ric-aux/helm/infrastructure/subcharts/kong/charts/postgresql/templates/statefulset.yaml

   1 apiVersion: {{ template "postgresql.statefulset.apiVersion" . }}
   2 kind: StatefulSet
   3 metadata:
   4   name: {{ template "postgresql.master.fullname" . }}
   5   labels:
   6     app: {{ template "postgresql.name" . }}
   7     chart: {{ template "postgresql.chart" . }}
   8     release: {{ .Release.Name | quote }}
   9     heritage: {{ .Release.Service | quote }}
  10 {{- with .Values.master.labels }}
  11 {{ toYaml . | indent 4 }}
  12 {{- end }}
  13 {{- with .Values.master.annotations }}
  14   annotations:
  15 {{ toYaml . | indent 4 }}
  16 {{- end }}
  17 spec:
  18   serviceName: {{ template "postgresql.fullname" . }}-headless
  19   replicas: 1
  20   updateStrategy:
  21     type: {{ .Values.updateStrategy.type }}
  22     {{- if (eq "Recreate" .Values.updateStrategy.type) }}
  23     rollingUpdate: null
  24     {{- end }}
  25   selector:
  26     matchLabels:
  27       app: {{ template "postgresql.name" . }}
  28       release: {{ .Release.Name | quote }}
  29       role: master
  30   template:
  31     metadata:
  32       name: {{ template "postgresql.fullname" . }}
  33       labels:
  34         app: {{ template "postgresql.name" . }}
  35         chart: {{ template "postgresql.chart" . }}
  36         release: {{ .Release.Name | quote }}
  37         heritage: {{ .Release.Service | quote }}
  38         role: master
  39 {{- with .Values.master.podLabels }}
  40 {{ toYaml . | indent 8 }}
  41 {{- end }}
  42 {{- with .Values.master.podAnnotations }}
  43       annotations:
  44 {{ toYaml . | indent 8 }}
  45 {{- end }}
  46     spec:
  47       {{- if .Values.schedulerName }}
  48       schedulerName: "{{ .Values.schedulerName }}"
  49       {{- end }}
  50 {{- include "postgresql.imagePullSecrets" . | indent 6 }}
  51       {{- if .Values.master.nodeSelector }}
  52       nodeSelector:
  53 {{ toYaml .Values.master.nodeSelector | indent 8 }}
  54       {{- end }}
  55       {{- if .Values.master.affinity }}
  56       affinity:
  57 {{ toYaml .Values.master.affinity | indent 8 }}
  58       {{- end }}
  59       {{- if .Values.master.tolerations }}
  60       tolerations:
  61 {{ toYaml .Values.master.tolerations | indent 8 }}
  62       {{- end }}
  63       {{- if .Values.terminationGracePeriodSeconds }}
  64       terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
  65       {{- end }}
  66       {{- if .Values.securityContext.enabled }}
  67       securityContext:
  68         fsGroup: {{ .Values.securityContext.fsGroup }}
  69       {{- end }}
  70       {{- if .Values.serviceAccount.enabled }}
  71       serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name }}
  72       {{- end }}
  73       {{- if or .Values.master.extraInitContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) .Values.shmVolume.enabled }}
  74       initContainers:
  75       {{- if or (and .Values.volumePermissions.enabled .Values.persistence.enabled) .Values.shmVolume.enabled }}
  76         - name: init-chmod-data
  77           image: {{ template "postgresql.volumePermissions.image" . }}
  78           imagePullPolicy: "{{ .Values.volumePermissions.image.pullPolicy }}"
  79           {{- if .Values.resources }}
  80           resources: {{- toYaml .Values.resources | nindent 12 }}
  81           {{- end }}
  82           command:
  83             - /bin/sh
  84             - -c
  85             - |
  86               mkdir -p {{ .Values.persistence.mountPath }}/data
  87               chmod 700 {{ .Values.persistence.mountPath }}/data
  88               find {{ .Values.persistence.mountPath }} -mindepth 0 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \
  89                 xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }}
  90               {{- if .Values.shmVolume.enabled }}
  91               chmod -R 777 /dev/shm
  92               {{- end }}
  93           securityContext:
  94             runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }}
  95           volumeMounts:
  96             - name: data
  97               mountPath: {{ .Values.persistence.mountPath }}
  98               subPath: {{ .Values.persistence.subPath }}
  99             {{- if .Values.shmVolume.enabled }}
 100             - name: dshm
 101               mountPath: /dev/shm
 102             {{- end }}
 103       {{- end }}
 104       {{- if .Values.master.extraInitContainers }}
 105 {{ tpl .Values.master.extraInitContainers . | indent 8 }}
 106       {{- end }}
 107       {{- end }}
 108       {{- if .Values.master.priorityClassName }}
 109       priorityClassName: {{ .Values.master.priorityClassName }}
 110       {{- end }}
 111       containers:
 112         - name: {{ template "postgresql.fullname" . }}
 113           image: {{ template "postgresql.image" . }}
 114           imagePullPolicy: "{{ .Values.image.pullPolicy }}"
 115           {{- if .Values.resources }}
 116           resources: {{- toYaml .Values.resources | nindent 12 }}
 117           {{- end }}
 118           {{- if .Values.securityContext.enabled }}
 119           securityContext:
 120             runAsUser: {{ .Values.securityContext.runAsUser }}
 121           {{- end }}
 122           env:
 123             - name: BITNAMI_DEBUG
 124               value: {{ ternary "true" "false" .Values.image.debug | quote }}
 125             - name: POSTGRESQL_PORT_NUMBER
 126               value: "{{ template "postgresql.port" . }}"
 127             - name: POSTGRESQL_VOLUME_DIR
 128               value: "{{ .Values.persistence.mountPath }}"
 129             {{- if .Values.postgresqlInitdbArgs }}
 130             - name: POSTGRES_INITDB_ARGS
 131               value: {{ .Values.postgresqlInitdbArgs | quote }}
 132             {{- end }}
 133             {{- if .Values.postgresqlInitdbWalDir }}
 134             - name: POSTGRES_INITDB_WALDIR
 135               value: {{ .Values.postgresqlInitdbWalDir | quote }}
 136             {{- end }}
 137             {{- if .Values.initdbUser }}
 138             - name: POSTGRESQL_INITSCRIPTS_USERNAME
 139               value: {{ .Values.initdbUser }}
 140             {{- end }}
 141             {{- if .Values.initdbPassword }}
 142             - name: POSTGRESQL_INITSCRIPTS_PASSWORD
 143               value: .Values.initdbPassword
 144             {{- end }}
 145             {{- if .Values.persistence.mountPath }}
 146             - name: PGDATA
 147               value: {{ .Values.postgresqlDataDir | quote }}
 148             {{- end }}
 149             {{- if .Values.replication.enabled }}
 150             - name: POSTGRES_REPLICATION_MODE
 151               value: "master"
 152             - name: POSTGRES_REPLICATION_USER
 153               value: {{ include "postgresql.replication.username" . | quote }}
 154             {{- if .Values.usePasswordFile }}
 155             - name: POSTGRES_REPLICATION_PASSWORD_FILE
 156               value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password"
 157             {{- else }}
 158             - name: POSTGRES_REPLICATION_PASSWORD
 159               valueFrom:
 160                 secretKeyRef:
 161                   name: {{ template "postgresql.secretName" . }}
 162                   key: postgresql-replication-password
 163             {{- end }}
 164             {{- if not (eq .Values.replication.synchronousCommit "off")}}
 165             - name: POSTGRES_SYNCHRONOUS_COMMIT_MODE
 166               value: {{ .Values.replication.synchronousCommit | quote }}
 167             - name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS
 168               value: {{ .Values.replication.numSynchronousReplicas | quote }}
 169             {{- end }}
 170             - name: POSTGRES_CLUSTER_APP_NAME
 171               value: {{ .Values.replication.applicationName }}
 172             {{- end }}
 173             {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }}
 174             {{- if .Values.usePasswordFile }}
 175             - name: POSTGRES_POSTGRES_PASSWORD_FILE
 176               value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password"
 177             {{- else }}
 178             - name: POSTGRES_POSTGRES_PASSWORD
 179               valueFrom:
 180                 secretKeyRef:
 181                   name: {{ template "postgresql.secretName" . }}
 182                   key: postgresql-postgres-password
 183             {{- end }}
 184             {{- end }}
 185             - name: POSTGRES_USER
 186               value: {{ include "postgresql.username" . | quote }}
 187             {{- if .Values.usePasswordFile }}
 188             - name: POSTGRES_PASSWORD_FILE
 189               value: "/opt/bitnami/postgresql/secrets/postgresql-password"
 190             {{- else }}
 191             - name: POSTGRES_PASSWORD
 192               valueFrom:
 193                 secretKeyRef:
 194                   name: {{ template "postgresql.secretName" . }}
 195                   key: postgresql-password
 196             {{- end }}
 197             {{- if (include "postgresql.database" .) }}
 198             - name: POSTGRES_DB
 199               value: {{ (include "postgresql.database" .) | quote }}
 200             {{- end }}
 201             {{- if .Values.extraEnv }}
 202             {{- include "postgresql.tplValue" (dict "value" .Values.extraEnv "context" $) | nindent 12 }}
 203             {{- end }}
 204             - name: POSTGRESQL_ENABLE_LDAP
 205               value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }}
 206             {{- if .Values.ldap.enabled }}
 207             - name: POSTGRESQL_LDAP_SERVER
 208               value: {{ .Values.ldap.server }}
 209             - name: POSTGRESQL_LDAP_PORT
 210               value: {{ .Values.ldap.port | quote }}
 211             - name: POSTGRESQL_LDAP_SCHEME
 212               value: {{ .Values.ldap.scheme }}
 213             {{- if .Values.ldap.tls }}
 214             - name: POSTGRESQL_LDAP_TLS
 215               value: "1"
 216             {{- end}}
 217             - name: POSTGRESQL_LDAP_PREFIX
 218               value: {{ .Values.ldap.prefix | quote }}
 219             - name: POSTGRESQL_LDAP_SUFFIX
 220               value: {{ .Values.ldap.suffix | quote}}
 221             - name: POSTGRESQL_LDAP_BASE_DN
 222               value: {{ .Values.ldap.baseDN }}
 223             - name: POSTGRESQL_LDAP_BIND_DN
 224               value: {{ .Values.ldap.bindDN }}
 225             {{- if (not (empty .Values.ldap.bind_password)) }}
 226             - name: POSTGRESQL_LDAP_BIND_PASSWORD
 227               valueFrom:
 228                 secretKeyRef:
 229                   name: {{ template "postgresql.secretName" . }}
 230                   key: postgresql-ldap-password
 231             {{- end}}
 232             - name: POSTGRESQL_LDAP_SEARCH_ATTR
 233               value: {{ .Values.ldap.search_attr }}
 234             - name: POSTGRESQL_LDAP_SEARCH_FILTER
 235               value: {{ .Values.ldap.search_filter }}
 236             - name: POSTGRESQL_LDAP_URL
 237               value: {{ .Values.ldap.url }}
 238             {{- end}}
 239           ports:
 240             - name: tcp-postgresql
 241               containerPort: {{ template "postgresql.port" . }}
 242           {{- if .Values.livenessProbe.enabled }}
 243           livenessProbe:
 244             exec:
 245               command:
 246                 - /bin/sh
 247                 - -c
 248                 {{- if (include "postgresql.database" .) }}
 249                 - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
 250                 {{- else }}
 251                 - exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
 252                 {{- end }}
 253             initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
 254             periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
 255             timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
 256             successThreshold: {{ .Values.livenessProbe.successThreshold }}
 257             failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
 258           {{- end }}
 259           {{- if .Values.readinessProbe.enabled }}
 260           readinessProbe:
 261             exec:
 262               command:
 263                 - /bin/sh
 264                 - -c
 265                 - -e
 266                 {{- include "postgresql.readinessProbeCommand" . | nindent 16 }}
 267             initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
 268             periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
 269             timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
 270             successThreshold: {{ .Values.readinessProbe.successThreshold }}
 271             failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
 272           {{- end }}
 273           volumeMounts:
 274             {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }}
 275             - name: custom-init-scripts
 276               mountPath: /docker-entrypoint-initdb.d/
 277             {{- end }}
 278             {{- if .Values.initdbScriptsSecret }}
 279             - name: custom-init-scripts-secret
 280               mountPath: /docker-entrypoint-initdb.d/secret
 281             {{- end }}
 282             {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }}
 283             - name: postgresql-extended-config
 284               mountPath: /bitnami/postgresql/conf/conf.d/
 285             {{- end }}
 286             {{- if .Values.usePasswordFile }}
 287             - name: postgresql-password
 288               mountPath: /opt/bitnami/postgresql/secrets/
 289             {{- end }}
 290             {{- if .Values.shmVolume.enabled }}
 291             - name: dshm
 292               mountPath: /dev/shm
 293             {{- end }}
 294             {{- if .Values.persistence.enabled }}
 295             - name: data
 296               mountPath: {{ .Values.persistence.mountPath }}
 297               subPath: {{ .Values.persistence.subPath }}
 298             {{- end }}
 299             {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }}
 300             - name: postgresql-config
 301               mountPath: /bitnami/postgresql/conf
 302             {{- end }}
 303             {{- if .Values.master.extraVolumeMounts }}
 304             {{- toYaml .Values.master.extraVolumeMounts | nindent 12 }}
 305             {{- end }}
 306 {{- if .Values.metrics.enabled }}
 307         - name: metrics
 308           image: {{ template "postgresql.metrics.image" . }}
 309           imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
 310          {{- if .Values.metrics.securityContext.enabled }}
 311           securityContext:
 312             runAsUser: {{ .Values.metrics.securityContext.runAsUser }}
 313         {{- end }}
 314           env:
 315             {{- $database := required "In order to enable metrics you need to specify a database (.Values.postgresqlDatabase or .Values.global.postgresql.postgresqlDatabase)" (include "postgresql.database" .) }}
 316             - name: DATA_SOURCE_URI
 317               value: {{ printf "127.0.0.1:%d/%s?sslmode=disable" (int (include "postgresql.port" .)) $database | quote }}
 318             {{- if .Values.usePasswordFile }}
 319             - name: DATA_SOURCE_PASS_FILE
 320               value: "/opt/bitnami/postgresql/secrets/postgresql-password"
 321             {{- else }}
 322             - name: DATA_SOURCE_PASS
 323               valueFrom:
 324                 secretKeyRef:
 325                   name: {{ template "postgresql.secretName" . }}
 326                   key: postgresql-password
 327             {{- end }}
 328             - name: DATA_SOURCE_USER
 329               value: {{ template "postgresql.username" . }}
 330           {{- if .Values.livenessProbe.enabled }}
 331           livenessProbe:
 332             httpGet:
 333               path: /
 334               port: http-metrics
 335             initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }}
 336             periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }}
 337             timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }}
 338             successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }}
 339             failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }}
 340           {{- end }}
 341           {{- if .Values.readinessProbe.enabled }}
 342           readinessProbe:
 343             httpGet:
 344               path: /
 345               port: http-metrics
 346             initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }}
 347             periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }}
 348             timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }}
 349             successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }}
 350             failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }}
 351           {{- end }}
 352           volumeMounts:
 353             {{- if .Values.usePasswordFile }}
 354             - name: postgresql-password
 355               mountPath: /opt/bitnami/postgresql/secrets/
 356             {{- end }}
 357             {{- if .Values.metrics.customMetrics }}
 358             - name: custom-metrics
 359               mountPath: /conf
 360               readOnly: true
 361           args: ["--extend.query-path", "/conf/custom-metrics.yaml"]
 362             {{- end }}
 363           ports:
 364             - name: http-metrics
 365               containerPort: 9187
 366           {{- if .Values.metrics.resources }}
 367           resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
 368           {{- end }}
 369 {{- end }}
 370       volumes:
 371         {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}}
 372         - name: postgresql-config
 373           configMap:
 374             name: {{ template "postgresql.configurationCM" . }}
 375         {{- end }}
 376         {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }}
 377         - name: postgresql-extended-config
 378           configMap:
 379             name: {{ template "postgresql.extendedConfigurationCM" . }}
 380         {{- end }}
 381         {{- if .Values.usePasswordFile }}
 382         - name: postgresql-password
 383           secret:
 384             secretName: {{ template "postgresql.secretName" . }}
 385         {{- end }}
 386         {{- if  or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }}
 387         - name: custom-init-scripts
 388           configMap:
 389             name: {{ template "postgresql.initdbScriptsCM" . }}
 390         {{- end }}
 391         {{- if .Values.initdbScriptsSecret }}
 392         - name: custom-init-scripts-secret
 393           secret:
 394             secretName: {{ template "postgresql.initdbScriptsSecret" . }}
 395         {{- end }}
 396         {{- if .Values.master.extraVolumes }}
 397         {{- toYaml .Values.master.extraVolumes | nindent 8 }}
 398         {{- end }}
 399         {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }}
 400         - name: custom-metrics
 401           configMap:
 402             name: {{ template "postgresql.metricsCM" . }}
 403         {{- end }}
 404         {{- if .Values.shmVolume.enabled }}
 405         - name: dshm
 406           emptyDir:
 407             medium: Memory
 408             sizeLimit: 1Gi
 409         {{- end }}
 410 {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
 411         - name: data
 412           persistentVolumeClaim:
 413 {{- with .Values.persistence.existingClaim }}
 414             claimName: {{ tpl . $ }}
 415 {{- end }}
 416 {{- else if not .Values.persistence.enabled }}
 417         - name: data
 418           emptyDir: {}
 419 {{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
 420   volumeClaimTemplates:
 421     - metadata:
 422         name: data
 423       {{- with .Values.persistence.annotations }}
 424         annotations:
 425         {{- range $key, $value := . }}
 426           {{ $key }}: {{ $value }}
 427         {{- end }}
 428       {{- end }}
 429       spec:
 430         accessModes:
 431         {{- range .Values.persistence.accessModes }}
 432           - {{ . | quote }}
 433         {{- end }}
 434         resources:
 435           requests:
 436             storage: {{ .Values.persistence.size | quote }}
 437         {{ include "postgresql.storageClass" . }}
 438 {{- end }}