stable/enterprise/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v2
name: enterprise
version: "3.0.2"
version: "3.0.3"
appVersion: "5.10.0"
kubeVersion: 1.23.x - 1.30.x || 1.23.x-x - 1.30.x-x
description: |
Expand Down
47 changes: 47 additions & 0 deletions stable/enterprise/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -243,3 +243,50 @@ Checks if the feeds chart was previously disabled or if any of the drivers were
{{- end -}}

{{- end -}}

{{/*
Checks if the Postgres mountpoint aligns with PGDATA if the chart is enabled, mountPoint is set and PGDATA is overridden as an env var
*/}}
{{- define "enterprise.postgresMountpointCheck" -}}

{{ $notify := false }}

{{/* checks if PGDATA startswith POSTGRESQL_VOLUME_DIR to ensure data is written to a PV and not ephemeral storage */}}
{{- $postgresql := index .Values "postgresql" -}}
{{- if $postgresql -}}
{{- $postgresqlChartEnabled := index .Values "postgresql" "chartEnabled" -}}
{{- if $postgresqlChartEnabled -}}
{{- $postgresMountPath := .Values.postgresql.primary.persistence.mountPath -}}
{{- $postgresData := "" -}}
{{- $postgresqlExtraEnvs := index .Values "postgresql" "primary" "extraEnvVars" -}}
{{- if $postgresqlExtraEnvs -}}
{{- range $index, $val := $postgresqlExtraEnvs -}}
{{/* # postgresMountPath: {{ $postgresMountPath }} - .value: {{ .value }} */}}
{{- if and (eq "PGDATA" .name) (not (hasPrefix $postgresMountPath .value)) -}}
{{- $notify = true -}}
{{- $postgresData = .value -}}
{{- end -}}
{{- end -}}
{{- end -}}

{{/* if we haven't needed a notification yet, check if top level extraEnv have PGDATA */}}
{{- if not $notify -}}
{{- $extraEnv := .Values.extraEnv -}}
{{- if $extraEnv -}}
{{- range $index, $val := $extraEnv -}}
{{- if and (eq "PGDATA" .name) (not (hasPrefix $postgresMountPath .value)) -}}
{{- $notify = true -}}
{{- $postgresData = .value -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if $notify -}}
{{- fail (cat "Postgres data directory (PGDATA:" $postgresData ") is not within the mountPath:" $postgresMountPath "!") -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
1 change: 1 addition & 0 deletions stable/enterprise/templates/anchore_configmap.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
{{- include "enterprise.exclusionCheck" . -}}
{{- include "enterprise.postgresMountpointCheck" . -}}
kind: ConfigMap
apiVersion: v1
metadata:
Expand Down

0 comments on commit 238d091

Please sign in to comment.