feat(db): split CNPG app into multiple apps
All checks were successful
Renovate / renovate (push) Successful in 1m36s

This commit is contained in:
Peter 2024-10-10 20:45:15 +02:00
parent 3c5236fd66
commit 4575f1b05d
Signed by: prskr
GPG key ID: F56BED6903BC5E37
59 changed files with 28110 additions and 109 deletions

View file

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- resources/secrets/cnpg-backup-creds.yaml
- resources/secrets/ext-pgo-admin.yaml
- resources/cluster.yaml
#- resources/backup.yaml
- resources/pool.yaml

View file

@ -0,0 +1,86 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: app-cluster
namespace: postgres
spec:
instances: 2
postgresql:
parameters:
max_connections: "150"
managed:
roles:
- name: ext_pgo_admin
ensure: present
login: true
superuser: true
createrole: true
createdb: true
inherit: true
connectionLimit: -1
passwordSecret:
name: ext-pgo-admin
storage:
size: 10Gi
storageClass: hcloud-volumes
bootstrap:
recovery:
source: app-cluster
externalClusters:
- name: app-cluster
barmanObjectStore:
destinationPath: "s3://cnpg/app-cluster/"
endpointURL: "http://garage.garage.svc:3900"
s3Credentials:
accessKeyId:
name: cnpg-backup-creds
key: ACCESS_KEY_ID
secretAccessKey:
name: cnpg-backup-creds
key: ACCESS_SECRET_KEY
region:
name: cnpg-backup-creds
key: AWS_REGION
wal:
compression: snappy
maxParallel: 8
#backup:
# barmanObjectStore:
# destinationPath: "s3://cnpg/app-cluster/"
# endpointURL: "http://garage.garage.svc:3900"
# s3Credentials:
# accessKeyId:
# name: cnpg-backup-creds
# key: ACCESS_KEY_ID
# secretAccessKey:
# name: cnpg-backup-creds
# key: ACCESS_SECRET_KEY
# region:
# name: cnpg-backup-creds
# key: AWS_REGION
# wal:
# compression: snappy
# retentionPolicy: "30d"
resources:
requests:
cpu: 100m
memory: 600Mi
limits:
cpu: 500m
memory: 900Mi
affinity:
enablePodAntiAffinity: true
topologyKey: kubernetes.io/hostname
podAntiAffinityType: preferred
enablePDB: true
monitoring:
enablePodMonitor: true

Binary file not shown.

Binary file not shown.

View file

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

View file

@ -0,0 +1,6 @@
dependencies:
- name: cluster
repository: https://cloudnative-pg.github.io/grafana-dashboards
version: 0.0.2
digest: sha256:fcf16ad357c17be3dd79c138723e78e9e101fecc5d07d9371299c32b9f85dbd9
generated: "2024-04-25T12:32:36.61779032-04:00"

View file

@ -0,0 +1,25 @@
apiVersion: v2
appVersion: 1.24.0
dependencies:
- alias: monitoring
condition: monitoring.grafanaDashboard.create
name: cluster
repository: https://cloudnative-pg.github.io/grafana-dashboards
version: "0.0"
description: CloudNativePG Operator Helm Chart
home: https://cloudnative-pg.io
icon: https://raw.githubusercontent.com/cloudnative-pg/artwork/main/cloudnativepg-logo.svg
keywords:
- operator
- controller
- postgresql
- postgres
- database
maintainers:
- email: p.scorsolini@gmail.com
name: phisco
name: cloudnative-pg
sources:
- https://github.com/cloudnative-pg/charts
type: application
version: 0.22.0

View file

@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

File diff suppressed because one or more lines are too long

View file

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

View file

@ -0,0 +1,6 @@
apiVersion: v2
appVersion: 1.16.0
description: CloudNativePG Grafana Cluster Dashboard.
name: cluster
type: application
version: 0.0.2

View file

@ -0,0 +1,59 @@
<!-- THIS FILE IS AUTOMATICALLY GENERATED. Make changes to README.md.gotmpl instead. -->
# cluster
![Version: 0.0.2](https://img.shields.io/badge/Version-0.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square)
![Grafana CloudNativePG Cluster Overview](../../images/overview.png)
Getting Started
---------------
_**Note,** this dashboard is already included in the [CloudNativePG Operator Helm Chart][operator]._
There are 4 ways to use the CloudNativePG Grafana Cluster Dashboard:
0. Install the [CloudNativePG Operator Helm Chart][operator]
1. Install manually via [Grafana.com](https://grafana.com/grafana/dashboards/20417-cloudnativepg/).
2. Install manually via the [Grafana JSON](https://github.com/cloudnative-pg/grafana-dashboards/blob/main/charts/cluster/grafana-dashboard.json):
```
https://raw.githubusercontent.com/cloudnative-pg/grafana-dashboards/main/charts/cluster/grafana-dashboard.json
```
3. Install directly in your cluster as a Helm Chart:
```bash
helm repo add cnpg-grafana https://cloudnative-pg.github.io/grafana-dashboards
helm upgrade
--install \
--namespace monitoring \
cnpg-grafana-cluster cnpg-grafana/cluster
```
2. As as a dependency to an existing chart:
```yaml
dependencies:
- name: cluster
alias: cnpg-grafana-cluster-dashboard
version: "0.0"
repository: https://cloudnative-pg.github.io/grafana-dashboards
```
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| fullnameOverride | string | `""` | |
| grafanaDashboard.annotations | object | `{}` | Annotations that ConfigMaps can have to get configured in Grafana. |
| grafanaDashboard.configMapName | string | `"cnpg-grafana-dashboard"` | The name of the ConfigMap containing the dashboard. |
| grafanaDashboard.labels | object | `{}` | Labels that ConfigMaps should have to get configured in Grafana. |
| grafanaDashboard.namespace | string | `""` | Allows overriding the namespace where the ConfigMap will be created, defaulting to the same one as the Release. |
| grafanaDashboard.sidecarLabel | string | `"grafana_dashboard"` | Label that ConfigMaps should have to be loaded as dashboards. DEPRECATED: Use labels instead. |
| grafanaDashboard.sidecarLabelValue | string | `"1"` | Label value that ConfigMaps should have to be loaded as dashboards. DEPRECATED: Use labels instead. |
| nameOverride | string | `""` | |
[operator]: https://github.com/cloudnative-pg/charts/tree/main/charts/cloudnative-pg

View file

@ -0,0 +1,59 @@
<!-- THIS FILE IS AUTOMATICALLY GENERATED. Make changes to README.md.gotmpl instead. -->
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.badgesSection" . }}
![Grafana CloudNativePG Cluster Overview](../../images/overview.png)
Getting Started
---------------
_**Note,** this dashboard is already included in the [CloudNativePG Operator Helm Chart][operator]._
There are 4 ways to use the CloudNativePG Grafana Cluster Dashboard:
0. Install the [CloudNativePG Operator Helm Chart][operator]
1. Install manually via [Grafana.com](https://grafana.com/grafana/dashboards/20417-cloudnativepg/).
2. Install manually via the [Grafana JSON](https://github.com/cloudnative-pg/grafana-dashboards/blob/main/charts/cluster/grafana-dashboard.json):
```
https://raw.githubusercontent.com/cloudnative-pg/grafana-dashboards/main/charts/cluster/grafana-dashboard.json
```
3. Install directly in your cluster as a Helm Chart:
```bash
helm repo add cnpg-grafana https://cloudnative-pg.github.io/grafana-dashboards
helm upgrade
--install \
--namespace monitoring \
cnpg-grafana-cluster cnpg-grafana/cluster
```
2. As as a dependency to an existing chart:
```yaml
dependencies:
- name: cluster
alias: cnpg-grafana-cluster-dashboard
version: "0.0"
repository: https://cloudnative-pg.github.io/grafana-dashboards
```
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
{{ template "chart.maintainersSection" . }}
{{ template "helm-docs.versionFooter" . }}
[operator]: https://github.com/cloudnative-pg/charts/tree/main/charts/cloudnative-pg

View file

@ -0,0 +1,5 @@
CloudNativePG Grafana Dashboard installed successfully.
{{- if (or .Values.grafanaDashboard.sidecarLabel .Values.grafanaDashboard.sidecarLabelValue) }}
DEPRECATION NOTICE: The grafanaDashboard.sidecarLabel is deprecated and will be removed in a future release. Use the grafanaDashboard.labels instead.
{{- end }}

View file

@ -0,0 +1,21 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Values.grafanaDashboard.configMapName }}
namespace: {{ default .Release.Namespace .Values.grafanaDashboard.namespace }}
{{- if (or .Values.grafanaDashboard.labels .Values.grafanaDashboard.sidecarLabel) }}
labels:
{{- if .Values.grafanaDashboard.sidecarLabel }}
{{ .Values.grafanaDashboard.sidecarLabel }}: {{ .Values.grafanaDashboard.sidecarLabelValue | quote }}
{{- end }}
{{- with .Values.grafanaDashboard.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- with .Values.grafanaDashboard.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
data:
cnp.json: |-
{{ .Files.Get "grafana-dashboard.json" | indent 6 }}

View file

@ -0,0 +1,35 @@
{
"$schema": "http://json-schema.org/schema#",
"type": "object",
"properties": {
"fullnameOverride": {
"type": "string"
},
"grafanaDashboard": {
"type": "object",
"properties": {
"annotations": {
"type": "object"
},
"configMapName": {
"type": "string"
},
"labels": {
"type": "object"
},
"namespace": {
"type": "string"
},
"sidecarLabel": {
"type": "string"
},
"sidecarLabelValue": {
"type": "string"
}
}
},
"nameOverride": {
"type": "string"
}
}
}

View file

@ -0,0 +1,20 @@
# Default values for cluster.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
nameOverride: ""
fullnameOverride: ""
grafanaDashboard:
# -- Allows overriding the namespace where the ConfigMap will be created, defaulting to the same one as the Release.
namespace: ""
# -- The name of the ConfigMap containing the dashboard.
configMapName: "cnpg-grafana-dashboard"
# -- Label that ConfigMaps should have to be loaded as dashboards. DEPRECATED: Use labels instead.
sidecarLabel: "grafana_dashboard"
# -- Label value that ConfigMaps should have to be loaded as dashboards. DEPRECATED: Use labels instead.
sidecarLabelValue: "1"
# -- Labels that ConfigMaps should have to get configured in Grafana.
labels: {}
# -- Annotations that ConfigMaps can have to get configured in Grafana.
annotations: {}

View file

@ -0,0 +1,3 @@
The JSON file has been moved to a dedicated repository for CloudNativePG dashboards located at:
https://github.com/cloudnative-pg/grafana-dashboards/blob/main/charts/cluster/grafana-dashboard.json

View file

@ -0,0 +1,18 @@
CloudNativePG operator should be installed in namespace "{{ .Release.Namespace }}".
You can now create a PostgreSQL cluster with 3 nodes in the current namespace as follows:
cat <<EOF | kubectl apply -f -
# Example of PostgreSQL cluster
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: cluster-example
spec:
instances: 3
storage:
size: 1Gi
EOF
kubectl get cluster

View file

@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "cloudnative-pg.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "cloudnative-pg.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "cloudnative-pg.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "cloudnative-pg.labels" -}}
helm.sh/chart: {{ include "cloudnative-pg.chart" . }}
{{ include "cloudnative-pg.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "cloudnative-pg.selectorLabels" -}}
app.kubernetes.io/name: {{ include "cloudnative-pg.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "cloudnative-pg.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "cloudnative-pg.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

View file

@ -0,0 +1,45 @@
#
# Copyright The CloudNativePG Contributors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
{{- if .Values.config.create }}
{{- if not .Values.config.secret }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Values.config.name }}
labels:
{{- include "cloudnative-pg.labels" . | nindent 4 }}
{{- with .Values.commonAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
data:
{{- toYaml .Values.config.data | nindent 2 }}
{{- else }}
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ .Values.config.name }}
labels:
{{- include "cloudnative-pg.labels" . | nindent 4 }}
{{- with .Values.commonAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
stringData:
{{- toYaml .Values.config.data | nindent 2 }}
{{- end }}
{{- end }}

View file

@ -0,0 +1,147 @@
#
# Copyright The CloudNativePG Contributors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "cloudnative-pg.fullname" . }}
labels:
{{- include "cloudnative-pg.labels" . | nindent 4 }}
{{- with .Values.commonAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "cloudnative-pg.selectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "cloudnative-pg.selectorLabels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.hostNetwork }}
hostNetwork: {{ .Values.hostNetwork }}
{{- end }}
{{- if .Values.dnsPolicy }}
dnsPolicy: {{ .Values.dnsPolicy }}
{{- end }}
containers:
- args:
- controller
- --leader-elect
{{- if .Values.config.name }}
{{- if not .Values.config.secret }}
- --config-map-name={{ .Values.config.name }}
{{- else }}
- --secret-name={{ .Values.config.name }}
{{- end }}
{{- end }}
- --webhook-port={{ .Values.webhook.port }}
{{- range .Values.additionalArgs }}
- {{ . }}
{{- end }}
command:
- /manager
env:
- name: OPERATOR_IMAGE_NAME
value: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
- name: OPERATOR_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: MONITORING_QUERIES_CONFIGMAP
value: "{{ .Values.monitoringQueriesConfigMap.name }}"
{{- if .Values.additionalEnv }}
{{- tpl (.Values.additionalEnv | toYaml) . | nindent 8 }}
{{- end }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
livenessProbe:
httpGet:
path: /readyz
port: {{ .Values.webhook.port }}
scheme: HTTPS
{{- if .Values.webhook.livenessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ .Values.webhook.livenessProbe.initialDelaySeconds }}
{{- end }}
name: manager
ports:
- containerPort: 8080
name: metrics
protocol: TCP
- containerPort: {{ .Values.webhook.port }}
name: webhook-server
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: {{ .Values.webhook.port }}
scheme: HTTPS
{{- if .Values.webhook.readinessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ .Values.webhook.readinessProbe.initialDelaySeconds }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.containerSecurityContext | nindent 10 }}
volumeMounts:
- mountPath: /controller
name: scratch-data
- mountPath: /run/secrets/cnpg.io/webhook
name: webhook-certificates
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
serviceAccountName: {{ include "cloudnative-pg.serviceAccountName" . }}
terminationGracePeriodSeconds: 10
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- emptyDir: {}
name: scratch-data
- name: webhook-certificates
secret:
defaultMode: 420
optional: true
secretName: cnpg-webhook-cert

View file

@ -0,0 +1,29 @@
#
# Copyright The CloudNativePG Contributors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Values.monitoringQueriesConfigMap.name }}
labels:
{{- include "cloudnative-pg.labels" . | nindent 4 }}
cnpg.io/reload: ""
{{- with .Values.commonAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
data:
queries: {{- toYaml .Values.monitoringQueriesConfigMap.queries | nindent 4 }}

View file

@ -0,0 +1,92 @@
#
# Copyright The CloudNativePG Contributors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
{{- if .Values.webhook.mutating.create }}
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: cnpg-mutating-webhook-configuration
{{- with .Values.commonAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "cloudnative-pg.labels" . | nindent 4 }}
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ .Values.service.name }}
namespace: {{ .Release.Namespace }}
path: /mutate-postgresql-cnpg-io-v1-backup
port: {{ .Values.service.port }}
failurePolicy: {{ .Values.webhook.mutating.failurePolicy }}
name: mbackup.cnpg.io
rules:
- apiGroups:
- postgresql.cnpg.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- backups
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ .Values.service.name }}
namespace: {{ .Release.Namespace }}
path: /mutate-postgresql-cnpg-io-v1-cluster
port: {{ .Values.service.port }}
failurePolicy: {{ .Values.webhook.mutating.failurePolicy }}
name: mcluster.cnpg.io
rules:
- apiGroups:
- postgresql.cnpg.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- clusters
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ .Values.service.name }}
namespace: {{ .Release.Namespace }}
path: /mutate-postgresql-cnpg-io-v1-scheduledbackup
port: {{ .Values.service.port }}
failurePolicy: {{ .Values.webhook.mutating.failurePolicy }}
name: mscheduledbackup.cnpg.io
rules:
- apiGroups:
- postgresql.cnpg.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- scheduledbackups
sideEffects: None
{{- end }}

View file

@ -0,0 +1,29 @@
{{- if .Values.monitoring.podMonitorEnabled }}
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: {{ include "cloudnative-pg.fullname" . }}
labels:
{{- include "cloudnative-pg.labels" . | nindent 4 }}
{{- with .Values.monitoring.podMonitorAdditionalLabels }}
{{- toYaml . | nindent 4 }}
{{- end}}
{{- with .Values.commonAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{- include "cloudnative-pg.selectorLabels" . | nindent 6 }}
podMetricsEndpoints:
- port: metrics
{{- with .Values.monitoring.podMonitorMetricRelabelings }}
metricRelabelings:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.monitoring.podMonitorRelabelings }}
relabelings:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}

View file

@ -0,0 +1,439 @@
#
# Copyright The CloudNativePG Contributors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
{{- if .Values.serviceAccount.create }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "cloudnative-pg.serviceAccountName" . }}
labels:
{{- include "cloudnative-pg.labels" . | nindent 4 }}
{{- with .Values.commonAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- if .Values.rbac.create }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "cloudnative-pg.fullname" . }}
labels:
{{- include "cloudnative-pg.labels" . | nindent 4 }}
{{- with .Values.commonAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- pods/status
verbs:
- get
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- secrets/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
verbs:
- get
- patch
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
verbs:
- get
- patch
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- update
- apiGroups:
- monitoring.coreos.com
resources:
- podmonitors
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- postgresql.cnpg.io
resources:
- backups
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- postgresql.cnpg.io
resources:
- backups/status
verbs:
- get
- patch
- update
- apiGroups:
- postgresql.cnpg.io
resources:
- clusterimagecatalogs
verbs:
- get
- list
- watch
- apiGroups:
- postgresql.cnpg.io
resources:
- clusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- postgresql.cnpg.io
resources:
- clusters/finalizers
verbs:
- update
- apiGroups:
- postgresql.cnpg.io
resources:
- clusters/status
verbs:
- get
- patch
- update
- watch
- apiGroups:
- postgresql.cnpg.io
resources:
- imagecatalogs
verbs:
- get
- list
- watch
- apiGroups:
- postgresql.cnpg.io
resources:
- poolers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- postgresql.cnpg.io
resources:
- poolers/finalizers
verbs:
- update
- apiGroups:
- postgresql.cnpg.io
resources:
- poolers/status
verbs:
- get
- patch
- update
- watch
- apiGroups:
- postgresql.cnpg.io
resources:
- scheduledbackups
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- postgresql.cnpg.io
resources:
- scheduledbackups/status
verbs:
- get
- patch
- update
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshots
verbs:
- create
- get
- list
- patch
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "cloudnative-pg.fullname" . }}
labels:
{{- include "cloudnative-pg.labels" . | nindent 4 }}
{{- with .Values.commonAnnotations.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "cloudnative-pg.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "cloudnative-pg.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "cloudnative-pg.fullname" . }}-view
labels:
{{- include "cloudnative-pg.labels" . | nindent 4 }}
{{- if .Values.rbac.aggregateClusterRoles }}
rbac.authorization.k8s.io/aggregate-to-view: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true"
{{- end }}
rules:
- apiGroups:
- postgresql.cnpg.io
resources:
- backups
- clusters
- poolers
- scheduledbackups
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "cloudnative-pg.fullname" . }}-edit
labels:
{{- include "cloudnative-pg.labels" . | nindent 4 }}
{{- if .Values.rbac.aggregateClusterRoles }}
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true"
{{- end }}
rules:
- apiGroups:
- postgresql.cnpg.io
resources:
- backups
- clusters
- poolers
- scheduledbackups
verbs:
- create
- delete
- deletecollection
- patch
- update
---
{{- end }}

View file

@ -0,0 +1,34 @@
#
# Copyright The CloudNativePG Contributors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
---
apiVersion: v1
kind: Service
metadata:
name: {{ .Values.service.name }}
labels:
{{- include "cloudnative-pg.labels" . | nindent 4 }}
{{- with .Values.commonAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: webhook-server
name: webhook-server
selector:
{{- include "cloudnative-pg.selectorLabels" . | nindent 4 }}

View file

@ -0,0 +1,113 @@
#
# Copyright The CloudNativePG Contributors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
{{- if .Values.webhook.validating.create }}
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: cnpg-validating-webhook-configuration
labels:
{{- include "cloudnative-pg.labels" . | nindent 4 }}
{{- with .Values.rbac.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ .Values.service.name }}
namespace: {{ .Release.Namespace }}
path: /validate-postgresql-cnpg-io-v1-backup
port: {{ .Values.service.port }}
failurePolicy: {{ .Values.webhook.validating.failurePolicy }}
name: vbackup.cnpg.io
rules:
- apiGroups:
- postgresql.cnpg.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- backups
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ .Values.service.name }}
namespace: {{ .Release.Namespace }}
path: /validate-postgresql-cnpg-io-v1-cluster
port: {{ .Values.service.port }}
failurePolicy: {{ .Values.webhook.validating.failurePolicy }}
name: vcluster.cnpg.io
rules:
- apiGroups:
- postgresql.cnpg.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- clusters
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ .Values.service.name }}
namespace: {{ .Release.Namespace }}
path: /validate-postgresql-cnpg-io-v1-scheduledbackup
port: {{ .Values.service.port }}
failurePolicy: {{ .Values.webhook.validating.failurePolicy }}
name: vscheduledbackup.cnpg.io
rules:
- apiGroups:
- postgresql.cnpg.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- scheduledbackups
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ .Values.service.name }}
namespace: {{ .Release.Namespace }}
path: /validate-postgresql-cnpg-io-v1-pooler
port: {{ .Values.service.port }}
failurePolicy: {{ .Values.webhook.validating.failurePolicy }}
name: vpooler.cnpg.io
rules:
- apiGroups:
- postgresql.cnpg.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- poolers
sideEffects: None
{{- end }}

View file

@ -0,0 +1,281 @@
{
"$schema": "http://json-schema.org/schema#",
"type": "object",
"properties": {
"additionalArgs": {
"type": "array"
},
"additionalEnv": {
"type": "array"
},
"affinity": {
"type": "object"
},
"commonAnnotations": {
"type": "object"
},
"config": {
"type": "object",
"properties": {
"create": {
"type": "boolean"
},
"data": {
"type": "object"
},
"name": {
"type": "string"
},
"secret": {
"type": "boolean"
}
}
},
"containerSecurityContext": {
"type": "object",
"properties": {
"allowPrivilegeEscalation": {
"type": "boolean"
},
"capabilities": {
"type": "object",
"properties": {
"drop": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"readOnlyRootFilesystem": {
"type": "boolean"
},
"runAsGroup": {
"type": "integer"
},
"runAsUser": {
"type": "integer"
},
"seccompProfile": {
"type": "object",
"properties": {
"type": {
"type": "string"
}
}
}
}
},
"crds": {
"type": "object",
"properties": {
"create": {
"type": "boolean"
}
}
},
"dnsPolicy": {
"type": "string"
},
"fullnameOverride": {
"type": "string"
},
"hostNetwork": {
"type": "boolean"
},
"image": {
"type": "object",
"properties": {
"pullPolicy": {
"type": "string"
},
"repository": {
"type": "string"
},
"tag": {
"type": "string"
}
}
},
"imagePullSecrets": {
"type": "array"
},
"monitoring": {
"type": "object",
"properties": {
"grafanaDashboard": {
"type": "object",
"properties": {
"annotations": {
"type": "object"
},
"configMapName": {
"type": "string"
},
"create": {
"type": "boolean"
},
"labels": {
"type": "object"
},
"namespace": {
"type": "string"
},
"sidecarLabel": {
"type": "string"
},
"sidecarLabelValue": {
"type": "string"
}
}
},
"podMonitorAdditionalLabels": {
"type": "object"
},
"podMonitorEnabled": {
"type": "boolean"
},
"podMonitorMetricRelabelings": {
"type": "array"
},
"podMonitorRelabelings": {
"type": "array"
}
}
},
"monitoringQueriesConfigMap": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"queries": {
"type": "string"
}
}
},
"nameOverride": {
"type": "string"
},
"nodeSelector": {
"type": "object"
},
"podAnnotations": {
"type": "object"
},
"podLabels": {
"type": "object"
},
"podSecurityContext": {
"type": "object",
"properties": {
"runAsNonRoot": {
"type": "boolean"
},
"seccompProfile": {
"type": "object",
"properties": {
"type": {
"type": "string"
}
}
}
}
},
"priorityClassName": {
"type": "string"
},
"rbac": {
"type": "object",
"properties": {
"aggregateClusterRoles": {
"type": "boolean"
},
"create": {
"type": "boolean"
}
}
},
"replicaCount": {
"type": "integer"
},
"resources": {
"type": "object"
},
"service": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"port": {
"type": "integer"
},
"type": {
"type": "string"
}
}
},
"serviceAccount": {
"type": "object",
"properties": {
"create": {
"type": "boolean"
},
"name": {
"type": "string"
}
}
},
"tolerations": {
"type": "array"
},
"webhook": {
"type": "object",
"properties": {
"livenessProbe": {
"type": "object",
"properties": {
"initialDelaySeconds": {
"type": "integer"
}
}
},
"mutating": {
"type": "object",
"properties": {
"create": {
"type": "boolean"
},
"failurePolicy": {
"type": "string"
}
}
},
"port": {
"type": "integer"
},
"readinessProbe": {
"type": "object",
"properties": {
"initialDelaySeconds": {
"type": "integer"
}
}
},
"validating": {
"type": "object",
"properties": {
"create": {
"type": "boolean"
},
"failurePolicy": {
"type": "string"
}
}
}
}
}
}
}

View file

@ -0,0 +1,628 @@
#
# Copyright The CloudNativePG Contributors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Default values for CloudNativePG.
# This is a YAML-formatted file.
# Please declare variables to be passed to your templates.
replicaCount: 1
image:
repository: ghcr.io/cloudnative-pg/cloudnative-pg
pullPolicy: IfNotPresent
# -- Overrides the image tag whose default is the chart appVersion.
tag: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
hostNetwork: false
dnsPolicy: ""
crds:
# -- Specifies whether the CRDs should be created when installing the chart.
create: true
# -- The webhook configuration.
webhook:
port: 9443
mutating:
create: true
failurePolicy: Fail
validating:
create: true
failurePolicy: Fail
livenessProbe:
initialDelaySeconds: 3
readinessProbe:
initialDelaySeconds: 3
# -- Operator configuration.
config:
# -- Specifies whether the secret should be created.
create: true
# -- The name of the configmap/secret to use.
name: cnpg-controller-manager-config
# -- Specifies whether it should be stored in a secret, instead of a configmap.
secret: false
# -- The content of the configmap/secret, see
# https://cloudnative-pg.io/documentation/current/operator_conf/#available-options
# for all the available options.
data: {}
# INHERITED_ANNOTATIONS: categories
# INHERITED_LABELS: environment, workload, app
# WATCH_NAMESPACE: namespace-a,namespace-b
# -- Additinal arguments to be added to the operator's args list.
additionalArgs: []
# -- Array containing extra environment variables which can be templated.
# For example:
# - name: RELEASE_NAME
# value: "{{ .Release.Name }}"
# - name: MY_VAR
# value: "mySpecialKey"
additionalEnv: []
serviceAccount:
# -- Specifies whether the service account should be created.
create: true
# -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template.
name: ""
rbac:
# -- Specifies whether ClusterRole and ClusterRoleBinding should be created.
create: true
# -- Aggregate ClusterRoles to Kubernetes default user-facing roles.
# Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
aggregateClusterRoles: false
# -- Annotations to be added to all other resources.
commonAnnotations: {}
# -- Annotations to be added to the pod.
podAnnotations: {}
# -- Labels to be added to the pod.
podLabels: {}
# -- Container Security Context.
containerSecurityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 10001
runAsGroup: 10001
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- "ALL"
# -- Security Context for the whole pod.
podSecurityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
# fsGroup: 2000
# -- Priority indicates the importance of a Pod relative to other Pods.
priorityClassName: ""
service:
type: ClusterIP
# -- DO NOT CHANGE THE SERVICE NAME as it is currently used to generate the certificate
# and can not be configured
name: cnpg-webhook-service
port: 443
resources: {}
# If you want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
#
# limits:
# cpu: 100m
# memory: 200Mi
# requests:
# cpu: 100m
# memory: 100Mi
# -- Nodeselector for the operator to be installed.
nodeSelector: {}
# -- Tolerations for the operator to be installed.
tolerations: []
# -- Affinity for the operator to be installed.
affinity: {}
monitoring:
# -- Specifies whether the monitoring should be enabled. Requires Prometheus Operator CRDs.
podMonitorEnabled: false
# -- Metrics relabel configurations to apply to samples before ingestion.
podMonitorMetricRelabelings: []
# -- Relabel configurations to apply to samples before scraping.
podMonitorRelabelings: []
# -- Additional labels for the podMonitor
podMonitorAdditionalLabels: {}
grafanaDashboard:
create: false
# -- Allows overriding the namespace where the ConfigMap will be created, defaulting to the same one as the Release.
namespace: ""
# -- The name of the ConfigMap containing the dashboard.
configMapName: "cnpg-grafana-dashboard"
# -- Label that ConfigMaps should have to be loaded as dashboards. DEPRECATED: Use labels instead.
sidecarLabel: "grafana_dashboard"
# -- Label value that ConfigMaps should have to be loaded as dashboards. DEPRECATED: Use labels instead.
sidecarLabelValue: "1"
# -- Labels that ConfigMaps should have to get configured in Grafana.
labels: {}
# -- Annotations that ConfigMaps can have to get configured in Grafana.
annotations: {}
# Default monitoring queries
monitoringQueriesConfigMap:
# -- The name of the default monitoring configmap.
name: cnpg-default-monitoring
# -- A string representation of a YAML defining monitoring queries.
queries: |
backends:
query: |
SELECT sa.datname
, sa.usename
, sa.application_name
, states.state
, COALESCE(sa.count, 0) AS total
, COALESCE(sa.max_tx_secs, 0) AS max_tx_duration_seconds
FROM ( VALUES ('active')
, ('idle')
, ('idle in transaction')
, ('idle in transaction (aborted)')
, ('fastpath function call')
, ('disabled')
) AS states(state)
LEFT JOIN (
SELECT datname
, state
, usename
, COALESCE(application_name, '') AS application_name
, COUNT(*)
, COALESCE(EXTRACT (EPOCH FROM (max(now() - xact_start))), 0) AS max_tx_secs
FROM pg_catalog.pg_stat_activity
GROUP BY datname, state, usename, application_name
) sa ON states.state = sa.state
WHERE sa.usename IS NOT NULL
metrics:
- datname:
usage: "LABEL"
description: "Name of the database"
- usename:
usage: "LABEL"
description: "Name of the user"
- application_name:
usage: "LABEL"
description: "Name of the application"
- state:
usage: "LABEL"
description: "State of the backend"
- total:
usage: "GAUGE"
description: "Number of backends"
- max_tx_duration_seconds:
usage: "GAUGE"
description: "Maximum duration of a transaction in seconds"
backends_waiting:
query: |
SELECT count(*) AS total
FROM pg_catalog.pg_locks blocked_locks
JOIN pg_catalog.pg_locks blocking_locks
ON blocking_locks.locktype = blocked_locks.locktype
AND blocking_locks.database IS NOT DISTINCT FROM blocked_locks.database
AND blocking_locks.relation IS NOT DISTINCT FROM blocked_locks.relation
AND blocking_locks.page IS NOT DISTINCT FROM blocked_locks.page
AND blocking_locks.tuple IS NOT DISTINCT FROM blocked_locks.tuple
AND blocking_locks.virtualxid IS NOT DISTINCT FROM blocked_locks.virtualxid
AND blocking_locks.transactionid IS NOT DISTINCT FROM blocked_locks.transactionid
AND blocking_locks.classid IS NOT DISTINCT FROM blocked_locks.classid
AND blocking_locks.objid IS NOT DISTINCT FROM blocked_locks.objid
AND blocking_locks.objsubid IS NOT DISTINCT FROM blocked_locks.objsubid
AND blocking_locks.pid != blocked_locks.pid
JOIN pg_catalog.pg_stat_activity blocking_activity ON blocking_activity.pid = blocking_locks.pid
WHERE NOT blocked_locks.granted
metrics:
- total:
usage: "GAUGE"
description: "Total number of backends that are currently waiting on other queries"
pg_database:
query: |
SELECT datname
, pg_catalog.pg_database_size(datname) AS size_bytes
, pg_catalog.age(datfrozenxid) AS xid_age
, pg_catalog.mxid_age(datminmxid) AS mxid_age
FROM pg_catalog.pg_database
WHERE datallowconn
metrics:
- datname:
usage: "LABEL"
description: "Name of the database"
- size_bytes:
usage: "GAUGE"
description: "Disk space used by the database"
- xid_age:
usage: "GAUGE"
description: "Number of transactions from the frozen XID to the current one"
- mxid_age:
usage: "GAUGE"
description: "Number of multiple transactions (Multixact) from the frozen XID to the current one"
pg_postmaster:
query: |
SELECT EXTRACT(EPOCH FROM pg_postmaster_start_time) AS start_time
FROM pg_catalog.pg_postmaster_start_time()
metrics:
- start_time:
usage: "GAUGE"
description: "Time at which postgres started (based on epoch)"
pg_replication:
query: "SELECT CASE WHEN (
NOT pg_catalog.pg_is_in_recovery()
OR pg_catalog.pg_last_wal_receive_lsn() = pg_catalog.pg_last_wal_replay_lsn())
THEN 0
ELSE GREATEST (0,
EXTRACT(EPOCH FROM (now() - pg_catalog.pg_last_xact_replay_timestamp())))
END AS lag,
pg_catalog.pg_is_in_recovery() AS in_recovery,
EXISTS (TABLE pg_stat_wal_receiver) AS is_wal_receiver_up,
(SELECT count(*) FROM pg_catalog.pg_stat_replication) AS streaming_replicas"
metrics:
- lag:
usage: "GAUGE"
description: "Replication lag behind primary in seconds"
- in_recovery:
usage: "GAUGE"
description: "Whether the instance is in recovery"
- is_wal_receiver_up:
usage: "GAUGE"
description: "Whether the instance wal_receiver is up"
- streaming_replicas:
usage: "GAUGE"
description: "Number of streaming replicas connected to the instance"
pg_replication_slots:
query: |
SELECT slot_name,
slot_type,
database,
active,
(CASE pg_catalog.pg_is_in_recovery()
WHEN TRUE THEN pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_last_wal_receive_lsn(), restart_lsn)
ELSE pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), restart_lsn)
END) as pg_wal_lsn_diff
FROM pg_catalog.pg_replication_slots
WHERE NOT temporary
metrics:
- slot_name:
usage: "LABEL"
description: "Name of the replication slot"
- slot_type:
usage: "LABEL"
description: "Type of the replication slot"
- database:
usage: "LABEL"
description: "Name of the database"
- active:
usage: "GAUGE"
description: "Flag indicating whether the slot is active"
- pg_wal_lsn_diff:
usage: "GAUGE"
description: "Replication lag in bytes"
pg_stat_archiver:
query: |
SELECT archived_count
, failed_count
, COALESCE(EXTRACT(EPOCH FROM (now() - last_archived_time)), -1) AS seconds_since_last_archival
, COALESCE(EXTRACT(EPOCH FROM (now() - last_failed_time)), -1) AS seconds_since_last_failure
, COALESCE(EXTRACT(EPOCH FROM last_archived_time), -1) AS last_archived_time
, COALESCE(EXTRACT(EPOCH FROM last_failed_time), -1) AS last_failed_time
, COALESCE(CAST(CAST('x'||pg_catalog.right(pg_catalog.split_part(last_archived_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_archived_wal_start_lsn
, COALESCE(CAST(CAST('x'||pg_catalog.right(pg_catalog.split_part(last_failed_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_failed_wal_start_lsn
, EXTRACT(EPOCH FROM stats_reset) AS stats_reset_time
FROM pg_catalog.pg_stat_archiver
metrics:
- archived_count:
usage: "COUNTER"
description: "Number of WAL files that have been successfully archived"
- failed_count:
usage: "COUNTER"
description: "Number of failed attempts for archiving WAL files"
- seconds_since_last_archival:
usage: "GAUGE"
description: "Seconds since the last successful archival operation"
- seconds_since_last_failure:
usage: "GAUGE"
description: "Seconds since the last failed archival operation"
- last_archived_time:
usage: "GAUGE"
description: "Epoch of the last time WAL archiving succeeded"
- last_failed_time:
usage: "GAUGE"
description: "Epoch of the last time WAL archiving failed"
- last_archived_wal_start_lsn:
usage: "GAUGE"
description: "Archived WAL start LSN"
- last_failed_wal_start_lsn:
usage: "GAUGE"
description: "Last failed WAL LSN"
- stats_reset_time:
usage: "GAUGE"
description: "Time at which these statistics were last reset"
pg_stat_bgwriter:
runonserver: "<17.0.0"
query: |
SELECT checkpoints_timed
, checkpoints_req
, checkpoint_write_time
, checkpoint_sync_time
, buffers_checkpoint
, buffers_clean
, maxwritten_clean
, buffers_backend
, buffers_backend_fsync
, buffers_alloc
FROM pg_catalog.pg_stat_bgwriter
metrics:
- checkpoints_timed:
usage: "COUNTER"
description: "Number of scheduled checkpoints that have been performed"
- checkpoints_req:
usage: "COUNTER"
description: "Number of requested checkpoints that have been performed"
- checkpoint_write_time:
usage: "COUNTER"
description: "Total amount of time that has been spent in the portion of checkpoint processing where files are written to disk, in milliseconds"
- checkpoint_sync_time:
usage: "COUNTER"
description: "Total amount of time that has been spent in the portion of checkpoint processing where files are synchronized to disk, in milliseconds"
- buffers_checkpoint:
usage: "COUNTER"
description: "Number of buffers written during checkpoints"
- buffers_clean:
usage: "COUNTER"
description: "Number of buffers written by the background writer"
- maxwritten_clean:
usage: "COUNTER"
description: "Number of times the background writer stopped a cleaning scan because it had written too many buffers"
- buffers_backend:
usage: "COUNTER"
description: "Number of buffers written directly by a backend"
- buffers_backend_fsync:
usage: "COUNTER"
description: "Number of times a backend had to execute its own fsync call (normally the background writer handles those even when the backend does its own write)"
- buffers_alloc:
usage: "COUNTER"
description: "Number of buffers allocated"
pg_stat_bgwriter_17:
runonserver: ">=17.0.0"
name: pg_stat_bgwriter
query: |
SELECT buffers_clean
, maxwritten_clean
, buffers_alloc
, EXTRACT(EPOCH FROM stats_reset) AS stats_reset_time
FROM pg_catalog.pg_stat_bgwriter
metrics:
- buffers_clean:
usage: "COUNTER"
description: "Number of buffers written by the background writer"
- maxwritten_clean:
usage: "COUNTER"
description: "Number of times the background writer stopped a cleaning scan because it had written too many buffers"
- buffers_alloc:
usage: "COUNTER"
description: "Number of buffers allocated"
- stats_reset_time:
usage: "GAUGE"
description: "Time at which these statistics were last reset"
pg_stat_checkpointer:
runonserver: ">=17.0.0"
query: |
SELECT num_timed AS checkpoints_timed
, num_requested AS checkpoints_req
, restartpoints_timed
, restartpoints_req
, restartpoints_done
, write_time
, sync_time
, buffers_written
, EXTRACT(EPOCH FROM stats_reset) AS stats_reset_time
FROM pg_catalog.pg_stat_checkpointer
metrics:
- checkpoints_timed:
usage: "COUNTER"
description: "Number of scheduled checkpoints that have been performed"
- checkpoints_req:
usage: "COUNTER"
description: "Number of requested checkpoints that have been performed"
- restartpoints_timed:
usage: "COUNTER"
description: "Number of scheduled restartpoints due to timeout or after a failed attempt to perform it"
- restartpoints_req:
usage: "COUNTER"
description: "Number of requested restartpoints that have been performed"
- restartpoints_done:
usage: "COUNTER"
description: "Number of restartpoints that have been performed"
- write_time:
usage: "COUNTER"
description: "Total amount of time that has been spent in the portion of processing checkpoints and restartpoints where files are written to disk, in milliseconds"
- sync_time:
usage: "COUNTER"
description: "Total amount of time that has been spent in the portion of processing checkpoints and restartpoints where files are synchronized to disk, in milliseconds"
- buffers_written:
usage: "COUNTER"
description: "Number of buffers written during checkpoints and restartpoints"
- stats_reset_time:
usage: "GAUGE"
description: "Time at which these statistics were last reset"
pg_stat_database:
query: |
SELECT datname
, xact_commit
, xact_rollback
, blks_read
, blks_hit
, tup_returned
, tup_fetched
, tup_inserted
, tup_updated
, tup_deleted
, conflicts
, temp_files
, temp_bytes
, deadlocks
, blk_read_time
, blk_write_time
FROM pg_catalog.pg_stat_database
metrics:
- datname:
usage: "LABEL"
description: "Name of this database"
- xact_commit:
usage: "COUNTER"
description: "Number of transactions in this database that have been committed"
- xact_rollback:
usage: "COUNTER"
description: "Number of transactions in this database that have been rolled back"
- blks_read:
usage: "COUNTER"
description: "Number of disk blocks read in this database"
- blks_hit:
usage: "COUNTER"
description: "Number of times disk blocks were found already in the buffer cache, so that a read was not necessary (this only includes hits in the PostgreSQL buffer cache, not the operating system's file system cache)"
- tup_returned:
usage: "COUNTER"
description: "Number of rows returned by queries in this database"
- tup_fetched:
usage: "COUNTER"
description: "Number of rows fetched by queries in this database"
- tup_inserted:
usage: "COUNTER"
description: "Number of rows inserted by queries in this database"
- tup_updated:
usage: "COUNTER"
description: "Number of rows updated by queries in this database"
- tup_deleted:
usage: "COUNTER"
description: "Number of rows deleted by queries in this database"
- conflicts:
usage: "COUNTER"
description: "Number of queries canceled due to conflicts with recovery in this database"
- temp_files:
usage: "COUNTER"
description: "Number of temporary files created by queries in this database"
- temp_bytes:
usage: "COUNTER"
description: "Total amount of data written to temporary files by queries in this database"
- deadlocks:
usage: "COUNTER"
description: "Number of deadlocks detected in this database"
- blk_read_time:
usage: "COUNTER"
description: "Time spent reading data file blocks by backends in this database, in milliseconds"
- blk_write_time:
usage: "COUNTER"
description: "Time spent writing data file blocks by backends in this database, in milliseconds"
pg_stat_replication:
primary: true
query: |
SELECT usename
, COALESCE(application_name, '') AS application_name
, COALESCE(client_addr::text, '') AS client_addr
, COALESCE(client_port::text, '') AS client_port
, EXTRACT(EPOCH FROM backend_start) AS backend_start
, COALESCE(pg_catalog.age(backend_xmin), 0) AS backend_xmin_age
, pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), sent_lsn) AS sent_diff_bytes
, pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), write_lsn) AS write_diff_bytes
, pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), flush_lsn) AS flush_diff_bytes
, COALESCE(pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), replay_lsn),0) AS replay_diff_bytes
, COALESCE((EXTRACT(EPOCH FROM write_lag)),0)::float AS write_lag_seconds
, COALESCE((EXTRACT(EPOCH FROM flush_lag)),0)::float AS flush_lag_seconds
, COALESCE((EXTRACT(EPOCH FROM replay_lag)),0)::float AS replay_lag_seconds
FROM pg_catalog.pg_stat_replication
metrics:
- usename:
usage: "LABEL"
description: "Name of the replication user"
- application_name:
usage: "LABEL"
description: "Name of the application"
- client_addr:
usage: "LABEL"
description: "Client IP address"
- client_port:
usage: "LABEL"
description: "Client TCP port"
- backend_start:
usage: "COUNTER"
description: "Time when this process was started"
- backend_xmin_age:
usage: "COUNTER"
description: "The age of this standby's xmin horizon"
- sent_diff_bytes:
usage: "GAUGE"
description: "Difference in bytes from the last write-ahead log location sent on this connection"
- write_diff_bytes:
usage: "GAUGE"
description: "Difference in bytes from the last write-ahead log location written to disk by this standby server"
- flush_diff_bytes:
usage: "GAUGE"
description: "Difference in bytes from the last write-ahead log location flushed to disk by this standby server"
- replay_diff_bytes:
usage: "GAUGE"
description: "Difference in bytes from the last write-ahead log location replayed into the database on this standby server"
- write_lag_seconds:
usage: "GAUGE"
description: "Time elapsed between flushing recent WAL locally and receiving notification that this standby server has written it"
- flush_lag_seconds:
usage: "GAUGE"
description: "Time elapsed between flushing recent WAL locally and receiving notification that this standby server has written and flushed it"
- replay_lag_seconds:
usage: "GAUGE"
description: "Time elapsed between flushing recent WAL locally and receiving notification that this standby server has written, flushed and applied it"
pg_settings:
query: |
SELECT name,
CASE setting WHEN 'on' THEN '1' WHEN 'off' THEN '0' ELSE setting END AS setting
FROM pg_catalog.pg_settings
WHERE vartype IN ('integer', 'real', 'bool')
ORDER BY 1
metrics:
- name:
usage: "LABEL"
description: "Name of the setting"
- setting:
usage: "GAUGE"
description: "Setting value"

View file

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

View file

@ -0,0 +1,8 @@
apiVersion: v2
appVersion: 1.3.3
description: 'A Helm chart for the External Postgres operator helm repo add ext-postgres-operator
https://movetokube.github.io/postgres-operator/ helm upgrade --install -n operators
ext-postgres-operator ext-postgres-operator/ext-postgres-operator --version 1.2.3 '
name: ext-postgres-operator
type: application
version: 1.2.6

View file

@ -0,0 +1,90 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: postgres.db.movetokube.com
spec:
group: db.movetokube.com
names:
kind: Postgres
listKind: PostgresList
plural: postgres
singular: postgres
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: Postgres is the Schema for the postgres API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: PostgresSpec defines the desired state of Postgres
properties:
database:
type: string
dropOnDelete:
type: boolean
extensions:
items:
type: string
type: array
x-kubernetes-list-type: set
masterRole:
type: string
schemas:
items:
type: string
type: array
x-kubernetes-list-type: set
required:
- database
type: object
status:
description: PostgresStatus defines the observed state of Postgres
properties:
extensions:
items:
type: string
type: array
x-kubernetes-list-type: set
roles:
description: PostgresRoles stores the different group roles for database
properties:
owner:
type: string
reader:
type: string
writer:
type: string
required:
- owner
- reader
- writer
type: object
schemas:
items:
type: string
type: array
x-kubernetes-list-type: set
succeeded:
type: boolean
required:
- roles
- succeeded
type: object
type: object
served: true
storage: true
subresources:
status: {}

View file

@ -0,0 +1,79 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: postgresusers.db.movetokube.com
spec:
group: db.movetokube.com
names:
kind: PostgresUser
listKind: PostgresUserList
plural: postgresusers
singular: postgresuser
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: PostgresUser is the Schema for the postgresusers API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: PostgresUserSpec defines the desired state of PostgresUser
properties:
annotations:
additionalProperties:
type: string
type: object
database:
type: string
privileges:
type: string
role:
type: string
secretName:
type: string
secretTemplate:
additionalProperties:
type: string
type: object
required:
- database
- role
- secretName
type: object
status:
description: PostgresUserStatus defines the observed state of PostgresUser
properties:
databaseName:
type: string
postgresGroup:
type: string
postgresLogin:
type: string
postgresRole:
type: string
succeeded:
type: boolean
required:
- databaseName
- postgresGroup
- postgresLogin
- postgresRole
- succeeded
type: object
type: object
served: true
storage: true
subresources:
status: {}

View file

@ -0,0 +1,63 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "chart.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "chart.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "chart.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "chart.labels" -}}
helm.sh/chart: {{ include "chart.chart" . }}
{{ include "chart.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "chart.selectorLabels" -}}
app.kubernetes.io/name: {{ include "chart.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{- define "chart.selectorLabelsDev" -}}
app.kubernetes.io/name: {{ include "chart.name" . }}-dev
app.kubernetes.io/instance: {{ .Release.Name }}-dev
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "chart.serviceAccountName" -}}
{{- default (include "chart.fullname" .) .Values.serviceAccount.name }}
{{- end }}

View file

@ -0,0 +1,67 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "chart.fullname" . }}
labels:
{{- include "chart.labels" . | nindent 4 }}
namespace: {{ .Release.Namespace }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "chart.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "chart.selectorLabels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ include "chart.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
command:
- postgres-operator
imagePullPolicy: {{ .Values.image.pullPolicy }}
envFrom:
- secretRef:
{{- if .Values.existingSecret }}
name: {{ .Values.existingSecret }}
{{- else }}
name: {{ include "chart.fullname" . }}
{{- end }}
env:
- name: WATCH_NAMESPACE
value: {{ .Values.watchNamespace | default "" }}
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: {{ include "chart.fullname" . }}
{{- range $key, $value := .Values.env }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- if .Values.volumeMounts }}
volumeMounts:
{{- toYaml .Values.volumeMounts | nindent 12 }}
{{- end }}
{{- if .Values.volumes }}
volumes:
{{- toYaml .Values.volumes | nindent 8 }}
{{- end }}
nodeSelector:
{{- toYaml .Values.nodeSelector | nindent 8 }}
tolerations:
{{- toYaml .Values.tolerations | nindent 8 }}

View file

@ -0,0 +1,42 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "chart.fullname" . }}
labels:
{{- include "chart.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- pods
- services
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
verbs:
- '*'
- apiGroups:
- apps
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
verbs:
- '*'
- apiGroups:
- apps
resourceNames:
- ext-postgres-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- db.movetokube.com
resources:
- '*'
verbs:
- '*'

View file

@ -0,0 +1,14 @@
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "chart.fullname" . }}
labels:
{{- include "chart.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "chart.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ include "chart.serviceAccountName" . }}
apiGroup: rbac.authorization.k8s.io

View file

@ -0,0 +1,20 @@
{{- if (not .Values.existingSecret) }}
---
apiVersion: v1
kind: Secret
metadata:
annotations:
"helm.sh/resource-policy": keep
name: {{ include "chart.fullname" . }}
namespace: {{ .Release.namespace }}
labels:
{{- include "chart.labels" . | nindent 4 }}
type: Opaque
data:
POSTGRES_HOST: {{ .Values.postgres.host | b64enc | quote }}
POSTGRES_USER: {{ .Values.postgres.user | b64enc | quote }}
POSTGRES_PASS: {{ .Values.postgres.password | b64enc | quote }}
POSTGRES_URI_ARGS: {{ .Values.postgres.uri_args | b64enc | quote }}
POSTGRES_CLOUD_PROVIDER: {{ .Values.postgres.cloud_provider | b64enc | quote }}
POSTGRES_DEFAULT_DATABASE: {{ .Values.postgres.default_database | b64enc | quote }}
{{- end }}

View file

@ -0,0 +1,12 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "chart.serviceAccountName" . }}
labels:
{{- include "chart.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
namespace: {{ .Release.Namespace }}

View file

@ -0,0 +1,77 @@
# Default values for chart.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: ghcr.io/movetokube/postgres-operator
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
# Override chart name, defaults to Chart.name
nameOverride: ""
# Full chart name override
fullnameOverride: ""
serviceAccount:
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
# Additionnal labels to add to the pod.
podLabels: {}
podSecurityContext: {}
# fsGroup: 2000
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Which namespace to watch in kubernetes, empty string means all namespaces
watchNamespace: ""
# Define connection to postgres database server
postgres:
# postgres hostname
host: "localhost"
# postgres admin user and password
user: "admin"
password: "password"
# additional connection args to pg driver
uri_args: ""
# postgres cloud provider, could be AWS, Azure, GCP or empty (default)
cloud_provider: ""
# default database to use
default_database: "postgres"
# Volumes to add to the pod.
volumes: []
# Volumes to mount onto the pod.
volumeMounts: []
# Existing secret where values to connect to Postgres are defined.
# If not set a new secret will be created, filled with information under the postgres key above.
existingSecret: ""
# Additionnal environment variables to add to the pod (map of key / value)
env: {}
nodeSelector: {}
tolerations: []

View file

@ -2,12 +2,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- resources/namespace.yaml
- resources/secrets/ext-pgo-creds.yaml - resources/secrets/ext-pgo-creds.yaml
- resources/secrets/ext-pgo-admin.yaml - resources/secrets/ext-pgo-admin.yaml
- resources/secrets/cnpg-backup-creds.yaml
- resources/cluster.yaml
- resources/backup.yaml
- resources/pool.yaml
helmCharts: helmCharts:
- releaseName: cnpg - releaseName: cnpg
@ -23,5 +20,5 @@ helmCharts:
repo: https://movetokube.github.io/postgres-operator/ repo: https://movetokube.github.io/postgres-operator/
version: 1.2.6 version: 1.2.6
valuesFile: config/values.ext-pgo.yaml valuesFile: config/values.ext-pgo.yaml
namespace: postgres namespace: postgres-system
includeCRDs: true includeCRDs: true

View file

@ -0,0 +1,14 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: postgres-system
labels:
prometheus: default
---
apiVersion: v1
kind: Namespace
metadata:
name: postgres
labels:
prometheus: default

Binary file not shown.

Binary file not shown.

View file

@ -1,63 +0,0 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: app-cluster
namespace: postgres
spec:
instances: 2
postgresql:
parameters:
max_connections: "150"
managed:
roles:
- name: ext_pgo_admin
ensure: present
login: true
superuser: true
createrole: true
createdb: true
inherit: true
connectionLimit: -1
passwordSecret:
name: ext-pgo-admin
storage:
size: 12Gi
storageClass: hcloud-volumes
backup:
barmanObjectStore:
destinationPath: "s3://cnpg/app-cluster/"
endpointURL: "http://garage.garage.svc:3900"
s3Credentials:
accessKeyId:
name: cnpg-backup-creds
key: ACCESS_KEY_ID
secretAccessKey:
name: cnpg-backup-creds
key: ACCESS_SECRET_KEY
region:
name: cnpg-backup-creds
key: AWS_REGION
wal:
compression: snappy
retentionPolicy: "30d"
resources:
requests:
cpu: 100m
memory: 600Mi
limits:
cpu: 500m
memory: 900Mi
affinity:
enablePodAntiAffinity: true
topologyKey: kubernetes.io/hostname
podAntiAffinityType: preferred
enablePDB: true
monitoring:
enablePodMonitor: true

View file

@ -1,8 +0,0 @@
age-encryption.org/v1
-> X25519 SQkKLcgCsGBZ6FM800HldDftkLV/u53xliCGnGU6Gz0
TvQkvxIdoIydgUshJXYai2pJjo/GsEklyGfba/zj31Y
-> X25519 V60zpoLahYcT/dGVnixvv471qCE8xAOP+LoAdq04ryM
q7iTcIfP6xgpJaQZJuW0kpY9dEwbwsleyyorsFK4atA
--- W40yHxyT9ZMPvnQ0WYg7K1sG0qd4loHmyW6HYZL5zBM
#Wøü5+D`éHUŠdNSÆ<53>f.vC]uÎö•ù"¼ègÙÝüfp:¬<C2AC>ϬNB”æ<E2809D>vúõè¢ O%3cÖòQü9m (ÓEäùØK µ×4ÞÌùgÜžo&€vztëPÞˆþñ2 ºª <02>æð>&Z{Î'<27>§QôÉj<C389>Ä:ƒ¡ø܈‡ ƒæ"Céœk¤£ÚÄ)Þ‰V1åÎÏV]
¥å·õñÄ'°s¨w±~ÊoEƒûæ•F¾hÍS }'&[ÞlÍÝÖUM×îÃ=ÿwŽ

View file

@ -50,16 +50,16 @@ gitea:
DOMAIN: code.icb4dc0.de DOMAIN: code.icb4dc0.de
PROTOCOL: http PROTOCOL: http
ROOT_URL: https://code.icb4dc0.de/ ROOT_URL: https://code.icb4dc0.de/
LFS_START_SERVER: 'true' LFS_START_SERVER: "true"
LANDING_PAGE: explore LANDING_PAGE: explore
ENABLE_GZIP: 'true' ENABLE_GZIP: "true"
ENABLE_PPROF: 'true' ENABLE_PPROF: "true"
SSH_LISTEN_PORT: 2222 SSH_LISTEN_PORT: 2222
service: service:
DISABLE_REGISTRATION: 'true' DISABLE_REGISTRATION: "true"
DEFAULT_KEEP_EMAIL_PRIVATE: 'true' DEFAULT_KEEP_EMAIL_PRIVATE: "true"
DEFAULT_ALLOW_CREATE_ORGANIZATION: 'false' DEFAULT_ALLOW_CREATE_ORGANIZATION: "false"
DEFAULT_USER_IS_RESTRICTED: 'true' DEFAULT_USER_IS_RESTRICTED: "true"
session: session:
PROVIDER: redis PROVIDER: redis
PROVIDER_CONFIG: redis://forgejo-session.forgejo.svc:6379/0?pool_size=100&idle_timeout=180s& PROVIDER_CONFIG: redis://forgejo-session.forgejo.svc:6379/0?pool_size=100&idle_timeout=180s&
@ -68,11 +68,11 @@ gitea:
MINIO_ENDPOINT: garage.garage.svc:3900 MINIO_ENDPOINT: garage.garage.svc:3900
MINIO_BUCKET: forgejo MINIO_BUCKET: forgejo
MINIO_LOCATION: hel1 MINIO_LOCATION: hel1
MINIO_USE_SSL: 'false' MINIO_USE_SSL: "false"
indexer: indexer:
ISSUE_INDEXER_TYPE: meilisearch ISSUE_INDEXER_TYPE: meilisearch
ISSUE_INDEXER_NAME: gitea_issues ISSUE_INDEXER_NAME: gitea_issues
REPO_INDEXER_ENABLED: 'true' REPO_INDEXER_ENABLED: "true"
REPO_INDEXER_REPO_TYPES: sources,forks,mirrors,templates REPO_INDEXER_REPO_TYPES: sources,forks,mirrors,templates
REPO_INDEXER_TYPE: bleve REPO_INDEXER_TYPE: bleve
REPO_INDEXER_PATH: indexers/repos.bleve REPO_INDEXER_PATH: indexers/repos.bleve
@ -84,16 +84,16 @@ gitea:
MINIO_ENDPOINT: garage.garage.svc:3900 MINIO_ENDPOINT: garage.garage.svc:3900
MINIO_BUCKET: forgejo MINIO_BUCKET: forgejo
MINIO_LOCATION: hel1 MINIO_LOCATION: hel1
MINIO_USE_SSL: 'false' MINIO_USE_SSL: "false"
actions: actions:
ENABLED: 'true' ENABLED: "true"
DEFAULT_ACTIONS_URL: github DEFAULT_ACTIONS_URL: github
STORAGE_TYPE: minio STORAGE_TYPE: minio
database: database:
DB_TYPE: postgres DB_TYPE: postgres
HOST: app-cluster-pooler-rw.postgres.svc HOST: app-cluster-pooler-rw.postgres.svc
NAME: forgejo NAME: forgejo
USER: forgejo-6a95jj USER: forgejo-Dkh0h3
SSL_MODE: require SSL_MODE: require
log_sql: "false" log_sql: "false"
cache: cache:
@ -121,7 +121,7 @@ affinity:
- weight: 1 - weight: 1
preference: preference:
matchExpressions: matchExpressions:
- key: kubernetes.io/arch - key: kubernetes.io/arch
operator: In operator: In
values: values:
- arm64 - arm64

View file

@ -2,29 +2,29 @@
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: sync-garage-snips name: sync-garage-blog
namespace: garage namespace: garage
spec: spec:
ttlSecondsAfterFinished: 100 ttlSecondsAfterFinished: 100
template: template:
spec: spec:
containers: containers:
- name: rclone - name: rclone
image: rclone/rclone image: rclone/rclone
args: args:
- sync - sync
- -P - -P
- --update - --update
- --no-update-modtime - --no-update-modtime
- --no-update-dir-modtime - --no-update-dir-modtime
- --ignore-errors - --ignore-errors
- -s3-upload-concurrency 64 - -s3-upload-concurrency 64
- -v - -v
- r2:backup/snips - garage:blog
- garage:backup/snips - hcloud:1661580-blog
volumeMounts: volumeMounts:
- name: rclone-config - name: rclone-config
mountPath: /config/rclone mountPath: /config/rclone
restartPolicy: Never restartPolicy: Never
volumes: volumes:
- name: rclone-config - name: rclone-config