diff --git a/charts/postgres/.helmignore b/charts/postgres/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/charts/postgres/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/postgres/Chart.yaml b/charts/postgres/Chart.yaml new file mode 100644 index 00000000..72c6320e --- /dev/null +++ b/charts/postgres/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +name: postgres +description: A Helm chart for PostgreSQL on Kubernetes + +type: application + +maintainers: + - name: Devtron + +version: 0.4.1 + +appVersion: "15.1" diff --git a/charts/postgres/README.md b/charts/postgres/README.md new file mode 100644 index 00000000..3fc18d52 --- /dev/null +++ b/charts/postgres/README.md @@ -0,0 +1,129 @@ +# PostgreSQL + +![Version: 0.4.1](https://img.shields.io/badge/Version-0.4.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 15.1](https://img.shields.io/badge/AppVersion-15.1-informational?style=flat-square) + +## Changelog + +see [RELEASENOTES.md](RELEASENOTES.md) + +A Helm chart for PostgreSQL on Kubernetes + +## ⚠️ Warning + +There is no automatic database upgrade from PostgreSQL 13.x (Chart version 0.2.x) to PostgreSQL 14.x (Chart version 0.3.x) or Postgres 14.x to Postgres 15.x (Chart version 0.4.x) and upgrade deployment will fail in case of a major version change. + +## TL;DR + +```bash +helm repo add groundhog2k https://groundhog2k.github.io/helm-charts/ +helm install my-release groundhog2k/postgres +``` + +## Introduction + +This chart uses the original [PostgreSQL image from Docker Hub](https://hub.docker.com/_/postgres/) to deploy a stateful PostgreSQL instance in a Kubernetes cluster. + +It fully supports deployment of the multi-architecture docker image. + +## Prerequisites + +- Kubernetes 1.12+ +- Helm 3.x +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +helm install my-release groundhog2k/postgres +``` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +helm uninstall my-release +``` + +## Common parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| fullnameOverride | string | `""` | Fully override the deployment name | +| nameOverride | string | `""` | Partially override the deployment name | + +## Deployment parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | +| image.registry | string | `"docker.io"` | Image registry | +| image.repository | string | `"postgres"` | Image name | +| image.tag | string | `""` | Image tag | +| imagePullSecrets | list | `[]` | Image pull secrets | +| extraInitContainers | list | `[]` | Extra init containers | +| extaContainers | list | `[]` | Extra containers for usage as sidecars | +| startupProbe | object | `see values.yaml` | Startup probe configuration | +| livenessProbe | object | `see values.yaml` | Liveness probe configuration | +| readinessProbe | object | `see values.yaml` | Readiness probe configuration | +| customStartupProbe | object | `{}` | Custom startup probe (overwrites default startup probe configuration) | +| customLivenessProbe | object | `{}` | Custom liveness probe (overwrites default liveness probe configuration) | +| customReadinessProbe | object | `{}` | Custom readiness probe (overwrites default readiness probe configuration) | +| resources | object | `{}` | Resource limits and requests | +| nodeSelector | object | `{}` | Deployment node selector | +| podAnnotations | object | `{}` | Additional pod annotations | +| podSecurityContext | object | `see values.yaml` | Pod security context | +| securityContext | object | `see values.yaml` | Container security context | +| env | list | `[]` | Additional container environmment variables | +| args | list | `[]` | Arguments for the container entrypoint process | +| serviceAccount.annotations | object | `{}` | Additional service account annotations | +| serviceAccount.create | bool | `false` | Enable service account creation | +| serviceAccount.name | string | `""` | Name of the service account | +| affinity | object | `{}` | | +| tolerations | list | `[]` | | +| podManagementPolicy | string | `"OrderedReady"` | Pod management policy | +| updateStrategyType | string | `"RollingUpdate"` | Pod update strategy | +| revisionHistoryLimit | int | `nil` | Maximum number of revisions maintained in revision history + +## Service paramters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| service.type | string | `"ClusterIP"` | Service type | +| service.port | int | `5432` | PostreSQL service port | +| service.nodePort | int | `nil` | The node port (only relevant for type LoadBalancer or NodePort) | +| service.clusterIP | string | `nil` | The cluster ip address (only relevant for type LoadBalancer or NodePort) | +| service.loadBalancerIP | string | `nil` | The load balancer ip address (only relevant for type LoadBalancer) | +| service.annotations | object | `{}` | Additional service annotations | + +## Storage parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| storage.accessModes[0] | string | `"ReadWriteOnce"` | Storage access mode | +| storage.persistentVolumeClaimName | string | `nil` | PVC name when existing storage volume should be used | +| storage.volumeName | string | `"postgres-data"` | Internal volume name and prefix of a created PVC | +| storage.requestedSize | string | `nil` | Size for new PVC, when no existing PVC is used | +| storage.className | string | `nil` | Storage class name | +## PostgreSQL parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| settings.authMethod | string | `nil` | Postgres database authentication method | +| settings.initDbArgs | string | `nil` | Optional init database arguments | +| settings.superuser | string | `nil` | Superuser name | +| settings.superuserPassword | string | `nil` | Password of superuser | +| userDatabase | object | `{}` | Optional PostgreSQL user database | +| userDatabase.name | string | `nil` | Name of the user database | +| userDatabase.user | string | `nil` | User name with full access to user database| +| userDatabase.password | string | `nil` | Password of created user | +| customConfig | string | `nil` | Optional custom configuration block that will be mounted as file in `/etc/postgresql/postgresql.conf` | +| extraEnvSecrets | list | `[]` | A list of existing secrets that will be mounted into the container as environment variables | +| extraSecretConfigs | string | `nil` | An existing secret with files that will be added to the postgres configuration in addition to `/etc/postgresql/postgresql.conf` | +| customScripts | object | `nil` | Optional custom scripts that can be defined inline and will be mounted as files in `/docker-entrypoint-initdb.d` | +| extraScripts | string | `nil` | An existing configMap with files that will be mounted into the container as script files (`*.sql`, `*.sh`) in `/docker-entrypoint-initdb.d` | +| extraSecrets | list | `[]` | A list of additional existing secrets that will be mounted into the container | +| extraSecrets[].name | string | `nil` | Name of the existing K8s secret | +| extraSecrets[].mountPath | string | `nil` | Mount path where the secret should be mounted into the container (f.e. /mysecretfolder) | diff --git a/charts/postgres/RELEASENOTES.md b/charts/postgres/RELEASENOTES.md new file mode 100644 index 00000000..95102f8c --- /dev/null +++ b/charts/postgres/RELEASENOTES.md @@ -0,0 +1,26 @@ +# Changelog + +| Chart version | App version | Change description | +| :------------ | :---------- | :----------------- | +| 0.2.16 | 13.5 | Fixes bug with wrong mounted customConfig #811 | +| 0.2.17 | 13.5 | Implemented support for extra secrets and advanced configuration capabilites | +| 0.2.18 | 13.5 | Implemented support for extra containers | +| 0.2.19 | 13.6 | Upgraded to Postgres 13.6 | +| 0.2.20 | 13.7 | Upgraded to Postgres 13.7 | +| 0.2.21 | 13.8 | Upgraded to Postgres 13.8 | +| 0.2.22 | 13.8 | Implemented support for custom inline init scripts and image.registry option | +| 0.2.23 | 13.9 | Upgraded to Postgres 13.9 | +| 0.3.4 | 14.1 | Fixes bug with wrong mounted customConfig #811 | +| 0.3.5 | 14.1 | Updated readme and release notes | +| 0.3.6 | 14.1 | Implemented support for extra secrets and advanced configuration capabilites | +| 0.3.7 | 14.1 | Implemented support for extra containers | +| 0.3.8 | 14.2 | Upgraded to Postgres 14.2 | +| 0.3.9 | 14.3 | Upgraded to Postgres 14.3 | +| 0.3.10 | 14.4 | Upgraded to Postgres 14.4 | +| 0.3.11 | 14.5 | Upgraded to Postgres 14.5 | +| 0.3.12 | 14.5 | Implemented support for custom inline init scripts | +| 0.3.13 | 14.5 | Implemented support for image.registry option | +| 0.3.14 | 14.6 | Upgraded to Postgres 14.6 | +| 0.4.0 | 15.0 | Upgraded to Postgres 15.0 | +| 0.4.1 | 15.1 | Upgraded to Postgres 15.1 | +| | | | diff --git a/charts/postgres/templates/_helpers.tpl b/charts/postgres/templates/_helpers.tpl new file mode 100644 index 00000000..95ede84e --- /dev/null +++ b/charts/postgres/templates/_helpers.tpl @@ -0,0 +1,71 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "postgres.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "postgres.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "postgres.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "postgres.labels" -}} +helm.sh/chart: {{ include "postgres.chart" . }} +{{ include "postgres.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "postgres.selectorLabels" -}} +app.kubernetes.io/name: {{ include "postgres.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "postgres.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "postgres.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Generate secret with configuration +*/}} +{{- define "postgres.createSecureConfig" -}} + {{- if or (or (.Values.settings.superuserPassword) (.Values.settings.superuser)) (.Values.userDatabase) }} +true + {{- end }} +{{- end }} diff --git a/charts/postgres/templates/customconfig.yaml b/charts/postgres/templates/customconfig.yaml new file mode 100644 index 00000000..0a7a209b --- /dev/null +++ b/charts/postgres/templates/customconfig.yaml @@ -0,0 +1,11 @@ +{{- if .Values.customConfig }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "postgres.fullname" . }}-customconfig + labels: + {{- include "postgres.labels" . | nindent 4 }} +data: + postgresql.conf: | + {{- .Values.customConfig | nindent 4 }} +{{- end }} diff --git a/charts/postgres/templates/customscripts.yaml b/charts/postgres/templates/customscripts.yaml new file mode 100644 index 00000000..ef1cfa1e --- /dev/null +++ b/charts/postgres/templates/customscripts.yaml @@ -0,0 +1,13 @@ +{{- if .Values.customScripts }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "postgres.fullname" . }}-customscripts + labels: + {{- include "postgres.labels" . | nindent 4 }} +data: + {{- range $name, $value := .Values.customScripts }} + {{- $name | nindent 2 }}: | + {{- $value | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/postgres/templates/scripts.yaml b/charts/postgres/templates/scripts.yaml new file mode 100644 index 00000000..8b95b790 --- /dev/null +++ b/charts/postgres/templates/scripts.yaml @@ -0,0 +1,42 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "postgres.fullname" . }}-scripts + labels: + {{- include "postgres.labels" . | nindent 4 }} +data: + 01-init-userdb.sh: | + #!/bin/sh + create_user() + { + psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" -v USERDBNAME="$POSTGRES_DB" -v USERDBUSER="$USERDB_USER" -v USERDBPASSWORD="'$USERDB_PASSWORD'" <<-EOSQL + CREATE USER :USERDBUSER WITH PASSWORD :USERDBPASSWORD; + GRANT ALL PRIVILEGES ON DATABASE :USERDBNAME TO :USERDBUSER; + EOSQL + } + set -e + if [ ! -z "$POSTGRES_DB" ] && [ ! -z "$USERDB_USER" ] && [ ! -z "$USERDB_PASSWORD" ]; then + create_user + fi + init.sh: | + #!/bin/sh + echo "Start initialization" + echo "Copy init-userdb script" + cp /initscripts/01-init-userdb.sh /scripts + if [ -d /extrascripts ]; then + echo "Copy extra scripts" + cp /extrascripts/* /scripts + fi + if [ -d /customscripts ]; then + echo "Copy custom scripts" + cp /customscripts/* /scripts + fi + if [ -d /customconfig ]; then + echo "Create postgres config" + cat /customconfig/* >>/configs/postgresql.conf + fi + if [ -d /extraconfigs ]; then + echo "Add extra configs to postgres config" + cat /extraconfigs/* >>/configs/postgresql.conf + fi + echo "Initialization done." diff --git a/charts/postgres/templates/secureconfig.yaml b/charts/postgres/templates/secureconfig.yaml new file mode 100644 index 00000000..8c3f5bf3 --- /dev/null +++ b/charts/postgres/templates/secureconfig.yaml @@ -0,0 +1,25 @@ +{{- if include "postgres.createSecureConfig" . }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "postgres.fullname" . }} + labels: + {{- include "postgres.labels" . | nindent 4 }} +type: Opaque +data: +{{- with .Values.settings }} + {{- if .superuser }} + POSTGRES_USER: {{ .superuser | b64enc }} + {{- end }} + {{- if .superuserPassword }} + POSTGRES_PASSWORD: {{ .superuserPassword | b64enc }} + {{- end }} +{{- end }} +{{- with .Values.userDatabase }} + POSTGRES_DB: {{ required "Values: userDatabase.name is mandatory if userDatabase is specified." .name | b64enc }} + {{- if .user }} + USERDB_USER: {{ .user | b64enc }} + USERDB_PASSWORD: {{ required "Values: userDatabase.password is mandatory if userDatabase.user is specified." .password | b64enc }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/postgres/templates/service.yaml b/charts/postgres/templates/service.yaml new file mode 100644 index 00000000..40ac0468 --- /dev/null +++ b/charts/postgres/templates/service.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "postgres.fullname" . }} + labels: + {{- include "postgres.labels" . | nindent 4 }} + {{- with .Values.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: postgres + protocol: TCP + name: postgres + {{- if and ( or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") ) (.Values.service.nodePort) }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (.Values.service.loadBalancerIP) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + selector: + {{- include "postgres.selectorLabels" . | nindent 4 }} diff --git a/charts/postgres/templates/serviceaccount.yaml b/charts/postgres/templates/serviceaccount.yaml new file mode 100644 index 00000000..2a5e3039 --- /dev/null +++ b/charts/postgres/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "postgres.serviceAccountName" . }} + labels: + {{- include "postgres.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/postgres/templates/statefulset.yaml b/charts/postgres/templates/statefulset.yaml new file mode 100644 index 00000000..e3a5469b --- /dev/null +++ b/charts/postgres/templates/statefulset.yaml @@ -0,0 +1,278 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "postgres.fullname" . }} + labels: + {{- include "postgres.labels" . | nindent 4 }} +spec: + replicas: 1 + {{- if .Values.revisionHistoryLimit }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + {{- end }} + serviceName: {{ include "postgres.fullname" . }} + podManagementPolicy: {{ .Values.podManagementPolicy }} + updateStrategy: + type: {{ .Values.updateStrategyType }} + selector: + matchLabels: + {{- include "postgres.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/customconfig: {{ include (print $.Template.BasePath "/customconfig.yaml") . | sha256sum }} + checksum/secureconfig: {{ include (print $.Template.BasePath "/secureconfig.yaml") . | sha256sum }} + checksum/customscripts: {{ include (print $.Template.BasePath "/customscripts.yaml") . | sha256sum }} + checksum/scripts: {{ include (print $.Template.BasePath "/scripts.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "postgres.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "postgres.serviceAccountName" . }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + initContainers: + - name: {{ .Chart.Name }}-init + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + {{- if .Values.extraScripts }} + - mountPath: /extrascripts + name: extrascripts-volume + {{- end }} + {{- if .Values.customScripts }} + - mountPath: /customscripts + name: customscripts-volume + {{- end }} + {{- if .Values.extraSecretConfigs }} + - mountPath: /extraconfigs + name: extraconfigs-volume + {{- end }} + {{- if .Values.customConfig }} + - mountPath: /customconfig + name: customconfig-volume + {{- end }} + - mountPath: /initscripts + name: initscripts + - mountPath: /scripts + name: scripts + - mountPath: /configs + name: configs + command: [ "/initscripts/init.sh" ] + {{- with .Values.extraInitContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: postgres + containerPort: 5432 + protocol: TCP + env: + - name: PGDATA + value: "/var/lib/postgresql/data/pg" + {{- if .Values.settings.authMethod }} + - name: POSTGRES_HOST_AUTH_METHOD + value: {{ .Values.settings.authMethod | quote }} + {{- end }} + {{- if .Values.settings.initDbArgs }} + - name: POSTGRES_INITDB_ARGS + value: {{ .Values.settings.initDbArgs | quote }} + {{- end }} + {{- with .Values.env }} + {{- toYaml . | nindent 12 }} + {{- end }} + envFrom: + {{- if include "postgres.createSecureConfig" . }} + - secretRef: + name: {{ include "postgres.fullname" . }} + {{- end }} + {{- range .Values.extraEnvSecrets }} + - secretRef: + name: {{ . }} + {{- end }} + {{- if .Values.customStartupProbe }} + startupProbe: + {{- toYaml .Values.customStartupProbe | nindent 12 }} + {{- else }} + {{- if .Values.startupProbe.enabled }} + startupProbe: + exec: + command: + - sh + - -c + - pg_isready -h localhost + {{- with .Values.startupProbe }} + initialDelaySeconds: {{ .initialDelaySeconds }} + timeoutSeconds: {{ .timeoutSeconds }} + failureThreshold: {{ .failureThreshold }} + successThreshold: {{ .successThreshold }} + periodSeconds: {{ .periodSeconds }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.customLivenessProbe }} + livenessProbe: + {{- toYaml .Values.customLivenessProbe | nindent 12 }} + {{- else }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - sh + - -c + - pg_isready -h localhost + {{- with .Values.livenessProbe }} + initialDelaySeconds: {{ .initialDelaySeconds }} + timeoutSeconds: {{ .timeoutSeconds }} + failureThreshold: {{ .failureThreshold }} + successThreshold: {{ .successThreshold }} + periodSeconds: {{ .periodSeconds }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.customReadinessProbe }} + readinessProbe: + {{- toYaml .Values.customReadinessProbe | nindent 12 }} + {{- else }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - sh + - -c + - pg_isready -h localhost + {{- with .Values.readinessProbe }} + initialDelaySeconds: {{ .initialDelaySeconds }} + timeoutSeconds: {{ .timeoutSeconds }} + failureThreshold: {{ .failureThreshold }} + successThreshold: {{ .successThreshold }} + periodSeconds: {{ .periodSeconds }} + {{- end }} + {{- end }} + {{- end }} + {{- with .Values.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.args }} + args: + {{- range .Values.args }} + - {{ . }} + {{- end }} + {{- end }} + volumeMounts: + - mountPath: /var/run + name: run + - mountPath: /tmp + name: tmp + - mountPath: /var/lib/postgresql/data + name: {{ .Values.storage.volumeName }} + - mountPath: /docker-entrypoint-initdb.d + name: scripts + - mountPath: /etc/postgresql + name: configs + {{- range $secret := .Values.extraSecrets }} + - name: {{ $secret.name }} + mountPath: {{ $secret.mountPath }} + {{- end }} + {{- with .Values.extraContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: run + emptyDir: {} + - name: tmp + emptyDir: {} + - name: scripts + emptyDir: {} + - name: configs + emptyDir: {} + - name: initscripts + configMap: + name: {{ include "postgres.fullname" . }}-scripts + defaultMode: 0555 + {{- if .Values.extraScripts }} + - name: extrascripts-volume + configMap: + name: {{ .Values.extraScripts }} + defaultMode: 0555 + {{- end }} + {{- if .Values.customScripts }} + - name: customscripts-volume + configMap: + name: {{ include "postgres.fullname" . }}-customscripts + defaultMode: 0555 + {{- end }} + {{- if .Values.extraSecretConfigs }} + - name: extraconfigs-volume + secret: + secretName: {{ .Values.extraSecretConfigs }} + {{- end }} + {{- if .Values.customConfig }} + - name: customconfig-volume + configMap: + name: {{ include "postgres.fullname" . }}-customconfig + {{- end }} + {{- range $secret := .Values.extraSecrets }} + - name: {{ $secret.name }} + secret: + secretName: {{ $secret.name }} + defaultMode: 0440 + {{- end }} +{{- with .Values.storage }} + {{- $createPvc := and (empty .persistentVolumeClaimName) .requestedSize }} + {{- if not $createPvc }} + - name: {{ .volumeName }} + {{- if .persistentVolumeClaimName }} + persistentVolumeClaim: + claimName: {{ .persistentVolumeClaimName }} + {{- else }} + emptyDir: {} + {{- end }} + {{- else }} + volumeClaimTemplates: + - metadata: + name: {{ .volumeName }} + spec: + {{- with .accessModes }} + accessModes: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- if .className }} + storageClassName: {{ .className }} + {{- end }} + resources: + requests: + storage: {{ .requestedSize }} + {{- end }} +{{- end }} diff --git a/charts/postgres/values.yaml b/charts/postgres/values.yaml new file mode 100644 index 00000000..91236011 --- /dev/null +++ b/charts/postgres/values.yaml @@ -0,0 +1,201 @@ +## Default values for PostgreSQL deployment + +## PostgreSQL docker image +image: + registry: "docker.io" + repository: "postgres" + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +## Pull secrets and name override options +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +## Optional service account +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +## Additional pod annotations +podAnnotations: {} + +## Pod management policy +podManagementPolicy: OrderedReady + +## Pod update strategy +updateStrategyType: RollingUpdate + +## Pod security context uses file system group 999 (postgres) +podSecurityContext: + fsGroup: 999 + +## Default security options to run PostgreSQL as non-root (postgres user), read only container without privilege escalation +securityContext: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsGroup: 999 + runAsUser: 999 + +## The postgres service configuration (Default is ClusterIP with port 5432) +service: + type: ClusterIP + port: 5432 + ## The node port (only relevant for type LoadBalancer or NodePort) + nodePort: + ## The cluster ip address (only relevant for type LoadBalancer or NodePort) + clusterIP: + ## The loadbalancer ip address (only relevant for type LoadBalancer) + loadBalancerIP: + # Annotations to add to the service + annotations: {} + +resources: + requests: + memory: 2Gi + cpu: 1000m + limits: + memory: 3Gi + cpu: 1000m + +## Additional node selector +nodeSelector: {} + +tolerations: [] + +affinity: {} + +## Maximum number of revisions maintained in revision history +revisionHistoryLimit: + +## Custom startup probe (overwrites default startup probe) +customStartupProbe: {} + +## Default startup check +startupProbe: + enabled: true + initialDelaySeconds: 10 + timeoutSeconds: 5 + failureThreshold: 30 + successThreshold: 1 + periodSeconds: 10 + +## Custom liveness probe (overwrites default liveness probe) +customLivenessProbe: {} + +## Default health check +livenessProbe: + enabled: true + initialDelaySeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + periodSeconds: 10 + +## Custom readiness probe (overwrites default readiness probe) +customReadinessProbe: {} + +## Default readiness probe +readinessProbe: + enabled: true + initialDelaySeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + periodSeconds: 10 + +## Extra init containers +extraInitContainers: [] + +## Extra containers for usage as sidecars +extraContainers: [] + +## Additional environment variables +env: [] + +## Arguments for the container entrypoint process +args: [] + +## Database configuration +settings: + ## The default postgres superuser (default when nothing is set: "postgres") + superuser: + + ## The superuser password + superuserPassword: + + ## Postgres database authentication method + ## For example: "md5" + authMethod: + + ## Optional init database arguments + ## For example: "--auth-local=md5" + initDbArgs: + +## Optional user database which is created during first startup with user and password +userDatabase: {} + ## Name of the user database + # name: + + ## Database user with full access rights + # user: + + ## Password of the database user + # password: + +## Optional custom configuration block that will be mounted as file in /etc/postgresql/postgresql.conf +## For more flexible options see extraSecretConfigs: section +customConfig: | + +## Optional custom scripts that can be defined inline and will be mounted as files in /docker-entrypoint-initdb.d +customScripts: {} +# 01-a-script.sh: | +# echo "hello" +# 02-another-script.sh: | +# echo "hello 2" + +## A list of existing secrets that will be mounted into the container as environment variables +## As an alternative these secrets can set the database superuser password or other options when settings.superuserPassword was not specified +## For example: Setting POSTGRES_DB, USERDB_USER, USERDB_PASSWORD will allow creating a user database and grant access for the given user +extraEnvSecrets: [] + +## An existing secret with files that will be added to the postgres configuration in addition to /etc/postgresql/postgresql.conf +extraSecretConfigs: + +## An existing configMap with files that will be mounted into the container as script files (*.sql, *.sh) in /docker-entrypoint-initdb.d +## For more details see https://hub.docker.com/_/postgres +extraScripts: + +## A list of additional existing secrets that will be mounted into the container +## The mounted files of the secrets can be used for advanced configuration - f.e. TLS +extraSecrets: [] + ## Name of the existing K8s secret +# - name: + ## Mount path where the secret should be mounted into the container (f.e. /mysecretfolder) +# mountPath: + +## Storage parameters +storage: + ## Set persistentVolumenClaimName to reference an existing PVC + persistentVolumeClaimName: + + ## Internal volume name and prefix of a created PVC + volumeName: "postgres" + + ## Alternative set requestedSize to define a size for a dynmaically created PVC + requestedSize: 20Gi + + ## the storage class name + className: + + ## Default access mode (ReadWriteOnce) + accessModes: + - ReadWriteOnce