Merge pull request #1986 from Thushani-Jayasekera/documentation

renuka-fernando · web-flow · commit e184aedbaff6 · 2026-05-18T16:56:09.000+05:30
Enhance PostgreSQL support in gateway Helm chart configuration.
diff --git a/kubernetes/helm/gateway-helm-chart/templates/gateway/controller/deployment.yaml b/kubernetes/helm/gateway-helm-chart/templates/gateway/controller/deployment.yaml
@@ -105,6 +105,13 @@ spec:
               value: {{ printf "%d" (int $controller.metrics.port) | quote }}
             - name: APIP_GW_DEVELOPMENT_MODE
               value: {{ .Values.gateway.developmentMode | toString | quote }}
+            {{- if and (eq .Values.gateway.config.controller.storage.type "postgres") $controller.postgres.passwordSecretRef.name }}
+            - name: APIP_GW_CONTROLLER_STORAGE_POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $controller.postgres.passwordSecretRef.name }}
+                  key: {{ $controller.postgres.passwordSecretRef.key | default "password" }}
+            {{- end }}
             {{- range $deployment.extraEnv }}
             - {{- toYaml . | nindent 14 }}
             {{- end }}
diff --git a/kubernetes/helm/gateway-helm-chart/templates/gateway/gateway-config.yaml b/kubernetes/helm/gateway-helm-chart/templates/gateway/gateway-config.yaml
@@ -2,6 +2,7 @@
 {{- $gc := .Values.gateway.config.controller -}}
 {{- $router := .Values.gateway.config.router -}}
 {{- $pe := .Values.gateway.config.policy_engine -}}
+{{- $pg := $gc.storage.postgres -}}
 {{- $controllerHost := printf "%s-controller" (include "gateway-operator.fullname" .) -}}
 apiVersion: v1
 kind: ConfigMap
@@ -38,6 +39,25 @@ data:
     [controller.storage.sqlite]
     path = {{ $gc.storage.sqlite.path | quote }}
 
+    {{- if eq $gc.storage.type "postgres" }}
+    [controller.storage.postgres]
+    {{- if $pg.dsn }}
+    dsn = {{ $pg.dsn | quote }}
+    {{- else }}
+    host = {{ required "gateway.config.controller.storage.postgres.host is required when storage.type is \"postgres\" and dsn is unset" $pg.host | quote }}
+    port = {{ $pg.port | int }}
+    database = {{ required "gateway.config.controller.storage.postgres.database is required when storage.type is \"postgres\" and dsn is unset" $pg.database | quote }}
+    user = {{ required "gateway.config.controller.storage.postgres.user is required when storage.type is \"postgres\" and dsn is unset" $pg.user | quote }}
+    sslmode = {{ $pg.sslmode | default "require" | quote }}
+    connect_timeout = {{ $pg.connect_timeout | default "5s" | quote }}
+    max_open_conns = {{ $pg.max_open_conns | default 25 | int }}
+    max_idle_conns = {{ $pg.max_idle_conns | default 5 | int }}
+    conn_max_lifetime = {{ $pg.conn_max_lifetime | default "30m" | quote }}
+    conn_max_idle_time = {{ $pg.conn_max_idle_time | default "5m" | quote }}
+    application_name = {{ $pg.application_name | default "gateway-controller" | quote }}
+    {{- end }}
+    {{- end }}
+
     [controller.policies]
     definitions_path = {{ $gc.policies.definitions_path | quote }}
 
diff --git a/kubernetes/helm/gateway-helm-chart/values.yaml b/kubernetes/helm/gateway-helm-chart/values.yaml
@@ -74,16 +74,39 @@ gateway:
 
       # Storage configuration
       storage:
-        # Storage type: "sqlite", "postgres" (future), or "memory"
-        # - sqlite: Use SQLite embedded database for persistence
-        # - postgres: Use PostgreSQL database for persistence (future support)
-        # - memory: No persistent storage, all configs lost on restart (useful for testing)
+        # Storage type: "sqlite", "postgres", or "memory"
+        # - sqlite: Single-instance embedded database backed by a PersistentVolumeClaim
+        # - postgres: External PostgreSQL database; enables multi-replica controller deployments
+        # - memory: No persistence; all state is lost on restart (useful for testing only)
         type: sqlite
 
         # SQLite configuration (used when type=sqlite)
         sqlite:
           path: ./data/gateway.db
 
+        # PostgreSQL configuration (used when type=postgres)
+        # Password is injected separately via gateway.controller.postgres.passwordSecretRef
+        postgres:
+          # Full DSN takes precedence over individual fields when set.
+          # Example: "postgres://user:password@host:5432/dbname?sslmode=require"
+          dsn: ""
+
+          host: ""
+          port: 5432
+          database: ""
+          user: ""
+
+          # SSL mode: disable, allow, prefer, require, verify-ca, verify-full
+          # Use "require" or stronger in production.
+          sslmode: require
+
+          connect_timeout: 5s
+          max_open_conns: 25
+          max_idle_conns: 5
+          conn_max_lifetime: 30m
+          conn_max_idle_time: 5m
+          application_name: gateway-controller
+
       # Policy configuration
       policies:
         # Directory containing policy definitions
@@ -438,6 +461,13 @@ gateway:
     storage:
       type: sqlite
       sqlitePath: ./data/gateway.db
+    # PostgreSQL password secret reference (used when gateway.config.controller.storage.type=postgres).
+    # The password is injected as an env var from a Kubernetes secret rather than stored in the ConfigMap.
+    # Create with: kubectl create secret generic <name> --from-literal=password='<db-password>'
+    postgres:
+      passwordSecretRef:
+        name: ""
+        key: password
     metrics:
       port: 9091
     persistence:
