diff --git a/cluster/pgadmin/helmrelease-pgadmin.yaml b/cluster/pgadmin/helmrelease-pgadmin.yaml new file mode 100644 index 0000000..5aac1dd --- /dev/null +++ b/cluster/pgadmin/helmrelease-pgadmin.yaml @@ -0,0 +1,376 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: pgadmin + namespace: postgresql +spec: + chart: + spec: + chart: pgadmin4 + sourceRef: + kind: HelmRepository + name: runix + namespace: flux-system + interval: 15m0s + timeout: 5m + releaseName: pgadmin + values: + # Default values for pgAdmin4. + + replicaCount: 1 + + ## pgAdmin4 container image + ## + image: + registry: docker.io + repository: dpage/pgadmin4 + # Overrides the image tag whose default is the chart appVersion. + tag: "" + pullPolicy: IfNotPresent + + ## Deployment annotations + annotations: {} + + ## priorityClassName + priorityClassName: "" + + ## Deployment entrypoint override + ## Useful when there's a requirement to modify container's default: + ## https://www.vaultproject.io/docs/platform/k8s/injector/examples#environment-variable-example + ## ref: https://github.com/postgres/pgadmin4/blob/master/Dockerfile#L206 + # command: "['/bin/sh', '-c', 'source /vault/secrets/config && ']" + + service: + type: LoadBalancer + clusterIP: "" + loadBalancerIP: "" + port: 80 + targetPort: 80 + # targetPort: 4181 To be used with a proxy extraContainer + portName: http + + annotations: {} + ## Special annotations at the service level, e.g + ## this will set vnet internal IP's rather than public ip's + ## service.beta.kubernetes.io/azure-load-balancer-internal: "true" + + ## Specify the nodePort value for the service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + + ## Pod Service Account + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + # Opt out of API credential automounting. + # If you don't want the kubelet to automatically mount a ServiceAccount's API credentials, + # you can opt out of the default behavior + automountServiceAccountToken: false + + ## Strategy used to replace old Pods by new ones + ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy + ## + strategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 0 + # maxUnavailable: 1 + + ## Server definitions will be loaded at launch time. This allows connection + ## information to be pre-loaded into the instance of pgAdmin4 in the container. + ## Ref: https://www.pgadmin.org/docs/pgadmin4/latest/import_export_servers.html + ## + serverDefinitions: + ## If true, server definitions will be created + ## + enabled: false + + ## The resource type to use for deploying server definitions. + ## Can either be ConfigMap or Secret + resourceType: ConfigMap + + servers: + # firstServer: + # Name: "Minimally Defined Server" + # Group: "Servers" + # Port: 5432 + # Username: "postgres" + # Host: "localhost" + # SSLMode: "prefer" + # MaintenanceDB: "postgres" + + networkPolicy: + enabled: true + + ## Ingress + ## Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ + ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # ingressClassName: "" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: Prefix + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + + # Additional config maps to be mounted inside a container + # Can be used to map config maps for sidecar as well + extraConfigmapMounts: [] + # - name: certs-configmap + # mountPath: /etc/ssl/certs + # subPath: ca-certificates.crt # (optional) + # configMap: certs-configmap + # readOnly: true + + extraSecretMounts: [] + # - name: pgpassfile + # secret: pgpassfile + # subPath: pgpassfile + # mountPath: "/var/lib/pgadmin/storage/pgadmin/file.pgpass" + # readOnly: true + + ## Additional volumes to be mounted inside a container + ## + extraVolumeMounts: [] + + ## Specify additional containers in extraContainers. + ## For example, to add an authentication proxy to a pgadmin4 pod. + extraContainers: | + # - name: proxy + # image: quay.io/gambol99/keycloak-proxy:latest + # args: + # - -provider=github + # - -client-id= + # - -client-secret= + # - -github-org= + # - -email-domain=* + # - -cookie-secret= + # - -http-address=http://0.0.0.0:4181 + # - -upstream-url=http://127.0.0.1:3000 + # ports: + # - name: proxy-web + # containerPort: 4181 + + ## @param existingSecret Name of existing secret to use for default pgadmin credentials. `env.password` will be ignored and picked up from this secret. + ## + existingSecret: "" + ## @param secretKeys.pgadminPasswordKey Name of key in existing secret to use for default pgadmin credentials. Only used when `existingSecret` is set. + ## + secretKeys: + pgadminPasswordKey: password + + ## pgAdmin4 startup configuration + ## Values in here get injected as environment variables + ## Needed chart reinstall for apply changes + env: + # can be email or nickname + email: tyler@clortox.com + password: defaultpassword + # pgpassfile: /var/lib/pgadmin/storage/pgadmin/file.pgpass + + # set context path for application (e.g. /pgadmin4/*) + # contextPath: /pgadmin4 + + ## If True, allows pgAdmin4 to create session cookies based on IP address + ## Ref: https://www.pgadmin.org/docs/pgadmin4/latest/config_py.html + ## + enhanced_cookie_protection: "False" + + ## Add custom environment variables that will be injected to deployment + ## Ref: https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html + ## + variables: [] + # - name: PGADMIN_LISTEN_ADDRESS + # value: "0.0.0.0" + # - name: PGADMIN_LISTEN_PORT + # value: "8080" + + ## Additional environment variables from ConfigMaps + envVarsFromConfigMaps: [] + # - array-of + # - config-map-names + + ## Additional environment variables from Secrets + envVarsFromSecrets: [] + # - array-of + # - secret-names + + persistentVolume: + ## If true, pgAdmin4 will create/use a Persistent Volume Claim + ## If false, use emptyDir + enabled: true + + ## pgAdmin4 Persistent Volume Claim annotations + ## + annotations: {} + + ## pgAdmin4 Persistent Volume access modes + ## Must match those of existing PV or dynamic provisioner + ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + accessModes: + - ReadWriteOnce + + ## pgAdmin4 Persistent Volume Size + ## + size: 1Gi + storageClass: "longhorn" + + ## pgAdmin4 Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + #existingClaim: "pgadmin-pvc" + + ## Additional volumes to be added to the deployment + ## + extraVolumes: [] + + ## Security context to be added to pgAdmin4 pods + ## + securityContext: + runAsUser: 5050 + runAsGroup: 5050 + fsGroup: 5050 + + containerSecurityContext: + enabled: false + allowPrivilegeEscalation: false + + ## pgAdmin4 readiness and liveness probe initial delay and timeout + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + ## + livenessProbe: + initialDelaySeconds: 30 + periodSeconds: 60 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 3 + + readinessProbe: + initialDelaySeconds: 30 + periodSeconds: 60 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 3 + + ## Required to be enabled pre pgAdmin4 4.16 release, to set the ACL on /var/lib/pgadmin. + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## + VolumePermissions: + ## If true, enables an InitContainer to set permissions on /var/lib/pgadmin. + ## + enabled: false + + ## @param extraDeploy list of extra manifests to deploy + ## + extraDeploy: [] + + ## Additional InitContainers to initialize the pod + ## + extraInitContainers: | + # - name: add-folder-for-pgpass + # image: "dpage/pgadmin4:latest" + # command: ["/bin/mkdir", "-p", "/var/lib/pgadmin/storage/pgadmin"] + # volumeMounts: + # - name: pgadmin-data + # mountPath: /var/lib/pgadmin + # securityContext: + # runAsUser: 5050 + + containerPorts: + http: 80 + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + ## Horizontal Pod Autoscaling + ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + # + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + + ## Node labels for pgAdmin4 pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Node tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + tolerations: [] + + ## Pod affinity + ## + affinity: {} + + ## Pod annotations + ## + podAnnotations: {} + + ## Pod labels + ## + podLabels: {} + # key1: value1 + # key2: value2 + + # -- The name of the Namespace to deploy + # If not set, `.Release.Namespace` is used + namespace: null + + init: + ## Init container resources + ## + resources: {} + + ## Define values for chart tests + test: + ## Container image for test-connection.yaml + image: + registry: docker.io + repository: busybox + tag: latest + ## Resources request/limit for test-connection Pod + resources: {} + # limits: + # cpu: 50m + # memory: 32Mi + # requests: + # cpu: 25m + # memory: 16Mi + ## Security context for test-connection Pod + securityContext: + runAsUser: 5051 + runAsGroup: 5051 + fsGroup: 5051