From ee6d508d4354eed5ed3806e1c3211fdbb3fb3972 Mon Sep 17 00:00:00 2001 From: noratanxz Date: Wed, 4 Jun 2025 10:49:04 +0100 Subject: [PATCH 1/4] feat: SSL connectivity support --- coder-observability/templates/_helpers.tpl | 8 ++++++-- .../templates/statefulset-postgres-exporter.yaml | 8 +++++++- coder-observability/values.yaml | 13 +++++++++++++ 3 files changed, 26 insertions(+), 3 deletions(-) diff --git a/coder-observability/templates/_helpers.tpl b/coder-observability/templates/_helpers.tpl index 12ab859..f4b455e 100644 --- a/coder-observability/templates/_helpers.tpl +++ b/coder-observability/templates/_helpers.tpl @@ -63,10 +63,14 @@ Create the name of the service account to use {{/* Postgres connector string */}} {{- define "postgres-connector-string" -}} -{{- if .Values.global.postgres.password -}} +{{- if and .Values.global.postgres.password (eq .Values.global.postgres.sslmode "disable") -}} postgresql://{{ .Values.global.postgres.username }}:{{ urlquery .Values.global.postgres.password }}@{{ .Values.global.postgres.hostname }}:{{ .Values.global.postgres.port }}/{{ .Values.global.postgres.database }}?sslmode={{ .Values.global.postgres.sslmode }} -{{- else if .Values.global.postgres.mountSecret -}} +{{- else if and .Values.global.postgres.password (ne .Values.global.postgres.sslmode "disable") -}} +postgresql://{{ .Values.global.postgres.username }}:{{ urlquery .Values.global.postgres.password }}@{{ .Values.global.postgres.hostname }}:{{ .Values.global.postgres.port }}/{{ .Values.global.postgres.database }}?sslmode={{ .Values.global.postgres.sslmode }}&sslrootcert={{ .Values.global.postgres.sslrootcert }} +{{- else if and .Values.global.postgres.mountSecret (eq .Values.global.postgres.sslmode "disable") -}} postgresql://{{ .Values.global.postgres.username }}@{{ .Values.global.postgres.hostname }}:{{ .Values.global.postgres.port }}/{{ .Values.global.postgres.database }}?sslmode={{ .Values.global.postgres.sslmode }} +{{- else if and .Values.global.postgres.mountSecret (ne .Values.global.postgres.sslmode "disable") -}} +postgresql://{{ .Values.global.postgres.username }}@{{ .Values.global.postgres.hostname }}:{{ .Values.global.postgres.port }}/{{ .Values.global.postgres.database }}?sslmode={{ .Values.global.postgres.sslmode }}&sslrootcert={{ .Values.global.postgres.sslrootcert }} {{- else -}} {{ fail "either postgres.password or postgres.mountSecret must be defined" }} {{- end -}} diff --git a/coder-observability/templates/statefulset-postgres-exporter.yaml b/coder-observability/templates/statefulset-postgres-exporter.yaml index 229c650..4f33f25 100644 --- a/coder-observability/templates/statefulset-postgres-exporter.yaml +++ b/coder-observability/templates/statefulset-postgres-exporter.yaml @@ -29,4 +29,10 @@ spec: env: - name: DATA_SOURCE_NAME value: '{{ include "postgres-connector-string" . }}' - {{ include "postgres-secret-mount" . | nindent 10 }} \ No newline at end of file + {{ include "postgres-secret-mount" . | nindent 10 }} + + volumeMounts: + {{ toYaml .Values.global.postgres.volumeMounts | nindent 12 }} + + volumes: + {{ toYaml .Values.global.postgres.volumes | nindent 8 }} \ No newline at end of file diff --git a/coder-observability/values.yaml b/coder-observability/values.yaml index 653b829..42ac2bc 100644 --- a/coder-observability/values.yaml +++ b/coder-observability/values.yaml @@ -123,11 +123,24 @@ global: password: database: coder sslmode: disable + # add root cert path if using SSL + # sslrootcert: /home/coder/.postgresql/rootcert.pem + # ensure that your secret has a field named `PGPASSWORD` mountSecret: "secret-postgres" exporter: image: "quay.io/prometheuscommunity/postgres-exporter" + volumes: + - name: "pg-certs-mount" + configMap: + name: "pg-certs-mount-config-map" + + volumeMounts: + - name: "pg-certs-mount" + mountPath: "/home/coder/.postgresql" + readOnly: true + # global.postgres.alerts -- alerts for postgres alerts: groups: From 965a534fe76cbd12d758925b31481adc30cf1bb3 Mon Sep 17 00:00:00 2001 From: noratanxz Date: Wed, 4 Jun 2025 10:55:32 +0100 Subject: [PATCH 2/4] chore: make lint --- compiled/resources.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/compiled/resources.yaml b/compiled/resources.yaml index aff5679..503f485 100644 --- a/compiled/resources.yaml +++ b/compiled/resources.yaml @@ -12219,6 +12219,14 @@ spec: envFrom: - secretRef: name: secret-postgres + volumeMounts: + - mountPath: /home/coder/.postgresql + name: pg-certs-mount + readOnly: true + volumes: + - configMap: + name: pg-certs-mount-config-map + name: pg-certs-mount --- # Source: coder-observability/templates/statefulset-runbook-viewer.yaml apiVersion: apps/v1 From b4f803634c02dfeab013add82ff76d32a30a838e Mon Sep 17 00:00:00 2001 From: noratanxz Date: Wed, 4 Jun 2025 10:59:13 +0100 Subject: [PATCH 3/4] chore: uncomment value --- coder-observability/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/coder-observability/values.yaml b/coder-observability/values.yaml index 42ac2bc..c4277d7 100644 --- a/coder-observability/values.yaml +++ b/coder-observability/values.yaml @@ -124,7 +124,7 @@ global: database: coder sslmode: disable # add root cert path if using SSL - # sslrootcert: /home/coder/.postgresql/rootcert.pem + sslrootcert: /home/coder/.postgresql/rootcert.pem # ensure that your secret has a field named `PGPASSWORD` mountSecret: "secret-postgres" From 91e58e22889020db99268a8c2643fe5a415e7cd2 Mon Sep 17 00:00:00 2001 From: Eric Date: Wed, 4 Jun 2025 11:29:36 +0000 Subject: [PATCH 4/4] update readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ba5fde2..1edc211 100644 --- a/README.md +++ b/README.md @@ -258,7 +258,7 @@ values which are defined [here](https://github.com/grafana/helm-charts/tree/main | global.dashboards.timerange | string | `"12h"` | how far back dashboards should look | | global.externalScheme | string | `"http"` | | | global.externalZone | string | `"svc.cluster.local"` | | -| global.postgres | object | `{"alerts":{"groups":{"Basic":{"delay":"1m","enabled":true},"Connections":{"delay":"5m","enabled":true,"thresholds":{"critical":0.9,"notify":0.5,"warning":0.8}},"Notifications":{"delay":"15m","enabled":true,"thresholds":{"critical":0.9,"notify":0.5,"warning":0.8}}}},"database":"coder","exporter":{"image":"quay.io/prometheuscommunity/postgres-exporter"},"hostname":"localhost","mountSecret":"secret-postgres","password":null,"port":5432,"sslmode":"disable","username":"coder"}` | postgres connection information NOTE: these settings are global so we can parameterise some values which get rendered by subcharts | +| global.postgres | object | `{"alerts":{"groups":{"Basic":{"delay":"1m","enabled":true},"Connections":{"delay":"5m","enabled":true,"thresholds":{"critical":0.9,"notify":0.5,"warning":0.8}},"Notifications":{"delay":"15m","enabled":true,"thresholds":{"critical":0.9,"notify":0.5,"warning":0.8}}}},"database":"coder","exporter":{"image":"quay.io/prometheuscommunity/postgres-exporter"},"hostname":"localhost","mountSecret":"secret-postgres","password":null,"port":5432,"sslmode":"disable","sslrootcert":"/home/coder/.postgresql/rootcert.pem","username":"coder","volumeMounts":[{"mountPath":"/home/coder/.postgresql","name":"pg-certs-mount","readOnly":true}],"volumes":[{"configMap":{"name":"pg-certs-mount-config-map"},"name":"pg-certs-mount"}]}` | postgres connection information NOTE: these settings are global so we can parameterise some values which get rendered by subcharts | | global.postgres.alerts | object | `{"groups":{"Basic":{"delay":"1m","enabled":true},"Connections":{"delay":"5m","enabled":true,"thresholds":{"critical":0.9,"notify":0.5,"warning":0.8}},"Notifications":{"delay":"15m","enabled":true,"thresholds":{"critical":0.9,"notify":0.5,"warning":0.8}}}}` | alerts for postgres | | global.telemetry | object | `{"metrics":{"scrape_interval":"15s","scrape_timeout":"12s"}}` | control telemetry collection | | global.telemetry.metrics | object | `{"scrape_interval":"15s","scrape_timeout":"12s"}` | control metric collection |