diff --git a/stable/enterprise/Chart.yaml b/stable/enterprise/Chart.yaml index 8413e19d..ffd3b126 100644 --- a/stable/enterprise/Chart.yaml +++ b/stable/enterprise/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: enterprise -version: "3.0.2" +version: "3.0.3" appVersion: "5.10.0" kubeVersion: 1.23.x - 1.30.x || 1.23.x-x - 1.30.x-x description: | diff --git a/stable/enterprise/templates/_helpers.tpl b/stable/enterprise/templates/_helpers.tpl index c9af8a8b..146a4906 100644 --- a/stable/enterprise/templates/_helpers.tpl +++ b/stable/enterprise/templates/_helpers.tpl @@ -243,3 +243,50 @@ Checks if the feeds chart was previously disabled or if any of the drivers were {{- end -}} {{- end -}} + +{{/* +Checks if the Postgres mountpoint aligns with PGDATA if the chart is enabled, mountPoint is set and PGDATA is overridden as an env var +*/}} +{{- define "enterprise.postgresMountpointCheck" -}} + +{{ $notify := false }} + +{{/* checks if PGDATA startswith POSTGRESQL_VOLUME_DIR to ensure data is written to a PV and not ephemeral storage */}} +{{- $postgresql := index .Values "postgresql" -}} +{{- if $postgresql -}} + {{- $postgresqlChartEnabled := index .Values "postgresql" "chartEnabled" -}} + {{- if $postgresqlChartEnabled -}} + {{- $postgresMountPath := .Values.postgresql.primary.persistence.mountPath -}} + {{- $postgresData := "" -}} + {{- $postgresqlExtraEnvs := index .Values "postgresql" "primary" "extraEnvVars" -}} + {{- if $postgresqlExtraEnvs -}} + {{- range $index, $val := $postgresqlExtraEnvs -}} + {{/* # postgresMountPath: {{ $postgresMountPath }} - .value: {{ .value }} */}} + {{- if and (eq "PGDATA" .name) (not (hasPrefix $postgresMountPath .value)) -}} + {{- $notify = true -}} + {{- $postgresData = .value -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{/* if we haven't needed a notification yet, check if top level extraEnv have PGDATA */}} + {{- if not $notify -}} + {{- $extraEnv := .Values.extraEnv -}} + {{- if $extraEnv -}} + {{- range $index, $val := $extraEnv -}} + {{- if and (eq "PGDATA" .name) (not (hasPrefix $postgresMountPath .value)) -}} + {{- $notify = true -}} + {{- $postgresData = .value -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if $notify -}} + {{- fail (cat "Postgres data directory (PGDATA:" $postgresData ") is not within the mountPath:" $postgresMountPath "!") -}} + {{- end -}} + + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/stable/enterprise/templates/anchore_configmap.yaml b/stable/enterprise/templates/anchore_configmap.yaml index 710530ec..3b474891 100644 --- a/stable/enterprise/templates/anchore_configmap.yaml +++ b/stable/enterprise/templates/anchore_configmap.yaml @@ -1,4 +1,5 @@ {{- include "enterprise.exclusionCheck" . -}} +{{- include "enterprise.postgresMountpointCheck" . -}} kind: ConfigMap apiVersion: v1 metadata: