{{/*
# Copyright © 2018 Amdocs, AT&T, Bell Canada
# Copyright © 2020 Samsung Electronics
+# Copyright © 2021 Orange
+# Modifications Copyright (C) 2021 Bell Canada.
# #
# # Licensed under the Apache License, Version 2.0 (the "License");
# # you may not use this file except in compliance with the License.
{{- define "common.postgres.deployment" -}}
{{- $dot := .dot }}
{{- $pgMode := .pgMode }}
-apiVersion: apps/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" $dot }}-{{ $pgMode }}
namespace: {{ include "common.namespace" $dot }}
labels:
app: {{ include "common.name" $dot }}-{{ $pgMode }}
+ app.kubernetes.io/name: {{ include "common.name" $dot }}-{{ $pgMode }}
+ {{- if $dot.Chart.AppVersion }}
+ version: "{{ $dot.Chart.AppVersion | replace "+" "_" }}"
+ {{- else }}
+ version: "{{ $dot.Chart.Version | replace "+" "_" }}"
+ {{- end }}
chart: {{ $dot.Chart.Name }}-{{ $dot.Chart.Version | replace "+" "_" }}
release: {{ include "common.release" $dot }}
heritage: {{ $dot.Release.Service }}
name: "{{ index $dot.Values "container" "name" $pgMode }}"
spec:
- serviceName: {{ $dot.Values.service.name }}
replicas: 1
+ strategy:
+ type: Recreate
+ selector:
+ matchLabels:
+ app: {{ include "common.name" $dot }}-{{ $pgMode }}
template:
metadata:
labels:
app: {{ include "common.name" $dot }}-{{ $pgMode }}
+ app.kubernetes.io/name: {{ include "common.name" $dot }}-{{ $pgMode }}
+ {{- if $dot.Chart.AppVersion }}
+ version: "{{ $dot.Chart.AppVersion | replace "+" "_" }}"
+ {{- else }}
+ version: "{{ $dot.Chart.Version | replace "+" "_" }}"
+ {{- end }}
release: {{ include "common.release" $dot }}
name: "{{ index $dot.Values "container" "name" $pgMode }}"
spec:
+ {{- include "common.imagePullSecrets" $dot | nindent 6 }}
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - |
+ function prepare_password {
+ echo -n $1 | sed -e "s/'/''/g"
+ }
+ export PG_PRIMARY_PASSWORD=`prepare_password $PG_PRIMARY_PASSWORD_INPUT`;
+ export PG_PASSWORD=`prepare_password $PG_PASSWORD_INPUT`;
+ export PG_ROOT_PASSWORD=`prepare_password $PG_ROOT_PASSWORD_INPUT`;
+ cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done
+ env:
+ - name: PG_PRIMARY_USER
+ value: primaryuser
+ - name: MODE
+ value: postgres
+ - name: PG_PRIMARY_PASSWORD_INPUT
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
+ - name: PG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
+ - name: PG_PASSWORD_INPUT
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
+ - name: PG_DATABASE
+ value: "{{ $dot.Values.config.pgDatabase }}"
+ - name: PG_ROOT_PASSWORD_INPUT
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input/setup.sql
+ name: config
+ subPath: setup.sql
+ - mountPath: /config
+ name: pgconf
+ image: {{ include "repositoryGenerator.image.envsubst" $dot }}
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+ name: {{ include "common.name" $dot }}-update-config
+
- name: init-sysctl
command:
- /bin/sh
- |
chown 26:26 /podroot/;
chmod 700 /podroot/;
- image: {{ $dot.Values.global.busyboxRepository | default $dot.Values.busyboxRepository }}/{{ $dot.Values.busyboxImage }}
+ image: {{ include "repositoryGenerator.image.busybox" $dot }}
imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" $dot }}-data
mountPath: /podroot/
containers:
- name: {{ include "common.name" $dot }}
- image: "{{ $dot.Values.postgresRepository }}/{{ $dot.Values.image }}"
+ image: {{ include "repositoryGenerator.image.postgres" $dot }}
imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
ports:
- containerPort: {{ $dot.Values.service.internalPort }}
value: /tmp
- name: PG_PRIMARY_USER
value: primaryuser
+ - name: MODE
+ value: postgres
- name: PG_MODE
value: {{ $pgMode }}
- name: PG_PRIMARY_HOST
- value: "{{ $dot.Values.container.name.primary }}"
+ value: "{{ $dot.Values.service.name2 }}"
- name: PG_REPLICA_HOST
- value: "{{ $dot.Values.container.name.replica }}"
+ value: "{{ $dot.Values.service.name3 }}"
- name: PG_PRIMARY_PORT
value: "{{ $dot.Values.service.internalPort }}"
- name: PG_PRIMARY_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" $dot }}
- key: pg-primary-password
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
- name: PG_USER
- value: "{{ $dot.Values.config.pgUserName }}"
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
- name: PG_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" $dot }}
- key: pg-user-password
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
- name: PG_DATABASE
value: "{{ $dot.Values.config.pgDatabase }}"
- name: PG_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" $dot }}
- key: pg-root-password
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
+ - name: PGDATA_PATH_OVERRIDE
+ value: "{{ $dot.Values.config.pgDataPath }}"
volumeMounts:
- - name: pool-hba-conf
+ - name: config
mountPath: /pgconf/pool_hba.conf
subPath: pool_hba.conf
+ - name: pgconf
+ mountPath: /pgconf/setup.sql
+ subPath: setup.sql
- mountPath: /pgdata
name: {{ include "common.fullname" $dot }}-data
- mountPath: /backup
name: {{ include "common.fullname" $dot }}-backup
readOnly: true
- resources:
-{{ include "common.resources" $dot | indent 12 }}
+ resources: {{ include "common.resources" $dot | nindent 10 }}
+ {{- if (default false $dot.Values.metrics.enabled) }}
+ - name: {{ include "common.name" $dot }}-metrics
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ $dot.Values.metrics.image }}
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.metrics.pullPolicy | quote}}
+ env:
+ - name: POSTGRES_METRICS_EXTRA_FLAGS
+ value: {{ default "" (join " " $dot.Values.metrics.extraFlags) | quote }}
+ - name: DATA_SOURCE_USER
+ value: "{{ $dot.Values.metrics.postgresUser }}"
+ - name: DATA_SOURCE_PASS
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 12 }}
+ command:
+ - sh
+ - -c
+ - |
+ DATA_SOURCE_URI="127.0.0.1:5432/?sslmode=disable" ./bin/postgres_exporter $POSTGRES_METRICS_EXTRA_FLAGS
+ ports:
+ {{- range $index, $metricPort := $dot.Values.metrics.ports }}
+ - name: {{ $metricPort.name }}
+ containerPort: {{ $metricPort.port }}
+ protocol: TCP
+ {{- end }}
+ livenessProbe:
+ httpGet:
+ path: /metrics
+ port: tcp-metrics
+ initialDelaySeconds: {{ $dot.Values.metrics.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ $dot.Values.metrics.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ $dot.Values.metrics.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ $dot.Values.metrics.livenessProbe.successThreshold }}
+ failureThreshold: {{ $dot.Values.metrics.livenessProbe.failureThreshold }}
+ readinessProbe:
+ httpGet:
+ path: /metrics
+ port: tcp-metrics
+ initialDelaySeconds: {{ $dot.Values.metrics.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ $dot.Values.metrics.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ $dot.Values.metrics.readinessProbe.timeoutSeconds }}
+ successThreshold: {{ $dot.Values.metrics.readinessProbe.successThreshold }}
+ failureThreshold: {{ $dot.Values.metrics.readinessProbe.failureThreshold }}
+ {{ include "common.containerSecurityContext" $dot | indent 10 | trim }}
+ resources: {{- toYaml $dot.Values.metrics.resources | nindent 12 }}
+ {{ end }}
{{- if $dot.Values.nodeSelector }}
nodeSelector:
{{ toYaml $dot.Values.nodeSelector | indent 10 }}
{{ toYaml $dot.Values.affinity | indent 10 }}
{{- end }}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" $dot }}-backup
emptyDir: {}
- name: {{ include "common.fullname" $dot }}-data
{{- else }}
emptyDir: {}
{{ end }}
- - name: pool-hba-conf
+ - name: config
configMap:
name: {{ include "common.fullname" $dot }}
-{{- end -}}
\ No newline at end of file
+ - name: pgconf
+ emptyDir:
+ medium: Memory
+{{- end -}}
Code Review / oom.git / blobdiff