alexlebens/helm-charts
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases 368 Wiki Activity

rebase this chart on cnpg provided chart
All checks were successful
release-charts-postgres-cluster / release (push) Successful in 18s
Details

Browse Source
This commit is contained in:
Alex Lebens
2025-05-13 00:14:16 -05:00
parent 47d7604aac
commit 1ca985edc7
31 changed files with 1329 additions and 346 deletions
Download Patch File Download Diff File Expand all files Collapse all files

567
charts/postgres-cluster/values.yaml
View File

@@ -1,6 +1,9 @@
# -- Override the name of the cluster
nameOverride: ""
# -- Override the namespace of the chart
namespaceOverride: ""
# -- Type of the CNPG database. Available types:
# * `postgresql`
# * `postgis`
@@ -8,12 +11,33 @@ nameOverride: ""
# * `tensorchord`
type: postgresql
imageCatalog:
# -- Whether to provision an image catalog. If imageCatalog.images is empty this option will be ignored.
create: false
# -- List of images to be provisioned in an image catalog.
images: []
# - image: ghcr.io/your_repo/your_image:your_tag
# major: 16
version:
# -- PostgreSQL major version to use
postgresql: "17"
# -- If using TimescaleDB, specify the version
timescaledb: "2.15"
# -- If using PostGIS, specify the version
postgis: "3.5"
# -- Cluster mode of operation. Available modes:
# * `standalone` - Default mode. Creates new or updates an existing CNPG cluster.
# * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup
# * `replica` - Create database as a replica from another CNPG cluster
mode: standalone
# -- Cluster settings
cluster:
instances: 3
@@ -21,193 +45,514 @@ cluster:
image:
repository: ghcr.io/cloudnative-pg/postgresql
tag: "17.4-3-bullseye"
pullPolicy: IfNotPresent
# -- The UID and GID of the postgres user inside the image
postgresUID: 26
postgresGID: 26
# -- Reference to `ImageCatalog` of `ClusterImageCatalog`, if specified takes precedence over `cluster.imageName`
imageCatalogRef: {}
# kind: ImageCatalog
# name: postgresql
# -- Create secret containing credentials of superuser
enableSuperuserAccess: false
# -- Image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Cannot be updated.
# More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
imagePullPolicy: IfNotPresent
# -- The list of pull secrets to be used to pull the images.
# See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-LocalObjectReference
imagePullSecrets: []
# -- Default storage size
walStorage:
size: 2Gi
storageClass: ""
storage:
size: 10Gi
storageClass: ""
# -- Default resources
walStorage:
enabled: true
size: 2Gi
storageClass: ""
# -- The UID and GID of the postgres user inside the image, defaults to 26
postgresUID: -1
postgresGID: -1
# -- Customization of service definitions. Please refer to https://cloudnative-pg.io/documentation/current/service_management/
services: {}
# -- Resources requirements of every generated Pod.
# Please refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information.
# We strongly advise you use the same setting for limits and requests so that your cluster pods are given a Guaranteed QoS.
# See: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/
resources:
requests:
memory: 256Mi
cpu: 100m
limits:
cpu: '1'
hugepages-2Mi: 256Mi
# -- See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration
affinity:
enablePodAntiAffinity: true
topologyKey: kubernetes.io/hostname
additionalLabels: {}
annotations: {}
priorityClassName: ""
# -- Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
# successfully updated. It can be switchover (default) or in-place (restart).
# successfully updated. It can be switchover (default) or restart.
primaryUpdateMethod: switchover
# -- Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
# successfully updated: it can be automated (unsupervised - default) or manual (supervised)
primaryUpdateStrategy: unsupervised
# -- The instances' log level, one of the following values: error, warning, info (default), debug, trace
logLevel: "info"
# -- Affinity/Anti-affinity rules for Pods.
# See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration
affinity:
enablePodAntiAffinity: true
topologyKey: kubernetes.io/hostname
# -- The configuration for the CA and related certificates.
# See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-CertificatesConfiguration
certificates: {}
# -- When this option is enabled, the operator will use the SuperuserSecret to update the postgres user password.
# If the secret is not present, the operator will automatically create one.
# When this option is disabled, the operator will ignore the SuperuserSecret content, delete it when automatically created,
# and then blank the password of the postgres user by setting it to NULL.
enableSuperuserAccess: false
superuserSecret: ""
# -- Allow to disable PDB, mainly useful for upgrade of single-instance clusters or development purposes
# See: https://cloudnative-pg.io/documentation/current/kubernetes_upgrade/#pod-disruption-budgets
enablePDB: true
# -- This feature enables declarative management of existing roles, as well as the creation of new roles if they are not
# already present in the database.
# See: https://cloudnative-pg.io/documentation/current/declarative_role_management/
roles: []
# - name: dante
# ensure: present
# comment: Dante Alighieri
# login: true
# superuser: false
# inRoles:
# - pg_monitor
# - pg_signal_backend
# -- Enable default monitoring and alert rules
monitoring:
# -- Whether to enable monitoring
enabled: false
podMonitor:
# -- Whether to enable the PodMonitor
enabled: true
# --The list of relabelings for the PodMonitor.
# Applied to samples before scraping.
relabelings: []
# -- The list of metric relabelings for the PodMonitor.
# Applied to samples before ingestion.
metricRelabelings: []
prometheusRule:
# -- Whether to enable the PrometheusRule automated alerts
enabled: false
enableDefaultRules: true
# -- Exclude specified rules
excludeRules: []
# -- Whether the default queries should be injected.
# Set it to true if you don't want to inject default queries into the cluster.
disableDefaultQueries: false
# -- Custom Prometheus metrics
# Will be stored in the ConfigMap
customQueries: []
# - name: "pg_cache_hit_ratio"
# query: "SELECT current_database() as datname, sum(heap_blks_hit) / (sum(heap_blks_hit) + sum(heap_blks_read)) as ratio FROM pg_statio_user_tables;"
# metrics:
# - datname:
# usage: "LABEL"
# description: "Name of the database"
# - ratio:
# usage: GAUGE
# description: "Cache hit ratio"
# -- The list of secrets containing the custom queries
customQueriesSecret: []
# - name: custom-queries-secret
# key: custom-queries
# -- Parameters to be set for the database itself
# See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration
postgresql:
# -- PostgreSQL configuration options (postgresql.conf)
parameters:
shared_buffers: 128MB
max_slot_wal_keep_size: 2000MB
hot_standby_feedback: "on"
shared_preload_libraries: []
# -- Bootstrap is the configuration of the bootstrap process when initdb is used.
# See: https://cloudnative-pg.io/documentation/current/bootstrap/
# See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb
bootstrap:
# -- Example values
# database: app
# owner: app
# secret: "" # Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch
# postInitApplicationSQL:
# - CREATE TABLE IF NOT EXISTS example;
# -- Quorum-based Synchronous Replication
synchronous: {}
# method: any
# number: 1
# -- PostgreSQL Host Based Authentication rules (lines to be appended to the pg_hba.conf file)
pg_hba: []
# - host all all 10.244.0.0/16 md5
# -- PostgreSQL User Name Maps rules (lines to be appended to the pg_ident.conf file)
pg_ident: []
# - mymap /^(.*)@mydomain\.com$ \1
# -- Lists of shared preload libraries to add to the default ones
shared_preload_libraries: []
# - pgaudit
# -- PostgreSQL LDAP configuration (see https://cloudnative-pg.io/documentation/current/postgresql_conf/#ldap-configuration)
ldap: {}
# https://cloudnative-pg.io/documentation/current/postgresql_conf/#ldap-configuration
# server: 'openldap.default.svc.cluster.local'
# bindSearchAuth:
# baseDN: 'ou=org,dc=example,dc=com'
# bindDN: 'cn=admin,dc=example,dc=com'
# bindPassword:
# name: 'ldapBindPassword'
# key: 'data'
# searchAttribute: 'uid'
# -- Bootstrap is the configuration of the bootstrap process when initdb is used.
# See: https://cloudnative-pg.io/documentation/current/bootstrap/
# See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb
initdb: {}
# database: app
# owner: "" # Defaults to the database name
# secret:
# name: "" # Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch
# options: []
# encoding: UTF8
# postInitSQL:
# - CREATE EXTENSION IF NOT EXISTS vector;
# postInitApplicationSQL: []
# postInitTemplateSQL: []
# -- Configure the metadata of the generated service account
serviceAccountTemplate: {}
additionalLabels: {}
annotations: {}
# -- Recovery settings when booting cluster from external cluster
recovery:
# -- Point in time recovery target in RFC3339 format
pitrTarget:
time: ""
# -- Available recovery methods:
# * `backup` - Recovers a CNPG cluster from a CNPG backup (PITR supported) Needs to be on the same cluster in the same namespace.
# * `objectStore` - Recovers a CNPG cluster from a barman object store (PITR supported).
# * `pgBaseBackup` - Recovers a CNPG cluster viaa streaming replication protocol. Useful if you want to
# migrate databases to CloudNativePG, even from outside Kubernetes.
# * `import` - Import one or more databases from an existing Postgres cluster.
method: backup
# -- S3 https endpoint and the s3:// path
endpointURL: ""
destinationPath: ""
# See https://cloudnative-pg.io/documentation/current/recovery/#recovery-from-a-backup-object
backup:
# -- Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
endpointCA: ""
# -- Point in time recovery target. Specify one of the following:
pitrTarget:
# -- Time in RFC3339 format
time: ""
# -- Name of the database used by the application. Default: `app`.
database: app
# -- Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key.
owner: ""
# -- Name of the backup to recover from.
backupName: ""
# See https://cloudnative-pg.io/documentation/current/recovery/#recovery-from-an-object-store
objectStore:
# -- Point in time recovery target. Specify one of the following:
pitrTarget:
# -- Time in RFC3339 format
time: ""
# -- Name of the database used by the application. Default: `app`.
database: app
# -- Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key.
owner: ""
# -- Overrides the provider specific default endpoint. Defaults to:
# S3: https://s3.<region>.amazonaws.com"
# Leave empty if using the default S3 endpoint
endpointURL: ""
# -- Overrides the provider specific default path. Defaults to:
# S3: s3://<bucket><path>
# Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path>
# Google: gs://<bucket><path>
destinationPath: ""
# -- Specifies a CA bundle to validate a privately signed certificate.
endpointCA:
# -- Creates a secret with the given value if true, otherwise uses an existing secret.
create: false
name: ""
key: ""
# -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
endpointCredentials: ""
# -- Storage
wal:
# -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
compression: snappy
# -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
encryption: ""
# -- Number of WAL files to be archived or restored in parallel.
maxParallel: 1
data:
# -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
compression: snappy
# -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
encryption: ""
# -- Number of data files to be archived or restored in parallel.
jobs: 1
# -- Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}
recoveryIndex: 1
# -- Override name of the recovery cluster in the object store, defaults to "cluster.name"
recoveryServerName: ""
# See https://cloudnative-pg.io/documentation/current/bootstrap/#bootstrap-from-a-live-cluster-pg_basebackup
pgBaseBackup:
# -- Name of the database used by the application. Default: `app`.
database: app
# -- Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch
secret: ""
# -- Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key.
owner: ""
# -- Configuration for the source database
source:
host: ""
port: 5432
username: ""
database: "app"
sslMode: "verify-full"
passwordSecret:
# -- Whether to create a secret for the password
create: false
# -- Name of the secret containing the password
name: ""
# -- The key in the secret containing the password
key: "password"
# -- The password value to use when creating the secret
value: ""
sslKeySecret:
name: ""
key: ""
sslCertSecret:
name: ""
key: ""
sslRootCertSecret:
name: ""
key: ""
# See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-Import
import:
# -- One of `microservice` or `monolith.`
# See: https://cloudnative-pg.io/documentation/current/database_import/#how-it-works
type: "microservice"
# -- Databases to import
databases: []
# -- Roles to import
roles: []
# -- List of SQL queries to be executed as a superuser in the application database right after is imported.
# To be used with extreme care. Only available in microservice type.
postImportApplicationSQL: []
# -- When set to true, only the pre-data and post-data sections of pg_restore are invoked, avoiding data import.
schemaOnly: false
# -- List of custom options to pass to the `pg_dump` command. IMPORTANT: Use these options with caution and at your
# own risk, as the operator does not validate their content. Be aware that certain options may conflict with the
# operator's intended functionality or design.
pgDumpExtraOptions: []
# -- List of custom options to pass to the `pg_restore` command. IMPORTANT: Use these options with caution and at
# your own risk, as the operator does not validate their content. Be aware that certain options may conflict with the
# operator's intended functionality or design.
pgRestoreExtraOptions: []
# -- Configuration for the source database
source:
host: ""
port: 5432
username: app
database: app
sslMode: "verify-full"
passwordSecret:
# -- Whether to create a secret for the password
create: false
# -- Name of the secret containing the password
name: ""
# -- The key in the secret containing the password
key: "password"
# -- The password value to use when creating the secret
value: ""
sslKeySecret:
name: ""
key: ""
sslCertSecret:
name: ""
key: ""
sslRootCertSecret:
name: ""
key: ""
# -- Backup settings
backup:
# -- You need to configure backups manually, so backups are disabled by default.
enabled: false
# -- Overrides the provider specific default endpoint. Defaults to:
# S3: https://s3.<region>.amazonaws.com"
endpointURL: "" # Leave empty if using the default S3 endpoint
# -- Specifies a CA bundle to validate a privately signed certificate.
endpointCA:
# -- Creates a secret with the given value if true, otherwise uses an existing secret.
create: false
name: ""
key: ""
# -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
endpointCredentials: ""
# -- Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}
recoveryIndex: 1
# -- Name of the recovery cluster in the object store, defaults to "cluster.name"
recoveryServerName: ""
# -- Name of the recovery cluster in the object store, defaults to ".Release.Name"
recoveryInstanceName: ""
# -- Overrides the provider specific default path. Defaults to:
# S3: s3://<bucket><path>
# Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path>
# Google: gs://<bucket><path>
destinationPath: ""
# -- Storage
wal:
# -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
compression: snappy
# -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
encryption: ""
# -- Number of WAL files to be archived or restored in parallel.
maxParallel: 1
data:
# -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
compression: snappy
# -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
encryption: ""
# -- Number of data files to be archived or restored in parallel.
jobs: 1
replica:
# -- See [here](https://cloudnative-pg.io/documentation/current/database_import/) for different import types
# * `microservice` - Single database import as expected from cnpg clusters
# * `monolith` - Import multiple databases and roles
importType: microservice
scheduledBackups:
-
# -- Scheduled backup name
name: daily-backup
# -- If type microservice only one database is allowed, default is app as standard in cnpg clusters
importDatabases:
- app
# -- Schedule in cron format
schedule: "0 0 */3 * *"
# -- If type microservice no roles are imported and ignored
importRoles: []
# -- Backup owner reference
backupOwnerReference: self
# -- If import type is monolith postImportApplicationSQL is not supported and ignored
postImportApplicationSQL: []
# -- Backup method, can be `barmanObjectStore` (default) or `volumeSnapshot`
method: barmanObjectStore
# -- External cluster connection, password specifies a secret name and the key containing the password value
externalCluster:
connectionParameters:
host: postgresql
user: app
dbname: app
password:
name: postgresql
key: password
backup:
enabled: false
# -- S3 endpoint starting with "https://"
endpointURL: ""
# -- S3 path starting with "s3://"
destinationPath: ""
# -- Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
endpointCA: ""
# -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
endpointCredentials: ""
# -- Retention policy for backups
retentionPolicy: "30d"
# -- Generate external cluster name, creates: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backups.backupIndex }}"
backupIndex: 1
# -- Name of the backup cluster in the object store, defaults to "cluster.name"
# -- Override ame of the backup cluster in the object store, defaults to "cluster.name"
backupName: ""
# -- Tags to add to backups. Add in key value beneath the type.
tags:
backupRetentionPolicy: ""
historyTags:
backupRetentionPolicy: ""
wal:
# -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
compression: snappy
# -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
encryption: ""
# -- Number of WAL files to be archived or restored in parallel.
maxParallel: 1
data:
# -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
compression: snappy
# -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
encryption: ""
# -- Number of data files to be archived or restored in parallel.
jobs: 1
# -- Retention policy for backups
retentionPolicy: "7d"
# -- Scheduled backup in cron format
schedule: "0 0 */3 * *"
# -- List of PgBouncer poolers
poolers: []
# -
# # -- Pooler name
# name: rw
# # -- PgBouncer type of service to forward traffic to.
# type: rw
# # -- PgBouncer pooling mode
# poolMode: transaction
# # -- Number of PgBouncer instances
# instances: 3
# # -- PgBouncer configuration parameters
# parameters:
# max_client_conn: "1000"
# default_pool_size: "25"
# monitoring:
# # -- Whether to enable monitoring
# enabled: false
# podMonitor:
# # -- Whether to enable the PodMonitor
# enabled: true
# # -- Custom PgBouncer deployment template.
# # Use to override image, specify resources, etc.
# template: {}
# -
# # -- Pooler name
# name: ro
# # -- PgBouncer type of service to forward traffic to.
# type: ro
# # -- PgBouncer pooling mode
# poolMode: transaction
# # -- Number of PgBouncer instances
# instances: 3
# # -- PgBouncer configuration parameters
# parameters:
# max_client_conn: "1000"
# default_pool_size: "25"
# monitoring:
# # -- Whether to enable monitoring
# enabled: false
# podMonitor:
# # -- Whether to enable the PodMonitor
# enabled: true
# # -- Custom PgBouncer deployment template.
# # Use to override image, specify resources, etc.
# template: {}