From 371570d387e31a2fb7833195682d465897fdf86e Mon Sep 17 00:00:00 2001
From: Thomas Griseau <thomas.griseau@beamy.io>
Date: Fri, 29 Oct 2021 19:23:33 +0200
Subject: [PATCH 1/2] feat: Add possibility to specify internal ip range

---
 .../templates/statefulset-timescaledb-accessnode.yaml         | 4 ++++
 .../templates/statefulset-timescaledb-datanode.yaml           | 4 ++++
 charts/timescaledb-multinode/values.yaml                      | 3 +++
 3 files changed, 11 insertions(+)

diff --git a/charts/timescaledb-multinode/templates/statefulset-timescaledb-accessnode.yaml b/charts/timescaledb-multinode/templates/statefulset-timescaledb-accessnode.yaml
index dd06740a..40d17c66 100644
--- a/charts/timescaledb-multinode/templates/statefulset-timescaledb-accessnode.yaml
+++ b/charts/timescaledb-multinode/templates/statefulset-timescaledb-accessnode.yaml
@@ -79,6 +79,10 @@ spec:
             echo "*:*:*:postgres:${POSTGRES_PASSWORD_DATA_NODE}" > "${PGDATA}/../.pgpass"
             chown postgres:postgres "${PGDATA}/../.pgpass" "${PGDATA}/postgresql_helm_customizations.conf"
             chmod 0600 "${PGDATA}/../.pgpass"
+            {{- if .Values.internalIpRange }}
+            echo "Adding {{ .Values.internalIpRange }} in pg_hba.conf"
+            echo "host    all             all             {{ .Values.internalIpRange }}              trust" >> ${PGDATA}/pg_hba.conf
+            {{- end }}
         volumeMounts:
         - name: storage-volume
           mountPath: "{{ .Values.persistentVolume.mountPath }}"
diff --git a/charts/timescaledb-multinode/templates/statefulset-timescaledb-datanode.yaml b/charts/timescaledb-multinode/templates/statefulset-timescaledb-datanode.yaml
index b1661168..50457da6 100644
--- a/charts/timescaledb-multinode/templates/statefulset-timescaledb-datanode.yaml
+++ b/charts/timescaledb-multinode/templates/statefulset-timescaledb-datanode.yaml
@@ -71,6 +71,10 @@ spec:
             echo "Writing custom PostgreSQL Parameters to ${PGDATA}/postgresql_helm_customizations.conf"
             echo "cluster_name = '$(hostname)'" > "${PGDATA}/postgresql_helm_customizations.conf"
             echo "${POSTGRESQL_CUSTOM_PARAMETERS}" | sort >> "${PGDATA}/postgresql_helm_customizations.conf"
+            {{- if .Values.internalIpRange }}
+            echo "Adding {{ .Values.internalIpRange }} in pg_hba.conf"
+            echo "host    all             all             {{ .Values.internalIpRange }}              trust" >> ${PGDATA}/pg_hba.conf
+            {{- end }}
             # The TimescaleDB extension should not be available by default, as this interferes with the bootstrapping
             # done by the access nodes. Therefore we drop the extensions from template1
             echo "DROP EXTENSION timescaledb" | /docker-entrypoint.sh postgres --single -D "${PGDATA}" template1
diff --git a/charts/timescaledb-multinode/values.yaml b/charts/timescaledb-multinode/values.yaml
index f991dbd3..ce65a6d2 100644
--- a/charts/timescaledb-multinode/values.yaml
+++ b/charts/timescaledb-multinode/values.yaml
@@ -121,3 +121,6 @@ serviceAccount:
   # The name of the ServiceAccount to use.
   # If not set and create is true, a name is generated using the fullname template
   name:
+
+# This allows to specify the internal ip range of your cluster to add them to pg_hba.conf
+internalIpRange:

From 65f2f11314b1ec52e150dae35dc73e9820877fe4 Mon Sep 17 00:00:00 2001
From: Thomas Griseau <thomas.griseau@beamy.io>
Date: Wed, 10 Nov 2021 09:55:27 +0100
Subject: [PATCH 2/2] fix: Add to pg_hba only if line already inserted

---
 .../templates/statefulset-timescaledb-accessnode.yaml          | 3 ++-
 .../templates/statefulset-timescaledb-datanode.yaml            | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/charts/timescaledb-multinode/templates/statefulset-timescaledb-accessnode.yaml b/charts/timescaledb-multinode/templates/statefulset-timescaledb-accessnode.yaml
index 40d17c66..ba690782 100644
--- a/charts/timescaledb-multinode/templates/statefulset-timescaledb-accessnode.yaml
+++ b/charts/timescaledb-multinode/templates/statefulset-timescaledb-accessnode.yaml
@@ -81,7 +81,8 @@ spec:
             chmod 0600 "${PGDATA}/../.pgpass"
             {{- if .Values.internalIpRange }}
             echo "Adding {{ .Values.internalIpRange }} in pg_hba.conf"
-            echo "host    all             all             {{ .Values.internalIpRange }}              trust" >> ${PGDATA}/pg_hba.conf
+            grep -qxF "host all all {{ .Values.internalIpRange }} trust" "pg_hba.conf" \
+                || echo "host all all {{ .Values.internalIpRange }} trust" >> pg_hba.conf
             {{- end }}
         volumeMounts:
         - name: storage-volume
diff --git a/charts/timescaledb-multinode/templates/statefulset-timescaledb-datanode.yaml b/charts/timescaledb-multinode/templates/statefulset-timescaledb-datanode.yaml
index 50457da6..f40a9cf4 100644
--- a/charts/timescaledb-multinode/templates/statefulset-timescaledb-datanode.yaml
+++ b/charts/timescaledb-multinode/templates/statefulset-timescaledb-datanode.yaml
@@ -73,7 +73,8 @@ spec:
             echo "${POSTGRESQL_CUSTOM_PARAMETERS}" | sort >> "${PGDATA}/postgresql_helm_customizations.conf"
             {{- if .Values.internalIpRange }}
             echo "Adding {{ .Values.internalIpRange }} in pg_hba.conf"
-            echo "host    all             all             {{ .Values.internalIpRange }}              trust" >> ${PGDATA}/pg_hba.conf
+            grep -qxF "host all all {{ .Values.internalIpRange }} trust" "pg_hba.conf" \
+                || echo "host all all {{ .Values.internalIpRange }} trust" >> pg_hba.conf
             {{- end }}
             # The TimescaleDB extension should not be available by default, as this interferes with the bootstrapping
             # done by the access nodes. Therefore we drop the extensions from template1