├── .gitignore ├── files ├── default.conf └── docker-entrypoint-initdb.d │ ├── 1_demodb.sh │ ├── world.sql │ └── 2_create-anon-role.sql ├── templates ├── serviceaccount.yaml ├── service.yaml ├── tests │ └── test-connection.yaml ├── configmap.yaml ├── ingress.yaml ├── NOTES.txt ├── _helpers.tpl └── deployment.yaml ├── postgrest.conf ├── Chart.yaml ├── Dockerfile ├── README.md ├── LICENSE └── values.yaml /.gitignore: -------------------------------------------------------------------------------- 1 | charts/*.tgz 2 | requirements.lock 3 | -------------------------------------------------------------------------------- /files/default.conf: -------------------------------------------------------------------------------- 1 | dir "/tmp" 2 | config new 3 | aaa nnn 4 | -------------------------------------------------------------------------------- /files/docker-entrypoint-initdb.d/1_demodb.sh: -------------------------------------------------------------------------------- 1 | psql -U postgres -f /docker-entrypoint-initdb.d/world.sql -------------------------------------------------------------------------------- /files/docker-entrypoint-initdb.d/world.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jbkarle/postgrest/HEAD/files/docker-entrypoint-initdb.d/world.sql -------------------------------------------------------------------------------- /templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "postgrest.serviceAccountName" . }} 6 | labels: 7 | {{- include "postgrest.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end -}} 13 | -------------------------------------------------------------------------------- /templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "postgrest.fullname" . }} 5 | labels: 6 | {{- include "postgrest.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | {{- include "postgrest.selectorLabels" . | nindent 4 }} 16 | -------------------------------------------------------------------------------- /templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "postgrest.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "postgrest.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "postgrest.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "postgrest.fullname" . }}-init-scripts 5 | labels: 6 | app: "{{ template "postgrest.name" . }}" 7 | chart: "{{ template "postgrest.chart" . }}" 8 | release: {{ .Release.Name | quote }} 9 | heritage: {{ .Release.Service | quote }} 10 | component: "master" 11 | 12 | data: 13 | {{- if and (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}") (not .Values.initdbScriptsConfigMap) }} 14 | {{ (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}").AsConfig | indent 2 }} 15 | {{- end }} -------------------------------------------------------------------------------- /postgrest.conf: -------------------------------------------------------------------------------- 1 | db-uri = "$(PGRST_DB_URI)" 2 | db-schema = "$(PGRST_DB_SCHEMA)" 3 | db-anon-role = "$(PGRST_DB_ANON_ROLE)" 4 | db-pool = "$(PGRST_DB_POOL)" 5 | db-extra-search-path = "$(PGRST_DB_EXTRA_SEARCH_PATH)" 6 | 7 | server-host = "$(PGRST_SERVER_HOST)" 8 | server-port = "$(PGRST_SERVER_PORT)" 9 | 10 | openapi-server-proxy-uri = "$(PGRST_OPENAPI_SERVER_PROXY_URI)" 11 | jwt-secret = "$(PGRST_JWT_SECRET)" 12 | secret-is-base64 = "$(PGRST_SECRET_IS_BASE64)" 13 | jwt-aud = "$(PGRST_JWT_AUD)" 14 | role-claim-key = "$(PGRST_ROLE_CLAIM_KEY)" 15 | 16 | max-rows = "$(PGRST_MAX_ROWS)" 17 | pre-request = "$(PGRST_PRE_REQUEST)" 18 | root-spec = "$(PGRST_ROOT_SPEC)" 19 | raw-media-types = "$(PGRST_RAW_MEDIA_TYPES)" 20 | -------------------------------------------------------------------------------- /files/docker-entrypoint-initdb.d/2_create-anon-role.sql: -------------------------------------------------------------------------------- 1 | echo "anon user rights:" 2 | psql -U postgres <<-END 3 | CREATE USER anon; 4 | GRANT USAGE ON SCHEMA public TO anon; 5 | ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO anon; 6 | GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO anon; 7 | GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO anon; 8 | END 9 | 10 | echo "postgres user rights:" 11 | psql -U postgres <<-END 12 | GRANT USAGE ON SCHEMA public TO postgres; 13 | ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO postgres; 14 | GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO postgres; 15 | GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO postgres; 16 | END -------------------------------------------------------------------------------- /Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: postgrest 3 | description: postgrest release including postgres and jenkins as dependency 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | version: 0.1.0 18 | 19 | # This is the version number of the application being deployed. This version number should be 20 | # incremented each time you make changes to the application. 21 | appVersion: 0.0.1 22 | 23 | 24 | dependencies: 25 | - name: jenkins 26 | version: 1.9.21 27 | repository: '@stable' 28 | - name: postgresql 29 | version: 8.6.1 30 | repository: '@stable' 31 | -------------------------------------------------------------------------------- /templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "postgrest.fullname" . -}} 3 | {{- $svcPort := .Values.service.port -}} 4 | {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} 5 | apiVersion: networking.k8s.io/v1beta1 6 | {{- else -}} 7 | apiVersion: extensions/v1beta1 8 | {{- end }} 9 | kind: Ingress 10 | metadata: 11 | name: {{ $fullName }} 12 | labels: 13 | {{- include "postgrest.labels" . | nindent 4 }} 14 | {{- with .Values.ingress.annotations }} 15 | annotations: 16 | {{- toYaml . | nindent 4 }} 17 | {{- end }} 18 | spec: 19 | {{- if .Values.ingress.tls }} 20 | tls: 21 | {{- range .Values.ingress.tls }} 22 | - hosts: 23 | {{- range .hosts }} 24 | - {{ . | quote }} 25 | {{- end }} 26 | secretName: {{ .secretName }} 27 | {{- end }} 28 | {{- end }} 29 | rules: 30 | {{- range .Values.ingress.hosts }} 31 | - host: {{ .host | quote }} 32 | http: 33 | paths: 34 | {{- range .paths }} 35 | - path: {{ . }} 36 | backend: 37 | serviceName: {{ $fullName }} 38 | servicePort: {{ $svcPort }} 39 | {{- end }} 40 | {{- end }} 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if .Values.ingress.enabled }} 3 | {{- range $host := .Values.ingress.hosts }} 4 | {{- range .paths }} 5 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} 6 | {{- end }} 7 | {{- end }} 8 | {{- else if contains "NodePort" .Values.service.type }} 9 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "postgrest.fullname" . }}) 10 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 11 | echo http://$NODE_IP:$NODE_PORT 12 | {{- else if contains "LoadBalancer" .Values.service.type }} 13 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 14 | You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "postgrest.fullname" . }}' 15 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "postgrest.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") 16 | echo http://$SERVICE_IP:{{ .Values.service.port }} 17 | {{- else if contains "ClusterIP" .Values.service.type }} 18 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "postgrest.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 19 | echo "Visit http://127.0.0.1:{{ .Values.service.port }} to use your application" 20 | kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME {{ .Values.service.port }}:{{ .Values.service.port }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:stretch-slim 2 | 3 | ENV POSTGREST_VERSION=v6.0.0 4 | 5 | # Install libpq5 6 | RUN apt-get -qq update && \ 7 | apt-get -qq install -y --no-install-recommends libpq5 && \ 8 | apt-get -qq clean && \ 9 | rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* 10 | 11 | # Install postgrest 12 | RUN BUILD_DEPS="curl ca-certificates xz-utils" && \ 13 | apt-get -qq update && \ 14 | apt-get -qq install -y --no-install-recommends $BUILD_DEPS && \ 15 | cd /tmp && \ 16 | curl -SLO https://github.com/PostgREST/postgrest/releases/download/${POSTGREST_VERSION}/postgrest-${POSTGREST_VERSION}-ubuntu.tar.xz && \ 17 | tar -xJvf postgrest-${POSTGREST_VERSION}-ubuntu.tar.xz && \ 18 | mv postgrest /usr/local/bin/postgrest && \ 19 | cd / && \ 20 | apt-get -qq purge --auto-remove -y $BUILD_DEPS && \ 21 | apt-get -qq clean && \ 22 | rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* 23 | 24 | COPY postgrest.conf /etc/postgrest.conf 25 | 26 | 27 | ENV PGRST_DB_URI= \ 28 | PGRST_DB_SCHEMA=public \ 29 | PGRST_DB_ANON_ROLE= \ 30 | PGRST_DB_POOL=100 \ 31 | PGRST_DB_EXTRA_SEARCH_PATH=public \ 32 | PGRST_SERVER_HOST=*4 \ 33 | PGRST_SERVER_PORT=3000 \ 34 | PGRST_OPENAPI_SERVER_PROXY_URI= \ 35 | PGRST_JWT_SECRET= \ 36 | PGRST_SECRET_IS_BASE64=false \ 37 | PGRST_JWT_AUD= \ 38 | PGRST_MAX_ROWS= \ 39 | PGRST_PRE_REQUEST= \ 40 | PGRST_ROLE_CLAIM_KEY=".role" \ 41 | PGRST_ROOT_SPEC= \ 42 | PGRST_RAW_MEDIA_TYPES= 43 | 44 | RUN groupadd -g 999 postgrest && \ 45 | useradd -r -u 999 -g postgrest postgrest && \ 46 | chown postgrest:postgrest /etc/postgrest.conf 47 | 48 | USER postgrest 49 | 50 | # PostgREST reads /etc/postgrest.conf so map the configuration 51 | # file in when you run this container 52 | CMD exec postgrest /etc/postgrest.conf 53 | 54 | EXPOSE 3000 -------------------------------------------------------------------------------- /templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "postgrest.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "postgrest.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "postgrest.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "postgrest.labels" -}} 38 | helm.sh/chart: {{ include "postgrest.chart" . }} 39 | {{ include "postgrest.selectorLabels" . }} 40 | {{- if .Chart.AppVersion }} 41 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 42 | {{- end }} 43 | app.kubernetes.io/managed-by: {{ .Release.Service }} 44 | {{- end -}} 45 | 46 | {{/* 47 | Selector labels 48 | */}} 49 | {{- define "postgrest.selectorLabels" -}} 50 | app.kubernetes.io/name: {{ include "postgrest.name" . }} 51 | app.kubernetes.io/instance: {{ .Release.Name }} 52 | {{- end -}} 53 | 54 | {{/* 55 | Create the name of the service account to use 56 | */}} 57 | {{- define "postgrest.serviceAccountName" -}} 58 | {{- if .Values.serviceAccount.create -}} 59 | {{ default (include "postgrest.fullname" .) .Values.serviceAccount.name }} 60 | {{- else -}} 61 | {{ default "default" .Values.serviceAccount.name }} 62 | {{- end -}} 63 | {{- end -}} 64 | -------------------------------------------------------------------------------- /templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "postgrest.fullname" . }} 5 | labels: 6 | {{- include "postgrest.labels" . | nindent 4 }} 7 | spec: 8 | replicas: {{ .Values.replicaCount }} 9 | selector: 10 | matchLabels: 11 | {{- include "postgrest.selectorLabels" . | nindent 6 }} 12 | template: 13 | metadata: 14 | labels: 15 | {{- include "postgrest.selectorLabels" . | nindent 8 }} 16 | spec: 17 | {{- with .Values.imagePullSecrets }} 18 | imagePullSecrets: 19 | {{- toYaml . | nindent 8 }} 20 | {{- end }} 21 | serviceAccountName: {{ include "postgrest.serviceAccountName" . }} 22 | securityContext: 23 | {{- toYaml .Values.podSecurityContext | nindent 8 }} 24 | containers: 25 | - name: {{ .Chart.Name }} 26 | securityContext: 27 | {{- toYaml .Values.securityContext | nindent 12 }} 28 | image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" 29 | imagePullPolicy: {{ .Values.image.pullPolicy }} 30 | env: 31 | - name: PGRST_DB_URI 32 | value: "postgres://postgres:postgres@postgrest-postgresql.mynamespace.svc.cluster.local:5432/demo" 33 | - name: PGRST_DB_SCHEMA 34 | value: "public" 35 | - name: PGRST_DB_ANON_ROLE 36 | value: "postgres" 37 | ports: 38 | - name: http 39 | containerPort: 3000 40 | protocol: TCP 41 | # livenessProbe: 42 | # httpGet: 43 | # path: / 44 | # port: http 45 | # readinessProbe: 46 | # httpGet: 47 | # path: / 48 | # port: http 49 | resources: 50 | {{- toYaml .Values.resources | nindent 12 }} 51 | {{- with .Values.nodeSelector }} 52 | nodeSelector: 53 | {{- toYaml . | nindent 8 }} 54 | {{- end }} 55 | {{- with .Values.affinity }} 56 | affinity: 57 | {{- toYaml . | nindent 8 }} 58 | {{- end }} 59 | {{- with .Values.tolerations }} 60 | tolerations: 61 | {{- toYaml . | nindent 8 }} 62 | {{- end }} 63 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ### Purpose 2 | Created this helm chart in order to quickly deploy `postgrest` and helm chart child dependencies as well (and custom config) for dev/test purposes: 3 | * stable/postgresql 4 | * stable/jenkins 5 | 6 | This chart can be used in multiple ways, for example a test populating the postgres DB via `psql` or rest calls to the `postgrest` api and other tests being able to retrieve the data via `REST calls` 7 | 8 | `postgresql` data is persisted using kubernetes pvc and configured to remain by default (instead of delete using helm delete). 9 | 10 | ### Features 11 | * Using standard `stable/postgresql` and `stable/jenkins` as helm chart child dependency 12 | * Both `postgrest`(3000) and `postgres`(5432) tcp ports exposed to the cluster 13 | * Helm 3 compatible 14 | * Demo database included in the `postgrest` helm chart initdb scripts (citiy, country, countrylanguage) 15 | * Postgrest vanilla docker image 16 | * anon/postgres users created with all privileges (recommended changing permissions once deployed in non dev environments) 17 | * pvc configured for postgresql persistent storage 18 | 19 | ### Get started on minikube and helm3 20 | ``` 21 | eval $(minikube docker-env) 22 | docker build . -t postgrest:latest 23 | helm install postgrest . --namespace mynamespace 24 | ``` 25 | 26 | Just note both postgres and postgrest ports will be opened in order to interact with other pods in the cluster: 27 | 28 | ```kubectl -n mynamespace get services``` 29 | ``` 30 | NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE 31 | postgrest ClusterIP 10.98.28.168 3000/TCP 10m 32 | postgrest-jenkins ClusterIP 10.110.35.16 8080/TCP 10m 33 | postgrest-jenkins-agent ClusterIP 10.106.63.76 50000/TCP 10m 34 | postgrest-postgresql ClusterIP 10.104.167.184 5432/TCP 10m 35 | postgrest-postgresql-headless ClusterIP None 5432/TCP 10m 36 | ``` 37 | 38 | ``` 39 | postgres-postgrest-helm % kubectl -n mynamespace exec -it postgres-postgrest-f8ffdf864-n8b4n psql 40 | postgres=# \dt 41 | List of relations 42 | Schema | Name | Type | Owner 43 | --------+-----------------+-------+---------- 44 | public | city | table | postgres 45 | public | country | table | postgres 46 | public | countrylanguage | table | postgres 47 | ``` 48 | ### Testing 49 | (from another pod) 50 | 51 | ```curl -I http://postgrest.mynamespace.svc.cluster.local:3000``` 52 | ``` 53 | HTTP/1.1 200 OK 54 | Date: Sat, 07 Mar 2020 14:12:35 GMT 55 | Server: postgrest/6.0.0 (dd86fe3) 56 | Content-Type: application/openapi+json; charset=utf-8 57 | ``` 58 | 59 | ```curl "http://postgrest.mynamespace.svc.cluster.local:3000/country?select=name,continent,region&name=eq.Estonia"``` 60 | ``` 61 | [[{"name":"Estonia","continent":"Europe","region":"Baltic Countries"}] 62 | ``` 63 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for postgrest. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | image: 8 | repository: postgrest 9 | pullPolicy: IfNotPresent 10 | 11 | imagePullSecrets: [] 12 | nameOverride: "" 13 | fullnameOverride: "" 14 | 15 | serviceAccount: 16 | # Specifies whether a service account should be created 17 | create: true 18 | # Annotations to add to the service account 19 | annotations: {} 20 | # The name of the service account to use. 21 | # If not set and create is true, a name is generated using the fullname template 22 | name: 23 | 24 | podSecurityContext: {} 25 | # fsGroup: 2000 26 | 27 | securityContext: 28 | # capabilities: 29 | # drop: 30 | # - ALL 31 | # readOnlyRootFilesystem: true 32 | runAsNonRoot: true 33 | runAsUser: 999 34 | 35 | service: 36 | type: ClusterIP 37 | port: 3000 38 | 39 | ingress: 40 | enabled: false 41 | annotations: {} 42 | # kubernetes.io/ingress.class: nginx 43 | # kubernetes.io/tls-acme: "true" 44 | hosts: 45 | - host: chart-example.local 46 | paths: [] 47 | tls: [] 48 | # - secretName: chart-example-tls 49 | # hosts: 50 | # - chart-example.local 51 | 52 | resources: {} 53 | # We usually recommend not to specify default resources and to leave this as a conscious 54 | # choice for the user. This also increases chances charts run on environments with little 55 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 56 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 57 | # limits: 58 | # cpu: 100m 59 | # memory: 128Mi 60 | # requests: 61 | # cpu: 100m 62 | # memory: 128Mi 63 | 64 | nodeSelector: {} 65 | 66 | tolerations: [] 67 | 68 | affinity: {} 69 | 70 | ### JENKINS CHART ### 71 | 72 | ### POSTGRESQL CHART ### 73 | 74 | postgresql: 75 | 76 | 77 | ## Global Docker image parameters 78 | ## Please, note that this will override the image parameters, including dependencies, configured to use the global value 79 | ## Current available global Docker image parameters: imageRegistry and imagePullSecrets 80 | ## 81 | global: 82 | postgresql: {} 83 | # imageRegistry: myRegistryName 84 | # imagePullSecrets: 85 | # - myRegistryKeySecretName 86 | # storageClass: myStorageClass 87 | 88 | ## Bitnami PostgreSQL image version 89 | ## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ 90 | ## 91 | image: 92 | registry: docker.io 93 | repository: bitnami/postgresql 94 | tag: 11.7.0-debian-10-r9 95 | ## Specify a imagePullPolicy 96 | ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' 97 | ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images 98 | ## 99 | pullPolicy: IfNotPresent 100 | ## Optionally specify an array of imagePullSecrets. 101 | ## Secrets must be manually created in the namespace. 102 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ 103 | ## 104 | # pullSecrets: 105 | # - myRegistryKeySecretName 106 | 107 | ## Set to true if you would like to see extra information on logs 108 | ## It turns BASH and NAMI debugging in minideb 109 | ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging 110 | debug: false 111 | 112 | ## String to partially override postgresql.fullname template (will maintain the release name) 113 | ## 114 | # nameOverride: 115 | 116 | ## String to fully override postgresql.fullname template 117 | ## 118 | # fullnameOverride: 119 | 120 | ## 121 | ## Init containers parameters: 122 | ## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup 123 | ## 124 | volumePermissions: 125 | enabled: false 126 | image: 127 | registry: docker.io 128 | repository: bitnami/minideb 129 | tag: buster 130 | ## Specify a imagePullPolicy 131 | ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' 132 | ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images 133 | ## 134 | pullPolicy: Always 135 | ## Optionally specify an array of imagePullSecrets. 136 | ## Secrets must be manually created in the namespace. 137 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ 138 | ## 139 | # pullSecrets: 140 | # - myRegistryKeySecretName 141 | ## Init container Security Context 142 | ## Note: the chown of the data folder is done to securityContext.runAsUser 143 | ## and not the below volumePermissions.securityContext.runAsUser 144 | ## When runAsUser is set to special value "auto", init container will try to chwon the 145 | ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` 146 | ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). 147 | ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with 148 | ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false 149 | ## 150 | securityContext: 151 | runAsUser: 0 152 | 153 | ## Use an alternate scheduler, e.g. "stork". 154 | ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ 155 | ## 156 | # schedulerName: 157 | 158 | 159 | ## Pod Security Context 160 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ 161 | ## 162 | securityContext: 163 | enabled: true 164 | fsGroup: 1001 165 | runAsUser: 1001 166 | 167 | ## Pod Service Account 168 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ 169 | serviceAccount: 170 | enabled: false 171 | ## Name of an already existing service account. Setting this value disables the automatic service account creation. 172 | # name: 173 | 174 | replication: 175 | enabled: false 176 | user: repl_user 177 | password: repl_password 178 | slaveReplicas: 1 179 | ## Set synchronous commit mode: on, off, remote_apply, remote_write and local 180 | ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL 181 | synchronousCommit: "off" 182 | ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication 183 | ## NOTE: It cannot be > slaveReplicas 184 | numSynchronousReplicas: 0 185 | ## Replication Cluster application name. Useful for defining multiple replication policies 186 | applicationName: my_application 187 | 188 | ## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) 189 | ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) 190 | postgresqlPostgresPassword: postgres 191 | 192 | ## PostgreSQL user (has superuser privileges if username is `postgres`) 193 | ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run 194 | postgresqlUsername: postgres 195 | 196 | ## PostgreSQL password 197 | ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run 198 | ## 199 | postgresqlPassword: postgres 200 | 201 | ## PostgreSQL password using existing secret 202 | ## existingSecret: secret 203 | 204 | ## Mount PostgreSQL secret as a file instead of passing environment variable 205 | # usePasswordFile: false 206 | 207 | ## Create a database 208 | ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run 209 | ## 210 | postgresqlDatabase: demo 211 | 212 | ## PostgreSQL data dir 213 | ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md 214 | ## 215 | postgresqlDataDir: /bitnami/postgresql/data 216 | 217 | ## An array to add extra environment variables 218 | ## For example: 219 | ## extraEnv: 220 | ## - name: FOO 221 | ## value: "bar" 222 | ## 223 | # extraEnv: 224 | extraEnv: [] 225 | 226 | ## Name of a ConfigMap containing extra env vars 227 | ## 228 | # extraEnvVarsCM: 229 | 230 | ## Specify extra initdb args 231 | ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md 232 | ## 233 | # postgresqlInitdbArgs: 234 | 235 | ## Specify a custom location for the PostgreSQL transaction log 236 | ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md 237 | ## 238 | # postgresqlInitdbWalDir: 239 | 240 | ## PostgreSQL configuration 241 | ## Specify runtime configuration parameters as a dict, using camelCase, e.g. 242 | ## {"sharedBuffers": "500MB"} 243 | ## Alternatively, you can put your postgresql.conf under the files/ directory 244 | ## ref: https://www.postgresql.org/docs/current/static/runtime-config.html 245 | ## 246 | # postgresqlConfiguration: 247 | 248 | ## PostgreSQL extended configuration 249 | ## As above, but _appended_ to the main configuration 250 | ## Alternatively, you can put your *.conf under the files/conf.d/ directory 251 | ## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf 252 | ## 253 | # postgresqlExtendedConf: 254 | 255 | ## PostgreSQL client authentication configuration 256 | ## Specify content for pg_hba.conf 257 | ## Default: do not create pg_hba.conf 258 | ## Alternatively, you can put your pg_hba.conf under the files/ directory 259 | # pgHbaConfiguration: |- 260 | # local all all trust 261 | # host all all localhost trust 262 | # host mydatabase mysuser 192.168.0.0/24 md5 263 | 264 | ## ConfigMap with PostgreSQL configuration 265 | ## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration 266 | # configurationConfigMap: 267 | 268 | ## ConfigMap with PostgreSQL extended configuration 269 | # extendedConfConfigMap: 270 | 271 | ## initdb scripts 272 | ## Specify dictionary of scripts to be run at first boot 273 | ## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory 274 | ## 275 | # initdbScripts: 276 | # my_init_script.sh: | 277 | # #!/bin/sh 278 | # echo "Do something." 279 | 280 | ## ConfigMap with scripts to be run at first boot 281 | ## NOTE: This will override initdbScripts 282 | initdbScriptsConfigMap: postgrest-init-scripts 283 | 284 | ## Secret with scripts to be run at first boot (in case it contains sensitive information) 285 | ## NOTE: This can work along initdbScripts or initdbScriptsConfigMap 286 | # initdbScriptsSecret: 287 | 288 | ## Specify the PostgreSQL username and password to execute the initdb scripts 289 | initdbUser: postgres 290 | initdbPassword: postgres 291 | 292 | ## Optional duration in seconds the pod needs to terminate gracefully. 293 | ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods 294 | ## 295 | # terminationGracePeriodSeconds: 30 296 | 297 | ## LDAP configuration 298 | ## 299 | ldap: 300 | enabled: false 301 | url: "" 302 | server: "" 303 | port: "" 304 | prefix: "" 305 | suffix: "" 306 | baseDN: "" 307 | bindDN: "" 308 | bind_password: 309 | search_attr: "" 310 | search_filter: "" 311 | scheme: "" 312 | tls: false 313 | 314 | ## PostgreSQL service configuration 315 | service: 316 | ## PosgresSQL service type 317 | type: ClusterIP 318 | # clusterIP: None 319 | port: 5432 320 | 321 | ## Specify the nodePort value for the LoadBalancer and NodePort service types. 322 | ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport 323 | ## 324 | # nodePort: 325 | 326 | ## Provide any additional annotations which may be required. 327 | ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart 328 | annotations: {} 329 | ## Set the LoadBalancer service type to internal only. 330 | ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer 331 | ## 332 | # loadBalancerIP: 333 | 334 | ## Load Balancer sources 335 | ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service 336 | ## 337 | # loadBalancerSourceRanges: 338 | # - 10.10.10.0/24 339 | 340 | ## Start master and slave(s) pod(s) without limitations on shm memory. 341 | ## By default docker and containerd (and possibly other container runtimes) 342 | ## limit `/dev/shm` to `64M` (see e.g. the 343 | ## [docker issue](https://github.com/docker-library/postgres/issues/416) and the 344 | ## [containerd issue](https://github.com/containerd/containerd/issues/3654), 345 | ## which could be not enough if PostgreSQL uses parallel workers heavily. 346 | ## 347 | shmVolume: 348 | ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove 349 | ## this limitation. 350 | ## 351 | enabled: true 352 | ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. 353 | ## This option is ingored if `volumePermissions.enabled` is `false` 354 | ## 355 | chmod: 356 | enabled: true 357 | 358 | ## PostgreSQL data Persistent Volume Storage Class 359 | ## If defined, storageClassName: 360 | ## If set to "-", storageClassName: "", which disables dynamic provisioning 361 | ## If undefined (the default) or set to null, no storageClassName spec is 362 | ## set, choosing the default provisioner. (gp2 on AWS, standard on 363 | ## GKE, AWS & OpenStack) 364 | ## 365 | persistence: 366 | enabled: true 367 | ## A manually managed Persistent Volume and Claim 368 | ## If defined, PVC must be created manually before volume will be bound 369 | ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart 370 | ## 371 | # existingClaim: 372 | 373 | ## The path the volume will be mounted at, useful when using different 374 | ## PostgreSQL images. 375 | ## 376 | mountPath: /bitnami/postgresql 377 | 378 | ## The subdirectory of the volume to mount to, useful in dev environments 379 | ## and one PV for multiple services. 380 | ## 381 | subPath: "" 382 | 383 | # storageClass: "-" 384 | accessModes: 385 | - ReadWriteOnce 386 | size: 1Gi 387 | annotations: {} 388 | 389 | ## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets 390 | ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies 391 | updateStrategy: 392 | type: RollingUpdate 393 | 394 | ## 395 | ## PostgreSQL Master parameters 396 | ## 397 | master: 398 | ## Node, affinity, tolerations, and priorityclass settings for pod assignment 399 | ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector 400 | ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity 401 | ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature 402 | ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption 403 | nodeSelector: {} 404 | affinity: {} 405 | tolerations: [] 406 | labels: {} 407 | annotations: {} 408 | podLabels: {} 409 | podAnnotations: {} 410 | priorityClassName: "" 411 | extraInitContainers: | 412 | # - name: do-something 413 | # image: busybox 414 | # command: ['do', 'something'] 415 | ## Additional PostgreSQL Master Volume mounts 416 | ## 417 | extraVolumeMounts: [] 418 | ## Additional PostgreSQL Master Volumes 419 | ## 420 | extraVolumes: [] 421 | ## Add sidecars to the pod 422 | ## 423 | ## For example: 424 | ## sidecars: 425 | ## - name: your-image-name 426 | ## image: your-image 427 | ## imagePullPolicy: Always 428 | ## ports: 429 | ## - name: portname 430 | ## containerPort: 1234 431 | sidecars: [] 432 | 433 | ## 434 | ## PostgreSQL Slave parameters 435 | ## 436 | slave: 437 | ## Node, affinity, tolerations, and priorityclass settings for pod assignment 438 | ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector 439 | ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity 440 | ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature 441 | ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption 442 | nodeSelector: {} 443 | affinity: {} 444 | tolerations: [] 445 | labels: {} 446 | annotations: {} 447 | podLabels: {} 448 | podAnnotations: {} 449 | priorityClassName: "" 450 | extraInitContainers: | 451 | # - name: do-something 452 | # image: busybox 453 | # command: ['do', 'something'] 454 | ## Additional PostgreSQL Slave Volume mounts 455 | ## 456 | extraVolumeMounts: [] 457 | ## Additional PostgreSQL Slave Volumes 458 | ## 459 | extraVolumes: [] 460 | ## Add sidecars to the pod 461 | ## 462 | ## For example: 463 | ## sidecars: 464 | ## - name: your-image-name 465 | ## image: your-image 466 | ## imagePullPolicy: Always 467 | ## ports: 468 | ## - name: portname 469 | ## containerPort: 1234 470 | sidecars: [] 471 | 472 | ## Configure resource requests and limits 473 | ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ 474 | ## 475 | resources: 476 | requests: 477 | memory: 256Mi 478 | cpu: 250m 479 | 480 | networkPolicy: 481 | ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. 482 | ## 483 | enabled: false 484 | 485 | ## The Policy model to apply. When set to false, only pods with the correct 486 | ## client label will have network access to the port PostgreSQL is listening 487 | ## on. When true, PostgreSQL will accept connections from any source 488 | ## (with the correct destination port). 489 | ## 490 | allowExternal: true 491 | 492 | ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace 493 | ## and that match other criteria, the ones that have the good label, can reach the DB. 494 | ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this 495 | ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. 496 | ## 497 | # explicitNamespacesSelector: 498 | # matchLabels: 499 | # role: frontend 500 | # matchExpressions: 501 | # - {key: role, operator: In, values: [frontend]} 502 | 503 | ## Configure extra options for liveness and readiness probes 504 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) 505 | livenessProbe: 506 | enabled: true 507 | initialDelaySeconds: 30 508 | periodSeconds: 10 509 | timeoutSeconds: 5 510 | failureThreshold: 6 511 | successThreshold: 1 512 | 513 | readinessProbe: 514 | enabled: true 515 | initialDelaySeconds: 5 516 | periodSeconds: 10 517 | timeoutSeconds: 5 518 | failureThreshold: 6 519 | successThreshold: 1 520 | 521 | ## Configure metrics exporter 522 | ## 523 | metrics: 524 | enabled: false 525 | # resources: {} 526 | service: 527 | type: ClusterIP 528 | annotations: 529 | prometheus.io/scrape: "true" 530 | prometheus.io/port: "9187" 531 | loadBalancerIP: 532 | serviceMonitor: 533 | enabled: false 534 | additionalLabels: {} 535 | # namespace: monitoring 536 | # interval: 30s 537 | # scrapeTimeout: 10s 538 | ## Custom PrometheusRule to be defined 539 | ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart 540 | ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions 541 | prometheusRule: 542 | enabled: false 543 | additionalLabels: {} 544 | namespace: "" 545 | rules: [] 546 | ## These are just examples rules, please adapt them to your needs. 547 | ## Make sure to constraint the rules to the current postgresql service. 548 | # - alert: HugeReplicationLag 549 | # expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 550 | # for: 1m 551 | # labels: 552 | # severity: critical 553 | # annotations: 554 | # description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). 555 | # summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). 556 | image: 557 | registry: docker.io 558 | repository: bitnami/postgres-exporter 559 | tag: 0.8.0-debian-10-r28 560 | pullPolicy: IfNotPresent 561 | ## Optionally specify an array of imagePullSecrets. 562 | ## Secrets must be manually created in the namespace. 563 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ 564 | ## 565 | # pullSecrets: 566 | # - myRegistryKeySecretName 567 | ## Define additional custom metrics 568 | ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file 569 | # customMetrics: 570 | # pg_database: 571 | # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" 572 | # metrics: 573 | # - name: 574 | # usage: "LABEL" 575 | # description: "Name of the database" 576 | # - size_bytes: 577 | # usage: "GAUGE" 578 | # description: "Size of the database in bytes" 579 | ## Pod Security Context 580 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ 581 | ## 582 | securityContext: 583 | enabled: false 584 | runAsUser: 1001 585 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) 586 | ## Configure extra options for liveness and readiness probes 587 | livenessProbe: 588 | enabled: true 589 | initialDelaySeconds: 5 590 | periodSeconds: 10 591 | timeoutSeconds: 5 592 | failureThreshold: 6 593 | successThreshold: 1 594 | 595 | readinessProbe: 596 | enabled: true 597 | initialDelaySeconds: 5 598 | periodSeconds: 10 599 | timeoutSeconds: 5 600 | failureThreshold: 6 601 | successThreshold: 1 602 | --------------------------------------------------------------------------------