apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ template "postgresql.master.fullname" . }} labels: app: {{ template "postgresql.name" . }} chart: {{ template "postgresql.chart" . }} release: {{ .Release.Name | quote }} heritage: {{ .Release.Service | quote }} spec: serviceName: {{ template "postgresql.fullname" . }}-headless replicas: 1 updateStrategy: type: {{ .Values.updateStrategy.type }} selector: matchLabels: app: {{ template "postgresql.name" . }} release: {{ .Release.Name | quote }} role: master template: metadata: name: {{ template "postgresql.fullname" . }} labels: app: {{ template "postgresql.name" . }} chart: {{ template "postgresql.chart" . }} release: {{ .Release.Name | quote }} heritage: {{ .Release.Service | quote }} role: master spec: {{- if .Values.securityContext.enabled }} securityContext: fsGroup: {{ .Values.securityContext.fsGroup }} runAsUser: {{ .Values.securityContext.runAsUser }} {{- end }} {{- if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets }} imagePullSecrets: {{- range .Values.image.pullSecrets }} - name: {{ . }} {{- end}} {{- range .Values.metrics.image.pullSecrets }} - name: {{ . }} {{- end}} {{- end }} {{- if .Values.master.nodeSelector }} nodeSelector: {{ toYaml .Values.master.nodeSelector | indent 8 }} {{- end }} {{- if .Values.master.affinity }} affinity: {{ toYaml .Values.master.affinity | indent 8 }} {{- end }} {{- if .Values.master.tolerations }} tolerations: {{ toYaml .Values.master.tolerations | indent 8 }} {{- end }} {{- if .Values.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} {{- end }} {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} initContainers: - name: init-chmod-data image: {{ template "postgresql.volumePermissions.image" . }} imagePullPolicy: "{{ .Values.volumePermissions.image.pullPolicy }}" resources: {{ toYaml .Values.resources | indent 10 }} command: - sh - -c - | chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /bitnami if [ -d /bitnami/postgresql/data ]; then chmod 0700 /bitnami/postgresql/data; fi securityContext: runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} volumeMounts: - name: data mountPath: /bitnami/postgresql {{- end }} containers: - name: {{ template "postgresql.fullname" . }} image: {{ template "postgresql.image" . }} imagePullPolicy: "{{ .Values.image.pullPolicy }}" resources: {{ toYaml .Values.resources | indent 10 }} env: {{- if .Values.image.debug}} - name: BASH_DEBUG value: "1" - name: NAMI_DEBUG value: "1" {{- end }} {{- if .Values.replication.enabled }} - name: POSTGRESQL_REPLICATION_MODE value: "master" - name: POSTGRESQL_REPLICATION_USER value: {{ .Values.replication.user | quote }} {{- if .Values.usePasswordFile }} - name: POSTGRESQL_REPLICATION_PASSWORD_FILE value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" {{- else }} - name: POSTGRESQL_REPLICATION_PASSWORD valueFrom: secretKeyRef: name: {{ template "postgresql.secretName" . }} key: postgresql-replication-password {{- end }} {{- if not (eq .Values.replication.synchronousCommit "off")}} - name: POSTGRESQL_SYNCHRONOUS_COMMIT_MODE value: {{ .Values.replication.synchronousCommit | quote }} - name: POSTGRESQL_NUM_SYNCHRONOUS_REPLICAS value: {{ .Values.replication.numSynchronousReplicas | quote }} {{- end }} - name: POSTGRESQL_CLUSTER_APP_NAME value: {{ .Values.replication.applicationName }} {{- end }} - name: POSTGRESQL_USERNAME value: {{ .Values.postgresqlUsername | quote }} {{- if .Values.usePasswordFile }} - name: POSTGRESQL_PASSWORD_FILE value: "/opt/bitnami/postgresql/secrets/postgresql-password" {{- else }} - name: POSTGRESQL_PASSWORD valueFrom: secretKeyRef: name: {{ template "postgresql.secretName" . }} key: postgresql-password {{- end }} {{- if .Values.postgresqlDatabase }} - name: POSTGRESQL_DATABASE value: {{ .Values.postgresqlDatabase | quote }} {{- end }} {{- if .Values.extraEnv }} {{ toYaml .Values.extraEnv | indent 8 }} {{- end }} ports: - name: postgresql containerPort: {{ .Values.service.port }} {{- if .Values.livenessProbe.enabled }} livenessProbe: exec: command: - sh - -c {{- if .Values.postgresqlDatabase }} - exec pg_isready -U {{ .Values.postgresqlUsername | quote }} -d {{ .Values.postgresqlDatabase | quote }} -h localhost {{- else }} - exec pg_isready -U {{ .Values.postgresqlUsername | quote }} -h localhost {{- end }} initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} successThreshold: {{ .Values.livenessProbe.successThreshold }} failureThreshold: {{ .Values.livenessProbe.failureThreshold }} {{- end }} {{- if .Values.readinessProbe.enabled }} readinessProbe: exec: command: - sh - -c {{- if .Values.postgresqlDatabase }} - exec pg_isready -U {{ .Values.postgresqlUsername | quote }} -d {{ .Values.postgresqlDatabase | quote }} -h localhost {{- else }} - exec pg_isready -U {{ .Values.postgresqlUsername | quote }} -h localhost {{- end }} initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} successThreshold: {{ .Values.readinessProbe.successThreshold }} failureThreshold: {{ .Values.readinessProbe.failureThreshold }} {{- end }} volumeMounts: {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - name: custom-init-scripts mountPath: /docker-entrypoint-initdb.d {{- end }} {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - name: postgresql-extended-config mountPath: /bitnami/postgresql/conf/conf.d/ {{- end }} {{- if .Values.usePasswordFile }} - name: postgresql-password mountPath: /opt/bitnami/postgresql/secrets/ {{- end }} {{- if .Values.persistence.enabled }} - name: data mountPath: {{ .Values.persistence.mountPath }} {{- end }} {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - name: postgresql-config mountPath: /bitnami/postgresql/conf {{- end }} {{- if .Values.metrics.enabled }} - name: metrics image: {{ template "metrics.image" . }} imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} env: {{- $database := required "In order to enable metrics you need to specify a database (.Values.postgresqlDatabase)" .Values.postgresqlDatabase }} - name: DATA_SOURCE_URI value: {{ printf "localhost:%d/%s?sslmode=disable" (int .Values.service.port) $database | quote }} {{- if .Values.usePasswordFile }} - name: DATA_SOURCE_PASS_FILE value: "/opt/bitnami/postgresql/secrets/postgresql-password" {{- else }} - name: DATA_SOURCE_PASS valueFrom: secretKeyRef: name: {{ template "postgresql.secretName" . }} key: postgresql-password {{- end }} - name: DATA_SOURCE_USER value: {{ .Values.postgresqlUsername }} {{- if .Values.livenessProbe.enabled }} livenessProbe: httpGet: path: / port: metrics initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} {{- end }} {{- if .Values.readinessProbe.enabled }} readinessProbe: httpGet: path: / port: metrics initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} {{- end }} volumeMounts: {{- if .Values.usePasswordFile }} - name: postgresql-password mountPath: /opt/bitnami/postgresql/secrets/ {{- end }} ports: - name: metrics containerPort: 9187 resources: {{ toYaml .Values.metrics.resources | indent 10 }} {{- end }} volumes: {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} - name: postgresql-config configMap: name: {{ template "postgresql.configurationCM" . }} {{- end }} {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - name: postgresql-extended-config configMap: name: {{ template "postgresql.extendedConfigurationCM" . }} {{- end }} {{- if .Values.usePasswordFile }} - name: postgresql-password secret: secretName: {{ template "postgresql.secretName" . }} {{- end }} {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - name: custom-init-scripts configMap: name: {{ template "postgresql.initdbScriptsCM" . }} {{- end }} {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} - name: data persistentVolumeClaim: claimName: {{ .Values.persistence.existingClaim }} {{- else if not .Values.persistence.enabled }} - name: data emptyDir: {} {{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} volumeClaimTemplates: - metadata: name: data {{- with .Values.persistence.annotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value }} {{- end }} {{- end }} spec: accessModes: {{- range .Values.persistence.accessModes }} - {{ . | quote }} {{- end }} resources: requests: storage: {{ .Values.persistence.size | quote }} {{- if .Values.persistence.storageClass }} {{- if (eq "-" .Values.persistence.storageClass) }} storageClassName: "" {{- else }} storageClassName: "{{ .Values.persistence.storageClass }}" {{- end }} {{- end }} {{- end }}