diff --git a/stable/postgresql/.helmignore b/stable/postgresql/.helmignore new file mode 100644 index 000000000000..acbcabf42a79 --- /dev/null +++ b/stable/postgresql/.helmignore @@ -0,0 +1,2 @@ +.git +OWNERS diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index 8ade0362564e..60d42e2329de 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,16 +1,19 @@ name: postgresql -version: 1.0.0 -appVersion: 9.6.2 -description: Object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. +version: 2.0.0 +appVersion: 10.5.0 +description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: - postgresql - postgres - database - sql +- replication +- cluster home: https://www.postgresql.org/ -icon: https://www.postgresql.org/media/img/about/press/elephant.png +icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-110x117.png sources: -- https://github.com/kubernetes/charts -- https://github.com/docker-library/postgres -maintainers: [] +- https://github.com/bitnami/bitnami-docker-postgresql +maintainers: +- name: Bitnami + email: containers@bitnami.com engine: gotpl diff --git a/stable/postgresql/OWNERS b/stable/postgresql/OWNERS new file mode 100644 index 000000000000..e74df3ff33c6 --- /dev/null +++ b/stable/postgresql/OWNERS @@ -0,0 +1,12 @@ +approvers: +- prydonius +- tompizmor +- sameersbn +- carrodher +- juan131 +reviewers: +- prydonius +- tompizmor +- sameersbn +- carrodher +- juan131 \ No newline at end of file diff --git a/stable/postgresql/README.md b/stable/postgresql/README.md index eee4a8b91cf2..355ba30b4402 100644 --- a/stable/postgresql/README.md +++ b/stable/postgresql/README.md @@ -1,27 +1,29 @@ # PostgreSQL -[PostgreSQL](https://postgresql.org) is a powerful, open source object-relational database system. It has more than 15 years of active development and a proven architecture that has earned it a strong reputation for reliability, data integrity, and correctness. +[PostgreSQL](https://www.postgresql.org/) is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. ## TL;DR; -```bash +```console $ helm install stable/postgresql ``` ## Introduction -This chart bootstraps a [PostgreSQL](https://github.com/docker-library/postgres) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. +This chart bootstraps a [PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. ## Prerequisites - Kubernetes 1.4+ with Beta APIs enabled -- PV provisioner support in the underlying infrastructure (Only when persisting data) +- PV provisioner support in the underlying infrastructure ## Installing the Chart To install the chart with the release name `my-release`: -```bash +```console $ helm install --name my-release stable/postgresql ``` @@ -33,7 +35,7 @@ The command deploys PostgreSQL on the Kubernetes cluster in the default configur To uninstall/delete the `my-release` deployment: -```bash +```console $ helm delete my-release ``` @@ -41,117 +43,178 @@ The command removes all the Kubernetes components associated with the chart and ## Configuration -The following table lists the configurable parameters of the PostgreSQL chart and their default values. - -| Parameter | Description | Default | -| ----------------------- | --------------------------------------------- | ---------------------------------------------------------- | -| `image` | `postgres` image repository | `postgres` | -| `imageTag` | `postgres` image tag | `9.6.2` | -| `imagePullPolicy` | Image pull policy | `Always` if `imageTag` is `latest`, else `IfNotPresent` | -| `imagePullSecrets` | Image pull secrets | `nil` | -| `postgresUser` | Username of new user to create. | `postgres` | -| `postgresPassword` | Password for the new user. | random 10 characters | -| `usePasswordFile` | Inject the password via file instead of env var | `false` | -| `postgresDatabase` | Name for new database to create. | `postgres` | -| `postgresInitdbArgs` | Initdb Arguments | `nil` | -| `schedulerName` | Name of an alternate scheduler | `nil` | -| `existingSecret` | Use Existing secret for Admin password | `nil` | -| `postgresConfig` | Runtime Config Parameters | `nil` | -| `pgHbaConf` | Content of pg\_hba.conf | `nil (do not create pg_hba.conf)` | -| `persistence.enabled` | Use a PVC to persist data | `true` | -| `persistence.existingClaim`| Provide an existing PersistentVolumeClaim | `nil` | -| `persistence.storageClass` | Storage class of backing PVC | `nil` (uses alpha storage class annotation) | -| `persistence.accessMode` | Use volume as ReadOnly or ReadWrite | `ReadWriteOnce` | -| `persistence.annotations` | Persistent Volume annotations | `{}` | -| `persistence.size` | Size of data volume | `8Gi` | -| `persistence.subPath` | Subdirectory of the volume to mount at | `postgresql-db` | -| `persistence.mountPath` | Mount path of data volume | `/var/lib/postgresql/data/pgdata` | -| `persistence.resourcePolicy` | set resource-policy Helm annotation on PVC. Can be nil or "keep" | `nil` | -| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `100m` | -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image` | Exporter image | `wrouesnel/postgres_exporter` | -| `metrics.imageTag` | Exporter image | `v0.1.1` | -| `metrics.imagePullPolicy` | Exporter image pull policy | `IfNotPresent` | -| `metrics.resources` | Exporter resource requests/limit | Memory: `256Mi`, CPU: `100m` | -| `metrics.customMetrics` | Additional custom metrics | `nil` | -| `service.externalIPs` | External IPs to listen on | `[]` | -| `service.port` | TCP port | `5432` | -| `service.type` | k8s service type exposing ports, e.g. `NodePort`| `ClusterIP` | -| `service.nodePort` | NodePort value if service.type is `NodePort` | `nil` | -| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | -| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `nodeSelector` | Node labels for pod assignment | {} | -| `affinity` | Affinity settings for pod assignment | {} | -| `tolerations` | Toleration labels for pod assignment | [] | +The following tables lists the configurable parameters of the PostgreSQL chart and their default values. + +| Parameter | Description | Default | +|----------------------------|-------------------------------------------|---------------------------------------------------------- | +| `image.registry` | PostgreSQL image registry | `docker.io` | +| `image.repository` | PostgreSQL Image name | `stable/postgresql` | +| `image.tag` | PostgreSQL Image tag | `{VERSION}` | +| `image.pullPolicy` | PostgreSQL image pull policy | `Always` | +| `image.pullSecrets` | Specify image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `image.debug` | Specify if debug values should be set | `false` | +| `replication.enabled` | Would you like to enable replication | `false` | +| `replication.user` | Replication user | `repl_user` | +| `replication.password` | Replication user password | `repl_password` | +| `replication.slaveReplicas`| Number of slaves replicas | `1` | +| `postgresqlUsername` | PostgreSQL admin user | `postgres` | +| `postgresqlPassword` | PostgreSQL admin password | _random 10 character alphanumeric string_ | +| `postgresqlDatabase` | PostgreSQL database | `nil` | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.port` | PostgreSQL port | `5432` | +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `nil` | +| `persistence.accessMode` | PVC Access Mode for PostgreSQL volume | `ReadWriteOnce` | +| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | +| `persistence.annotations` | Annotations for the PVC | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Toleration labels for pod assignment | `[]` | | `terminationGracePeriodSeconds` | Optional duration in seconds the pod needs to terminate gracefully | `nil` | -| `probes.liveness.initialDelay` | Liveness probe initial delay | `60` | -| `probes.liveness.timeoutSeconds` | Liveness probe timeout seconds | `5` | -| `probes.liveness.failureThreshold` | Liveness probe failure threshold | `6` | -| `probes.readiness.initialDelay` | Readiness probe initial delay | `5` | -| `probes.readiness.timeoutSeconds` | Readiness probe timeout seconds | `3` | -| `probes.readiness.failureThreshold` | Readiness probe failure threshold | `5` | -| `podAnnotations` | Annotations for the postgresql pod | {} | -| `deploymentAnnotations` | Annotations for the postgresql deployment | {} | -| `extraEnv` | Any extra environment variables you would like to pass on to the pod | {} | - -The above parameters map to the env variables defined in [postgres](http://github.com/docker-library/postgres). For more information please refer to the [postgres](http://github.com/docker-library/postgres) image documentation. +| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` | +| `securityContext.enabled` | Enable security context | `true` | +| `securityContext.fsGroup` | Group ID for the container | `1001` | +| `securityContext.runAsUser` | User ID for the container | `1001` | `livenessProbe.enabled` | would you like a livessProbed to be enabled | `true` | +| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | +| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | +| `livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | +| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | +| `readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 5 | +| `readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `readinessProbe.timeoutSeconds` | When the probe times out | 5 | +| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `metrics.enabled` | Start a prometheus exporter | `false` | +| `metrics.service.type` | Kubernetes Service type | `ClusterIP` | +| `metrics.service.annotatios` | Additional annotations for metrics exporter pod | `{}` | +| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` | +| `metrics.image.registry` | PostgreSQL image registry | `docker.io` | +| `metrics.image.repository` | PostgreSQL Image name | `wrouesnel/postgres_exporter` | +| `metrics.image.tag` | PostgreSQL Image tag | `{VERSION}` | +| `metrics.image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `extraEnv` | Any extra environment variables you would like to pass on to the pod | {} | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, -```bash +```console $ helm install --name my-release \ - --set postgresUser=my-user,postgresPassword=secretpassword,postgresDatabase=my-database \ + --set postgresqlPassword=secretpassword,postgresqlDatabase=my-database \ stable/postgresql ``` -The above command creates a PostgreSQL user named `my-user` with password `secretpassword`. Additionally it creates a database named `my-database`. +The above command sets the PostgreSQL `postgres` account password to `secretpassword`. Additionally it creates a database named `my-database`. Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, -```bash +```console $ helm install --name my-release -f values.yaml stable/postgresql ``` > **Tip**: You can use the default [values.yaml](values.yaml) -## Persistence +### postgresql.conf file as configMap + +Instead of using specific variables for the PostgreSQL configuration, this helm chart also supports to customize the whole configuration file. + +Add your custom file to "files/postgresql.conf" in your working directory. This file will be mounted as configMap to the containers and it will be used for configuring the PostgreSQL server. + +## Initialize a fresh instance -The [postgres](https://github.com/docker-library/postgres) image stores the PostgreSQL data and configurations at the `/var/lib/postgresql/data/pgdata` path of the container. +The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. -The chart mounts a [Persistent Volume](http://kubernetes.io/docs/user-guide/persistent-volumes/) at this location. The volume is created using dynamic volume provisioning. If the PersistentVolumeClaim should not be managed by the chart, define `persistence.existingClaim`. +The allowed extensions are `.sh`, `.sql` and `.sql.gz`. -Note: When using persistence ensure that you either provide a `postgresPassword` or use `existingSecret`, otherwise `helm update` will generate a new random password which is ignored by postgres. That will cause confusing behaviour especially if services depend on the secret +## Production and horizontal scaling -### Existing PersistentVolumeClaims +The following repo contains the recommended production settings for PostgreSQL server in an alternative [values file](values-production.yaml). Please read carefully the comments in the values-production.yaml file to set up your environment -1. Create the PersistentVolume -1. Create the PersistentVolumeClaim -1. Install the chart -```bash -$ helm install --set persistence.existingClaim=PVC_NAME postgresql +To horizontally scale this chart, first download the [values-production.yaml](values-production.yaml) file to your local folder, then: + +```console +$ helm install --name my-release -f ./values-production.yaml stable/postgresql +$ kubectl scale statefulset my-postgresql-slave --replicas=3 ``` -The volume defaults to mount at a subdirectory of the volume instead of the volume root to avoid the volume's hidden directories from interfering with `initdb`. If you are upgrading this chart from before version `0.4.0`, set `persistence.subPath` to `""`. +## Persistence + +The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container. + +Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. +See the [Configuration](#configuration) section to configure the PVC or to disable persistence. ## Metrics + The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details. ## NetworkPolicy -To enable network policy for PostgreSQL, -install [a networking plugin that implements the Kubernetes -NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), -and set `networkPolicy.enabled` to `true`. +To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. -For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting -the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: +For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: - kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" +```console +$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" +``` With NetworkPolicy enabled, traffic will be limited to just port 5432. -For more precise policy, set `networkPolicy.allowExternal=false`. This will -only allow pods with the generated client label to connect to PostgreSQL. +For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL. This label will be displayed in the output of a successful install. + +## Upgrade + +In order to upgrade from the `0.X.X` branch to `1.X.X`, you should follow the below steps: + + - Obtain the service name (`SERVICE_NAME`) and password (`OLD_PASSWORD`) of the existing postgresql chart. You can find the instructions to obtain the password in the NOTES.txt, the service name can be obtained by running + + ```console +$ kubectl get svc + ``` + +- Install (not upgrade) the new version + +```console +$ helm repo update +$ helm install --name my-release stable/postgresql +``` + +- Connect to the new pod (you can obtain the name by running `kubectl get pods`): + +```console +$ kubectl exec -it NAME bash +``` + +- Once logged in, create a dump file from the previous database using `pg_dump`, for that we should connect to the previous postgresql chart: + +```console +$ pg_dump -h SERVICE_NAME -U postgres DATABASE_NAME > /tmp/backup.sql +``` + +After run above command you should be prompted for a password, this password is the previous chart password (`OLD_PASSWORD`). +This operation could take some time depending on the database size. + +- Once you have the backup file, you can restore it with a command like the one below: + +```console +$ psql -U postgres DATABASE_NAME < /tmp/backup.sql +``` + +In this case, you are accessing to the local postgresql, so the password should be the new one (you can find it in NOTES.txt). + +If you want to restore the database and the database schema does not exist, it is necessary to first follow the steps described below. + +```console +$ psql -U postgres +postgres=# drop database DATABASE_NAME; +postgres=# create database DATABASE_NAME; +postgres=# create user USER_NAME; +postgres=# alter role USER_NAME with password 'BITNAMI_USER_PASSWORD'; +postgres=# grant all privileges on database DATABASE_NAME to USER_NAME; +postgres=# alter database DATABASE_NAME owner to USER_NAME; +``` diff --git a/stable/postgresql/files/README.md b/stable/postgresql/files/README.md new file mode 100644 index 000000000000..1813a2feaaf1 --- /dev/null +++ b/stable/postgresql/files/README.md @@ -0,0 +1 @@ +Copy here your postgresql.conf and/or pg_hba.conf files to use it as a config map. diff --git a/stable/postgresql/files/docker-entrypoint-initdb.d/README.md b/stable/postgresql/files/docker-entrypoint-initdb.d/README.md new file mode 100644 index 000000000000..cba38091e0f4 --- /dev/null +++ b/stable/postgresql/files/docker-entrypoint-initdb.d/README.md @@ -0,0 +1,3 @@ +You can copy here your custom `.sh`, `.sql` or `.sql.gz` file so they are executed during the first boot of the image. + +More info in the [bitnami-docker-postgresql](https://github.com/bitnami/bitnami-docker-postgresql#initializing-a-new-instance) repository. \ No newline at end of file diff --git a/stable/postgresql/templates/NOTES.txt b/stable/postgresql/templates/NOTES.txt index c5753a5dd76b..3b157d27b720 100644 --- a/stable/postgresql/templates/NOTES.txt +++ b/stable/postgresql/templates/NOTES.txt @@ -1,41 +1,58 @@ -PostgreSQL can be accessed via port 5432 on the following DNS name from within your cluster: -{{ template "postgresql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local +{{- if contains .Values.service.type "LoadBalancer" }} +{{- if not .Values.postgresqlPassword }} +------------------------------------------------------------------------------- + WARNING -{{- if .Values.existingSecret }} -If you have not already created the postgres admin secret: + By specifying "serviceType=LoadBalancer" and not specifying "postgresqlPassword" + you have most likely exposed the PostgreSQL service externally without any + authentication mechanism. - kubectl create secret generic {{ .Values.existingSecret }} --namespace {{ .Release.Namespace }} --from-file=./postgres-password -{{ else }} -To get your user password run: + For security reasons, we strongly suggest that you switch to "ClusterIP" or + "NodePort". As an alternative, you can also specify a valid password on the + "postgresqlPassword" parameter. - PGPASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }} -o jsonpath="{.data.postgres-password}" | base64 --decode; echo) +------------------------------------------------------------------------------- +{{- end }} {{- end }} -To connect to your database run the following command (using the env variable from above): +** Please be patient while the chart is being deployed ** + +PostgreSQL can be accessed via port 5432 on the following DNS name from within your cluster: + + {{ template "postgresql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + +To get the password for "{{ .Values.postgresqlUsername }}" run: + + export POSTGRESQL_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }} -o jsonpath="{.data.postgresql-password}" | base64 --decode) - kubectl run --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }}-client --restart=Never --rm --tty -i --image postgres \ - --env "PGPASSWORD=$PGPASSWORD" \{{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} - --labels="{{ template "postgresql.fullname" . }}-client=true" \{{- end }} - --command -- psql -U {{ default "postgres" .Values.postgresUser }} \ - -h {{ template "postgresql.fullname" . }} {{ default "postgres" .Values.postgresDatabase }} +To connect to your database run the following command: + + kubectl run {{ template "postgresql.fullname" . }}-client --rm --tty -i --image bitnami/postgresql --env="PGPASSWORD=$POSTGRESQL_PASSWORD" {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} + --labels="{{ template "postgresql.fullname" . }}-client=true" {{- end }} --command -- psql --host {{ template "postgresql.fullname" . }} -U {{ .Values.postgresqlUsername }} {{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} -Note: Since NetworkPolicy is enabled, only pods with label -{{ template "postgresql.fullname" . }}-client=true" -will be able to connect to this PostgreSQL cluster. +Note: Since NetworkPolicy is enabled, only pods with label {{ template "postgresql.fullname" . }}-client=true" will be able to connect to this PostgreSQL cluster. {{- end }} -To connect to your database directly from outside the K8s cluster: - {{- if contains "NodePort" .Values.service.type }} - PGHOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath='{.items[0].status.addresses[0].address}') - PGPORT=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }} -o jsonpath='{.spec.ports[0].nodePort}') +To connect to your database from outside the cluster execute the following commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "postgresql.fullname" . }}) + {{ if .Values.postgresqlPassword }}PGPASSWORD={{ .Values.postgresqlPassword}} "{{- end }}psql --host $NODE_IP --port $NODE_PORT -U {{ .Values.postgresqlUsername }} + +{{- else if contains "LoadBalancer" .Values.service.type }} - {{- else if contains "ClusterIP" .Values.service.type }} - PGHOST=127.0.0.1 - PGPORT={{ default "5432" .Values.service.port }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "postgresql.fullname" . }}' - # Execute the following commands to route the connection: - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "postgresql.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME {{ default "5432" .Values.service.port }}:{{ default "5432" .Values.service.port }} + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }} --template "{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}") + {{ if .Values.postgresqlPassword }}PGPASSWORD={{ .Values.postgresqlPassword}} "{{- end }}psql --host $SERVICE_IP --port {{ .Values.service.port }} -U {{ .Values.postgresqlUsername }} - {{- end }} +{{- else if contains "ClusterIP" .Values.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "postgresql.fullname" . }} 5432:5432 & + {{ if .Values.postgresqlPassword }}PGPASSWORD={{ .Values.postgresqlPassword}} "{{- end }}psql --host 127.0.0.1 -U {{ .Values.postgresqlUsername }} + +{{- end }} diff --git a/stable/postgresql/templates/_helpers.tpl b/stable/postgresql/templates/_helpers.tpl index 3e6431d7dbf2..76f5a17733b7 100644 --- a/stable/postgresql/templates/_helpers.tpl +++ b/stable/postgresql/templates/_helpers.tpl @@ -9,18 +9,22 @@ Expand the name of the chart. {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. */}} {{- define "postgresql.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} {{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "postgresql.master.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if .Values.replication.enabled -}} +{{- printf "%s-%s-%s" .Release.Name $name "master" | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- end -}} @@ -43,8 +47,19 @@ Create chart name and version as used by the chart label. {{- end -}} {{/* -Generate chart secret name +Return the proper PostgreSQL image name +*/}} +{{- define "postgresql.image" -}} +{{- $registryName := default "docker.io" .Values.image.registry -}} +{{- $tag := default "latest" .Values.image.tag | toString -}} +{{- printf "%s/%s:%s" $registryName .Values.image.repository $tag -}} +{{- end -}} + +{{/* +Return the proper PostgreSQL metrics image name */}} -{{- define "postgresql.secretName" -}} -{{ default (include "postgresql.fullname" .) .Values.existingSecret }} +{{- define "metrics.image" -}} +{{- $registryName := default "docker.io" .Values.metrics.image.registry -}} +{{- $tag := default "latest" .Values.metrics.image.tag | toString -}} +{{- printf "%s/%s:%s" $registryName .Values.metrics.image.repository $tag -}} {{- end -}} diff --git a/stable/postgresql/templates/configmap.yaml b/stable/postgresql/templates/configmap.yaml index 5c739ca538ae..2cc9b48d085a 100644 --- a/stable/postgresql/templates/configmap.yaml +++ b/stable/postgresql/templates/configmap.yaml @@ -1,16 +1,18 @@ +{{ if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") }} apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "postgresql.fullname" . }} + name: {{ template "postgresql.fullname" . }}-configuration labels: app: {{ template "postgresql.name" . }} chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} data: - {{- if .Values.metrics.customMetrics }} - custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | quote }} - {{- end }} - {{- if .Values.pgHbaConf }} - pg_hba.conf: {{ .Values.pgHbaConf | quote }} - {{- end }} +{{- if (.Files.Glob "files/postgresql.conf") }} +{{ (.Files.Glob "files/postgresql.conf").AsConfig | indent 2 }} +{{- end }} +{{- if (.Files.Glob "files/pg_hba.conf") }} +{{ (.Files.Glob "files/pg_hba.conf").AsConfig | indent 2 }} +{{- end }} +{{ end }} diff --git a/stable/postgresql/templates/deployment.yaml b/stable/postgresql/templates/deployment.yaml deleted file mode 100644 index fe6914b8220e..000000000000 --- a/stable/postgresql/templates/deployment.yaml +++ /dev/null @@ -1,196 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- with .Values.deploymentAnnotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- with .Values.strategy }} - strategy: -{{ toYaml . | indent 4 }} -{{- end }} - selector: - matchLabels: - app: {{ template "postgresql.name" . }} - release: {{ .Release.Name }} - strategy: - type: Recreate - template: - metadata: - labels: - app: {{ template "postgresql.name" . }} - release: {{ .Release.Name }} -{{- with .Values.podAnnotations }} - annotations: -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} - {{- end }} - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} - {{- if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - containers: - - name: {{ template "postgresql.fullname" . }} - image: "{{ .Values.image }}:{{ .Values.imageTag }}" - imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }} - args: - {{- range $key, $value := default dict .Values.postgresConfig }} - - -c - - '{{ $key | snakecase }}={{ $value }}' - {{- end }} - {{- if .Values.pgHbaConf }} - - -c - - hba_file=/pg_hba/pg_hba.conf - {{- end }} - env: - - name: POSTGRES_USER - value: {{ default "postgres" .Values.postgresUser | quote }} - # Required for pg_isready in the health probes. - - name: PGUSER - value: {{ default "postgres" .Values.postgresUser | quote }} - - name: POSTGRES_DB - value: {{ default "" .Values.postgresDatabase | quote }} - - name: POSTGRES_INITDB_ARGS - value: {{ default "" .Values.postgresInitdbArgs | quote }} - - name: PGDATA - value: /var/lib/postgresql/data/pgdata - {{- if .Values.usePasswordFile }} - - name: POSTGRES_PASSWORD_FILE - value: /conf/postgres-password - {{- else }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgres-password - {{- end }} - - name: POD_IP - valueFrom: { fieldRef: { fieldPath: status.podIP } } -{{- if .Values.extraEnv }} -{{ toYaml .Values.extraEnv | indent 8 }} -{{- end }} - ports: - - name: postgresql - containerPort: 5432 - livenessProbe: - exec: - command: - - sh - - -c - - exec pg_isready --host $POD_IP - initialDelaySeconds: {{ .Values.probes.liveness.initialDelay }} - timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }} - failureThreshold: {{ .Values.probes.liveness.failureThreshold }} - readinessProbe: - exec: - command: - - sh - - -c - - exec pg_isready --host $POD_IP - initialDelaySeconds: {{ .Values.probes.readiness.initialDelay }} - timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }} - periodSeconds: {{ .Values.probes.readiness.periodSeconds }} - resources: -{{ toYaml .Values.resources | indent 10 }} - volumeMounts: - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- if .Values.usePasswordFile }} - - name: password-file - mountPath: /conf - readOnly: true - {{- end }} - {{- if .Values.pgHbaConf }} - - name: pg-hba-conf - mountPath: /pg_hba - readOnly: true - {{- end }} -{{- if .Values.metrics.enabled }} - - name: metrics - image: "{{ .Values.metrics.image }}:{{ .Values.metrics.imageTag }}" - imagePullPolicy: {{ default "" .Values.metrics.imagePullPolicy | quote }} - env: - - name: DATA_SOURCE_NAME - value: postgresql://{{ default "postgres" .Values.postgresUser }}@127.0.0.1:5432?sslmode=disable - {{- if .Values.metrics.customMetrics }} - - name: PG_EXPORTER_EXTEND_QUERY_PATH - value: /conf/custom-metrics.yaml - {{- end }} - ports: - - name: metrics - containerPort: 9187 - {{- if .Values.metrics.customMetrics }} - volumeMounts: - - name: custom-metrics - mountPath: /conf - readOnly: true - {{- end }} - livenessProbe: - httpGet: - path: /metrics - port: metrics - readinessProbe: - httpGet: - path: /metrics - port: metrics - resources: -{{ toYaml .Values.metrics.resources | indent 10 }} -{{- end }} - volumes: - - name: data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (include "postgresql.fullname" .) }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} - - name: custom-metrics - configMap: - name: {{ template "postgresql.fullname" . }} - items: - - key: custom-metrics.yaml - path: custom-metrics.yaml - {{- end }} - {{- if .Values.usePasswordFile }} - - name: password-file - secret: - secretName: {{ template "postgresql.secretName" . }} - items: - - key: postgres-password - path: postgres-password - {{- end }} - {{- if .Values.pgHbaConf }} - - name: pg-hba-conf - configMap: - name: {{ template "postgresql.fullname" . }} - items: - - key: pg_hba.conf - path: pg_hba.conf - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} diff --git a/stable/postgresql/templates/initialization-configmap.yaml b/stable/postgresql/templates/initialization-configmap.yaml new file mode 100644 index 000000000000..d8472fd1d2e6 --- /dev/null +++ b/stable/postgresql/templates/initialization-configmap.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.fullname" . }}-init-scripts + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +data: +{{ (.Files.Glob "files/docker-entrypoint-initdb.d/*").AsConfig | indent 2 }} diff --git a/stable/postgresql/templates/metrics-deployment.yaml b/stable/postgresql/templates/metrics-deployment.yaml new file mode 100644 index 000000000000..7bbe0da45e2c --- /dev/null +++ b/stable/postgresql/templates/metrics-deployment.yaml @@ -0,0 +1,82 @@ +{{- if .Values.metrics.enabled }} +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ template "postgresql.fullname" . }}-metrics + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote}} + heritage: {{ .Release.Service | quote }} +spec: + template: + metadata: + labels: + release: {{ .Release.Name | quote }} + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + role: metrics + {{- if .Values.metrics.podLabels }} +{{ toYaml .Values.metrics.podLabels | indent 8 }} + {{- end }} + {{- if .Values.metrics.podAnnotations }} + annotations: +{{ toYaml .Values.metrics.podAnnotations | indent 8 }} + {{- end }} + spec: + {{- if .Values.metrics.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.metrics.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end}} + {{- if .Values.metrics.nodeSelector }} + nodeSelector: +{{ toYaml .Values.metrics.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.metrics.tolerations }} + tolerations: +{{ toYaml .Values.metrics.tolerations | indent 8 }} + {{- end }} + containers: + - name: metrics + image: {{ template "metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + env: + - name: DATA_SOURCE_URI + value: {{ printf "%s:%d/?sslmode=disable" ( include "postgresql.fullname" . ) (int .Values.service.port) | quote }} + - name: DATA_SOURCE_PASS + valueFrom: + secretKeyRef: + name: {{ template "postgresql.fullname" . }} + key: postgresql-password + - name: DATA_SOURCE_USER + value: {{ .Values.postgresqlUsername }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: / + port: metrics + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: / + port: metrics + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + ports: + - name: metrics + containerPort: 9187 + resources: +{{ toYaml .Values.metrics.resources | indent 10 }} +{{- end }} diff --git a/stable/postgresql/templates/metrics-svc.yaml b/stable/postgresql/templates/metrics-svc.yaml new file mode 100644 index 000000000000..0559c8cfdcc2 --- /dev/null +++ b/stable/postgresql/templates/metrics-svc.yaml @@ -0,0 +1,26 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }}-metrics + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + annotations: +{{ toYaml .Values.metrics.service.annotations | indent 4 }} +spec: + type: {{ .Values.metrics.service.type }} + {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} + {{- end }} + ports: + - name: metrics + port: 9187 + targetPort: metrics + selector: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name }} + role: metrics +{{- end }} diff --git a/stable/postgresql/templates/networkpolicy.yaml b/stable/postgresql/templates/networkpolicy.yaml index 1b04b8845b6e..40496a763f8d 100644 --- a/stable/postgresql/templates/networkpolicy.yaml +++ b/stable/postgresql/templates/networkpolicy.yaml @@ -2,17 +2,17 @@ kind: NetworkPolicy apiVersion: {{ template "postgresql.networkPolicy.apiVersion" . }} metadata: - name: "{{ template "postgresql.fullname" . }}" + name: {{ template "postgresql.fullname" . }} labels: app: {{ template "postgresql.name" . }} chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} spec: podSelector: matchLabels: app: {{ template "postgresql.name" . }} - release: {{ .Release.Name }} + release: {{ .Release.Name | quote }} ingress: # Allow inbound connections - ports: diff --git a/stable/postgresql/templates/pvc.yaml b/stable/postgresql/templates/pvc.yaml deleted file mode 100644 index 71162429d1f9..000000000000 --- a/stable/postgresql/templates/pvc.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "postgresql.fullname" . }} - labels: - app: {{ template "postgresql.name" . }} - chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/resource-policy": {{ default "" .Values.persistence.resourcePolicy }} -{{- if .Values.persistence.annotations }} -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} -{{- if .Values.persistence.storageClass }} -{{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" -{{- end }} -{{- end }} -{{- end -}} diff --git a/stable/postgresql/templates/secrets.yaml b/stable/postgresql/templates/secrets.yaml index 7d1ff118fab4..3ba26396f5da 100644 --- a/stable/postgresql/templates/secrets.yaml +++ b/stable/postgresql/templates/secrets.yaml @@ -1,4 +1,3 @@ -{{- if not .Values.existingSecret }} apiVersion: v1 kind: Secret metadata: @@ -6,13 +5,19 @@ metadata: labels: app: {{ template "postgresql.name" . }} chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} type: Opaque data: - {{ if .Values.postgresPassword }} - postgres-password: {{ .Values.postgresPassword | b64enc | quote }} + {{ if .Values.postgresqlPassword }} + postgresql-password: {{ .Values.postgresqlPassword | b64enc | quote }} {{ else }} - postgres-password: {{ randAlphaNum 10 | b64enc | quote }} + postgresql-password: {{ randAlphaNum 10 | b64enc | quote }} + {{ end }} + {{ if .Values.replication.enabled }} + {{ if .Values.replication.password }} + postgresql-replication-password: {{ .Values.replication.password | b64enc | quote }} + {{ else }} + postgresql-replication-password: {{ randAlphaNum 10 | b64enc | quote }} + {{ end }} {{ end }} -{{- end }} diff --git a/stable/postgresql/templates/statefulset-slaves.yaml b/stable/postgresql/templates/statefulset-slaves.yaml new file mode 100644 index 000000000000..818f0ad4ec2c --- /dev/null +++ b/stable/postgresql/templates/statefulset-slaves.yaml @@ -0,0 +1,155 @@ +{{- if .Values.replication.enabled }} +apiVersion: apps/v1beta2 +kind: StatefulSet +metadata: + name: "{{ template "postgresql.fullname" . }}-slave" + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +spec: + serviceName: {{ template "postgresql.fullname" . }}-headless + replicas: {{ .Values.replication.slaveReplicas }} + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + role: slave + template: + metadata: + name: "{{ template "postgresql.fullname" . }}" + labels: + app: "{{ template "postgresql.name" . }}" + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + role: slave + spec: + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + {{- end }} + containers: + - name: "{{ template "postgresql.fullname" . }}" + image: "{{ template "postgresql.image" . }}" + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + resources: +{{ toYaml .Values.Resources | indent 10 }} + env: + {{- if .Values.image.debug}} + - name: BASH_DEBUG + value: 1 + - name: NAMI_DEBUG + value: 1 + {{- end }} + - name: POSTGRESQL_REPLICATION_MODE + value: "slave" + - name: POSTGRESQL_REPLICATION_USER + value: {{ .Values.replication.user | quote }} + - name: POSTGRESQL_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.fullname" . }} + key: postgresql-replication-password + - name: POSTGRESQL_MASTER_HOST + value: {{ template "postgresql.fullname" . }} + - name: POSTGRESQL_MASTER_PORT_NUMBER + value: {{ .Values.service.port | quote }} + - name: POD_IP + valueFrom: { fieldRef: { fieldPath: status.podIP } } + ports: + - name: postgresql + containerPort: {{ .Values.service.port }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - sh + - -c + - exec pg_isready -U {{ .Values.postgresqlUsername | quote }} --host $POD_IP + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - sh + - -c + - exec pg_isready -U {{ .Values.postgresqlUsername | quote }} --host $POD_IP + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + {{- if .Values.persistence.enabled }} + - name: data + mountPath: /bitnami/postgresql + {{ end }} + {{ if (.Files.Glob "files/postgresql.conf") }} + - name: postgresql-config + mountPath: /opt/bitnami/postgresql/conf/postgresql.conf + subPath: postgresql.conf + {{ end }} + {{ if (.Files.Glob "files/pg_hba.conf") }} + - name: postgresql-config + mountPath: /opt/bitnami/postgresql/conf/pg_hba.conf + subPath: pg_hba.conf + {{ end }} + volumes: + {{ if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") }} + - name: postgresql-config + configMap: + name: {{ template "postgresql.fullname" . }}-configuration + {{ end }} +{{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: data + annotations: + {{- range $key, $value := .Values.persistence.annotations }} + {{ $key }}: {{ $value }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.storageClass }} + {{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" + {{- end }} + {{- end }} +{{- else }} + - name: data + emptyDir: {} +{{- end }} +{{- end }} diff --git a/stable/postgresql/templates/statefulset.yaml b/stable/postgresql/templates/statefulset.yaml new file mode 100644 index 000000000000..583d46759e61 --- /dev/null +++ b/stable/postgresql/templates/statefulset.yaml @@ -0,0 +1,165 @@ +apiVersion: apps/v1beta2 +kind: StatefulSet +metadata: + name: "{{ template "postgresql.master.fullname" . }}" + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +spec: + serviceName: {{ template "postgresql.fullname" . }}-headless + replicas: 1 + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + role: master + template: + metadata: + name: "{{ template "postgresql.fullname" . }}" + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + role: master + spec: + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + containers: + - name: "{{ template "postgresql.fullname" . }}" + image: "{{ template "postgresql.image" . }}" + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + resources: +{{ toYaml .Values.Resources | indent 10 }} + env: + {{- if .Values.replication.enabled }} + - name: POSTGRESQL_REPLICATION_MODE + value: "master" + - name: POSTGRESQL_REPLICATION_USER + value: {{ .Values.replication.user | quote }} + - name: POSTGRESQL_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.fullname" . }} + key: postgresql-replication-password + {{- end }} + - name: POSTGRESQL_USERNAME + value: {{ .Values.postgresqlUsername | quote }} + - name: POSTGRESQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.fullname" . }} + key: postgresql-password + - name: POSTGRESQL_DATABASE + value: {{ .Values.postgresqlDatabase | quote }} + - name: POD_IP + valueFrom: { fieldRef: { fieldPath: status.podIP } } +{{- if .Values.extraEnv }} +{{ toYaml .Values.extraEnv | indent 8 }} +{{- end }} + ports: + - name: postgresql + containerPort: {{ .Values.service.port }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - sh + - -c + - exec pg_isready -U {{ .Values.postgresqlUsername | quote }} --host $POD_IP + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - sh + - -c + - exec pg_isready -U {{ .Values.postgresqlUsername | quote }} --host $POD_IP + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d + {{- if .Values.persistence.enabled }} + - name: data + mountPath: /bitnami/postgresql + {{ end }} + {{ if (.Files.Glob "files/postgresql.conf") }} + - name: postgresql-config + mountPath: /opt/bitnami/postgresql/conf/postgresql.conf + subPath: postgresql.conf + {{ end }} + {{ if (.Files.Glob "files/pg_hba.conf") }} + - name: postgresql-config + mountPath: /opt/bitnami/postgresql/conf/pg_hba.conf + subPath: pg_hba.conf + {{ end }} + volumes: + {{ if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") }} + - name: postgresql-config + configMap: + name: {{ template "postgresql.fullname" . }}-configuration + {{ end }} + - name: custom-init-scripts + configMap: + name: {{ template "postgresql.fullname" . }}-init-scripts +{{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: data + annotations: + {{- range $key, $value := .Values.persistence.annotations }} + {{ $key }}: {{ $value }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.storageClass }} + {{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" + {{- end }} + {{- end }} +{{- else }} + - name: data + emptyDir: {} +{{- end }} diff --git a/stable/postgresql/templates/svc-headless.yaml b/stable/postgresql/templates/svc-headless.yaml new file mode 100644 index 000000000000..9414d609a3ed --- /dev/null +++ b/stable/postgresql/templates/svc-headless.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }}-headless + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: postgresql + port: 5432 + targetPort: postgresql + selector: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} diff --git a/stable/postgresql/templates/svc.yaml b/stable/postgresql/templates/svc.yaml index 336f4f6afc72..702bd578415b 100644 --- a/stable/postgresql/templates/svc.yaml +++ b/stable/postgresql/templates/svc.yaml @@ -5,31 +5,15 @@ metadata: labels: app: {{ template "postgresql.name" . }} chart: {{ template "postgresql.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.metrics.enabled }} - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9187" -{{- end }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} spec: type: {{ .Values.service.type }} ports: - {{- if .Values.metrics.enabled }} - - name: metrics - port: 9187 - targetPort: metrics - {{- end }} - name: postgresql - port: {{ .Values.service.port }} + port: 5432 targetPort: postgresql - {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} - nodePort: {{ .Values.service.nodePort }} - {{- end }} -{{- if .Values.service.externalIPs }} - externalIPs: -{{ toYaml .Values.service.externalIPs | indent 4 }} -{{- end }} selector: app: {{ template "postgresql.name" . }} - release: {{ .Release.Name }} + release: {{ .Release.Name | quote }} + role: master diff --git a/stable/postgresql/values-production.yaml b/stable/postgresql/values-production.yaml new file mode 100644 index 000000000000..a00bda92e26c --- /dev/null +++ b/stable/postgresql/values-production.yaml @@ -0,0 +1,170 @@ +## Bitnami PostgreSQL image version +## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ +## +image: + registry: docker.io + repository: bitnami/postgresql + tag: 10.5.0 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistrKeySecretName + + ## Set to true if you would like to see extra information on logs + ## It turns BASH and NAMI debugging in minideb + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + debug: false + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 + +replication: + enabled: true + user: repl_user + password: repl_password + slaveReplicas: 1 + +## PostgreSQL admin user +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +postgresqlUsername: postgres + +## PostgreSQL password +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +## +# postgresqlPassword: + +## Create a database +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run +## +# postgresqlDatabase: + +## Kubernetes configuration +## For minikube, set this to NodePort, elsewhere use LoadBalancer +## +service: + type: ClusterIP + port: 5432 + +## PostgreSQL data Persistent Volume Storage Class +## If defined, storageClassName: +## If set to "-", storageClassName: "", which disables dynamic provisioning +## If undefined (the default) or set to null, no storageClassName spec is +## set, choosing the default provisioner. (gp2 on AWS, standard on +## GKE, AWS & OpenStack) +## +persistence: + enabled: true + # storageClass: "-" + accessModes: + - ReadWriteOnce + size: 8Gi + annotations: {} + +## Node labels and tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature +nodeSelector: {} +tolerations: [] + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + requests: + memory: 256Mi + cpu: 250m + +networkPolicy: + ## Enable creation of NetworkPolicy resources. + ## + enabled: false + + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the port PostgreSQL is listening + ## on. When true, PostgreSQL will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) +livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +## Configure metrics exporter +## +metrics: + enabled: true + # resources: {} + # podAnnotations: {} + service: + type: ClusterIP + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9187" + loadBalancerIP: + image: + registry: docker.io + repository: wrouesnel/postgres_exporter + tag: v0.4.6 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistrKeySecretName + + ## Metrics exporter labels and tolerations for pod assignment + # nodeSelector: {"beta.kubernetes.io/arch": "amd64"} + # tolerations: [] + + ## Metrics exporter pod Annotation and Labels + # podLabels: {} + + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## Configure extra options for liveness and readiness probes + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +# Define custom environment variables to pass to the image here +extraEnv: {} diff --git a/stable/postgresql/values.yaml b/stable/postgresql/values.yaml index 4ac34499f88b..ffe8829684dd 100644 --- a/stable/postgresql/values.yaml +++ b/stable/postgresql/values.yaml @@ -1,111 +1,88 @@ -## postgres image repository -image: "postgres" -## postgres image version -## ref: https://hub.docker.com/r/library/postgres/tags/ +## Bitnami PostgreSQL image version +## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ ## -imageTag: "9.6.2" +image: + registry: docker.io + repository: bitnami/postgresql + tag: 10.5.0 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always -## Specify a imagePullPolicy -## 'Always' if imageTag is 'latest', else set to 'IfNotPresent' -## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images -## -# imagePullPolicy: + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistrKeySecretName -## Specify imagePullSecrets -## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + ## Set to true if you would like to see extra information on logs + ## It turns BASH and NAMI debugging in minideb + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + debug: false + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## -# imagePullSecrets: myregistrykey +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 -## Create a database user -## Default: postgres -# postgresUser: -## Default: random 10 character string -# postgresPassword: +replication: + enabled: false + user: repl_user + password: repl_password + slaveReplicas: 1 -## Inject postgresPassword via a volume mount instead of environment variable -usePasswordFile: false +## PostgreSQL admin user +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +postgresqlUsername: postgres -## Use Existing secret instead of creating one -## It must have a postgres-password key containing the desired password -# existingSecret: 'secret' +## PostgreSQL password +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +## +# postgresqlPassword: ## Create a database -## Default: the postgres user -# postgresDatabase: - -## Specify initdb arguments, e.g. --data-checksums -## ref: https://github.com/docker-library/docs/blob/master/postgres/content.md#postgres_initdb_args -## ref: https://www.postgresql.org/docs/current/static/app-initdb.html -# postgresInitdbArgs: - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run ## -# schedulerName: +# postgresqlDatabase: ## Optional duration in seconds the pod needs to terminate gracefully. ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods ## # terminationGracePeriodSeconds: 30 -## Specify runtime config parameters as a dict, using camelCase, e.g. -## {"sharedBuffers": "500MB"} -## ref: https://www.postgresql.org/docs/current/static/runtime-config.html -# postgresConfig: - -## Specify content for pg_hba.conf -## Default: do not create pg_hba.conf -# pgHbaConf: |- -# local all all trust -# host all all localhost trust -# host mydatabase mysuser 192.168.0.0/24 md5 +## Kubernetes configuration +## For minikube, set this to NodePort, elsewhere use LoadBalancer +## +service: + type: ClusterIP + port: 5432 -## Persist data to a persistent volume +## PostgreSQL data Persistent Volume Storage Class +## If defined, storageClassName: +## If set to "-", storageClassName: "", which disables dynamic provisioning +## If undefined (the default) or set to null, no storageClassName spec is +## set, choosing the default provisioner. (gp2 on AWS, standard on +## GKE, AWS & OpenStack) +## persistence: enabled: true - resourcePolicy: # set resource-policy Helm annotation on PVC. Can be nil or "keep" - - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - - ## database data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## # storageClass: "-" - accessMode: ReadWriteOnce + accessModes: + - ReadWriteOnce size: 8Gi - subPath: "postgresql-db" - mountPath: /var/lib/postgresql/data/pgdata + annotations: {} - # annotations: {} - -metrics: - enabled: false - image: wrouesnel/postgres_exporter - imageTag: v0.4.6 - imagePullPolicy: IfNotPresent - resources: - requests: - memory: 256Mi - cpu: 100m - ## Define additional custom metrics - ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file - # customMetrics: - # pg_database: - # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" - # metrics: - # - name: - # usage: "LABEL" - # description: "Name of the database" - # - size_bytes: - # usage: "GAUGE" - # description: "Size of the database in bytes" +## Node labels and tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature +nodeSelector: {} +tolerations: [] ## Configure resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ @@ -113,15 +90,7 @@ metrics: resources: requests: memory: 256Mi - cpu: 100m - -service: - type: ClusterIP - port: 5432 - externalIPs: [] - ## Manually set NodePort value - ## Requires service.type: NodePort - # nodePort: + cpu: 250m networkPolicy: ## Enable creation of NetworkPolicy resources. @@ -135,30 +104,72 @@ networkPolicy: ## allowExternal: true -## Node labels and tolerations for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature -nodeSelector: {} -tolerations: [] -affinity: {} +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) +livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +## Configure metrics exporter +## +metrics: + enabled: false + # resources: {} + # podAnnotations: {} + service: + type: ClusterIP + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9187" + loadBalancerIP: + image: + registry: docker.io + repository: wrouesnel/postgres_exporter + tag: v0.4.6 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistrKeySecretName + + ## Metrics exporter labels and tolerations for pod assignment + # nodeSelector: {"beta.kubernetes.io/arch": "amd64"} + # tolerations: [] + + ## Metrics exporter pod Annotation and Labels + # podLabels: {} + + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## Configure extra options for liveness and readiness probes + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 -# Override default liveness & readiness probes -probes: - liveness: - initialDelay: 60 + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 - readiness: - initialDelay: 5 - timeoutSeconds: 3 - periodSeconds: 5 -## Annotations for the deployment and nodes. -deploymentAnnotations: {} -podAnnotations: {} - -## Deployment pods replace strategy -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy -# strategy: {} + successThreshold: 1 # Define custom environment variables to pass to the image here extraEnv: {}