Infrastructure/Gluttony-Cluster
2
1
Fork 0
Code Issues 13 Pull Requests Wiki Activity

Clean up postgres

Browse Source
This commit is contained in:
Tyler Perkins 2024-11-09 17:09:20 -05:00
parent e36e01694d
commit 60969138d9
Signed by: tyler
GPG Key ID: 03B27509E17EFDC8
1 changed files with 13 additions and 904 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

917
cluster/postgresql/helmrelease-postgresql.yaml
View File

@ -44,16 +44,16 @@ spec:
## @param global.postgresql.auth.secretKeys.userPasswordKey Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.userPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set.
## @param global.postgresql.auth.secretKeys.replicationPasswordKey Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.replicationPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set.
##
auth:
#postgresPassword: ""
username: "clortox"
#password: ""
database: ""
existingSecret: "postgresql-default-credentials"
secretKeys:
adminPasswordKey: "postgres-password"
userPasswordKey: "password"
replicationPasswordKey: ""
#auth:
# #postgresPassword: ""
# username: "clortox"
# #password: ""
# database: ""
# existingSecret: "postgresql-default-credentials"
# secretKeys:
# adminPasswordKey: "postgres-password"
# userPasswordKey: "password"
# replicationPasswordKey: ""
## @param global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
##
service:
@ -147,7 +147,7 @@ spec:
postgresPassword: ""
## @param auth.username Name for a custom user to create
##
username: ""
username: "clortox"
## @param auth.password Password for the custom user to create. Ignored if `auth.existingSecret` is provided
##
password: ""
@ -162,7 +162,7 @@ spec:
replicationPassword: ""
## @param auth.existingSecret Name of existing secret to use for PostgreSQL credentials. `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret. The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case.
##
existingSecret: ""
existingSecret: "postgresql-default-credentials"
## @param auth.secretKeys.adminPasswordKey Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set.
## @param auth.secretKeys.userPasswordKey Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set.
## @param auth.secretKeys.replicationPasswordKey Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set.
@ -170,7 +170,7 @@ spec:
secretKeys:
adminPasswordKey: postgres-password
userPasswordKey: password
replicationPasswordKey: replication-password
#replicationPasswordKey: replication-password
## @param auth.usePasswordFiles Mount credentials as a files instead of using an environment variable
##
usePasswordFiles: false
@ -729,894 +729,3 @@ spec:
##
whenDeleted: Retain
## @section PostgreSQL read only replica parameters (only used when `architecture` is set to `replication`)
##
readReplicas:
## @param readReplicas.name Name of the read replicas database (eg secondary, slave, ...)
##
name: read
## @param readReplicas.replicaCount Number of PostgreSQL read only replicas
##
replicaCount: 1
## @param readReplicas.extendedConfiguration Extended PostgreSQL read only replicas configuration (appended to main or default configuration)
## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf
##
extendedConfiguration: ""
## @param readReplicas.extraEnvVars Array with extra environment variables to add to PostgreSQL read only nodes
## e.g:
## extraEnvVars:
## - name: FOO
## value: "bar"
##
extraEnvVars: []
## @param readReplicas.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for PostgreSQL read only nodes
##
extraEnvVarsCM: ""
## @param readReplicas.extraEnvVarsSecret Name of existing Secret containing extra env vars for PostgreSQL read only nodes
##
extraEnvVarsSecret: ""
## @param readReplicas.command Override default container command (useful when using custom images)
##
command: []
## @param readReplicas.args Override default container args (useful when using custom images)
##
args: []
## Configure extra options for PostgreSQL read only containers' liveness, readiness and startup probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
## @param readReplicas.livenessProbe.enabled Enable livenessProbe on PostgreSQL read only containers
## @param readReplicas.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param readReplicas.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param readReplicas.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param readReplicas.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param readReplicas.livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param readReplicas.readinessProbe.enabled Enable readinessProbe on PostgreSQL read only containers
## @param readReplicas.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param readReplicas.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param readReplicas.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param readReplicas.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param readReplicas.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param readReplicas.startupProbe.enabled Enable startupProbe on PostgreSQL read only containers
## @param readReplicas.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param readReplicas.startupProbe.periodSeconds Period seconds for startupProbe
## @param readReplicas.startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param readReplicas.startupProbe.failureThreshold Failure threshold for startupProbe
## @param readReplicas.startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 15
successThreshold: 1
## @param readReplicas.customLivenessProbe Custom livenessProbe that overrides the default one
##
customLivenessProbe: {}
## @param readReplicas.customReadinessProbe Custom readinessProbe that overrides the default one
##
customReadinessProbe: {}
## @param readReplicas.customStartupProbe Custom startupProbe that overrides the default one
##
customStartupProbe: {}
## @param readReplicas.lifecycleHooks for the PostgreSQL read only container to automate configuration before or after startup
##
lifecycleHooks: {}
## PostgreSQL read only resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param readReplicas.resources.limits The resources limits for the PostgreSQL read only containers
## @param readReplicas.resources.requests.memory The requested memory for the PostgreSQL read only containers
## @param readReplicas.resources.requests.cpu The requested cpu for the PostgreSQL read only containers
##
resources:
limits: {}
requests:
memory: 256Mi
cpu: 250m
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param readReplicas.podSecurityContext.enabled Enable security context
## @param readReplicas.podSecurityContext.fsGroup Group ID for the pod
##
podSecurityContext:
enabled: true
fsGroup: 1001
## Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param readReplicas.containerSecurityContext.enabled Enable container security context
## @param readReplicas.containerSecurityContext.runAsUser User ID for the container
## @param readReplicas.containerSecurityContext.runAsGroup Group ID for the container
## @param readReplicas.containerSecurityContext.runAsNonRoot Set runAsNonRoot for the container
## @param readReplicas.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation for the container
## @param readReplicas.containerSecurityContext.seccompProfile.type Set seccompProfile.type for the container
## @param readReplicas.containerSecurityContext.capabilities.drop Set capabilities.drop for the container
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
## @param readReplicas.hostAliases PostgreSQL read only pods host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param readReplicas.hostNetwork Specify if host network should be enabled for PostgreSQL pod (PostgreSQL read only)
##
hostNetwork: false
## @param readReplicas.hostIPC Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary)
##
hostIPC: false
## @param readReplicas.labels Map of labels to add to the statefulset (PostgreSQL read only)
##
labels: {}
## @param readReplicas.annotations Annotations for PostgreSQL read only pods
##
annotations: {}
## @param readReplicas.podLabels Map of labels to add to the pods (PostgreSQL read only)
##
podLabels: {}
## @param readReplicas.podAnnotations Map of annotations to add to the pods (PostgreSQL read only)
##
podAnnotations: {}
## @param readReplicas.podAffinityPreset PostgreSQL read only pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param readReplicas.podAntiAffinityPreset PostgreSQL read only pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## PostgreSQL read only node affinity preset
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param readReplicas.nodeAffinityPreset.type PostgreSQL read only node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param readReplicas.nodeAffinityPreset.key PostgreSQL read only node label key to match Ignored if `primary.affinity` is set.
## E.g.
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## @param readReplicas.nodeAffinityPreset.values PostgreSQL read only node label values to match. Ignored if `primary.affinity` is set.
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param readReplicas.affinity Affinity for PostgreSQL read only pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: primary.podAffinityPreset, primary.podAntiAffinityPreset, and primary.nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param readReplicas.nodeSelector Node labels for PostgreSQL read only pods assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param readReplicas.tolerations Tolerations for PostgreSQL read only pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param readReplicas.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
##
topologySpreadConstraints: []
## @param readReplicas.priorityClassName Priority Class to use for each pod (PostgreSQL read only)
##
priorityClassName: ""
## @param readReplicas.schedulerName Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param readReplicas.terminationGracePeriodSeconds Seconds PostgreSQL read only pod needs to terminate gracefully
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
##
terminationGracePeriodSeconds: ""
## @param readReplicas.updateStrategy.type PostgreSQL read only statefulset strategy type
## @param readReplicas.updateStrategy.rollingUpdate PostgreSQL read only statefulset rolling update configuration parameters
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
##
updateStrategy:
type: RollingUpdate
rollingUpdate: {}
## @param readReplicas.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the PostgreSQL read only container(s)
##
extraVolumeMounts: []
## @param readReplicas.extraVolumes Optionally specify extra list of additional volumes for the PostgreSQL read only pod(s)
##
extraVolumes: []
## @param readReplicas.sidecars Add additional sidecar containers to the PostgreSQL read only pod(s)
## For example:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param readReplicas.initContainers Add additional init containers to the PostgreSQL read only pod(s)
## Example
##
## initContainers:
## - name: do-something
## image: busybox
## command: ['do', 'something']
##
initContainers: []
## @param readReplicas.extraPodSpec Optionally specify extra PodSpec for the PostgreSQL read only pod(s)
##
extraPodSpec: {}
## PostgreSQL read only service configuration
##
service:
## @param readReplicas.service.type Kubernetes Service type
##
type: ClusterIP
## @param readReplicas.service.ports.postgresql PostgreSQL service port
##
ports:
postgresql: 5432
## Node ports to expose
## NOTE: choose port between <30000-32767>
## @param readReplicas.service.nodePorts.postgresql Node port for PostgreSQL
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
nodePorts:
postgresql: ""
## @param readReplicas.service.clusterIP Static clusterIP or None for headless services
## e.g:
## clusterIP: None
##
clusterIP: ""
## @param readReplicas.service.annotations Annotations for PostgreSQL read only service
##
annotations: {}
## @param readReplicas.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer`
## Set the LoadBalancer service type to internal only
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
loadBalancerIP: ""
## @param readReplicas.service.externalTrafficPolicy Enable client source IP preservation
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param readReplicas.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
##
## loadBalancerSourceRanges:
## - 10.10.10.0/24
##
loadBalancerSourceRanges: []
## @param readReplicas.service.extraPorts Extra ports to expose in the PostgreSQL read only service
##
extraPorts: []
## @param readReplicas.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
## If "ClientIP", consecutive client requests will be directed to the same Pod
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
##
sessionAffinity: None
## @param readReplicas.service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## Headless service properties
##
headless:
## @param readReplicas.service.headless.annotations Additional custom annotations for headless PostgreSQL read only service
##
annotations: {}
## PostgreSQL read only persistence configuration
##
persistence:
## @param readReplicas.persistence.enabled Enable PostgreSQL read only data persistence using PVC
##
enabled: true
## @param readReplicas.persistence.existingClaim Name of an existing PVC to use
##
existingClaim: ""
## @param readReplicas.persistence.mountPath The path the volume will be mounted at
## Note: useful when using custom PostgreSQL images
##
mountPath: /bitnami/postgresql
## @param readReplicas.persistence.subPath The subdirectory of the volume to mount to
## Useful in dev environments and one PV for multiple services
##
subPath: ""
## @param readReplicas.persistence.storageClass PVC Storage Class for PostgreSQL read only data volume
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
## @param readReplicas.persistence.accessModes PVC Access Mode for PostgreSQL volume
##
accessModes:
- ReadWriteOnce
## @param readReplicas.persistence.size PVC Storage Request for PostgreSQL volume
##
size: 8Gi
## @param readReplicas.persistence.annotations Annotations for the PVC
##
annotations: {}
## @param readReplicas.persistence.labels Labels for the PVC
##
labels: {}
## @param readReplicas.persistence.selector Selector to match an existing Persistent Volume (this value is evaluated as a template)
## selector:
## matchLabels:
## app: my-app
##
selector: {}
## @param readReplicas.persistence.dataSource Custom PVC data source
##
dataSource: {}
## PostgreSQL Read only Persistent Volume Claim Retention Policy
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
##
persistentVolumeClaimRetentionPolicy:
## @param readReplicas.persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for read only Statefulset
##
enabled: false
## @param readReplicas.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
##
whenScaled: Retain
## @param readReplicas.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
##
whenDeleted: Retain
## @section Backup parameters
## This section implements a trivial logical dump cronjob of the database.
## This only comes with the consistency guarantees of the dump program.
## This is not a snapshot based roll forward/backward recovery backup.
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/
backup:
## @param backup.enabled Enable the logical dump of the database "regularly"
enabled: false
cronjob:
## @param backup.cronjob.schedule Set the cronjob parameter schedule
schedule: "@daily"
## @param backup.cronjob.timeZone Set the cronjob parameter timeZone
timeZone: ""
## @param backup.cronjob.concurrencyPolicy Set the cronjob parameter concurrencyPolicy
concurrencyPolicy: Allow
## @param backup.cronjob.failedJobsHistoryLimit Set the cronjob parameter failedJobsHistoryLimit
failedJobsHistoryLimit: 1
## @param backup.cronjob.successfulJobsHistoryLimit Set the cronjob parameter successfulJobsHistoryLimit
successfulJobsHistoryLimit: 3
## @param backup.cronjob.startingDeadlineSeconds Set the cronjob parameter startingDeadlineSeconds
startingDeadlineSeconds: ""
## @param backup.cronjob.ttlSecondsAfterFinished Set the cronjob parameter ttlSecondsAfterFinished
ttlSecondsAfterFinished: ""
## @param backup.cronjob.restartPolicy Set the cronjob parameter restartPolicy
restartPolicy: OnFailure
## @param backup.cronjob.podSecurityContext.enabled Enable PodSecurityContext for CronJob/Backup
## @param backup.cronjob.podSecurityContext.fsGroup Group ID for the CronJob
podSecurityContext:
enabled: true
fsGroup: 1001
## backup container's Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param backup.cronjob.containerSecurityContext.enabled Enable container security context
## @param backup.cronjob.containerSecurityContext.runAsUser User ID for the backup container
## @param backup.cronjob.containerSecurityContext.runAsGroup Group ID for the backup container
## @param backup.cronjob.containerSecurityContext.runAsNonRoot Set backup container's Security Context runAsNonRoot
## @param backup.cronjob.containerSecurityContext.readOnlyRootFilesystem Is the container itself readonly
## @param backup.cronjob.containerSecurityContext.allowPrivilegeEscalation Is it possible to escalate backup pod(s) privileges
## @param backup.cronjob.containerSecurityContext.seccompProfile.type Set backup container's Security Context seccompProfile type
## @param backup.cronjob.containerSecurityContext.capabilities.drop Set backup container's Security Context capabilities to drop
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
## @param backup.cronjob.command Set backup container's command to run
command:
- /bin/sh
- -c
- "pg_dumpall --clean --if-exists --load-via-partition-root --quote-all-identifiers --no-password --file=${PGDUMP_DIR}/pg_dumpall-$(date '+%Y-%m-%d-%H-%M').pgdump"
## @param backup.cronjob.labels Set the cronjob labels
labels: {}
## @param backup.cronjob.annotations Set the cronjob annotations
annotations: {}
## @param backup.cronjob.nodeSelector Node labels for PostgreSQL backup CronJob pod assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
storage:
## @param backup.cronjob.storage.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`)
## If defined, PVC must be created manually before volume will be bound
##
existingClaim: ""
## @param backup.cronjob.storage.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted
##
resourcePolicy: ""
## @param backup.cronjob.storage.storageClass PVC Storage Class for the backup data volume
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner.
##
storageClass: ""
## @param backup.cronjob.storage.accessModes PV Access Mode
##
accessModes:
- ReadWriteOnce
## @param backup.cronjob.storage.size PVC Storage Request for the backup data volume
##
size: 8Gi
## @param backup.cronjob.storage.annotations PVC annotations
##
annotations: {}
## @param backup.cronjob.storage.mountPath Path to mount the volume at
##
mountPath: /backup/pgdump
## @param backup.cronjob.storage.subPath Subdirectory of the volume to mount at
## and one PV for multiple services.
##
subPath: ""
## Fine tuning for volumeClaimTemplates
##
volumeClaimTemplates:
## @param backup.cronjob.storage.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes)
## A label query over volumes to consider for binding (e.g. when using local volumes)
## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details
##
selector: {}
## @section NetworkPolicy parameters
##
## Add networkpolicies
##
networkPolicy:
## @param networkPolicy.enabled Enable network policies
##
enabled: false
## @param networkPolicy.metrics.enabled Enable network policies for metrics (prometheus)
## @param networkPolicy.metrics.namespaceSelector [object] Monitoring namespace selector labels. These labels will be used to identify the prometheus' namespace.
## @param networkPolicy.metrics.podSelector [object] Monitoring pod selector labels. These labels will be used to identify the Prometheus pods.
##
metrics:
enabled: false
## e.g:
## namespaceSelector:
## label: monitoring
##
namespaceSelector: {}
## e.g:
## podSelector:
## label: monitoring
##
podSelector: {}
## Ingress Rules
##
ingressRules:
## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled Enable ingress rule that makes PostgreSQL primary node only accessible from a particular origin.
## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector [object] Namespace selector label that is allowed to access the PostgreSQL primary node. This label will be used to identified the allowed namespace(s).
## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector [object] Pods selector label that is allowed to access the PostgreSQL primary node. This label will be used to identified the allowed pod(s).
## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules Custom network policy for the PostgreSQL primary node.
##
primaryAccessOnlyFrom:
enabled: false
## e.g:
## namespaceSelector:
## label: ingress
##
namespaceSelector: {}
## e.g:
## podSelector:
## label: access
##
podSelector: {}
## custom ingress rules
## e.g:
## customRules:
## - from:
## - namespaceSelector:
## matchLabels:
## label: example
##
customRules: []
## @param networkPolicy.ingressRules.readReplicasAccessOnlyFrom.enabled Enable ingress rule that makes PostgreSQL read-only nodes only accessible from a particular origin.
## @param networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector [object] Namespace selector label that is allowed to access the PostgreSQL read-only nodes. This label will be used to identified the allowed namespace(s).
## @param networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector [object] Pods selector label that is allowed to access the PostgreSQL read-only nodes. This label will be used to identified the allowed pod(s).
## @param networkPolicy.ingressRules.readReplicasAccessOnlyFrom.customRules Custom network policy for the PostgreSQL read-only nodes.
##
readReplicasAccessOnlyFrom:
enabled: false
## e.g:
## namespaceSelector:
## label: ingress
##
namespaceSelector: {}
## e.g:
## podSelector:
## label: access
##
podSelector: {}
## custom ingress rules
## e.g:
## CustomRules:
## - from:
## - namespaceSelector:
## matchLabels:
## label: example
##
customRules: []
## @param networkPolicy.egressRules.denyConnectionsToExternal Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53).
## @param networkPolicy.egressRules.customRules Custom network policy rule
##
egressRules:
# Deny connections to external. This is not compatible with an external database.
denyConnectionsToExternal: false
## Additional custom egress rules
## e.g:
## customRules:
## - to:
## - namespaceSelector:
## matchLabels:
## label: example
##
customRules: []
## @section Volume Permissions parameters
##
## Init containers parameters:
## volumePermissions: Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each node
##
volumePermissions:
## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume
##
enabled: false
## @param volumePermissions.image.registry Init container volume-permissions image registry
## @param volumePermissions.image.repository Init container volume-permissions image repository
## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended)
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets
##
image:
registry: docker.io
repository: bitnami/os-shell
tag: 11-debian-11-r77
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## Example:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Init container resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param volumePermissions.resources.limits Init container volume-permissions resource limits
## @param volumePermissions.resources.requests Init container volume-permissions resource requests
##
resources:
limits: {}
requests: {}
## Init container' Security Context
## Note: the chown of the data folder is done to containerSecurityContext.runAsUser
## and not the below volumePermissions.containerSecurityContext.runAsUser
## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container
## @param volumePermissions.containerSecurityContext.runAsGroup Group ID for the init container
## @param volumePermissions.containerSecurityContext.runAsNonRoot runAsNonRoot for the init container
## @param volumePermissions.containerSecurityContext.seccompProfile.type seccompProfile.type for the init container
##
containerSecurityContext:
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
seccompProfile:
type: RuntimeDefault
## @section Other Parameters
##
## @param serviceBindings.enabled Create secret for service binding (Experimental)
## Ref: https://servicebinding.io/service-provider/
##
serviceBindings:
enabled: false
## Service account for PostgreSQL to use.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
##
serviceAccount:
## @param serviceAccount.create Enable creation of ServiceAccount for PostgreSQL pod
##
create: false
## @param serviceAccount.name The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the common.names.fullname template
##
name: ""
## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
## Can be set to false if pods using this serviceAccount do not need to use K8s API
##
automountServiceAccountToken: true
## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
##
annotations: {}
## Creates role for ServiceAccount
## @param rbac.create Create Role and RoleBinding (required for PSP to work)
##
rbac:
create: false
## @param rbac.rules Custom RBAC rules to set
## e.g:
## rules:
## - apiGroups:
## - ""
## resources:
## - pods
## verbs:
## - get
## - list
##
rules: []
## Pod Security Policy
## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
## @param psp.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
##
psp:
create: false
## @section Metrics Parameters
##
metrics:
## @param metrics.enabled Start a prometheus exporter
##
enabled: false
## @param metrics.image.registry PostgreSQL Prometheus Exporter image registry
## @param metrics.image.repository PostgreSQL Prometheus Exporter image repository
## @param metrics.image.tag PostgreSQL Prometheus Exporter image tag (immutable tags are recommended)
## @param metrics.image.digest PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param metrics.image.pullPolicy PostgreSQL Prometheus Exporter image pull policy
## @param metrics.image.pullSecrets Specify image pull secrets
##
image:
registry: docker.io
repository: bitnami/postgres-exporter
tag: 0.14.0-debian-11-r5
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## Example:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param metrics.customMetrics Define additional custom metrics
## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file
## customMetrics:
## pg_database:
## query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')"
## metrics:
## - name:
## usage: "LABEL"
## description: "Name of the database"
## - size_bytes:
## usage: "GAUGE"
## description: "Size of the database in bytes"
##
customMetrics: {}
## @param metrics.extraEnvVars Extra environment variables to add to PostgreSQL Prometheus exporter
## see: https://github.com/wrouesnel/postgres_exporter#environment-variables
## For example:
## extraEnvVars:
## - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS
## value: "true"
##
extraEnvVars: []
## PostgreSQL Prometheus exporter containers' Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param metrics.containerSecurityContext.enabled Enable PostgreSQL Prometheus exporter containers' Security Context
## @param metrics.containerSecurityContext.runAsUser Set PostgreSQL Prometheus exporter containers' Security Context runAsUser
## @param metrics.containerSecurityContext.runAsGroup Set PostgreSQL Prometheus exporter containers' Security Context runAsGroup
## @param metrics.containerSecurityContext.runAsNonRoot Set PostgreSQL Prometheus exporter containers' Security Context runAsNonRoot
## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set PostgreSQL Prometheus exporter containers' Security Context allowPrivilegeEscalation
## @param metrics.containerSecurityContext.seccompProfile.type Set PostgreSQL Prometheus exporter containers' Security Context seccompProfile.type
## @param metrics.containerSecurityContext.capabilities.drop Set PostgreSQL Prometheus exporter containers' Security Context capabilities.drop
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsGroup: 0
runAsNonRoot: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
## Configure extra options for PostgreSQL Prometheus exporter containers' liveness, readiness and startup probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
## @param metrics.livenessProbe.enabled Enable livenessProbe on PostgreSQL Prometheus exporter containers
## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param metrics.readinessProbe.enabled Enable readinessProbe on PostgreSQL Prometheus exporter containers
## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param metrics.startupProbe.enabled Enable startupProbe on PostgreSQL Prometheus exporter containers
## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe
## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe
## @param metrics.startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 15
successThreshold: 1
## @param metrics.customLivenessProbe Custom livenessProbe that overrides the default one
##
customLivenessProbe: {}
## @param metrics.customReadinessProbe Custom readinessProbe that overrides the default one
##
customReadinessProbe: {}
## @param metrics.customStartupProbe Custom startupProbe that overrides the default one
##
customStartupProbe: {}
## @param metrics.containerPorts.metrics PostgreSQL Prometheus exporter metrics container port
##
containerPorts:
metrics: 9187
## PostgreSQL Prometheus exporter resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param metrics.resources.limits The resources limits for the PostgreSQL Prometheus exporter container
## @param metrics.resources.requests The requested resources for the PostgreSQL Prometheus exporter container
##
resources:
limits: {}
requests: {}
## Service configuration
##
service:
## @param metrics.service.ports.metrics PostgreSQL Prometheus Exporter service port
##
ports:
metrics: 9187
## @param metrics.service.clusterIP Static clusterIP or None for headless services
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address
##
clusterIP: ""
## @param metrics.service.sessionAffinity Control where client requests go, to the same pod or round-robin
## Values: ClientIP or None
## ref: https://kubernetes.io/docs/user-guide/services/
##
sessionAffinity: None
## @param metrics.service.annotations [object] Annotations for Prometheus to auto-discover the metrics endpoint
##
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}"
## Prometheus Operator ServiceMonitor configuration
##
serviceMonitor:
## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator
##
enabled: false
## @param metrics.serviceMonitor.namespace Namespace for the ServiceMonitor Resource (defaults to the Release Namespace)
##
namespace: ""
## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped.
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
##
interval: ""
## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
##
scrapeTimeout: ""
## @param metrics.serviceMonitor.labels Additional labels that can be used so ServiceMonitor will be discovered by Prometheus
##
labels: {}
## @param metrics.serviceMonitor.selector Prometheus instance selector labels
## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration
##
selector: {}
## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping
##
relabelings: []
## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion
##
metricRelabelings: []
## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint
##
honorLabels: false
## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
##
jobLabel: ""
## Custom PrometheusRule to be defined
## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart
## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
##
prometheusRule:
## @param metrics.prometheusRule.enabled Create a PrometheusRule for Prometheus Operator
##
enabled: false
## @param metrics.prometheusRule.namespace Namespace for the PrometheusRule Resource (defaults to the Release Namespace)
##
namespace: ""
## @param metrics.prometheusRule.labels Additional labels that can be used so PrometheusRule will be discovered by Prometheus
##
labels: {}
## @param metrics.prometheusRule.rules PrometheusRule definitions
## Make sure to constraint the rules to the current postgresql service.
## rules:
## - alert: HugeReplicationLag
## expr: pg_replication_lag{service="{{ printf "%s-metrics" (include "common.names.fullname" .) }}"} / 3600 > 1
## for: 1m
## labels:
## severity: critical
## annotations:
## description: replication for {{ include "common.names.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s).
## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s).
##
rules: []