@@ -81,6 +81,8 @@ const (
81
81
defaultPostgresParamValueSSLMinProtocolVersion = "TLSv1.2"
82
82
defaultPostgresParamValueSSLPreferServerCiphers = "on"
83
83
defaultPostgresParamValueSSLCiphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
84
+ defaultPostgresParamValueWalKeepSegements = "64"
85
+ defaultPostgresParamValueWalKeepSize = "1GB"
84
86
)
85
87
86
88
var (
@@ -541,7 +543,7 @@ func (p *Postgres) ToUnstructuredZalandoPostgresql(z *zalando.Postgresql, c *cor
541
543
enableAuditLogs (z .Spec .PostgresqlParam .Parameters )
542
544
}
543
545
// set some default postgres parameters
544
- setDefaultPostgresParams (z .Spec .PostgresqlParam .Parameters )
546
+ setDefaultPostgresParams (z .Spec .PostgresqlParam .Parameters , p . Spec . Version )
545
547
// now set the given generic parameters (and potentially allow overwriting of default postgres params or audit log params)
546
548
setPostgresParams (z .Spec .PostgresqlParam .Parameters , p .Spec .PostgresParams , pgParamBlockList )
547
549
// finally, overwrite the (special to us) shared buffer parameter
@@ -795,13 +797,31 @@ func enableAuditLogs(parameters map[string]string) {
795
797
}
796
798
797
799
// setDefaultPostgresParams configures default keepalive values
798
- func setDefaultPostgresParams (parameters map [string ]string ) {
800
+ func setDefaultPostgresParams (parameters map [string ]string , version string ) {
801
+ // set default parameters
799
802
parameters ["tcp_keepalives_idle" ] = defaultPostgresParamValueTCPKeepAlivesIdle
800
803
parameters ["tcp_keepalives_interval" ] = defaultPostgresParamValueTCPKeepAlivesInterval
801
804
parameters ["log_file_mode" ] = defaultPostgresParamValueLogFileMode
802
- parameters [ "ssl_min_protocol_version" ] = defaultPostgresParamValueSSLMinProtocolVersion
805
+
803
806
parameters ["ssl_prefer_server_ciphers" ] = defaultPostgresParamValueSSLPreferServerCiphers
804
807
parameters ["ssl_ciphers" ] = defaultPostgresParamValueSSLCiphers
808
+
809
+ // set version specific parameters
810
+ v , err := strconv .Atoi (version )
811
+ if err != nil {
812
+ return
813
+ }
814
+ // Postgres 12 and up
815
+ if v >= 12 {
816
+ parameters ["ssl_min_protocol_version" ] = defaultPostgresParamValueSSLMinProtocolVersion
817
+ }
818
+ // Postgres 13 and up
819
+ if v >= 13 {
820
+ parameters ["wal_keep_size" ] = defaultPostgresParamValueWalKeepSize
821
+ } else {
822
+ parameters ["wal_keep_segments" ] = defaultPostgresParamValueWalKeepSegements
823
+ }
824
+
805
825
}
806
826
807
827
// setPostgresParams add the provided params to the parameter map (but ignore params that are blocked)
0 commit comments