[bitnami/postgresql-ha] Method to set postgres password with other user

[MikaelSmith]

Which chart:
postgresql-ha 3.1.1

Is your feature request related to a problem? Please describe.
I'm attempting to initialize postgres with a specific user/database, such as with

postgres:
  username: my-db
  database: my-db
  password: ****

Doing that means the postgres user does not have a password set, as noted in https://github.com/bitnami/bitnami-docker-postgresql-repmgr#creating-a-database-user-on-first-run.

My motivation for having access as the postgres user is to do database backups, and to be able to restore a backup to a new cluster. The documented methods for that use ConfigMaps, which have a limit of 1MB (because they're stored in etcd), limiting their use to re-initialize the database from a backup.

Describe the solution you'd like
I'd like to be able to set the POSTGRESQL_POSTGRES_PASSWORD setting in the container to provide a password for the postgres user when creating a separate database user.

I'd also be open to other suggestions on how to do backup/restore.

[marcosbc]

@MikaelSmith Have you looked into the postgresqlPostgresPassword option in values.yaml?

## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`)
## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!)
# postgresqlPostgresPassword:

Let us know if you find any issues setting that option.

[MikaelSmith]

That's only present in the postgresql chart, not the postgresql-ha chart.

[marcosbc]

Oh, you're totally right @MikaelSmith. The Bitnami PostgreSQL with Replication Manager Docker image does support the POSTGRESQL_POSTGRES_PASSWORD environment variable, so we would only need to modify the chart.

I have created an internal task for making the change. Unfortunately I cannot give an ETA for when we would start working on this.

If you would like to contribute the change by copying them from the Bitnami PostgreSQL chart, feel free to do so, we would be glad to review it!

[MikaelSmith]

I have a few questions as I carry the implementation over. I'll raise them in a PR.

[jonathon2nd]

This does not seem to be working at the moment, Key does not show up as mounted on the workload. Authentication for postgres user fails.

2020-12-03 17:15:07.967 GMT [1616] FATAL:  password authentication failed for user "postgres"
2020-12-03 17:15:07.967 GMT [1616] DETAIL:  Password does not match for user "postgres".
	Connection matched pg_hba.conf line 6: "host     all              all       0.0.0.0/0    md5"

[jonathon2nd]

The password was not showing up because some of the vars were set with the global. prefix. After moving those and redeploying the secret is mounted on the workload, but authentication with postgres is still failing. There does not seem to be an issue with pgpool. The non admin user is working as expected.

[MikaelSmith]

I believe it only works on initial setup, so if the database already exists changes wouldn't be applied. I don't have a ton of experience with this; I believe I had it working at one point, and just ported over what the non-HA versions were doing.

[jonathon2nd]

I just saw this #2061 (comment).
And that was exactly the problem. The initial problem was caused by using the global. prefix on the var.
Thank you for responding.