From fb4f4f2beebe2513616771e38688fe6be2e62ea5 Mon Sep 17 00:00:00 2001 From: Rui Chen Date: Mon, 7 Jul 2025 09:59:53 +1200 Subject: [PATCH 1/2] fix dbcreated secrets missing when dbCreated is false and open engress port 5432 for postgres accross namespace if user deploy postgres in another namespace --- helm/common/templates/_db_setup_job.tpl | 3 +++ helm/common/templates/_netpolicy_templates.tpl | 3 +++ 2 files changed, 6 insertions(+) diff --git a/helm/common/templates/_db_setup_job.tpl b/helm/common/templates/_db_setup_job.tpl index b0b3d8009..92d21550a 100644 --- a/helm/common/templates/_db_setup_job.tpl +++ b/helm/common/templates/_db_setup_job.tpl @@ -184,5 +184,8 @@ data: {{- else }} host: {{ ( $.Values.postgres.host | default ( $.Values.global.postgres.master.host)) | b64enc | quote }} {{- end }} + {{- if not $.Values.postgres.dbCreate }} + dbcreated: {{ "true" | b64enc | quote }} + {{- end }} {{- end }} {{- end }} diff --git a/helm/common/templates/_netpolicy_templates.tpl b/helm/common/templates/_netpolicy_templates.tpl index 9613db41d..6e627f193 100644 --- a/helm/common/templates/_netpolicy_templates.tpl +++ b/helm/common/templates/_netpolicy_templates.tpl @@ -14,6 +14,9 @@ spec: - to: - ipBlock: cidr: {{ . }} + ports: + - protocol: TCP + port: 5432 {{- end }} podSelector: matchLabels: From 2690b3b4302aa988a52e905c033e974f62488355 Mon Sep 17 00:00:00 2001 From: Rui Chen Date: Tue, 8 Jul 2025 09:15:48 +1200 Subject: [PATCH 2/2] if user use external db, set secret dbcreated to true and open engress port 5432 --- helm/common/templates/_netpolicy_templates.tpl | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/helm/common/templates/_netpolicy_templates.tpl b/helm/common/templates/_netpolicy_templates.tpl index 6e627f193..7e2e56d9c 100644 --- a/helm/common/templates/_netpolicy_templates.tpl +++ b/helm/common/templates/_netpolicy_templates.tpl @@ -10,13 +10,15 @@ metadata: name: {{ .Chart.Name }}-db-netpolicy spec: egress: + {{- if not .Values.global.postgres.dbCreate }} + - ports: + - protocol: TCP + port: 5432 + {{- end }} {{- range .Values.global.netPolicy.dbSubnets }} - to: - ipBlock: cidr: {{ . }} - ports: - - protocol: TCP - port: 5432 {{- end }} podSelector: matchLabels: