Chart/Dockerfile for Postgresql Utility Container
This postgresql utility container will help the operation user to perform the operations on postgresql server in the K8s Cluster. Change-Id: Ib6dc67f88e32b047531d0d07e5667ec7da73eb0f
This commit is contained in:
parent
449e7608b2
commit
c905ac41f9
19
charts/postgresql-utility/Chart.yaml
Normal file
19
charts/postgresql-utility/Chart.yaml
Normal file
@ -0,0 +1,19 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
|
||||
apiVersion: v1
|
||||
description: PostgreSQL Client
|
||||
name: postgresql-utility
|
||||
version: 0.1.0
|
19
charts/postgresql-utility/requirements.yaml
Normal file
19
charts/postgresql-utility/requirements.yaml
Normal file
@ -0,0 +1,19 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
|
||||
dependencies:
|
||||
- name: helm-toolkit
|
||||
repository: http://localhost:8879/charts
|
||||
version: 0.1.0
|
19
charts/postgresql-utility/templates/bin/_bootstrap.sh.tpl
Normal file
19
charts/postgresql-utility/templates/bin/_bootstrap.sh.tpl
Normal file
@ -0,0 +1,19 @@
|
||||
#!/bin/sh
|
||||
{{/*
|
||||
Copyright 2019 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
set -ex
|
||||
sudo ./tmp/start.sh
|
||||
tail -f /var/log/syslog
|
29
charts/postgresql-utility/templates/bin/_start.sh.tpl
Normal file
29
charts/postgresql-utility/templates/bin/_start.sh.tpl
Normal file
@ -0,0 +1,29 @@
|
||||
#!/bin/bash
|
||||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
set -ex
|
||||
sed -i 's/$PrivDropToUser syslog/$PrivDropToUser nobody/' /etc/rsyslog.conf
|
||||
/etc/init.d/rsyslog start
|
||||
{{/*
|
||||
These lines will disable extra handler, extra formatter, extra level to the
|
||||
root logger by oslo-rootwrap module, imported in _openstack-utility-rootwrap.tpl.
|
||||
These lines will get rid of duplicate logs, generated because of the formatter
|
||||
attached by oslo-rootwrap.
|
||||
*/}}
|
||||
sed -i "/rootwrap_logger.setLevel/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py
|
||||
sed -i "/handler.setFormatter/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py
|
||||
sed -i "/os.path.basename/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py
|
||||
sed -i "/rootwrap_logger.addHandler/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py
|
13
charts/postgresql-utility/templates/bin/_utilscli-sudo.tpl
Normal file
13
charts/postgresql-utility/templates/bin/_utilscli-sudo.tpl
Normal file
@ -0,0 +1,13 @@
|
||||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
nobody ALL=SETENV: NOPASSWD: /tmp/start.sh, /tmp/bootstrap.sh, /usr/local/bin/postgresql-utility-rootwrap /etc/postgresql/rootwrap.conf *
|
@ -0,0 +1,57 @@
|
||||
#!/usr/bin/python
|
||||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
# PBR Generated from u'console_scripts'
|
||||
import logging
|
||||
import os
|
||||
import sys
|
||||
|
||||
from oslo_rootwrap.cmd import main
|
||||
|
||||
exec_name = sys.argv[0]
|
||||
host_name = os.environ.get("HOSTNAME")
|
||||
log_level = {{.Values.conf.postgresqlrootwrap.DEFAULT.syslog_log_level | quote}}
|
||||
facility = {{.Values.conf.postgresqlrootwrap.DEFAULT.syslog_log_facility | quote}}
|
||||
|
||||
if "AUSER" in os.environ:
|
||||
user_id = os.environ["AUSER"]
|
||||
elif {{.Values.conf.utility.always_log_user | quote}} == 'true':
|
||||
user_id = 'development site'
|
||||
else:
|
||||
print("No username set in AUSER environment variable, " +
|
||||
"for security reasons access restricted from " +
|
||||
"connecting to container.")
|
||||
exit()
|
||||
|
||||
try:
|
||||
handler = logging.handlers.SysLogHandler(
|
||||
address='/dev/log', facility=facility)
|
||||
except IOError:
|
||||
print("Unable to setup logging, for security " +
|
||||
"reasons access restricted from connecting to container.")
|
||||
exit()
|
||||
|
||||
formatter = logging.Formatter(
|
||||
'%(asctime)s ' + host_name + ' ' +
|
||||
'%(levelname)s' + os.path.basename(exec_name) + ': ' +
|
||||
'ActualUser=' + user_id + ': %(message)s')
|
||||
handler.setFormatter(formatter)
|
||||
root = logging.getLogger()
|
||||
root.setLevel(log_level)
|
||||
root.addHandler(handler)
|
||||
|
||||
if __name__ == "__main__":
|
||||
sys.exit(main())
|
@ -0,0 +1,17 @@
|
||||
#!/bin/bash
|
||||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
script -f -a -q /var/log/syslog -c "sudo -E /usr/local/bin/postgresql-utility-rootwrap /etc/postgresql/rootwrap.conf $*"
|
28
charts/postgresql-utility/templates/configmap-bin.yaml
Normal file
28
charts/postgresql-utility/templates/configmap-bin.yaml
Normal file
@ -0,0 +1,28 @@
|
||||
{{- if and .Values.manifests.configmap_bin .Values.deployment.postgresql }}
|
||||
{{- $envAll := . }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ printf "%s-%s" $envAll.Release.Name "bin" }}
|
||||
data:
|
||||
{{- if .Values.images.local_registry.active }}
|
||||
image-repo-sync.sh: |
|
||||
{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.bootstrap.enabled }}
|
||||
bootstrap.sh: |
|
||||
{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
{{- end }}
|
||||
|
||||
start.sh: |
|
||||
{{ tuple "bin/_start.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
|
||||
postgresql-utility-rootwrap: |
|
||||
{{ tuple "bin/utility/_postgresql-utility-rootwrap.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
|
||||
utilscli: |
|
||||
{{ tuple "bin/utility/_utilscli.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
|
||||
{{- end }}
|
@ -0,0 +1,16 @@
|
||||
{{- if or (.Values.deployment.postgresql) (.Values.deployment.client_secrets) }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ printf "%s-%s" $envAll.Release.Name "etc" }}
|
||||
data:
|
||||
rootwrap.conf: |
|
||||
{{ include "helm-toolkit.utils.to_ini" .Values.conf.postgresqlrootwrap | indent 4 }}
|
||||
|
||||
postgresql-rootwrap-filter: |
|
||||
{{ include "helm-toolkit.utils.to_ini" .Values.conf.postgresqlfilter | indent 4 }}
|
||||
|
||||
{{- end }}
|
@ -0,0 +1,11 @@
|
||||
{{- if and .Values.manifests.configmap_etc_sudoers .Values.deployment.postgresql }}
|
||||
{{- $envAll := . }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ printf "%s-%s" $envAll.Release.Name "sudoers" }}
|
||||
data:
|
||||
utilscli-sudo: |
|
||||
{{ tuple "bin/_utilscli-sudo.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
{{- end }}
|
126
charts/postgresql-utility/templates/deployment-utility.yaml
Normal file
126
charts/postgresql-utility/templates/deployment-utility.yaml
Normal file
@ -0,0 +1,126 @@
|
||||
{{- if and .Values.manifests.deployment_utility ( and .Values.deployment.postgresql .Values.conf.features.utility) }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- $serviceAccountName := printf "%s" $envAll.Release.Name }}
|
||||
{{ tuple $envAll "utility" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- namespaces
|
||||
- persistentvolumeclaims
|
||||
- persistentvolumes
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ $serviceAccountName }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ $serviceAccountName }}
|
||||
namespace: {{ $envAll.Release.Namespace }}
|
||||
---
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1
|
||||
metadata:
|
||||
name: {{ printf "%s" $envAll.Release.Name }}
|
||||
annotations:
|
||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
||||
labels:
|
||||
{{ tuple $envAll "postgresql" "utility" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||
spec:
|
||||
replicas: {{ .Values.pod.replicas.utility }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{ tuple $envAll "postgresql" "utility" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
name: {{ printf "%s" $envAll.Release.Name }}
|
||||
labels:
|
||||
{{ tuple $envAll "postgresql" "utility" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
securityContext:
|
||||
runAsUser: 65534
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "postgresql" "utility" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
{{ .Values.labels.utility.node_selector_key }}: {{ .Values.labels.utility.node_selector_value }}
|
||||
containers:
|
||||
- name: {{ printf "%s" $envAll.Release.Name }}
|
||||
{{ tuple $envAll "postgresql_utility" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.postgresql_utility | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
command:
|
||||
- /tmp/bootstrap.sh
|
||||
volumeMounts:
|
||||
- name: postgresql-utility-bin
|
||||
mountPath: /tmp/bootstrap.sh
|
||||
subPath: bootstrap.sh
|
||||
readOnly: true
|
||||
- name: postgresql-utility-bin
|
||||
mountPath: /tmp/start.sh
|
||||
subPath: start.sh
|
||||
readOnly: true
|
||||
- name: postgresql-utility-bin
|
||||
mountPath: /usr/local/bin/utilscli
|
||||
subPath: utilscli
|
||||
readOnly: true
|
||||
- name: postgresql-utility-bin
|
||||
mountPath: /usr/local/bin/postgresql-utility-rootwrap
|
||||
subPath: postgresql-utility-rootwrap
|
||||
readOnly: true
|
||||
- name: postgresql-utility-sudoers
|
||||
mountPath: /etc/sudoers.d/utilscli-sudo
|
||||
subPath: utilscli-sudo
|
||||
readOnly: true
|
||||
- name: postgresql-etc
|
||||
mountPath: /etc/postgresql/postgresql.conf
|
||||
subPath: postgresql.conf
|
||||
readOnly: true
|
||||
- name: postgresql-client-admin-password
|
||||
mountPath: /opt/client-password
|
||||
subPath: key
|
||||
- name: postgresql-utility-etc
|
||||
mountPath: /etc/postgresql/rootwrap.d/postgresql-rootwrap.filter
|
||||
subPath: postgresql-rootwrap-filter
|
||||
readOnly: true
|
||||
- name: postgresql-utility-etc
|
||||
mountPath: /etc/postgresql/rootwrap.conf
|
||||
subPath: rootwrap.conf
|
||||
readOnly: true
|
||||
|
||||
volumes:
|
||||
- name: postgresql-utility-sudoers
|
||||
configMap:
|
||||
name: {{ printf "%s-%s" $envAll.Release.Name "sudoers" }}
|
||||
defaultMode: 0644
|
||||
- name: postgresql-utility-bin
|
||||
configMap:
|
||||
name: {{ printf "%s-%s" $envAll.Release.Name "bin" }}
|
||||
defaultMode: 0555
|
||||
- name: postgresql-utility-etc
|
||||
configMap:
|
||||
name: {{ printf "%s-%s" $envAll.Release.Name "etc" }}
|
||||
defaultMode: 0555
|
||||
- name: postgresql-etc
|
||||
configMap:
|
||||
name: {{ .Values.conf.postgresqlconf.etc }}
|
||||
defaultMode: 0600
|
||||
- name: postgresql-client-admin-password
|
||||
secret:
|
||||
secretName: {{ .Values.secrets.password.admin | quote }}
|
||||
defaultMode: 0600
|
||||
{{- end }}
|
169
charts/postgresql-utility/values.yaml
Normal file
169
charts/postgresql-utility/values.yaml
Normal file
@ -0,0 +1,169 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
|
||||
# Default values for postgresql-utility.
|
||||
# This is a YAML-formatted file.
|
||||
# Declare variables to be passed into your templates.
|
||||
|
||||
deployment:
|
||||
postgresql: true
|
||||
|
||||
release_group: null
|
||||
|
||||
images:
|
||||
pull_policy: IfNotPresent
|
||||
tags:
|
||||
postgresql_utility: 'quay.io/airshipit/porthole-postgresql-utility:latest-ubuntu_xenial'
|
||||
image_repo_sync: docker.io/docker:18.09.02
|
||||
local_registry:
|
||||
active: false
|
||||
exclude:
|
||||
- dep_check
|
||||
- image_repo_sync
|
||||
|
||||
labels:
|
||||
utility:
|
||||
node_selector_key: openstack-helm-node-class
|
||||
node_selector_value: primary
|
||||
|
||||
pod:
|
||||
dns_policy: "ClusterFirstWithHostNet"
|
||||
replicas:
|
||||
utility: 1
|
||||
affinity:
|
||||
anti:
|
||||
type:
|
||||
default: preferredDuringSchedulingIgnoredDuringExecution
|
||||
topologyKey:
|
||||
default: kubernetes.io/hostname
|
||||
resources:
|
||||
enabled: false
|
||||
utility:
|
||||
requests:
|
||||
memory: "100Mi"
|
||||
cpu: "250m"
|
||||
limits:
|
||||
memory: "250Mi"
|
||||
cpu: "500m"
|
||||
jobs:
|
||||
bootstrap:
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
image_repo_sync:
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
|
||||
secrets:
|
||||
password:
|
||||
admin: postgresql-admin
|
||||
|
||||
conf:
|
||||
features:
|
||||
utility: true
|
||||
postgresqlconf:
|
||||
etc: postgresql-etc
|
||||
postgresqlfilter:
|
||||
Filters:
|
||||
# postgresql-rootwrap command filters for postgresql utility container
|
||||
# This file should be owned by (and only-writeable by) the root user
|
||||
# Below are example command filters. access to postgresql cluster can be restricted by creating a user with less privilages
|
||||
psql: CommandFilter, psql, root
|
||||
kubectl: CommandFilter, kubectl, root
|
||||
postgresqlrootwrap:
|
||||
DEFAULT:
|
||||
# Configuration for postgresql-rootwrap
|
||||
# This file should be owned by (and only-writeable by) the root user
|
||||
# List of directories to load filter definitions from (separated by ',').
|
||||
# These directories MUST all be only writeable by root !
|
||||
filters_path: /etc/postgresql/rootwrap.d
|
||||
# List of directories to search executables in, in case filters do not
|
||||
# explicitely specify a full path (separated by ',')
|
||||
# If not specified, defaults to system PATH environment variable.
|
||||
# These directories MUST all be only writeable by root !
|
||||
exec_dirs: /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/tmp
|
||||
# Enable logging to syslog
|
||||
# Default value is False
|
||||
use_syslog: True
|
||||
# Which syslog facility to use.
|
||||
# Valid values include auth, authpriv, syslog, local0, local1...
|
||||
# Default value is 'syslog'
|
||||
syslog_log_facility: syslog
|
||||
# Which messages to log.
|
||||
# INFO means log all usage
|
||||
# ERROR means only log unsuccessful attempts
|
||||
syslog_log_level: INFO
|
||||
utility:
|
||||
# Set to true for development sites,
|
||||
# Set to false otherwise
|
||||
always_log_user: true
|
||||
|
||||
dependencies:
|
||||
dynamic:
|
||||
common:
|
||||
local_image_registry:
|
||||
jobs:
|
||||
- postgresql-utility-image-repo-sync
|
||||
services:
|
||||
- endpoint: node
|
||||
service: local_image_registry
|
||||
static:
|
||||
bootstrap:
|
||||
jobs: null
|
||||
postgresqlfs_client_key_generator:
|
||||
jobs: null
|
||||
namespace_client_key_cleaner:
|
||||
jobs: null
|
||||
namespace_client_key_generator:
|
||||
jobs: null
|
||||
image_repo_sync:
|
||||
services:
|
||||
- endpoint: internal
|
||||
service: local_image_registry
|
||||
|
||||
bootstrap:
|
||||
enabled: true
|
||||
|
||||
endpoints:
|
||||
cluster_domain_suffix: cluster.local
|
||||
local_image_registry:
|
||||
name: docker-registry
|
||||
namespace: docker-registry
|
||||
hosts:
|
||||
default: localhost
|
||||
internal: docker-registry
|
||||
node: localhost
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
port:
|
||||
registry:
|
||||
node: 5000
|
||||
|
||||
monitoring:
|
||||
prometheus:
|
||||
enabled: true
|
||||
|
||||
manifests:
|
||||
configmap_bin: true
|
||||
configmap_etc_client: true
|
||||
configmap_etc_sudoers: true
|
||||
deployment_utility: true
|
31
images/postgresql-utility/Dockerfile.ubuntu_xenial
Normal file
31
images/postgresql-utility/Dockerfile.ubuntu_xenial
Normal file
@ -0,0 +1,31 @@
|
||||
ARG FROM=ubuntu:16.04
|
||||
FROM ${FROM}
|
||||
|
||||
LABEL org.opencontainers.image.authors='airship-discuss@lists.airshipit.org, irc://#airshipit@freenode' \
|
||||
org.opencontainers.image.url='https://airshipit.org' \
|
||||
org.opencontainers.image.documentation='https://opendev.org/airship/porthole' \
|
||||
org.opencontainers.image.source='https://opendev.org/airship/porthole' \
|
||||
org.opencontainers.image.vendor='The Airship Authors' \
|
||||
org.opencontainers.image.licenses='Apache-2.0'
|
||||
|
||||
RUN set -xe && \
|
||||
export DEBIAN_FRONTEND=noninteractive && \
|
||||
sed -i '/nobody/d' /etc/passwd && \
|
||||
echo "nobody:x:65534:65534:nobody:/nonexistent:/bin/bash" >> /etc/passwd && \
|
||||
apt-get update && \
|
||||
apt-get install -y wget curl \
|
||||
apt-transport-https ca-certificates gnupg \
|
||||
bash \
|
||||
moreutils \
|
||||
postgresql-client \
|
||||
postgresql-common \
|
||||
python-oslo.rootwrap \
|
||||
python3-oslo.rootwrap \
|
||||
rsyslog \
|
||||
screen \
|
||||
sudo && \
|
||||
apt-get clean -y && \
|
||||
rm -rf /var/cache/debconf/* /var/lib/apt/lists/* \
|
||||
/var/log/* /tmp/* /var/tmp/*
|
||||
|
||||
CMD ["/bin/bash"]
|
67
images/postgresql-utility/README.md
Normal file
67
images/postgresql-utility/README.md
Normal file
@ -0,0 +1,67 @@
|
||||
# PostgreSQL Utility Container
|
||||
|
||||
## Prerequisites: Deploy Airship in a Bottle(AIAB)
|
||||
|
||||
## Installation
|
||||
|
||||
1. Add the below to /etc/sudoers
|
||||
|
||||
```
|
||||
root ALL=(ALL) NOPASSWD: ALL
|
||||
ubuntu ALL=(ALL) NOPASSWD: ALL
|
||||
```
|
||||
|
||||
2. Install the latest versions of Git, CA Certs & bundle & Make if necessary
|
||||
|
||||
```
|
||||
set -xe
|
||||
|
||||
sudo apt-get update
|
||||
sudo apt-get install --no-install-recommends -y \
|
||||
ca-certificates \
|
||||
git \
|
||||
make \
|
||||
jq \
|
||||
nmap \
|
||||
curl \
|
||||
uuid-runtime
|
||||
```
|
||||
|
||||
3. Deploy Porthole
|
||||
|
||||
```
|
||||
git clone https://opendev.org/airship/porthole
|
||||
```
|
||||
|
||||
4. Modify the test case test-postgresqlutility-running.yaml
|
||||
|
||||
## Testing
|
||||
|
||||
Get in to the utility pod using kubectl exec.
|
||||
To perform any operation on the ucp PostgreSQL cluster use the below example.
|
||||
|
||||
example:
|
||||
|
||||
```
|
||||
utilscli psql -h hostname -U username -d database
|
||||
psql -h hostaddress -U username -p port --password password
|
||||
|
||||
root@ubuntu:~# kubectl exec -it postgresql-655989696f-79246 -n utility /bin/bash
|
||||
nobody@postgresql-655989696f-79246:/$ utilscli psql -h <hostaddress> -U postgresadmin -p <portnumber> --password <password>
|
||||
Password for user postgresadmin:
|
||||
WARNING: psql major version 9.5, server major version 10.
|
||||
Some psql features might not work.
|
||||
Type "help" for help.
|
||||
|
||||
postgresdb=# \d
|
||||
List of relations
|
||||
Schema | Name | Type | Owner
|
||||
--------+------------------+----------+---------------
|
||||
public | company | table | postgresadmin
|
||||
public | role | table | postgresadmin
|
||||
public | role_role_id_seq | sequence | postgresadmin
|
||||
public | test | table | postgresadmin
|
||||
(4 rows)
|
||||
|
||||
postgresdb=#
|
||||
```
|
@ -19,6 +19,7 @@
|
||||
- airship-porthole-images-build-gate-ceph-utility
|
||||
- airship-porthole-images-build-gate-etcdctl-utility
|
||||
- airship-porthole-images-build-gate-mysqlclient-utility
|
||||
- airship-porthole-images-build-gate-postgresql-utility
|
||||
|
||||
gate:
|
||||
jobs:
|
||||
@ -26,12 +27,14 @@
|
||||
- airship-porthole-images-build-gate-ceph-utility
|
||||
- airship-porthole-images-build-gate-etcdctl-utility
|
||||
- airship-porthole-images-build-gate-mysqlclient-utility
|
||||
- airship-porthole-images-build-gate-postgresql-utility
|
||||
|
||||
post:
|
||||
jobs:
|
||||
- airship-porthole-images-publish-ceph-utility
|
||||
- airship-porthole-images-publish-etcdctl-utility
|
||||
- airship-porthole-images-publish-mysqlclient-utility
|
||||
- airship-porthole-images-publish-postgresql-utility
|
||||
|
||||
- nodeset:
|
||||
name: airship-porthole-single-node
|
||||
|
41
zuul.d/postgresql-utility.yaml
Normal file
41
zuul.d/postgresql-utility.yaml
Normal file
@ -0,0 +1,41 @@
|
||||
# Copyright 2019 AT&T Intellectual Property. All other rights reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# https://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- job:
|
||||
name: airship-porthole-images-build-gate-postgresql-utility
|
||||
parent: &parent airship-porthole-images
|
||||
vars:
|
||||
image_name: &image_name porthole-postgresql-utility
|
||||
distro_suffix: &distro_suffix ubuntu_xenial
|
||||
files:
|
||||
- ^charts/postgresql-utility/.*$
|
||||
- ^images/postgresql-utility/.*$
|
||||
- ^Makefile$
|
||||
- ^tools/.*$
|
||||
- ^zuul.d/.*$
|
||||
|
||||
- job:
|
||||
name: airship-porthole-images-publish-postgresql-utility
|
||||
parent: *parent
|
||||
secrets:
|
||||
- name: quay_credentials
|
||||
secret: quay_credentials
|
||||
pass-to-parent: true
|
||||
vars:
|
||||
image_name: *image_name
|
||||
distro_suffix: *distro_suffix
|
||||
publish: true
|
||||
tags:
|
||||
dynamic:
|
||||
commit: true
|
Loading…
x
Reference in New Issue
Block a user