Commit db96be89 authored by Will JALLET's avatar Will JALLET 💸

add psql chart

parent 043e2648
Pipeline #4530 passed with stage
in 8 seconds
name: postgresql
version: 0.18.0
appVersion: 9.6.2
description: Object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance.
keywords:
- postgresql
- postgres
- database
- sql
home: https://www.postgresql.org/
icon: https://www.postgresql.org/media/img/about/press/elephant.png
sources:
- https://github.com/kubernetes/charts
- https://github.com/docker-library/postgres
maintainers: []
engine: gotpl
This diff is collapsed.
PostgreSQL can be accessed via port 5432 on the following DNS name from within your cluster:
{{ template "postgresql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
{{- if .Values.existingSecret }}
If you have not already created the postgres admin secret:
kubectl create secret generic {{ .Values.existingSecret }} --namespace {{ .Release.Namespace }} --from-file=./postgres-password
{{ else }}
To get your user password run:
PGPASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }} -o jsonpath="{.data.postgres-password}" | base64 --decode; echo)
{{- end }}
To connect to your database run the following command (using the env variable from above):
kubectl run --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }}-client --restart=Never --rm --tty -i --image postgres \
--env "PGPASSWORD=$PGPASSWORD" \{{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
--labels="{{ template "postgresql.fullname" . }}-client=true" \{{- end }}
--command -- psql -U {{ default "postgres" .Values.postgresUser }} \
-h {{ template "postgresql.fullname" . }} {{ default "postgres" .Values.postgresDatabase }}
{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
Note: Since NetworkPolicy is enabled, only pods with label
{{ template "postgresql.fullname" . }}-client=true"
will be able to connect to this PostgreSQL cluster.
{{- end }}
To connect to your database directly from outside the K8s cluster:
{{- if contains "NodePort" .Values.service.type }}
PGHOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath='{.items[0].status.addresses[0].address}')
PGPORT=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }} -o jsonpath='{.spec.ports[0].nodePort}')
{{- else if contains "ClusterIP" .Values.service.type }}
PGHOST=127.0.0.1
PGPORT={{ default "5432" .Values.service.port }}
# Execute the following commands to route the connection:
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "postgresql.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME {{ default "5432" .Values.service.port }}:{{ default "5432" .Values.service.port }}
{{- end }}
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "postgresql.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "postgresql.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for networkpolicy.
*/}}
{{- define "postgresql.networkPolicy.apiVersion" -}}
{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}}
"extensions/v1beta1"
{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}}
"networking.k8s.io/v1"
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "postgresql.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Generate chart secret name
*/}}
{{- define "postgresql.secretName" -}}
{{ default (include "postgresql.fullname" .) .Values.existingSecret }}
{{- end -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "postgresql.fullname" . }}
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
{{- if .Values.metrics.customMetrics }}
custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | quote }}
{{- end }}
{{- if .Values.pgHbaConf }}
pg_hba.conf: {{ .Values.pgHbaConf | quote }}
{{- end }}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: {{ template "postgresql.fullname" . }}
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.deploymentAnnotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
{{- with .Values.strategy }}
strategy:
{{ toYaml . | indent 4 }}
{{- end }}
selector:
matchLabels:
app: {{ template "postgresql.name" . }}
release: {{ .Release.Name }}
strategy:
type: Recreate
template:
metadata:
labels:
app: {{ template "postgresql.name" . }}
release: {{ .Release.Name }}
{{- with .Values.podAnnotations }}
annotations:
{{ toYaml . | indent 8 }}
{{- end }}
spec:
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- end }}
containers:
- name: {{ template "postgresql.fullname" . }}
image: "{{ .Values.image }}:{{ .Values.imageTag }}"
imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }}
args:
{{- range $key, $value := default dict .Values.postgresConfig }}
- -c
- '{{ $key | snakecase }}={{ $value }}'
{{- end }}
{{- if .Values.pgHbaConf }}
- -c
- hba_file=/pg_hba/pg_hba.conf
{{- end }}
env:
- name: POSTGRES_USER
value: {{ default "postgres" .Values.postgresUser | quote }}
# Required for pg_isready in the health probes.
- name: PGUSER
value: {{ default "postgres" .Values.postgresUser | quote }}
- name: POSTGRES_DB
value: {{ default "" .Values.postgresDatabase | quote }}
- name: POSTGRES_INITDB_ARGS
value: {{ default "" .Values.postgresInitdbArgs | quote }}
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
{{- if .Values.usePasswordFile }}
- name: POSTGRES_PASSWORD_FILE
value: /conf/postgres-password
{{- else }}
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "postgresql.secretName" . }}
key: postgres-password
{{- end }}
- name: POD_IP
valueFrom: { fieldRef: { fieldPath: status.podIP } }
ports:
- name: postgresql
containerPort: 5432
livenessProbe:
exec:
command:
- sh
- -c
- exec pg_isready --host $POD_IP
initialDelaySeconds: {{ .Values.probes.liveness.initialDelay }}
timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }}
failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
readinessProbe:
exec:
command:
- sh
- -c
- exec pg_isready --host $POD_IP
initialDelaySeconds: {{ .Values.probes.readiness.initialDelay }}
timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }}
periodSeconds: {{ .Values.probes.readiness.periodSeconds }}
resources:
{{ toYaml .Values.resources | indent 10 }}
volumeMounts:
- name: data
mountPath: {{ .Values.persistence.mountPath }}
subPath: {{ .Values.persistence.subPath }}
{{- if .Values.usePasswordFile }}
- name: password-file
mountPath: /conf
readOnly: true
{{- end }}
{{- if .Values.pgHbaConf }}
- name: pg-hba-conf
mountPath: /pg_hba
readOnly: true
{{- end }}
{{- if .Values.metrics.enabled }}
- name: metrics
image: "{{ .Values.metrics.image }}:{{ .Values.metrics.imageTag }}"
imagePullPolicy: {{ default "" .Values.metrics.imagePullPolicy | quote }}
env:
- name: DATA_SOURCE_NAME
value: postgresql://{{ default "postgres" .Values.postgresUser }}@127.0.0.1:5432?sslmode=disable
ports:
- name: metrics
containerPort: 9187
{{- if .Values.metrics.customMetrics }}
args: ["-extend.query-path", "/conf/custom-metrics.yaml"]
volumeMounts:
- name: custom-metrics
mountPath: /conf
readOnly: true
{{- end }}
livenessProbe:
httpGet:
path: /metrics
port: metrics
readinessProbe:
httpGet:
path: /metrics
port: metrics
resources:
{{ toYaml .Values.metrics.resources | indent 10 }}
{{- end }}
volumes:
- name: data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (include "postgresql.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if and .Values.metrics.enabled .Values.metrics.customMetrics }}
- name: custom-metrics
valueFrom:
configMapKeyRef:
name: {{ template "postgresql.fullname" . }}
key: custom-metrics.yaml
{{- end }}
{{- if .Values.usePasswordFile }}
- name: password-file
secret:
secretName: {{ template "postgresql.secretName" . }}
items:
- key: postgres-password
path: postgres-password
{{- end }}
{{- if .Values.pgHbaConf }}
- name: pg-hba-conf
configMap:
name: {{ template "postgresql.fullname" . }}
items:
- key: pg_hba.conf
path: pg_hba.conf
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}
{{- end }}
{{- if .Values.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ template "postgresql.networkPolicy.apiVersion" . }}
metadata:
name: "{{ template "postgresql.fullname" . }}"
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
podSelector:
matchLabels:
app: {{ template "postgresql.name" . }}
release: {{ .Release.Name }}
ingress:
# Allow inbound connections
- ports:
- port: 5432
{{- if not .Values.networkPolicy.allowExternal }}
from:
- podSelector:
matchLabels:
{{ template "postgresql.fullname" . }}-client: "true"
{{- end }}
# Allow prometheus scrapes
- ports:
- port: 9187
{{- end }}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "postgresql.fullname" . }}
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
"helm.sh/resource-policy": {{ default "" .Values.persistence.resourcePolicy }}
{{- if .Values.persistence.annotations }}
{{ toYaml .Values.persistence.annotations | indent 4 }}
{{- end }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end -}}
{{- if not .Values.existingSecret }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "postgresql.fullname" . }}
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
type: Opaque
data:
{{ if .Values.postgresPassword }}
postgres-password: {{ .Values.postgresPassword | b64enc | quote }}
{{ else }}
postgres-password: {{ randAlphaNum 10 | b64enc | quote }}
{{ end }}
{{- end }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "postgresql.fullname" . }}
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.metrics.enabled }}
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9187"
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:
{{- if .Values.metrics.enabled }}
- name: metrics
port: 9187
targetPort: metrics
{{- end }}
- name: postgresql
port: {{ .Values.service.port }}
targetPort: postgresql
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
nodePort: {{ .Values.service.nodePort }}
{{- end }}
{{- if .Values.service.externalIPs }}
externalIPs:
{{ toYaml .Values.service.externalIPs | indent 4 }}
{{- end }}
selector:
app: {{ template "postgresql.name" . }}
release: {{ .Release.Name }}
## postgres image repository
image: "postgres"
## postgres image version
## ref: https://hub.docker.com/r/library/postgres/tags/
##
imageTag: "9.6.2"
## Specify a imagePullPolicy
## 'Always' if imageTag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
# imagePullPolicy:
## Specify imagePullSecrets
## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
##
# imagePullSecrets: myregistrykey
## Create a database user
## Default: postgres
# postgresUser:
## Default: random 10 character string
# postgresPassword:
## Inject postgresPassword via a volume mount instead of environment variable
usePasswordFile: false
## Use Existing secret instead of creating one
## It must have a postgres-password key containing the desired password
# existingSecret: 'secret'
## Create a database
## Default: the postgres user
# postgresDatabase:
## Specify initdb arguments, e.g. --data-checksums
## ref: https://github.com/docker-library/docs/blob/master/postgres/content.md#postgres_initdb_args
## ref: https://www.postgresql.org/docs/current/static/app-initdb.html
# postgresInitdbArgs:
## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
# schedulerName:
## Specify runtime config parameters as a dict, using camelCase, e.g.
## {"sharedBuffers": "500MB"}
## ref: https://www.postgresql.org/docs/current/static/runtime-config.html
# postgresConfig:
## Specify content for pg_hba.conf
## Default: do not create pg_hba.conf
# pgHbaConf: |-
# local all all trust
# host all all localhost trust
# host mydatabase mysuser 192.168.0.0/24 md5
## Persist data to a persistent volume
persistence:
enabled: true
resourcePolicy: # set resource-policy Helm annotation on PVC. Can be nil or "keep"
## A manually managed Persistent Volume and Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
# existingClaim:
## database data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
accessMode: ReadWriteOnce
size: 8Gi
subPath: "postgresql-db"
mountPath: /var/lib/postgresql/data/pgdata
# annotations: {}
metrics:
enabled: false
image: wrouesnel/postgres_exporter
imageTag: v0.4.6
imagePullPolicy: IfNotPresent
resources:
requests:
memory: 256Mi
cpu: 100m
## Define additional custom metrics
## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file
# customMetrics:
# pg_database:
# query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')"
# metrics:
# - name:
# usage: "LABEL"
# description: "Name of the database"
# - size_bytes:
# usage: "GAUGE"
# description: "Size of the database in bytes"
## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
requests:
memory: 256Mi
cpu: 100m
service:
type: ClusterIP
port: 5432
externalIPs: []
## Manually set NodePort value
## Requires service.type: NodePort
# nodePort:
networkPolicy:
## Enable creation of NetworkPolicy resources.
##
enabled: false
## The Policy model to apply. When set to false, only pods with the correct
## client label will have network access to the port PostgreSQL is listening
## on. When true, PostgreSQL will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## Node labels and tolerations for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
nodeSelector: {}
tolerations: []
affinity: {}
# Override default liveness & readiness probes
probes:
liveness:
initialDelay: 60
timeoutSeconds: 5
failureThreshold: 6
readiness:
initialDelay: 5
timeoutSeconds: 3
periodSeconds: 5
## Annotations for the deployment and nodes.
deploymentAnnotations: {}
podAnnotations: {}
## Deployment pods replace strategy
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
# strategy: {}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment