# Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Default values for postgresql. # This is a YAML-formatted file. # Declare variables to be passed into your templates. --- release_group: null pod: security_context: prometheus_postgresql_exporter: pod: runAsUser: 65534 container: postgresql_exporter: readOnlyRootFilesystem: true allowPrivilegeEscalation: false server: pod: runAsUser: 999 # fsGroup used to allows cert file be witten to file. fsGroup: 999 allowPrivilegeEscalation: false readOnlyRootFilesystem: true container: set_volume_perms: runAsUser: 0 readOnlyRootFilesystem: true postgresql: readOnlyRootFilesystem: true allowPrivilegeEscalation: false postgresql_backup: pod: runAsUser: 65534 allowPrivilegeEscalation: false readOnlyRootFilesystem: true container: backup_perms: runAsUser: 0 readOnlyRootFilesystem: true postgresql_backup: runAsUser: 65534 readOnlyRootFilesystem: true allowPrivilegeEscalation: false create_user: pod: runAsUser: 65534 container: prometheus_postgresql_exporter_create_user: readOnlyRootFilesystem: true allowPrivilegeEscalation: false affinity: anti: type: default: preferredDuringSchedulingIgnoredDuringExecution topologyKey: default: kubernetes.io/hostname weight: default: 10 replicas: # only 1 replica currently supported server: 1 prometheus_postgresql_exporter: 1 lifecycle: upgrades: statefulsets: pod_replacement_strategy: OnDelete partition: 0 deployments: revision_history: 3 pod_replacement_strategy: RollingUpdate rolling_update: max_unavailable: 1 max_surge: 3 termination_grace_period: prometheus_postgresql_exporter: timeout: 30 server: timeout: 180 probes: server: postgresql: liveness: enabled: true params: initialDelaySeconds: 30 timeoutSeconds: 5 failureThreshold: 10 readiness: enabled: false params: initialDelaySeconds: 30 timeoutSeconds: 5 failureThreshold: 10 resources: enabled: false server: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" test: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" prometheus_postgresql_exporter: limits: memory: "1024Mi" cpu: "2000m" requests: memory: "128Mi" cpu: "500m" jobs: image_repo_sync: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" prometheus_postgresql_exporter_create_user: limits: memory: "1024Mi" cpu: "2000m" requests: memory: "128Mi" cpu: "100m" postgresql_backup: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" ks_user: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" # using dockerhub postgresql: https://hub.docker.com/r/library/postgres/tags/ images: tags: postgresql: "docker.io/library/postgres:9.6" dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0 image_repo_sync: docker.io/library/docker:17.07.0 ks_user: docker.io/openstackhelm/heat:stein-ubuntu_bionic prometheus_postgresql_exporter: docker.io/wrouesnel/postgres_exporter:v0.4.6 prometheus_postgresql_exporter_create_user: "docker.io/library/postgres:9.5" postgresql_backup: "quay.io/airshipit/porthole-postgresql-utility:latest-ubuntu_bionic" pull_policy: "IfNotPresent" local_registry: active: false exclude: - dep_check - image_repo_sync storage: pvc: enabled: true size: 5Gi class_name: general class_path: volume.beta.kubernetes.io/storage-class archive_pvc: size: 5Gi class_name: general class_path: volume.beta.kubernetes.io/storage-class host: host_path: /data/openstack-helm/postgresql mount: path: /var/lib/postgresql subpath: . archive: mount_path: /var/lib/archive archive_limit: 60 labels: server: node_selector_key: openstack-control-plane node_selector_value: enabled test: node_selectory_key: openstack-control-plane node_selector_value: enabled prometheus_postgresql_exporter: node_selector_key: openstack-control-plane node_selector_value: enabled job: node_selector_key: openstack-control-plane node_selector_value: enabled dependencies: dynamic: common: local_image_registry: jobs: - postgresql-image-repo-sync services: - endpoint: node service: local_image_registry static: postgresql_backup: jobs: - postgresql-ks-user services: - endpoint: internal service: postgresql tests: services: - endpoint: internal service: postgresql image_repo_sync: services: - endpoint: internal service: local_image_registry prometheus_postgresql_exporter_create_user: services: - endpoint: internal service: postgresql prometheus_postgresql_exporter: services: - endpoint: internal service: postgresql jobs: - prometheus-postgresql-exporter-create-user monitoring: prometheus: enabled: false postgresql_exporter: scrape: true volume: backup: enabled: true class_name: general size: 5Gi jobs: postgresql_backup: # activeDeadlineSeconds == 0 means no deadline activeDeadlineSeconds: 0 backoffLimit: 6 cron: "0 0 * * *" history: success: 3 failed: 1 ks_user: # activeDeadlineSeconds == 0 means no deadline activeDeadlineSeconds: 0 backoffLimit: 6 network_policy: postgresql: ingress: - {} egress: - {} conf: debug: false pg_hba: | host all all 127.0.0.1/32 trust host all all 0.0.0.0/0 md5 local all all trust postgresql: archive_mode: 'on' archive_command: 'test ! -f /var/lib/archive/%f && gzip < %p > /var/lib/archive/%f' cluster_name: 'postgresql' datestyle: 'iso, mdy' external_pid_file: '/tmp/postgres.pid' fsync: 'on' listen_addresses: '0.0.0.0' log_checkpoints: 'on' log_connections: 'on' log_disconnections: 'on' log_line_prefix: 'postgresql: %t [%p]: [%l-1] %c %x %d %u %a %h %m ' log_lock_waits: 'on' log_temp_files: '0' log_timezone: 'UTC' max_connections: '1000' max_locks_per_transaction: '64' max_prepared_transactions: '0' max_wal_senders: '16' max_worker_processes: '10' port: '5432' shared_buffers: '2GB' ssl: 'off' ssl_cert_file: '/server_certs/tls.crt' ssl_ca_file: '/server_certs/ca.crt' ssl_key_file: '/server_certs/tls.key' ssl_ciphers: 'TLSv1.2:!aNULL' tcp_keepalives_idle: '900' tcp_keepalives_interval: '100' timezone: 'UTC' track_commit_timestamp: 'on' track_functions: 'all' wal_keep_segments: '16' wal_level: 'hot_standby' wal_log_hints: 'on' hba_file: '/tmp/pg_hba.conf' ident_file: '/tmp/pg_ident.conf' backup: enabled: false base_path: /var/backup days_to_keep: 3 pg_dumpall_options: '--inserts --clean' remote_backup: enabled: false container_name: postgresql days_to_keep: 14 storage_policy: default-placement exporter: queries: pg_postmaster: query: "SELECT pg_postmaster_start_time as start_time_seconds from pg_postmaster_start_time()" master: true metrics: - start_time_seconds: usage: "GAUGE" description: "Time at which postmaster started" secrets: postgresql: admin: postgresql-admin exporter: postgresql-exporter audit: postgresql-audit backup_restore: postgresql-backup-restore tls: server: internal: postgresql-tls-direct identity: admin: keystone-admin-user postgresql: postgresql-backup-user endpoints: cluster_domain_suffix: cluster.local local_image_registry: name: docker-registry namespace: docker-registry hosts: default: localhost internal: docker-registry node: localhost host_fqdn_override: default: null port: registry: node: 5000 postgresql: auth: admin: username: postgres password: password exporter: username: psql_exporter password: psql_exp_pass audit: username: audit password: password hosts: default: postgresql host_fqdn_override: default: null path: null scheme: postgresql port: postgresql: default: 5432 postgresql_restapi: hosts: default: postgresql-restapi host_fqdn_override: default: null path: null scheme: postgresql port: restapi: default: 8008 prometheus_postgresql_exporter: namespace: null hosts: default: postgresql-exporter host_fqdn_override: default: null path: default: /metrics scheme: default: 'http' port: metrics: default: 9187 identity: name: backup-storage-auth namespace: openstack auth: admin: # Auth URL of null indicates local authentication # HTK will form the URL unless specified here auth_url: null region_name: RegionOne username: admin password: password project_name: admin user_domain_name: default project_domain_name: default postgresql: # Auth URL of null indicates local authentication # HTK will form the URL unless specified here auth_url: null role: admin region_name: RegionOne username: postgresql-backup-user password: password project_name: service user_domain_name: service project_domain_name: service hosts: default: keystone internal: keystone-api host_fqdn_override: default: null path: default: /v3 scheme: default: 'http' port: api: default: 80 internal: 5000 manifests: certificates: false configmap_bin: true configmap_etc: true job_image_repo_sync: true network_policy: false job_ks_user: false secret_admin: true secret_etc: true secret_audit: true secret_backup_restore: false service: true statefulset: true cron_job_postgresql_backup: false pvc_backup: false monitoring: prometheus: configmap_bin: true configmap_etc: true deployment_exporter: true job_user_create: true secret_etc: true service_exporter: true ...