Skip to content

Commit

Permalink
DEVOPS-640: Check that PGDATA and postgres mountPoint are in alignmen…
Browse files Browse the repository at this point in the history
…t if configured

Signed-off-by: Greg Nyahay <[email protected]>
  • Loading branch information
gnyahay committed Oct 25, 2024
1 parent 70d8725 commit 32fc20a
Show file tree
Hide file tree
Showing 4 changed files with 55 additions and 6 deletions.
2 changes: 1 addition & 1 deletion stable/enterprise/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v2
name: enterprise
version: "3.0.2"
version: "3.0.3"
appVersion: "5.10.0"
kubeVersion: 1.23.x - 1.30.x || 1.23.x-x - 1.30.x-x
description: |
Expand Down
50 changes: 50 additions & 0 deletions stable/enterprise/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -243,3 +243,53 @@ Checks if the feeds chart was previously disabled or if any of the drivers were
{{- end -}}

{{- end -}}

{{/*
Checks if the Postgres mountpoint aligns with PGDATA if the chart is enabled, mountPoint is set and PGDATA is overridden as an env var
*/}}
{{- define "enterprise.postgresMountpointCheck" -}}

{{ $notify := false }}

{{/* checks if postgresqlDataDir setting or PGDATA environment variable startswith POSTGRESQL_VOLUME_DIR to ensure data is written to a PV and not ephemeral storage */}}
{{- $postgresql := index .Values "postgresql" -}}
{{- if $postgresql -}}
{{- $postgresqlChartEnabled := index .Values "postgresql" "chartEnabled" -}}
{{- if $postgresqlChartEnabled -}}
{{- $postgresMountPath := .Values.postgresql.primary.persistence.mountPath -}}
{{- $postgresData := .Values.postgresql.postgresqlDataDir -}}
{{- if (not (hasPrefix $postgresMountPath $postgresData)) -}}
{{- $notify = true -}}
{{- end -}}

{{- $postgresqlExtraEnvs := index .Values "postgresql" "primary" "extraEnvVars" -}}
{{- if and (not $notify) ($postgresqlExtraEnvs) -}}
{{- range $index, $val := $postgresqlExtraEnvs -}}
{{- if and (eq "PGDATA" .name) (not (hasPrefix $postgresMountPath .value)) -}}
{{- $notify = true -}}
{{- $postgresData = .value -}}
{{- end -}}
{{- end -}}
{{- end -}}

{{/* if we haven't needed a notification yet, check if top level extraEnv have PGDATA */}}
{{- if not $notify -}}
{{- $extraEnv := .Values.extraEnv -}}
{{- if $extraEnv -}}
{{- range $index, $val := $extraEnv -}}
{{- if and (eq "PGDATA" .name) (not (hasPrefix $postgresMountPath .value)) -}}
{{- $notify = true -}}
{{- $postgresData = .value -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if $notify -}}
{{- fail (cat "Postgres data directory (postgresqlDataDir/PGDATA:" $postgresData ") is not within the mountPath:" $postgresMountPath "!") -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
1 change: 1 addition & 0 deletions stable/enterprise/templates/anchore_configmap.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
{{- include "enterprise.exclusionCheck" . -}}
{{- include "enterprise.postgresMountpointCheck" . -}}
kind: ConfigMap
apiVersion: v1
metadata:
Expand Down
8 changes: 3 additions & 5 deletions stable/enterprise/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -47,15 +47,15 @@ imageCredentials:
password: ""
email: ""

## @param startMigrationPod Spin up a Database migration pod to help migrate the database to the new schema
## @param startMigrationPod Spin up a Database migration pod to help migrate the database to the new schema (for upgrading from Anchore 4.x only)
##
startMigrationPod: false

## @param migrationPodImage The image reference to the migration pod
## @param migrationPodImage The image reference to the migration pod (for upgrading from Anchore 4.x only)
##
migrationPodImage: docker.io/postgres:13-bookworm

## @param migrationAnchoreEngineSecretName The name of the secret that has anchore-engine values
## @param migrationAnchoreEngineSecretName The name of the secret that has anchore-engine values (for upgrading from Anchore 4.x only)
##
migrationAnchoreEngineSecretName: my-engine-anchore-engine

Expand Down Expand Up @@ -1007,7 +1007,6 @@ dataSyncer:

## @param dataSyncer.resources Resource requests and limits for Anchore DataSyncer pods
## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
## Commented values below are just a suggested baseline. Contact Anchore support for deployment specific recommendations.
##
resources: {}
# requests:
Expand Down Expand Up @@ -1452,7 +1451,6 @@ ui:
service:
type: ClusterIP
port: 80
## TODO - add service specific annotations & labels to ALL services
annotations: {}
labels: {}
sessionAffinity: ClientIP
Expand Down

0 comments on commit 32fc20a

Please sign in to comment.