diff --git a/postgresql/.helmignore b/postgresql/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/postgresql/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/postgresql/Chart.yaml b/postgresql/Chart.yaml new file mode 100644 index 000000000..2af412a4b --- /dev/null +++ b/postgresql/Chart.yaml @@ -0,0 +1,24 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: OpenStack-Helm PostgreSQL +name: postgresql +version: 0.1.0 +home: https://www.postgresql.org +sources: + - https://github.com/postgres/postgres + - https://git.openstack.org/cgit/openstack/openstack-helm +maintainers: + - name: OpenStack-Helm Authors diff --git a/postgresql/requirements.yaml b/postgresql/requirements.yaml new file mode 100644 index 000000000..00a045b4e --- /dev/null +++ b/postgresql/requirements.yaml @@ -0,0 +1,19 @@ + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/postgresql/templates/bin/_readiness.sh.tpl b/postgresql/templates/bin/_readiness.sh.tpl new file mode 100644 index 000000000..c8c6b269d --- /dev/null +++ b/postgresql/templates/bin/_readiness.sh.tpl @@ -0,0 +1,21 @@ +#!/usr/bin/env bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +pg_isready -U ${POSTGRES_USER} diff --git a/postgresql/templates/bin/_start.sh.tpl b/postgresql/templates/bin/_start.sh.tpl new file mode 100644 index 000000000..b00264d4d --- /dev/null +++ b/postgresql/templates/bin/_start.sh.tpl @@ -0,0 +1,21 @@ +#!/usr/bin/env bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +exec /docker-entrypoint.sh postgres -N {{ .Values.conf.postgresql.max_connections }} -B {{ .Values.conf.postgresql.shared_buffers }} diff --git a/postgresql/templates/configmap-bin.yaml b/postgresql/templates/configmap-bin.yaml new file mode 100644 index 000000000..76fcc74a1 --- /dev/null +++ b/postgresql/templates/configmap-bin.yaml @@ -0,0 +1,34 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +{{- $configMapBinName := printf "%s-%s" $envAll.Release.Name "etcd-bin" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: postgresql-bin +data: +{{- if .Values.images.local_registry.active }} + image-repo-sync.sh: | +{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} +{{- end }} + start.sh: | +{{ tuple "bin/_start.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + readiness.sh: | +{{ tuple "bin/_readiness.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} diff --git a/postgresql/templates/job-image-repo-sync.yaml b/postgresql/templates/job-image-repo-sync.yaml new file mode 100644 index 000000000..2a4780b8f --- /dev/null +++ b/postgresql/templates/job-image-repo-sync.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} +{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "postgresql" -}} +{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} +{{- end }} diff --git a/postgresql/templates/monitoring/prometheus/bin/_create-postgresql-exporter-user.sh.tpl b/postgresql/templates/monitoring/prometheus/bin/_create-postgresql-exporter-user.sh.tpl new file mode 100644 index 000000000..a797b3467 --- /dev/null +++ b/postgresql/templates/monitoring/prometheus/bin/_create-postgresql-exporter-user.sh.tpl @@ -0,0 +1,25 @@ +#!/bin/sh + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +psql "postgresql://${ADMIN_USER}:${ADMIN_PASSWORD}@${POSTGRESQL_HOST_PORT}?sslmode=disable" << EOF +CREATE USER ${EXPORTER_USER} WITH PASSWORD '${EXPORTER_PASSWORD}'; +ALTER USER ${EXPORTER_USER} SET SEARCH_PATH TO postgres_exporter,pg_catalog; +GRANT SELECT ON pg_stat_database TO ${EXPORTER_USER}; +EOF diff --git a/postgresql/templates/monitoring/prometheus/exporter-configmap-bin.yaml b/postgresql/templates/monitoring/prometheus/exporter-configmap-bin.yaml new file mode 100644 index 000000000..90d4311a5 --- /dev/null +++ b/postgresql/templates/monitoring/prometheus/exporter-configmap-bin.yaml @@ -0,0 +1,27 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.monitoring.prometheus.configmap_bin .Values.monitoring.prometheus.enabled }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: postgresql-exporter-bin +data: + create-postgresql-exporter-user.sh: | +{{ tuple "bin/_create-postgresql-exporter-user.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} diff --git a/postgresql/templates/monitoring/prometheus/exporter-deployment.yaml b/postgresql/templates/monitoring/prometheus/exporter-deployment.yaml new file mode 100644 index 000000000..c875a12cb --- /dev/null +++ b/postgresql/templates/monitoring/prometheus/exporter-deployment.yaml @@ -0,0 +1,54 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.monitoring.prometheus.deployment_exporter .Values.monitoring.prometheus.enabled }} +{{- $envAll := . }} +{{- $serviceAccountName := "prometheus-postgresql-exporter" }} +{{ tuple $envAll "prometheus_postgresql_exporter" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: prometheus-postgresql-exporter +spec: + replicas: {{ .Values.pod.replicas.prometheus_postgresql_exporter }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "prometheus_postgresql_exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + namespace: {{ .Values.endpoints.prometheus_postgresql_exporter.namespace }} + spec: + serviceAccountName: {{ $serviceAccountName }} + nodeSelector: + {{ .Values.labels.prometheus_postgresql_exporter.node_selector_key }}: {{ .Values.labels.prometheus_postgresql_exporter.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.prometheus_postgresql_exporter.timeout | default "30" }} + initContainers: +{{ tuple $envAll "prometheus_postgresql_exporter" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: postgresql-exporter +{{ tuple $envAll "prometheus_postgresql_exporter" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.prometheus_postgresql_exporter | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + ports: + - name: metrics + containerPort: {{ tuple "prometheus_postgresql_exporter" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + env: + - name: DATA_SOURCE_NAME + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.postgresql.exporter }} + key: DATA_SOURCE_NAME +{{- end }} diff --git a/postgresql/templates/monitoring/prometheus/exporter-job-create-user.yaml b/postgresql/templates/monitoring/prometheus/exporter-job-create-user.yaml new file mode 100644 index 000000000..73fabca3a --- /dev/null +++ b/postgresql/templates/monitoring/prometheus/exporter-job-create-user.yaml @@ -0,0 +1,78 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.monitoring.prometheus.job_user_create .Values.monitoring.prometheus.enabled }} +{{- $envAll := . }} + +{{- $serviceAccountName := "prometheus-postgresql-exporter-create-user" }} +{{ tuple $envAll "prometheus_postgresql_exporter_create_user" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: prometheus-postgresql-exporter-create-user +spec: + template: + metadata: + labels: +{{ tuple $envAll "prometheus_postgresql_exporter" "create_user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.prometheus_postgresql_exporter.node_selector_key }}: {{ .Values.labels.prometheus_postgresql_exporter.node_selector_value }} + initContainers: +{{ tuple $envAll "prometheus_postgresql_exporter_create_user" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: prometheus-postgresql-exporter-create-user +{{ tuple $envAll "prometheus_postgresql_exporter_create_user" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.prometheus_postgresql_exporter_create_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/create-postgresql-exporter-user.sh + env: + - name: EXPORTER_USER + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.postgresql.exporter }} + key: EXPORTER_USER + - name: EXPORTER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.postgresql.exporter }} + key: EXPORTER_PASSWORD + - name: ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.postgresql.admin }} + key: POSTGRES_USER + - name: ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.postgresql.admin }} + key: POSTGRES_PASSWORD + - name: POSTGRESQL_HOST_PORT + value: {{ tuple "postgresql" "internal" "postgresql" $envAll | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} + volumeMounts: + - name: postgresql-exporter-bin + mountPath: /tmp/create-postgresql-exporter-user.sh + subPath: create-postgresql-exporter-user.sh + readOnly: true + volumes: + - name: postgresql-exporter-bin + configMap: + name: postgresql-exporter-bin + defaultMode: 0555 +{{- end }} diff --git a/postgresql/templates/monitoring/prometheus/exporter-secrets-etc.yaml b/postgresql/templates/monitoring/prometheus/exporter-secrets-etc.yaml new file mode 100644 index 000000000..31f7d8cd1 --- /dev/null +++ b/postgresql/templates/monitoring/prometheus/exporter-secrets-etc.yaml @@ -0,0 +1,33 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.monitoring.prometheus.secret_etc .Values.monitoring.prometheus.enabled }} +{{- $envAll := . }} +{{- $exporter_user := .Values.endpoints.postgresql.auth.exporter.username }} +{{- $exporter_password := .Values.endpoints.postgresql.auth.exporter.password }} +{{- $db_host := tuple "postgresql" "internal" "postgresql" $envAll | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} +{{- $data_source_name := printf "postgresql://%s:%s@%s/postgres?sslmode=disable" $exporter_user $exporter_password $db_host }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.secrets.postgresql.exporter }} +type: Opaque +data: + DATA_SOURCE_NAME: {{ $data_source_name | b64enc }} + EXPORTER_USER: {{ $exporter_user | b64enc }} + EXPORTER_PASSWORD: {{ $exporter_password | b64enc }} +{{- end }} diff --git a/postgresql/templates/monitoring/prometheus/exporter-service.yaml b/postgresql/templates/monitoring/prometheus/exporter-service.yaml new file mode 100644 index 000000000..fc2c54b1d --- /dev/null +++ b/postgresql/templates/monitoring/prometheus/exporter-service.yaml @@ -0,0 +1,37 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.monitoring.prometheus.service_exporter .Values.monitoring.prometheus.enabled }} +{{- $envAll := . }} +{{- $prometheus_annotations := $envAll.Values.monitoring.prometheus.postgresql_exporter }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "prometheus_postgresql_exporter" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + labels: +{{ tuple $envAll "prometheus_postgresql_exporter" "metrics" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + annotations: +{{- if .Values.monitoring.prometheus.enabled }} +{{ tuple $prometheus_annotations | include "helm-toolkit.snippets.prometheus_service_annotations" | indent 4 }} +{{- end }} +spec: + ports: + - name: metrics + port: {{ tuple "prometheus_postgresql_exporter" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + selector: +{{ tuple $envAll "prometheus_postgresql_exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{- end }} diff --git a/postgresql/templates/secret-admin.yaml b/postgresql/templates/secret-admin.yaml new file mode 100644 index 000000000..998cb384e --- /dev/null +++ b/postgresql/templates/secret-admin.yaml @@ -0,0 +1,27 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_admin }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.secrets.postgresql.admin }} +type: Opaque +data: + POSTGRES_USER: {{ .Values.endpoints.postgresql.auth.admin.username | b64enc }} + POSTGRES_PASSWORD: {{ .Values.endpoints.postgresql.auth.admin.password | b64enc }} +{{- end }} diff --git a/postgresql/templates/service.yaml b/postgresql/templates/service.yaml new file mode 100644 index 000000000..7ad24b288 --- /dev/null +++ b/postgresql/templates/service.yaml @@ -0,0 +1,30 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "postgresql" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: db + port: {{ tuple "postgresql" "internal" "postgresql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + selector: +{{ tuple $envAll "postgresql" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} +{{- end }} diff --git a/postgresql/templates/statefulset.yaml b/postgresql/templates/statefulset.yaml new file mode 100644 index 000000000..b7a106a4f --- /dev/null +++ b/postgresql/templates/statefulset.yaml @@ -0,0 +1,113 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.statefulset }} +{{- $envAll := . }} + +{{- $serviceAccountName := "postgresql" }} +{{ tuple $envAll "postgresql" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: postgresql + labels: +{{ tuple $envAll "postgresql" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + serviceName: {{ tuple "postgresql" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + replicas: {{ .Values.pod.replicas.server }} + selector: + matchLabels: +{{ tuple $envAll "postgresql" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} + template: + metadata: + labels: +{{ tuple $envAll "postgresql" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + affinity: +{{ tuple $envAll "postgresql" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }} + initContainers: +{{ tuple $envAll "postgresql" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: postgresql +{{ tuple $envAll "postgresql" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + ports: + - containerPort: {{ tuple "postgresql" "internal" "postgresql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + env: + - name: 'POSTGRES_PASSWORD' + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.postgresql.admin }} + key: 'POSTGRES_PASSWORD' + - name: 'POSTGRES_USER' + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.postgresql.admin }} + key: 'POSTGRES_USER' + - name: 'PGDATA' + value: {{ .Values.storage.mount.path | quote }} + command: + - /tmp/start.sh + livenessProbe: + exec: + command: + - /tmp/readiness.sh + initialDelaySeconds: 20 + timeoutSeconds: 5 + readinessProbe: + exec: + command: + - /tmp/readiness.sh + initialDelaySeconds: 20 + timeoutSeconds: 5 + volumeMounts: + - name: postgresql-bin + mountPath: /tmp/start.sh + subPath: start.sh + readOnly: true + - name: postgresql-bin + mountPath: /tmp/readiness.sh + subPath: readiness.sh + readOnly: true + - name: postgresql-data + mountPath: {{ .Values.storage.mount.path }} + subPath: {{ .Values.storage.mount.subpath }} + volumes: + - name: postgresql-bin + configMap: + name: postgresql-bin + defaultMode: 0555 +{{- if not .Values.storage.pvc.enabled }} + - name: postgresql-data + hostPath: + path: {{ .Values.storage.host.host_path }} +{{- else }} + volumeClaimTemplates: + - metadata: + name: postgresql-data + annotations: + {{ .Values.storage.pvc.class_path }}: {{ .Values.storage.pvc.class_name }} + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: {{ .Values.storage.pvc.size }} +{{- end }} +{{- end }} diff --git a/postgresql/values.yaml b/postgresql/values.yaml new file mode 100644 index 000000000..2a52b0571 --- /dev/null +++ b/postgresql/values.yaml @@ -0,0 +1,214 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for postgresql. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +release_group: null + +pod: + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + replicas: + #only 1 replica currently supported + server: 1 + prometheus_postgresql_exporter: 1 + lifecycle: + upgrades: + deployments: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + termination_grace_period: + prometheus_postgresql_exporter: + timeout: 30 + resources: + enabled: false + server: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + prometheus_postgresql_exporter: + limits: + memory: "1024Mi" + cpu: "2000m" + requests: + memory: "128Mi" + cpu: "500m" + jobs: + image_repo_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + prometheus_postgresql_exporter_create_user: + limits: + memory: "1024Mi" + cpu: "2000m" + requests: + memory: "128Mi" + cpu: "100m" + +# using dockerhub postgresql: https://hub.docker.com/r/library/postgres/tags/ +images: + tags: + postgresql: "docker.io/postgres:9.5" + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 + image_repo_sync: docker.io/docker:17.07.0 + prometheus_postgresql_exporter: docker.io/wrouesnel/postgres_exporter:v0.4.6 + prometheus_postgresql_exporter_create_user: "docker.io/postgres:9.5" + pull_policy: "IfNotPresent" + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +storage: + pvc: + enabled: true + size: 5Gi + class_name: general + class_path: volume.beta.kubernetes.io/storage-class + host: + host_path: /data/openstack-helm/postgresql + mount: + path: /var/lib/postgresql/data + subpath: pgdata + +labels: + server: + node_selector_key: openstack-control-plane + node_selector_value: enabled + prometheus_postgresql_exporter: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +dependencies: + dynamic: + common: + local_image_registry: + jobs: + - postgresql-image-repo-sync + services: + - endpoint: node + service: local_image_registry + static: + postgresql: + jobs: null + image_repo_sync: + services: + - endpoint: internal + service: local_image_registry + prometheus_postgresql_exporter_create_user: + services: + - endpoint: internal + service: postgresql + prometheus_postgresql_exporter: + services: + - endpoint: internal + service: postgresql + jobs: + - prometheus-postgresql-exporter-create-user + +monitoring: + prometheus: + enabled: false + postgresql_exporter: + scrape: true + +conf: + postgresql: + max_connections: 100 + shared_buffers: 128MB + +secrets: + postgresql: + admin: postgresql-admin + exporter: postgresql-exporter + +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + postgresql: + auth: + admin: + username: postgres + password: password + exporter: + username: psql_exporter + password: psql_exp_pass + hosts: + default: postgresql + host_fqdn_override: + default: null + path: null + scheme: postgresql + port: + postgresql: + default: 5432 + prometheus_postgresql_exporter: + namespace: null + auth: + user: + username: exporter + password: password + hosts: + default: postgresql-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: 'http' + port: + metrics: + default: 9187 + +manifests: + configmap_bin: true + job_image_repo_sync: true + secret_admin: true + service: true + statefulset: true + monitoring: + prometheus: + configmap_bin: true + deployment_exporter: true + job_user_create: true + secret_etc: true + service_exporter: true