Compare commits
159 Commits
postgres-c
...
postgres-c
| Author | SHA1 | Date | |
|---|---|---|---|
| 5cca3b2717 | |||
| a70137cfbd | |||
| dc4df55373 | |||
| a3f42e13ce | |||
| a48262f115 | |||
| bd458a3a3d | |||
| 3aa9113d24 | |||
| 1fe8881dfb | |||
| fa6067e68b | |||
| 8a50f22e31 | |||
| deaa0c94d8 | |||
| e251ff65ef | |||
| 245212e878 | |||
| a7150e1d20 | |||
| 8d67cc9209 | |||
| e57f859564 | |||
| e98973b467 | |||
| cb5c199d03 | |||
| df4bb2acd7 | |||
| 7f494fcc1e | |||
| 337aee6940 | |||
| 74c2bca3ae | |||
| e1a2ee71f8 | |||
| 37478087d4 | |||
| 9af2f7d52a | |||
| ab89f723a7 | |||
| 884cae31a3 | |||
| 9c2afe436d | |||
| e0b707fa32 | |||
| 2b02da90fd | |||
| 225ffc6c7e | |||
| fa470296b9 | |||
| 336a6f2815 | |||
| 406737ed6a | |||
| ffcd5139ef | |||
| 69a554bd9d | |||
| 2aacb4115a | |||
| 56d7b063bd | |||
| 1ca985edc7 | |||
| 47d7604aac | |||
| ecf6e80a20 | |||
| f6bc5f42a5 | |||
| 1b28dbf3db | |||
| 0f2d18fc7a | |||
| 0c093bd754 | |||
| 0c8d26e3eb | |||
| 82d93fc450 | |||
| 2657f162c4 | |||
| b7d53203da | |||
| 21a646dabd | |||
| 0d15a1dadd | |||
| a7fe403702 | |||
| 34957e0c18 | |||
| a9286227f7 | |||
| 3f6faacaa1 | |||
| 5817f674f4 | |||
| 2786520504 | |||
| c93f608874 | |||
| 4164f50bce | |||
| c060846f7b | |||
| 673a8c686f | |||
| 707cb159b9 | |||
| 90a61573bc | |||
| ad1fa6786a | |||
| 28ed0e8735 | |||
| 0e3de3cca7 | |||
| 53f37bc75a | |||
| 01d96d9a25 | |||
| 76823dc414 | |||
| f97b6ab657 | |||
| 4bee2a675c | |||
| 0094b5611f | |||
| bb7fb1eadb | |||
| 99ed8cce53 | |||
| 02bec682c2 | |||
| c549882df9 | |||
| e28f44b697 | |||
| 78afcf24d3 | |||
| 86e87dbbba | |||
| 39134cbd95 | |||
| 9f66bd588c | |||
| 81aac4790e | |||
|
94b6b4b0fb | ||
|
|
27edd0a1ef | ||
| 94184ea569 | |||
| 08473fc265 | |||
| 81d3ecf237 | |||
| 8392d67790 | |||
| 3f06bf148c | |||
| 5259488c05 | |||
| 09c693d371 | |||
| ec6f44c6bc | |||
| 35f331e29a | |||
| 3b0481fcb1 | |||
| e2dfd70dc4 | |||
| ffc253ef7d | |||
| 77dd85362e | |||
| d5bb83bf84 | |||
| 11d3dd927b | |||
| 1b67b5cbb6 | |||
| 56fe199fb9 | |||
| 8ec7f590b2 | |||
| d2444fb544 | |||
| 202a534e8e | |||
| c36e4e371f | |||
| 1ac9444bb2 | |||
| 275fcd8568 | |||
| 158d4ca676 | |||
| 32e232d8e2 | |||
| 93d2f916fb | |||
| b1a6a2fd39 | |||
| d3307d4f70 | |||
| 1b7018d3bd | |||
| b75721ae1d | |||
|
|
e0e4f6ee8a | ||
|
|
7dd80d4528 | ||
| 24af841f19 | |||
| 16211d4c62 | |||
| 513c46c957 | |||
| 3fad4e4ff0 | |||
| 1f867e0276 | |||
| 601790ab7a | |||
| 16ebdda6a4 | |||
| dbf8f14512 | |||
| 22dcd7a14c | |||
| 8862d97c27 | |||
| 1f4cd543c0 | |||
| 4aac272e98 | |||
| b8602fb919 | |||
| fb34897269 | |||
| ec27eff4da | |||
| 2b31df483e | |||
| 53191f1d68 | |||
| 172526fb79 | |||
| 5d5aad265a | |||
| 84af71da49 | |||
| ab3ca49103 | |||
| 8b2342d1c2 | |||
| 9107020db2 | |||
| 3ecef5f8d1 | |||
|
|
e5b1b733fe | ||
| 843e37e233 | |||
| ee944a6b83 | |||
|
|
5fe95ea7ad | ||
| 6a33a670e1 | |||
| 27cdfd742e | |||
| 9f68b30a31 | |||
| 668d50dfdb | |||
| 93a232947e | |||
| 667236239d | |||
| 875f0c143c | |||
| 670b6e600c | |||
| 6f5b5ffcb4 | |||
|
|
295a7296bc | ||
| f1b4020287 | |||
| 969357a664 | |||
| 5685190e43 | |||
| 5e88f116fc | |||
| f99ebfaa44 |
38
.gitea/workflows/lint-test.yaml
Normal file
38
.gitea/workflows/lint-test.yaml
Normal file
@@ -0,0 +1,38 @@
|
||||
name: lint-and-test-charts
|
||||
|
||||
on: pull_request
|
||||
|
||||
jobs:
|
||||
lint-test:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Helm
|
||||
uses: azure/setup-helm@v4
|
||||
with:
|
||||
version: latest
|
||||
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: "3.13"
|
||||
check-latest: true
|
||||
|
||||
- name: Set up Chart Testing
|
||||
uses: helm/chart-testing-action@v2.7.0
|
||||
|
||||
- name: Run Chart Testing (list-changed)
|
||||
id: list-changed
|
||||
run: |
|
||||
changed=$(ct list-changed --target-branch ${{ gitea.event.repository.default_branch }})
|
||||
if [[ -n "$changed" ]]; then
|
||||
echo "changed=true" >> $GITHUB_OUTPUT
|
||||
fi
|
||||
|
||||
- name: Run Chart Testing (lint)
|
||||
if: steps.list-changed.outputs.changed == 'true'
|
||||
run: ct lint --target-branch ${{ gitea.event.repository.default_branch }}
|
||||
66
.gitea/workflows/release-charts-barman-cloud.yml
Normal file
66
.gitea/workflows/release-charts-barman-cloud.yml
Normal file
@@ -0,0 +1,66 @@
|
||||
name: release-charts-cloudfbarman-cloudlared
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- "charts/barman-cloud/**"
|
||||
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
WORKFLOW_DIR: "charts/barman-cloud"
|
||||
|
||||
jobs:
|
||||
release:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Set up Helm
|
||||
uses: azure/setup-helm@v4
|
||||
with:
|
||||
token: ${{ secrets.GITEA_TOKEN }}
|
||||
version: latest
|
||||
|
||||
- name: Package Helm Chart
|
||||
run: |
|
||||
cd $WORKFLOW_DIR
|
||||
helm dependency build
|
||||
echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
|
||||
|
||||
- name: Publish Helm Chart to Harbor
|
||||
run: |
|
||||
helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }}
|
||||
helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts
|
||||
|
||||
- name: Publish Helm Chart to Gitea
|
||||
run: |
|
||||
helm plugin install https://github.com/chartmuseum/helm-push
|
||||
helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
|
||||
helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
|
||||
|
||||
- name: Extract Chart Metadata
|
||||
run: |
|
||||
cd $WORKFLOW_DIR
|
||||
echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
|
||||
echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
|
||||
|
||||
- name: Release Helm Chart
|
||||
uses: akkuman/gitea-release-action@v1
|
||||
with:
|
||||
name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
|
||||
tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
|
||||
files: |-
|
||||
${{ env.PACKAGE_PATH }}
|
||||
|
||||
- name: Actions Ntfy
|
||||
run: |
|
||||
curl \
|
||||
-H "Authorization: Bearer ${{ secrets.NTFY_CRED }}" \
|
||||
-H "Title: Chart Released: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}" \
|
||||
-H "Content-Type: text/plain" \
|
||||
-d $'Repo: ${{ gitea.repository }}\nCommit: ${{ gitea.sha }}\nRef: ${{ gitea.ref }}\nStatus: ${{ job.status}}' \
|
||||
${{ secrets.NTFY_URL }}
|
||||
66
.gitea/workflows/release-charts-cloudflared.yml
Normal file
66
.gitea/workflows/release-charts-cloudflared.yml
Normal file
@@ -0,0 +1,66 @@
|
||||
name: release-charts-cloudflared
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- "charts/cloudflared/**"
|
||||
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
WORKFLOW_DIR: "charts/cloudflared"
|
||||
|
||||
jobs:
|
||||
release:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Set up Helm
|
||||
uses: azure/setup-helm@v4
|
||||
with:
|
||||
token: ${{ secrets.GITEA_TOKEN }}
|
||||
version: latest
|
||||
|
||||
- name: Package Helm Chart
|
||||
run: |
|
||||
cd $WORKFLOW_DIR
|
||||
helm dependency build
|
||||
echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
|
||||
|
||||
- name: Publish Helm Chart to Harbor
|
||||
run: |
|
||||
helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }}
|
||||
helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts
|
||||
|
||||
- name: Publish Helm Chart to Gitea
|
||||
run: |
|
||||
helm plugin install https://github.com/chartmuseum/helm-push
|
||||
helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
|
||||
helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
|
||||
|
||||
- name: Extract Chart Metadata
|
||||
run: |
|
||||
cd $WORKFLOW_DIR
|
||||
echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
|
||||
echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
|
||||
|
||||
- name: Release Helm Chart
|
||||
uses: akkuman/gitea-release-action@v1
|
||||
with:
|
||||
name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
|
||||
tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
|
||||
files: |-
|
||||
${{ env.PACKAGE_PATH }}
|
||||
|
||||
- name: Actions Ntfy
|
||||
run: |
|
||||
curl \
|
||||
-H "Authorization: Bearer ${{ secrets.NTFY_CRED }}" \
|
||||
-H "Title: Chart Released: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}" \
|
||||
-H "Content-Type: text/plain" \
|
||||
-d $'Repo: ${{ gitea.repository }}\nCommit: ${{ gitea.sha }}\nRef: ${{ gitea.ref }}\nStatus: ${{ job.status}}' \
|
||||
${{ secrets.NTFY_URL }}
|
||||
66
.gitea/workflows/release-charts-generic-device-plugin.yml
Normal file
66
.gitea/workflows/release-charts-generic-device-plugin.yml
Normal file
@@ -0,0 +1,66 @@
|
||||
name: release-charts-generic-device-plugin
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- "charts/generic-device-plugin/**"
|
||||
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
WORKFLOW_DIR: "charts/generic-device-plugin"
|
||||
|
||||
jobs:
|
||||
release:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Set up Helm
|
||||
uses: azure/setup-helm@v4
|
||||
with:
|
||||
token: ${{ secrets.GITEA_TOKEN }}
|
||||
version: latest
|
||||
|
||||
- name: Package Helm Chart
|
||||
run: |
|
||||
cd $WORKFLOW_DIR
|
||||
helm dependency build
|
||||
echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
|
||||
|
||||
- name: Publish Helm Chart to Harbor
|
||||
run: |
|
||||
helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }}
|
||||
helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts
|
||||
|
||||
- name: Publish Helm Chart to Gitea
|
||||
run: |
|
||||
helm plugin install https://github.com/chartmuseum/helm-push
|
||||
helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
|
||||
helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
|
||||
|
||||
- name: Extract Chart Metadata
|
||||
run: |
|
||||
cd $WORKFLOW_DIR
|
||||
echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
|
||||
echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
|
||||
|
||||
- name: Release Helm Chart
|
||||
uses: akkuman/gitea-release-action@v1
|
||||
with:
|
||||
name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
|
||||
tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
|
||||
files: |-
|
||||
${{ env.PACKAGE_PATH }}
|
||||
|
||||
- name: Actions Ntfy
|
||||
run: |
|
||||
curl \
|
||||
-H "Authorization: Bearer ${{ secrets.NTFY_CRED }}" \
|
||||
-H "Title: Chart Released: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}" \
|
||||
-H "Content-Type: text/plain" \
|
||||
-d $'Repo: ${{ gitea.repository }}\nCommit: ${{ gitea.sha }}\nRef: ${{ gitea.ref }}\nStatus: ${{ job.status}}' \
|
||||
${{ secrets.NTFY_URL }}
|
||||
66
.gitea/workflows/release-charts-postgres-cluster.yml
Normal file
66
.gitea/workflows/release-charts-postgres-cluster.yml
Normal file
@@ -0,0 +1,66 @@
|
||||
name: release-charts-postgres-cluster
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- "charts/postgres-cluster/**"
|
||||
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
WORKFLOW_DIR: "charts/postgres-cluster"
|
||||
|
||||
jobs:
|
||||
release:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Set up Helm
|
||||
uses: azure/setup-helm@v4
|
||||
with:
|
||||
token: ${{ secrets.GITEA_TOKEN }}
|
||||
version: latest
|
||||
|
||||
- name: Package Helm Chart
|
||||
run: |
|
||||
cd $WORKFLOW_DIR
|
||||
helm dependency build
|
||||
echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
|
||||
|
||||
- name: Publish Helm Chart to Harbor
|
||||
run: |
|
||||
helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }}
|
||||
helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts
|
||||
|
||||
- name: Publish Helm Chart to Gitea
|
||||
run: |
|
||||
helm plugin install https://github.com/chartmuseum/helm-push
|
||||
helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
|
||||
helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
|
||||
|
||||
- name: Extract Chart Metadata
|
||||
run: |
|
||||
cd $WORKFLOW_DIR
|
||||
echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
|
||||
echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
|
||||
|
||||
- name: Release Helm Chart
|
||||
uses: akkuman/gitea-release-action@v1
|
||||
with:
|
||||
name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
|
||||
tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
|
||||
files: |-
|
||||
${{ env.PACKAGE_PATH }}
|
||||
|
||||
- name: Actions Ntfy
|
||||
run: |
|
||||
curl \
|
||||
-H "Authorization: Bearer ${{ secrets.NTFY_CRED }}" \
|
||||
-H "Title: Chart Released: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}" \
|
||||
-H "Content-Type: text/plain" \
|
||||
-d $'Repo: ${{ gitea.repository }}\nCommit: ${{ gitea.sha }}\nRef: ${{ gitea.ref }}\nStatus: ${{ job.status}}' \
|
||||
${{ secrets.NTFY_URL }}
|
||||
@@ -1,2 +0,0 @@
|
||||
# This file is processed by Renovate bot so that it creates a PR on new major Renovate versions
|
||||
FROM renovate/renovate:37
|
||||
37
.github/workflows/lint-test.yaml
vendored
37
.github/workflows/lint-test.yaml
vendored
@@ -1,37 +0,0 @@
|
||||
name: lint-and-test-charts
|
||||
|
||||
on: pull_request
|
||||
|
||||
jobs:
|
||||
lint-test:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Helm
|
||||
uses: azure/setup-helm@v4
|
||||
with:
|
||||
version: v3.13.3
|
||||
|
||||
- uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: "3.10"
|
||||
check-latest: true
|
||||
|
||||
- name: Set up chart-testing
|
||||
uses: helm/chart-testing-action@v2.6.1
|
||||
|
||||
- name: Run chart-testing (list-changed)
|
||||
id: list-changed
|
||||
run: |
|
||||
changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
|
||||
if [[ -n "$changed" ]]; then
|
||||
echo "changed=true" >> "$GITHUB_OUTPUT"
|
||||
fi
|
||||
|
||||
- name: Run chart-testing (lint)
|
||||
if: steps.list-changed.outputs.changed == 'true'
|
||||
run: ct lint --target-branch ${{ github.event.repository.default_branch }}
|
||||
@@ -4,6 +4,8 @@ on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- "charts/**"
|
||||
|
||||
jobs:
|
||||
release:
|
||||
@@ -22,6 +24,6 @@ jobs:
|
||||
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
|
||||
|
||||
- name: Run chart-releaser
|
||||
uses: helm/chart-releaser-action@v1.6.0
|
||||
uses: helm/chart-releaser-action@v1.7.0
|
||||
env:
|
||||
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
|
||||
19
.pre-commit-config.yaml
Normal file
19
.pre-commit-config.yaml
Normal file
@@ -0,0 +1,19 @@
|
||||
repos:
|
||||
- repo: https://github.com/pre-commit/pre-commit-hooks
|
||||
rev: v2.3.0
|
||||
hooks:
|
||||
- id: end-of-file-fixer
|
||||
- id: trailing-whitespace
|
||||
- id: check-added-large-files
|
||||
- id: check-yaml
|
||||
exclude: 'charts/'
|
||||
args:
|
||||
- --multi
|
||||
- repo: https://github.com/norwoodj/helm-docs
|
||||
rev: v1.14.2
|
||||
hooks:
|
||||
- id: helm-docs
|
||||
args:
|
||||
- --chart-search-root=charts
|
||||
- --template-files=./_templates.gotmpl
|
||||
- --template-files=README.md.gotmpl
|
||||
18
charts/barman-cloud/Chart.yaml
Normal file
18
charts/barman-cloud/Chart.yaml
Normal file
@@ -0,0 +1,18 @@
|
||||
apiVersion: v2
|
||||
name: barman-cloud
|
||||
version: 0.2.5
|
||||
description: Barman Cloud Plugin
|
||||
keywords:
|
||||
- barman-cloud
|
||||
- cloudnative-pg
|
||||
sources:
|
||||
- https://github.com/cloudnative-pg/plugin-barman-cloud
|
||||
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/library/common
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.0.1
|
||||
icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
|
||||
appVersion: v.0.4.0
|
||||
33
charts/barman-cloud/README.md
Normal file
33
charts/barman-cloud/README.md
Normal file
@@ -0,0 +1,33 @@
|
||||
# barman-cloud
|
||||
|
||||
 
|
||||
|
||||
Barman Cloud Plugin
|
||||
|
||||
## Maintainers
|
||||
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| alexlebens | | |
|
||||
|
||||
## Source Code
|
||||
|
||||
* <https://github.com/cloudnative-pg/plugin-barman-cloud>
|
||||
* <https://github.com/bjw-s-labs/helm-charts/tree/main/charts/library/common>
|
||||
|
||||
## Requirements
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://bjw-s-labs.github.io/helm-charts/ | common | 4.0.1 |
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/cloudnative-pg/plugin-barman-cloud","tag":"v0.4.0"}` | Default image |
|
||||
| name | string | `"barman-cloud"` | Name override of release |
|
||||
| service | object | `{"listenPort":9090}` | Default service |
|
||||
|
||||
----------------------------------------------
|
||||
Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
|
||||
46
charts/barman-cloud/templates/certificate.yaml
Normal file
46
charts/barman-cloud/templates/certificate.yaml
Normal file
@@ -0,0 +1,46 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: {{ .Values.name }}-client
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Values.name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
commonName: {{ .Values.name }}-client
|
||||
duration: 2160h
|
||||
isCA: false
|
||||
issuerRef:
|
||||
group: cert-manager.io
|
||||
kind: Issuer
|
||||
name: selfsigned-issuer
|
||||
renewBefore: 360h
|
||||
secretName: {{ .Values.name }}-client-tls
|
||||
usages:
|
||||
- client auth
|
||||
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: {{ .Values.name }}-server
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Values.name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
commonName: {{ .Values.name }}
|
||||
dnsNames:
|
||||
- {{ .Values.name }}
|
||||
duration: 2160h
|
||||
isCA: false
|
||||
issuerRef:
|
||||
group: cert-manager.io
|
||||
kind: Issuer
|
||||
name: selfsigned-issuer
|
||||
renewBefore: 360h
|
||||
secretName: {{ .Values.name }}-server-tls
|
||||
usages:
|
||||
- server auth
|
||||
34
charts/barman-cloud/templates/cluster-role-binding.yaml
Normal file
34
charts/barman-cloud/templates/cluster-role-binding.yaml
Normal file
@@ -0,0 +1,34 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: metrics-auth-rolebinding
|
||||
labels:
|
||||
app.kubernetes.io/name: metrics-auth-rolebinding
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: metrics-auth-role
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Release.Name }}-barman-cloud
|
||||
namespace: {{ .Release.Namespace }}
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: plugin-barman-cloud-binding
|
||||
labels:
|
||||
app.kubernetes.io/name: plugin-barman-cloud
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: plugin-barman-cloud
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Release.Name }}-barman-cloud
|
||||
namespace: {{ .Release.Namespace }}
|
||||
157
charts/barman-cloud/templates/cluster-role.yaml
Normal file
157
charts/barman-cloud/templates/cluster-role.yaml
Normal file
@@ -0,0 +1,157 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: metrics-auth-role
|
||||
labels:
|
||||
app.kubernetes.io/name: metrics-auth-role
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- authentication.k8s.io
|
||||
resources:
|
||||
- tokenreviews
|
||||
verbs:
|
||||
- create
|
||||
- apiGroups:
|
||||
- authorization.k8s.io
|
||||
resources:
|
||||
- subjectaccessreviews
|
||||
verbs:
|
||||
- create
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: metrics-reader
|
||||
labels:
|
||||
app.kubernetes.io/name: metrics-reader
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
rules:
|
||||
- nonResourceURLs:
|
||||
- /metrics
|
||||
verbs:
|
||||
- get
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: objectstore-editor-role
|
||||
labels:
|
||||
app.kubernetes.io/name: objectstore-editor-role
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- barmancloud.cnpg.io
|
||||
resources:
|
||||
- objectstores
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- barmancloud.cnpg.io
|
||||
resources:
|
||||
- objectstores/status
|
||||
verbs:
|
||||
- get
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: objectstore-viewer-role
|
||||
labels:
|
||||
app.kubernetes.io/name: objectstore-viewer-role
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- barmancloud.cnpg.io
|
||||
resources:
|
||||
- objectstores
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- barmancloud.cnpg.io
|
||||
resources:
|
||||
- objectstores/status
|
||||
verbs:
|
||||
- get
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: plugin-barman-cloud
|
||||
labels:
|
||||
app.kubernetes.io/name: plugin-barman-cloud
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- barmancloud.cnpg.io
|
||||
resources:
|
||||
- objectstores
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- barmancloud.cnpg.io
|
||||
resources:
|
||||
- objectstores/finalizers
|
||||
verbs:
|
||||
- update
|
||||
- apiGroups:
|
||||
- barmancloud.cnpg.io
|
||||
resources:
|
||||
- objectstores/status
|
||||
verbs:
|
||||
- get
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- postgresql.cnpg.io
|
||||
resources:
|
||||
- backups
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- rbac.authorization.k8s.io
|
||||
resources:
|
||||
- rolebindings
|
||||
- roles
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
99
charts/barman-cloud/templates/common.yaml
Normal file
99
charts/barman-cloud/templates/common.yaml
Normal file
@@ -0,0 +1,99 @@
|
||||
{{ include "bjw-s.common.loader.init" . }}
|
||||
|
||||
{{ define "barman-cloud.hardcodedValues" }}
|
||||
{{ if not .Values.global.nameOverride }}
|
||||
global:
|
||||
nameOverride: {{ .Values.name }}
|
||||
{{ end }}
|
||||
controllers:
|
||||
main:
|
||||
type: deployment
|
||||
labels:
|
||||
app: {{ .Values.name }}
|
||||
replicas: 1
|
||||
strategy: Recreate
|
||||
serviceAccount:
|
||||
name: {{ .Release.Name }}-barman-cloud
|
||||
pod:
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ .Values.name }}
|
||||
containers:
|
||||
main:
|
||||
image:
|
||||
repository: {{ .Values.image.repository }}
|
||||
tag: {{ .Values.image.tag }}
|
||||
pullPolicy: {{ .Values.image.pullPolicy }}
|
||||
args:
|
||||
- operator
|
||||
- --server-cert=/server/tls.crt
|
||||
- --server-key=/server/tls.key
|
||||
- --client-cert=/client/tls.crt
|
||||
- --server-address=:{{ .Values.service.listenPort }}
|
||||
- --leader-elect
|
||||
- --log-level=debug
|
||||
env:
|
||||
- name: SIDECAR_IMAGE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: SIDECAR_IMAGE
|
||||
name: plugin-barman-cloud-m76km67hd7
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 10001
|
||||
runAsUser: 10001
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
serviceAccount:
|
||||
barman-cloud:
|
||||
enabled: true
|
||||
service:
|
||||
main:
|
||||
controller: main
|
||||
annotations:
|
||||
cnpg.io/pluginPort: "{{ .Values.service.listenPort }}"
|
||||
cnpg.io/pluginClientSecret: {{ .Values.name }}-client-tls
|
||||
cnpg.io/pluginServerSecret: {{ .Values.name }}-server-tls
|
||||
labels:
|
||||
app: {{ .Values.name }}
|
||||
cnpg.io/pluginName: barman-cloud.cloudnative-pg.io
|
||||
ports:
|
||||
http:
|
||||
port: {{ .Values.service.listenPort }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.service.listenPort }}
|
||||
persistence:
|
||||
server-tls:
|
||||
enabled: true
|
||||
type: secret
|
||||
name: {{ .Values.name }}-server-tls
|
||||
advancedMounts:
|
||||
main:
|
||||
main:
|
||||
- path: /server
|
||||
readOnly: true
|
||||
mountPropagation: None
|
||||
client-tls:
|
||||
enabled: true
|
||||
type: secret
|
||||
name: {{ .Values.name }}-client-tls
|
||||
advancedMounts:
|
||||
main:
|
||||
main:
|
||||
- path: /client
|
||||
readOnly: true
|
||||
mountPropagation: None
|
||||
|
||||
{{ end }}
|
||||
{{ $_ := mergeOverwrite .Values (include "barman-cloud.hardcodedValues" . | fromYaml) }}
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "bjw-s.common.loader.generate" . }}
|
||||
627
charts/barman-cloud/templates/custom-resource-definition.yaml
Normal file
627
charts/barman-cloud/templates/custom-resource-definition.yaml
Normal file
@@ -0,0 +1,627 @@
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.18.0
|
||||
name: objectstores.barmancloud.cnpg.io
|
||||
spec:
|
||||
group: barmancloud.cnpg.io
|
||||
names:
|
||||
kind: ObjectStore
|
||||
listKind: ObjectStoreList
|
||||
plural: objectstores
|
||||
singular: objectstore
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: ObjectStore is the Schema for the objectstores API.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: |-
|
||||
Specification of the desired behavior of the ObjectStore.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
|
||||
properties:
|
||||
configuration:
|
||||
description: The configuration for the barman-cloud tool suite
|
||||
properties:
|
||||
azureCredentials:
|
||||
description: The credentials to use to upload data to Azure Blob
|
||||
Storage
|
||||
properties:
|
||||
connectionString:
|
||||
description: The connection string to be used
|
||||
properties:
|
||||
key:
|
||||
description: The key to select
|
||||
type: string
|
||||
name:
|
||||
description: Name of the referent.
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- name
|
||||
type: object
|
||||
inheritFromAzureAD:
|
||||
description: Use the Azure AD based authentication without
|
||||
providing explicitly the keys.
|
||||
type: boolean
|
||||
storageAccount:
|
||||
description: The storage account where to upload data
|
||||
properties:
|
||||
key:
|
||||
description: The key to select
|
||||
type: string
|
||||
name:
|
||||
description: Name of the referent.
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- name
|
||||
type: object
|
||||
storageKey:
|
||||
description: |-
|
||||
The storage account key to be used in conjunction
|
||||
with the storage account name
|
||||
properties:
|
||||
key:
|
||||
description: The key to select
|
||||
type: string
|
||||
name:
|
||||
description: Name of the referent.
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- name
|
||||
type: object
|
||||
storageSasToken:
|
||||
description: |-
|
||||
A shared-access-signature to be used in conjunction with
|
||||
the storage account name
|
||||
properties:
|
||||
key:
|
||||
description: The key to select
|
||||
type: string
|
||||
name:
|
||||
description: Name of the referent.
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- name
|
||||
type: object
|
||||
type: object
|
||||
data:
|
||||
description: |-
|
||||
The configuration to be used to backup the data files
|
||||
When not defined, base backups files will be stored uncompressed and may
|
||||
be unencrypted in the object store, according to the bucket default
|
||||
policy.
|
||||
properties:
|
||||
additionalCommandArgs:
|
||||
description: |-
|
||||
AdditionalCommandArgs represents additional arguments that can be appended
|
||||
to the 'barman-cloud-backup' command-line invocation. These arguments
|
||||
provide flexibility to customize the backup process further according to
|
||||
specific requirements or configurations.
|
||||
|
||||
Example:
|
||||
In a scenario where specialized backup options are required, such as setting
|
||||
a specific timeout or defining custom behavior, users can use this field
|
||||
to specify additional command arguments.
|
||||
|
||||
Note:
|
||||
It's essential to ensure that the provided arguments are valid and supported
|
||||
by the 'barman-cloud-backup' command, to avoid potential errors or unintended
|
||||
behavior during execution.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
compression:
|
||||
description: |-
|
||||
Compress a backup file (a tar file per tablespace) while streaming it
|
||||
to the object store. Available options are empty string (no
|
||||
compression, default), `gzip`, `bzip2`, and `snappy`.
|
||||
enum:
|
||||
- bzip2
|
||||
- gzip
|
||||
- snappy
|
||||
type: string
|
||||
encryption:
|
||||
description: |-
|
||||
Whenever to force the encryption of files (if the bucket is
|
||||
not already configured for that).
|
||||
Allowed options are empty string (use the bucket policy, default),
|
||||
`AES256` and `aws:kms`
|
||||
enum:
|
||||
- AES256
|
||||
- aws:kms
|
||||
type: string
|
||||
immediateCheckpoint:
|
||||
description: |-
|
||||
Control whether the I/O workload for the backup initial checkpoint will
|
||||
be limited, according to the `checkpoint_completion_target` setting on
|
||||
the PostgreSQL server. If set to true, an immediate checkpoint will be
|
||||
used, meaning PostgreSQL will complete the checkpoint as soon as
|
||||
possible. `false` by default.
|
||||
type: boolean
|
||||
jobs:
|
||||
description: |-
|
||||
The number of parallel jobs to be used to upload the backup, defaults
|
||||
to 2
|
||||
format: int32
|
||||
minimum: 1
|
||||
type: integer
|
||||
type: object
|
||||
destinationPath:
|
||||
description: |-
|
||||
The path where to store the backup (i.e. s3://bucket/path/to/folder)
|
||||
this path, with different destination folders, will be used for WALs
|
||||
and for data
|
||||
minLength: 1
|
||||
type: string
|
||||
endpointCA:
|
||||
description: |-
|
||||
EndpointCA store the CA bundle of the barman endpoint.
|
||||
Useful when using self-signed certificates to avoid
|
||||
errors with certificate issuer and barman-cloud-wal-archive
|
||||
properties:
|
||||
key:
|
||||
description: The key to select
|
||||
type: string
|
||||
name:
|
||||
description: Name of the referent.
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- name
|
||||
type: object
|
||||
endpointURL:
|
||||
description: |-
|
||||
Endpoint to be used to upload data to the cloud,
|
||||
overriding the automatic endpoint discovery
|
||||
type: string
|
||||
googleCredentials:
|
||||
description: The credentials to use to upload data to Google Cloud
|
||||
Storage
|
||||
properties:
|
||||
applicationCredentials:
|
||||
description: The secret containing the Google Cloud Storage
|
||||
JSON file with the credentials
|
||||
properties:
|
||||
key:
|
||||
description: The key to select
|
||||
type: string
|
||||
name:
|
||||
description: Name of the referent.
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- name
|
||||
type: object
|
||||
gkeEnvironment:
|
||||
description: |-
|
||||
If set to true, will presume that it's running inside a GKE environment,
|
||||
default to false.
|
||||
type: boolean
|
||||
type: object
|
||||
historyTags:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: |-
|
||||
HistoryTags is a list of key value pairs that will be passed to the
|
||||
Barman --history-tags option.
|
||||
type: object
|
||||
s3Credentials:
|
||||
description: The credentials to use to upload data to S3
|
||||
properties:
|
||||
accessKeyId:
|
||||
description: The reference to the access key id
|
||||
properties:
|
||||
key:
|
||||
description: The key to select
|
||||
type: string
|
||||
name:
|
||||
description: Name of the referent.
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- name
|
||||
type: object
|
||||
inheritFromIAMRole:
|
||||
description: Use the role based authentication without providing
|
||||
explicitly the keys.
|
||||
type: boolean
|
||||
region:
|
||||
description: The reference to the secret containing the region
|
||||
name
|
||||
properties:
|
||||
key:
|
||||
description: The key to select
|
||||
type: string
|
||||
name:
|
||||
description: Name of the referent.
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- name
|
||||
type: object
|
||||
secretAccessKey:
|
||||
description: The reference to the secret access key
|
||||
properties:
|
||||
key:
|
||||
description: The key to select
|
||||
type: string
|
||||
name:
|
||||
description: Name of the referent.
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- name
|
||||
type: object
|
||||
sessionToken:
|
||||
description: The references to the session key
|
||||
properties:
|
||||
key:
|
||||
description: The key to select
|
||||
type: string
|
||||
name:
|
||||
description: Name of the referent.
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
- name
|
||||
type: object
|
||||
type: object
|
||||
serverName:
|
||||
description: |-
|
||||
The server name on S3, the cluster name is used if this
|
||||
parameter is omitted
|
||||
type: string
|
||||
tags:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: |-
|
||||
Tags is a list of key value pairs that will be passed to the
|
||||
Barman --tags option.
|
||||
type: object
|
||||
wal:
|
||||
description: |-
|
||||
The configuration for the backup of the WAL stream.
|
||||
When not defined, WAL files will be stored uncompressed and may be
|
||||
unencrypted in the object store, according to the bucket default policy.
|
||||
properties:
|
||||
archiveAdditionalCommandArgs:
|
||||
description: |-
|
||||
Additional arguments that can be appended to the 'barman-cloud-wal-archive'
|
||||
command-line invocation. These arguments provide flexibility to customize
|
||||
the WAL archive process further, according to specific requirements or configurations.
|
||||
|
||||
Example:
|
||||
In a scenario where specialized backup options are required, such as setting
|
||||
a specific timeout or defining custom behavior, users can use this field
|
||||
to specify additional command arguments.
|
||||
|
||||
Note:
|
||||
It's essential to ensure that the provided arguments are valid and supported
|
||||
by the 'barman-cloud-wal-archive' command, to avoid potential errors or unintended
|
||||
behavior during execution.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
compression:
|
||||
description: |-
|
||||
Compress a WAL file before sending it to the object store. Available
|
||||
options are empty string (no compression, default), `gzip`, `bzip2`,
|
||||
`lz4`, `snappy`, `xz`, and `zstd`.
|
||||
enum:
|
||||
- bzip2
|
||||
- gzip
|
||||
- lz4
|
||||
- snappy
|
||||
- xz
|
||||
- zstd
|
||||
type: string
|
||||
encryption:
|
||||
description: |-
|
||||
Whenever to force the encryption of files (if the bucket is
|
||||
not already configured for that).
|
||||
Allowed options are empty string (use the bucket policy, default),
|
||||
`AES256` and `aws:kms`
|
||||
enum:
|
||||
- AES256
|
||||
- aws:kms
|
||||
type: string
|
||||
maxParallel:
|
||||
description: |-
|
||||
Number of WAL files to be either archived in parallel (when the
|
||||
PostgreSQL instance is archiving to a backup object store) or
|
||||
restored in parallel (when a PostgreSQL standby is fetching WAL
|
||||
files from a recovery object store). If not specified, WAL files
|
||||
will be processed one at a time. It accepts a positive integer as a
|
||||
value - with 1 being the minimum accepted value.
|
||||
minimum: 1
|
||||
type: integer
|
||||
restoreAdditionalCommandArgs:
|
||||
description: |-
|
||||
Additional arguments that can be appended to the 'barman-cloud-wal-restore'
|
||||
command-line invocation. These arguments provide flexibility to customize
|
||||
the WAL restore process further, according to specific requirements or configurations.
|
||||
|
||||
Example:
|
||||
In a scenario where specialized backup options are required, such as setting
|
||||
a specific timeout or defining custom behavior, users can use this field
|
||||
to specify additional command arguments.
|
||||
|
||||
Note:
|
||||
It's essential to ensure that the provided arguments are valid and supported
|
||||
by the 'barman-cloud-wal-restore' command, to avoid potential errors or unintended
|
||||
behavior during execution.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
required:
|
||||
- destinationPath
|
||||
type: object
|
||||
x-kubernetes-validations:
|
||||
- fieldPath: .serverName
|
||||
message: use the 'serverName' plugin parameter in the Cluster resource
|
||||
reason: FieldValueForbidden
|
||||
rule: '!has(self.serverName)'
|
||||
instanceSidecarConfiguration:
|
||||
description: The configuration for the sidecar that runs in the instance
|
||||
pods
|
||||
properties:
|
||||
env:
|
||||
description: The environment to be explicitly passed to the sidecar
|
||||
items:
|
||||
description: EnvVar represents an environment variable present
|
||||
in a Container.
|
||||
properties:
|
||||
name:
|
||||
description: Name of the environment variable. Must be a
|
||||
C_IDENTIFIER.
|
||||
type: string
|
||||
value:
|
||||
description: |-
|
||||
Variable references $(VAR_NAME) are expanded
|
||||
using the previously defined environment variables in the container and
|
||||
any service environment variables. If a variable cannot be resolved,
|
||||
the reference in the input string will be unchanged. Double $$ are reduced
|
||||
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
|
||||
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
|
||||
Escaped references will never be expanded, regardless of whether the variable
|
||||
exists or not.
|
||||
Defaults to "".
|
||||
type: string
|
||||
valueFrom:
|
||||
description: Source for the environment variable's value.
|
||||
Cannot be used if value is not empty.
|
||||
properties:
|
||||
configMapKeyRef:
|
||||
description: Selects a key of a ConfigMap.
|
||||
properties:
|
||||
key:
|
||||
description: The key to select.
|
||||
type: string
|
||||
name:
|
||||
default: ""
|
||||
description: |-
|
||||
Name of the referent.
|
||||
This field is effectively required, but due to backwards compatibility is
|
||||
allowed to be empty. Instances of this type with an empty value here are
|
||||
almost certainly wrong.
|
||||
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the ConfigMap or its
|
||||
key must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
fieldRef:
|
||||
description: |-
|
||||
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
|
||||
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: Version of the schema the FieldPath
|
||||
is written in terms of, defaults to "v1".
|
||||
type: string
|
||||
fieldPath:
|
||||
description: Path of the field to select in the
|
||||
specified API version.
|
||||
type: string
|
||||
required:
|
||||
- fieldPath
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
resourceFieldRef:
|
||||
description: |-
|
||||
Selects a resource of the container: only resources limits and requests
|
||||
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
|
||||
properties:
|
||||
containerName:
|
||||
description: 'Container name: required for volumes,
|
||||
optional for env vars'
|
||||
type: string
|
||||
divisor:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: Specifies the output format of the
|
||||
exposed resources, defaults to "1"
|
||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||
x-kubernetes-int-or-string: true
|
||||
resource:
|
||||
description: 'Required: resource to select'
|
||||
type: string
|
||||
required:
|
||||
- resource
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
secretKeyRef:
|
||||
description: Selects a key of a secret in the pod's
|
||||
namespace
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must
|
||||
be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
default: ""
|
||||
description: |-
|
||||
Name of the referent.
|
||||
This field is effectively required, but due to backwards compatibility is
|
||||
allowed to be empty. Instances of this type with an empty value here are
|
||||
almost certainly wrong.
|
||||
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key
|
||||
must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
resources:
|
||||
description: Resources define cpu/memory requests and limits for
|
||||
the sidecar that runs in the instance pods.
|
||||
properties:
|
||||
claims:
|
||||
description: |-
|
||||
Claims lists the names of resources, defined in spec.resourceClaims,
|
||||
that are used by this container.
|
||||
|
||||
This is an alpha field and requires enabling the
|
||||
DynamicResourceAllocation feature gate.
|
||||
|
||||
This field is immutable. It can only be set for containers.
|
||||
items:
|
||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||
properties:
|
||||
name:
|
||||
description: |-
|
||||
Name must match the name of one entry in pod.spec.resourceClaims of
|
||||
the Pod where this field is used. It makes that resource available
|
||||
inside a container.
|
||||
type: string
|
||||
request:
|
||||
description: |-
|
||||
Request is the name chosen for a request in the referenced claim.
|
||||
If empty, everything from the claim is made available, otherwise
|
||||
only the result of this request.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
x-kubernetes-list-map-keys:
|
||||
- name
|
||||
x-kubernetes-list-type: map
|
||||
limits:
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||
x-kubernetes-int-or-string: true
|
||||
description: |-
|
||||
Limits describes the maximum amount of compute resources allowed.
|
||||
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
|
||||
type: object
|
||||
requests:
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||
x-kubernetes-int-or-string: true
|
||||
description: |-
|
||||
Requests describes the minimum amount of compute resources required.
|
||||
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
|
||||
otherwise to an implementation-defined value. Requests cannot exceed Limits.
|
||||
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
|
||||
type: object
|
||||
type: object
|
||||
retentionPolicyIntervalSeconds:
|
||||
default: 1800
|
||||
description: |-
|
||||
The retentionCheckInterval defines the frequency at which the
|
||||
system checks and enforces retention policies.
|
||||
type: integer
|
||||
type: object
|
||||
retentionPolicy:
|
||||
description: |-
|
||||
RetentionPolicy is the retention policy to be used for backups
|
||||
and WALs (i.e. '60d'). The retention policy is expressed in the form
|
||||
of `XXu` where `XX` is a positive integer and `u` is in `[dwm]` -
|
||||
days, weeks, months.
|
||||
pattern: ^[1-9][0-9]*[dwm]$
|
||||
type: string
|
||||
required:
|
||||
- configuration
|
||||
type: object
|
||||
status:
|
||||
description: |-
|
||||
Most recently observed status of the ObjectStore. This data may not be up to
|
||||
date. Populated by the system. Read-only.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
|
||||
properties:
|
||||
serverRecoveryWindow:
|
||||
additionalProperties:
|
||||
description: |-
|
||||
RecoveryWindow represents the time span between the first
|
||||
recoverability point and the last successful backup of a PostgreSQL
|
||||
server, defining the period during which data can be restored.
|
||||
properties:
|
||||
firstRecoverabilityPoint:
|
||||
description: |-
|
||||
The first recoverability point in a PostgreSQL server refers to
|
||||
the earliest point in time to which the database can be
|
||||
restored.
|
||||
format: date-time
|
||||
type: string
|
||||
lastSuccussfulBackupTime:
|
||||
description: The last successful backup time
|
||||
format: date-time
|
||||
type: string
|
||||
type: object
|
||||
description: ServerRecoveryWindow maps each server to its recovery
|
||||
window
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
11
charts/barman-cloud/templates/issuer.yaml
Normal file
11
charts/barman-cloud/templates/issuer.yaml
Normal file
@@ -0,0 +1,11 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: selfsigned-issuer
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Values.name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
selfSigned: {}
|
||||
17
charts/barman-cloud/templates/role-binding.yaml
Normal file
17
charts/barman-cloud/templates/role-binding.yaml
Normal file
@@ -0,0 +1,17 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: leader-election-rolebinding
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: plugin-barman-cloud
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: leader-election-role
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Release.Name }}-barman-cloud
|
||||
namespace: {{ .Release.Namespace }}
|
||||
41
charts/barman-cloud/templates/role.yaml
Normal file
41
charts/barman-cloud/templates/role.yaml
Normal file
@@ -0,0 +1,41 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: leader-election-role
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: leader-election-role
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- create
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
- apiGroups:
|
||||
- coordination.k8s.io
|
||||
resources:
|
||||
- leases
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- create
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
- patch
|
||||
14
charts/barman-cloud/templates/secret.yaml
Normal file
14
charts/barman-cloud/templates/secret.yaml
Normal file
@@ -0,0 +1,14 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: plugin-barman-cloud-m76km67hd7
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Values.name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
type: Opaque
|
||||
data:
|
||||
SIDECAR_IMAGE: |
|
||||
Z2hjci5pby9jbG91ZG5hdGl2ZS1wZy9wbHVnaW4tYmFybWFuLWNsb3VkLXNpZGVjYXI6dj
|
||||
AuNC4w
|
||||
12
charts/barman-cloud/values.yaml
Normal file
12
charts/barman-cloud/values.yaml
Normal file
@@ -0,0 +1,12 @@
|
||||
# -- Name override of release
|
||||
name: barman-cloud
|
||||
|
||||
# -- Default image
|
||||
image:
|
||||
repository: ghcr.io/cloudnative-pg/plugin-barman-cloud
|
||||
tag: "v0.4.0"
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
# -- Default service
|
||||
service:
|
||||
listenPort: 9090
|
||||
@@ -1,18 +1,18 @@
|
||||
apiVersion: v2
|
||||
name: cloudflared
|
||||
version: 1.4.0
|
||||
version: 1.15.0
|
||||
description: Cloudflared Tunnel
|
||||
keywords:
|
||||
- cloudflare
|
||||
- tunnel
|
||||
sources:
|
||||
- https://github.com/cloudflare/cloudflared
|
||||
- https://github.com/bjw-s/helm-charts/tree/main/charts/library/common
|
||||
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/library/common
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://bjw-s.github.io/helm-charts/
|
||||
version: 3.2.1
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.0.1
|
||||
icon: https://avatars.githubusercontent.com/u/314135?s=48&v=4
|
||||
appVersion: "2024.6.0"
|
||||
appVersion: "2025.5.0"
|
||||
|
||||
@@ -1,16 +1,35 @@
|
||||
## Introduction
|
||||
# cloudflared
|
||||
|
||||
[Cloudflared](https://github.com/cloudflare/cloudflared)
|
||||
 
|
||||
|
||||
Contains the command-line client for Cloudflare Tunnel, a tunneling daemon that proxies traffic from the Cloudflare network to your origins.
|
||||
Cloudflared Tunnel
|
||||
|
||||
This chart bootstraps a [Cloudflared](https://github.com/cloudflare/cloudflared) tunnel on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
|
||||
## Maintainers
|
||||
|
||||
## Prerequisites
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| alexlebens | | |
|
||||
|
||||
- Kubernetes
|
||||
- Helm
|
||||
## Source Code
|
||||
|
||||
## Parameters
|
||||
* <https://github.com/cloudflare/cloudflared>
|
||||
* <https://github.com/bjw-s-labs/helm-charts/tree/main/charts/library/common>
|
||||
|
||||
See the [values files](values.yaml).
|
||||
## Requirements
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://bjw-s-labs.github.io/helm-charts/ | common | 4.0.1 |
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| existingSecretKey | string | `"cf-tunnel-token"` | Name of key that contains the token in the existingSecret |
|
||||
| existingSecretName | string | `"cloudflared-secret"` | Name of existing secret that contains Cloudflare token |
|
||||
| image | object | `{"pullPolicy":"IfNotPresent","repository":"cloudflare/cloudflared","tag":"2025.5.0"}` | Default image |
|
||||
| name | string | `"cloudflared"` | Name override of release |
|
||||
| resources | object | `{"requests":{"cpu":"10m","memory":"128Mi"}}` | Default resources |
|
||||
|
||||
----------------------------------------------
|
||||
Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
|
||||
|
||||
@@ -1,11 +1,20 @@
|
||||
# -- Name override of release
|
||||
name: cloudflared
|
||||
|
||||
# -- Name of existing secret that contains Cloudflare token
|
||||
existingSecretName: cloudflared-secret
|
||||
|
||||
# -- Name of key that contains the token in the existingSecret
|
||||
existingSecretKey: cf-tunnel-token
|
||||
|
||||
# -- Default image
|
||||
image:
|
||||
repository: cloudflare/cloudflared
|
||||
tag: "2024.6.0"
|
||||
tag: "2025.5.0"
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
# -- Default resources
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
cpu: 10m
|
||||
memory: 128Mi
|
||||
|
||||
18
charts/generic-device-plugin/Chart.yaml
Normal file
18
charts/generic-device-plugin/Chart.yaml
Normal file
@@ -0,0 +1,18 @@
|
||||
apiVersion: v2
|
||||
name: generic-device-plugin
|
||||
version: 0.1.10
|
||||
description: Generic Device Plugin
|
||||
keywords:
|
||||
- generic-device-plugin
|
||||
- device
|
||||
- plugin
|
||||
sources:
|
||||
- https://github.com/squat/generic-device-plugin
|
||||
- https://github.com/bjw-s/helm-charts/tree/main/charts/library/common
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://bjw-s.github.io/helm-charts/
|
||||
version: 3.7.3
|
||||
appVersion: 0.1.10
|
||||
37
charts/generic-device-plugin/README.md
Normal file
37
charts/generic-device-plugin/README.md
Normal file
@@ -0,0 +1,37 @@
|
||||
# generic-device-plugin
|
||||
|
||||
 
|
||||
|
||||
Generic Device Plugin
|
||||
|
||||
## Maintainers
|
||||
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| alexlebens | | |
|
||||
|
||||
## Source Code
|
||||
|
||||
* <https://github.com/squat/generic-device-plugin>
|
||||
* <https://github.com/bjw-s/helm-charts/tree/main/charts/library/common>
|
||||
|
||||
## Requirements
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://bjw-s.github.io/helm-charts/ | common | 3.7.3 |
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| config | object | `{"data":"devices:\n - name: serial\n groups:\n - paths:\n - path: /dev/ttyUSB*\n - paths:\n - path: /dev/ttyACM*\n - paths:\n - path: /dev/tty.usb*\n - paths:\n - path: /dev/cu.*\n - paths:\n - path: /dev/cuaU*\n - paths:\n - path: /dev/rfcomm*\n - name: video\n groups:\n - paths:\n - path: /dev/video0\n - name: fuse\n groups:\n - count: 10\n paths:\n - path: /dev/fuse\n - name: audio\n groups:\n - count: 10\n paths:\n - path: /dev/snd\n - name: capture\n groups:\n - paths:\n - path: /dev/snd/controlC0\n - path: /dev/snd/pcmC0D0c\n - paths:\n - path: /dev/snd/controlC1\n mountPath: /dev/snd/controlC0\n - path: /dev/snd/pcmC1D0c\n mountPath: /dev/snd/pcmC0D0c\n - paths:\n - path: /dev/snd/controlC2\n mountPath: /dev/snd/controlC0\n - path: /dev/snd/pcmC2D0c\n mountPath: /dev/snd/pcmC0D0c\n - paths:\n - path: /dev/snd/controlC3\n mountPath: /dev/snd/controlC0\n - path: /dev/snd/pcmC3D0c\n mountPath: /dev/snd/pcmC0D0c\n","enabled":true}` | Config map |
|
||||
| config.data | string | See [values.yaml](./values.yaml) | generic-device-plugin config file [[ref]](https://github.com/squat/generic-device-plugin#usage) |
|
||||
| deviceDomain | string | `"squat.ai"` | Domain used by devices for identifcation |
|
||||
| image | object | `{"pullPolicy":"Always","repository":"ghcr.io/squat/generic-device-plugin","tag":"latest@sha256:d7d0951df7f11479185fd9fba1c1cb4d9c8f3232d38a5468d6fe80074f2b45d5"}` | Default image |
|
||||
| name | string | `"generic-device-plugin"` | Name override of release |
|
||||
| resources | object | `{"limit":{"cpu":"100m","memory":"20Mi"},"requests":{"cpu":"50m","memory":"10Mi"}}` | Default resources |
|
||||
| service | object | `{"listenPort":8080}` | Service port |
|
||||
|
||||
----------------------------------------------
|
||||
Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
|
||||
82
charts/generic-device-plugin/templates/common.yaml
Normal file
82
charts/generic-device-plugin/templates/common.yaml
Normal file
@@ -0,0 +1,82 @@
|
||||
{{ include "bjw-s.common.loader.init" . }}
|
||||
|
||||
{{ define "genericDevicePlugin.hardcodedValues" }}
|
||||
{{ if not .Values.global.nameOverride }}
|
||||
global:
|
||||
nameOverride: {{ .Values.name }}
|
||||
{{ end }}
|
||||
controllers:
|
||||
main:
|
||||
type: daemonset
|
||||
pod:
|
||||
priorityClassName: system-node-critical
|
||||
tolerations:
|
||||
- operator: "Exists"
|
||||
effect: "NoExecute"
|
||||
- operator: "Exists"
|
||||
effect: "NoSchedule"
|
||||
containers:
|
||||
main:
|
||||
image:
|
||||
repository: {{ .Values.image.repository }}
|
||||
tag: {{ .Values.image.tag }}
|
||||
pullPolicy: {{ .Values.image.pullPolicy }}
|
||||
args:
|
||||
- --config=/config/config.yaml
|
||||
env:
|
||||
- name: LISTEN
|
||||
value: :{{ .Values.service.listenPort }}
|
||||
- name: PLUGIN_DIRECTORY
|
||||
value: /var/lib/kubelet/device-plugins
|
||||
- name: DOMAIN
|
||||
value: {{ .Values.deviceDomain }}
|
||||
probes:
|
||||
liveness:
|
||||
type: HTTP
|
||||
path: /health
|
||||
readiness:
|
||||
type: HTTP
|
||||
path: /health
|
||||
startup:
|
||||
type: HTTP
|
||||
path: /health
|
||||
securityContext:
|
||||
privileged: True
|
||||
configMaps:
|
||||
config:
|
||||
enabled: {{ .Values.config.enabled }}
|
||||
data:
|
||||
config.yaml: {{ toYaml .Values.config.data | nindent 8 }}
|
||||
service:
|
||||
main:
|
||||
controller: main
|
||||
ports:
|
||||
http:
|
||||
port: {{ .Values.service.listenPort }}
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
type: configMap
|
||||
name: {{ .Values.name }}-config
|
||||
device-plugins:
|
||||
enabled: true
|
||||
type: hostPath
|
||||
hostPath: /var/lib/kubelet/device-plugins
|
||||
dev:
|
||||
enabled: true
|
||||
type: hostPath
|
||||
hostPath: /dev
|
||||
serviceMonitor:
|
||||
main:
|
||||
serviceName: generic-device-plugin
|
||||
endpoints:
|
||||
- port: http
|
||||
scheme: http
|
||||
path: /metrics
|
||||
interval: 30s
|
||||
scrapeTimeout: 10s
|
||||
{{ end }}
|
||||
{{ $_ := mergeOverwrite .Values (include "genericDevicePlugin.hardcodedValues" . | fromYaml) }}
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "bjw-s.common.loader.generate" . }}
|
||||
80
charts/generic-device-plugin/values.yaml
Normal file
80
charts/generic-device-plugin/values.yaml
Normal file
@@ -0,0 +1,80 @@
|
||||
# -- Name override of release
|
||||
name: generic-device-plugin
|
||||
|
||||
# -- Default image
|
||||
image:
|
||||
repository: ghcr.io/squat/generic-device-plugin
|
||||
tag: latest@sha256:d7d0951df7f11479185fd9fba1c1cb4d9c8f3232d38a5468d6fe80074f2b45d5
|
||||
pullPolicy: Always
|
||||
|
||||
# -- Domain used by devices for identifcation
|
||||
deviceDomain: squat.ai
|
||||
|
||||
# -- Service port
|
||||
service:
|
||||
listenPort: 8080
|
||||
|
||||
# -- Default resources
|
||||
resources:
|
||||
limit:
|
||||
cpu: 100m
|
||||
memory: 20Mi
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 10Mi
|
||||
|
||||
# -- Config map
|
||||
config:
|
||||
enabled: true
|
||||
# -- generic-device-plugin config file [[ref]](https://github.com/squat/generic-device-plugin#usage)
|
||||
# @default -- See [values.yaml](./values.yaml)
|
||||
data: |
|
||||
devices:
|
||||
- name: serial
|
||||
groups:
|
||||
- paths:
|
||||
- path: /dev/ttyUSB*
|
||||
- paths:
|
||||
- path: /dev/ttyACM*
|
||||
- paths:
|
||||
- path: /dev/tty.usb*
|
||||
- paths:
|
||||
- path: /dev/cu.*
|
||||
- paths:
|
||||
- path: /dev/cuaU*
|
||||
- paths:
|
||||
- path: /dev/rfcomm*
|
||||
- name: video
|
||||
groups:
|
||||
- paths:
|
||||
- path: /dev/video0
|
||||
- name: fuse
|
||||
groups:
|
||||
- count: 10
|
||||
paths:
|
||||
- path: /dev/fuse
|
||||
- name: audio
|
||||
groups:
|
||||
- count: 10
|
||||
paths:
|
||||
- path: /dev/snd
|
||||
- name: capture
|
||||
groups:
|
||||
- paths:
|
||||
- path: /dev/snd/controlC0
|
||||
- path: /dev/snd/pcmC0D0c
|
||||
- paths:
|
||||
- path: /dev/snd/controlC1
|
||||
mountPath: /dev/snd/controlC0
|
||||
- path: /dev/snd/pcmC1D0c
|
||||
mountPath: /dev/snd/pcmC0D0c
|
||||
- paths:
|
||||
- path: /dev/snd/controlC2
|
||||
mountPath: /dev/snd/controlC0
|
||||
- path: /dev/snd/pcmC2D0c
|
||||
mountPath: /dev/snd/pcmC0D0c
|
||||
- paths:
|
||||
- path: /dev/snd/controlC3
|
||||
mountPath: /dev/snd/controlC0
|
||||
- path: /dev/snd/pcmC3D0c
|
||||
mountPath: /dev/snd/pcmC0D0c
|
||||
@@ -1,15 +0,0 @@
|
||||
apiVersion: v2
|
||||
name: mysql-cluster
|
||||
version: 0.2.1
|
||||
description: Chart for a mysql cluster
|
||||
keywords:
|
||||
- database
|
||||
- mysql
|
||||
sources:
|
||||
- https://dev.mysql.com/
|
||||
- https://github.com/mysql/mysql-operator
|
||||
- https://github.com/mysql/mysql-operator/tree/trunk/helm/mysql-innodbcluster
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
icon: https://avatars.githubusercontent.com/u/2452804?s=48&v=4
|
||||
appVersion: 8.4.0
|
||||
@@ -1,17 +0,0 @@
|
||||
## Introduction
|
||||
|
||||
[MySQL Operator](https://dev.mysql.com/doc/mysql-operator/en/)
|
||||
|
||||
MySQL Operator for Kubernetes manages MySQL InnoDB Cluster setups inside a Kubernetes Cluster. MySQL Operator for Kubernetes manages the full lifecycle with setup and maintenance including automating upgrades and backups.
|
||||
|
||||
This chart bootstraps a [MySQL InnoDB](https://dev.mysql.com/doc/mysql-operator/en/mysql-operator-innodbcluster.html) cluster on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- Kubernetes
|
||||
- Helm
|
||||
- MySQL Operator
|
||||
|
||||
## Parameters
|
||||
|
||||
See the [values files](values.yaml).
|
||||
@@ -1,72 +0,0 @@
|
||||
{{- define "cluster.backup" -}}
|
||||
|
||||
{{- if and .Values.backup.enabled .Values.backup.profiles }}
|
||||
backupProfiles:
|
||||
{{- $isDumpInstance := false }}
|
||||
{{- $isSnapshot := false }}
|
||||
{{- range $_, $profile := .Values.backup.profiles }}
|
||||
- name: {{ $profile.name | quote }}
|
||||
{{- if hasKey $profile "podAnnotations" }}
|
||||
podAnnotations:
|
||||
{{ toYaml $profile.podAnnotations | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if hasKey $profile "podLabels" }}
|
||||
podLabels:
|
||||
{{ toYaml $profile.podLabels | nindent 6 }}
|
||||
{{- end }}
|
||||
|
||||
{{- $isDumpInstance = hasKey $profile "dumpInstance" }}
|
||||
{{- $isSnapshot = hasKey $profile "snapshot" }}
|
||||
{{- if or $isDumpInstance $isSnapshot }}
|
||||
|
||||
{{- $backupProfile := ternary $profile.dumpInstance $profile.snapshot $isDumpInstance }}
|
||||
{{- if $isDumpInstance }}
|
||||
dumpInstance:
|
||||
{{- else if $isSnapshot }}
|
||||
snapshot:
|
||||
{{- else }}
|
||||
{{- fail "Unsupported or unspecified backup type, must be either snapshot or dumpInstance" }}
|
||||
{{ end }}
|
||||
|
||||
{{- if not (hasKey $backupProfile "storage") }}
|
||||
{{- fail "backup profile $profile.name has no storage section" }}
|
||||
{{- else if hasKey $backupProfile.storage "s3" }}
|
||||
storage:
|
||||
s3:
|
||||
{{- if $backupProfile.storage.s3.prefix }}
|
||||
prefix: {{ $backupProfile.storage.s3.prefix }}
|
||||
{{- end }}
|
||||
bucketName: {{ required "bucketName is required" $backupProfile.storage.s3.bucketName }}
|
||||
config: {{ required "config is required" $backupProfile.storage.s3.config }}
|
||||
{{- if $backupProfile.storage.s3.profile }}
|
||||
profile: {{ $backupProfile.storage.s3.profile }}
|
||||
{{- end }}
|
||||
{{- if $backupProfile.storage.s3.endpoint }}
|
||||
endpoint: {{ $backupProfile.storage.s3.endpoint }}
|
||||
{{- end }}
|
||||
{{- else if hasKey $backupProfile.storage "persistentVolumeClaim" }}
|
||||
storage:
|
||||
persistentVolumeClaim: {{ toYaml $backupProfile.storage.persistentVolumeClaim | nindent 12}}
|
||||
{{- else -}}
|
||||
{{- fail "Backup profile $profile.name has empty storage section - neither s3 nor persistentVolumeClaim defined" }}
|
||||
{{- end -}}
|
||||
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.backup.schedules }}
|
||||
backupSchedules:
|
||||
{{- range $_, $schedule := .Values.backup.schedules }}
|
||||
- name: {{ $schedule.name | quote }}
|
||||
enabled: {{ $schedule.enabled }}
|
||||
schedule: {{ quote $schedule.schedule }}
|
||||
{{- if ($schedule).timeZone }}
|
||||
timeZone: {{ quote $schedule.timeZone }}
|
||||
{{- end }}
|
||||
deleteBackupData: {{ $schedule.deleteBackupData }}
|
||||
backupProfileName: {{ $schedule.backupProfileName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- end }}
|
||||
@@ -1,64 +0,0 @@
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "cluster.name" -}}
|
||||
{{- if .Values.global.nameOverride }}
|
||||
{{- .Values.global.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "%s-mysql-%s" .Release.Name ((semver .Values.cluster.image.version).Major | toString) | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "cluster.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Check for invalid versions
|
||||
*/}}
|
||||
{{- $minimalVersion := "8.0.27" }}
|
||||
{{- $forbiddenVersions := list "8.0.29" }}
|
||||
{{- $serverVersion := .Values.serverVersion | default .Chart.AppVersion }}
|
||||
{{- if lt $serverVersion $minimalVersion }}
|
||||
{{- $err := printf "It is not possible to use MySQL version %s . Please, use %s or above" $serverVersion $minimalVersion }}
|
||||
{{- fail $err }}
|
||||
{{- end }}
|
||||
{{- if has $serverVersion $forbiddenVersions }}
|
||||
{{- $err := printf "It is not possible to use MySQL version %s . Please, use %s or above except %v" $serverVersion $minimalVersion $forbiddenVersions }}
|
||||
{{- fail $err }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "cluster.labels" -}}
|
||||
helm.sh/chart: {{ include "cluster.chart" . }}
|
||||
{{ include "cluster.selectorLabels" . }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "cluster.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "cluster.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: cloudnative-pg
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use.
|
||||
*/}}
|
||||
{{- define "mysql.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.enabled -}}
|
||||
{{ default (include "cluster.name" .) .Values.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -1,47 +0,0 @@
|
||||
{{- define "cluster.init" -}}
|
||||
|
||||
{{- if eq .Values.mode "clone" }}
|
||||
{{- with .Values.clone }}
|
||||
initDB:
|
||||
clone:
|
||||
donorUrl: {{ required "clone donorUrl is required" .donorUrl }}
|
||||
rootUser: {{ .rootUser | default "root" }}
|
||||
secretKeyRef:
|
||||
name: {{ required "clone credentials is required" .exisitingCredentialsSecret }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- if eq .Values.mode "recovery" }}
|
||||
{{- with .Values.recovery }}
|
||||
initDB:
|
||||
dump:
|
||||
{{- if .name }}
|
||||
name: {{ .name | quote }}
|
||||
{{- end }}
|
||||
{{- if .path }}
|
||||
path: {{ .path | quote }}
|
||||
{{- end }}
|
||||
{{- if .options }}
|
||||
options: {{ toYaml .options | nindent 8 }}
|
||||
{{- end }}
|
||||
storage:
|
||||
{{- if eq .type "s3" }}
|
||||
s3:
|
||||
prefix: {{ required "s3 prefix is required" .s3.prefix }}
|
||||
bucketName: {{ required "s3 bucketName is required" .s3.bucketName }}
|
||||
config: {{ required "s3 config is required" .s3.config }}
|
||||
{{- if .s3.profile }}
|
||||
profile: {{ .s3.profile }}
|
||||
{{- end }}
|
||||
{{- if .s3.endpoint }}
|
||||
endpoint: {{ .s3.endpoint }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if eq .type "pvc" }}
|
||||
persistentVolumeClaim:
|
||||
{{ toYaml .persistentVolumeClaim | nindent 10}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- end }}
|
||||
@@ -1,75 +0,0 @@
|
||||
apiVersion: mysql.oracle.com/v2
|
||||
kind: InnoDBCluster
|
||||
metadata:
|
||||
name: {{ include "cluster.name" . }}-cluster
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
{{- with .Values.global.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "cluster.labels" . | nindent 4 }}
|
||||
{{- include "cluster.selectorLabels" . | nindent 4 }}
|
||||
{{- with .Values.global.labels }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
instances: {{ required "serverInstances is required" .Values.cluster.serverInstances }}
|
||||
baseServerId: {{ required "baseServerId is required" .Values.cluster.baseServerId }}
|
||||
serviceAccountName: {{ include "mysql.serviceAccountName" . }}
|
||||
imagePullPolicy : {{ .Values.cluster.image.pullPolicy }}
|
||||
version: {{ .Values.cluster.image.version }}
|
||||
tlsUseSelfSigned: true
|
||||
secretName: {{ .Values.cluster.exisitingCredentialsSecret }}
|
||||
podSpec:
|
||||
{{- with .Values.cluster.podSpec }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
podAnnotations:
|
||||
{{- with .Values.cluster.podAnnotations }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
podLabels:
|
||||
{{- with .Values.cluster.podLabels }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
router:
|
||||
instances: {{ required "router.instances is required" .Values.cluster.router.instances }}
|
||||
podSpec:
|
||||
{{- with .Values.cluster.router.podSpec }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
podAnnotations:
|
||||
{{- with .Values.cluster.router.podAnnotations }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
podLabels:
|
||||
{{- with .Values.cluster.router.podLabels }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
tlsSecretName: {{ include "cluster.name" . }}-router-tls
|
||||
logs:
|
||||
{{- with .Values.cluster.logs }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
mycnf: |
|
||||
{{ .Values.cluster.serverConfig.mycnf | indent 4 }}
|
||||
{{- if .Values.cluster.datadirVolumeClaimTemplate }}
|
||||
{{- with .Values.cluster.datadirVolumeClaimTemplate }}
|
||||
datadirVolumeClaimTemplate:
|
||||
{{- if .storageClassName }}
|
||||
storageClassName: {{ .storageClassName | quote }}
|
||||
{{- end}}
|
||||
{{- if .accessModes }}
|
||||
accessModes: [ "{{ .accessModes }}" ]
|
||||
{{- end }}
|
||||
{{- if .size }}
|
||||
resources:
|
||||
requests:
|
||||
storage: "{{ .size }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{ include "cluster.init" . | nindent 2 }}
|
||||
{{ include "cluster.backup" . | nindent 2 }}
|
||||
@@ -1,21 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "mysql.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "cluster.labels" . | nindent 4 }}
|
||||
{{- include "cluster.selectorLabels" . | nindent 4 }}
|
||||
{{- with .Values.global.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.serviceAccount.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
{{- with .Values.global.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.serviceAccount.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
@@ -1,148 +0,0 @@
|
||||
global:
|
||||
nameOverride:
|
||||
labels: {}
|
||||
annotations: {}
|
||||
|
||||
serviceAccount:
|
||||
enabled: true
|
||||
labels: {}
|
||||
annotations: {}
|
||||
name: ""
|
||||
|
||||
###
|
||||
# Cluster mode of operation. Available modes:
|
||||
# * `standalone` - Default mode. Creates new or updates an existing cluster.
|
||||
# * `recovery` - Same as standalone but creates a cluster from a backup
|
||||
# * `clone` - Create database as a replica from another cluster
|
||||
mode: standalone
|
||||
|
||||
##
|
||||
# Cluster spec
|
||||
#
|
||||
# Reference: https://dev.mysql.com/doc/mysql-operator/en/mysql-operator-properties.html#mysql-operator-spec-innodbclusterspecinitdbdumpstorages3
|
||||
#
|
||||
cluster:
|
||||
serverInstances: 1
|
||||
baseServerId: 1000
|
||||
|
||||
# Existing secret that contains the keys "rootUser", "rootHost", and "rootPassword"
|
||||
exisitingCredentialsSecret: ""
|
||||
|
||||
image:
|
||||
version: 8.4.0
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
router:
|
||||
instances: 1
|
||||
podSpec: {}
|
||||
podAnnotations: {}
|
||||
podLabels: {}
|
||||
|
||||
logs:
|
||||
error:
|
||||
enabled: true
|
||||
collect: false
|
||||
general:
|
||||
enabled: false
|
||||
collect: false
|
||||
slowQuery:
|
||||
enabled: false
|
||||
longQueryTime: 2.5
|
||||
|
||||
serverConfig:
|
||||
mycnf: |
|
||||
[mysqld]
|
||||
core_file
|
||||
local_infile=off
|
||||
mysql_native_password=ON
|
||||
|
||||
datadirVolumeClaimTemplate:
|
||||
storageClassName: ""
|
||||
accessModes: ""
|
||||
size: ""
|
||||
|
||||
podSpec:
|
||||
containers:
|
||||
- name: mysql
|
||||
resources:
|
||||
limits:
|
||||
memory: 1024Mi
|
||||
cpu: 1000m
|
||||
requests:
|
||||
memory: 512Mi
|
||||
cpu: 100m
|
||||
podAnnotations: {}
|
||||
podLabels: {}
|
||||
|
||||
##
|
||||
# Recovery database from storage
|
||||
#
|
||||
recovery:
|
||||
|
||||
# * `s3` - Restores from s3 object store
|
||||
# * `pvc` - Restores from persistent volume claim
|
||||
type:
|
||||
|
||||
# -- Name of the dump. Not used by the operator, but a descriptive hint for the cluster administrator
|
||||
name: ""
|
||||
# -- Path to the dump in the PVC. Use when specifying persistentVolumeClaim. Omit for ociObjectStorage, S3, or azure.
|
||||
path: ""
|
||||
# -- A dictionary of key-value pairs passed directly to MySQL Shell's loadDump()
|
||||
options: {}
|
||||
|
||||
s3:
|
||||
# -- Path in the bucket where the dump files are stored
|
||||
prefix: ""
|
||||
# -- Name of a Secret with S3 configuration and credentials as contained in ~/.aws/config
|
||||
config: ""
|
||||
# -- Name of the S3 bucket where the dump is stored
|
||||
bucketName: ""
|
||||
# -- Override endpoint URL
|
||||
endpoint: ""
|
||||
|
||||
persistentVolumeClaim: {}
|
||||
|
||||
##
|
||||
# Clone database from another instance
|
||||
#
|
||||
clone:
|
||||
donorUrl: ""
|
||||
rootUser: root
|
||||
exisitingCredentialsSecret: ""
|
||||
|
||||
##
|
||||
# Backup database to pvc or s3
|
||||
#
|
||||
backup:
|
||||
enabled: false
|
||||
profiles:
|
||||
|
||||
## -- Example profile that back ups to local pvc
|
||||
|
||||
# - name: pvc-backup
|
||||
# dumpInstance:
|
||||
# storage:
|
||||
# persistentVolumeClaim:
|
||||
# claimName: backup-volume-claim
|
||||
|
||||
## -- Example profile that back ups to s3 endpoint
|
||||
|
||||
# - name: s3-backup
|
||||
# snapshot:
|
||||
# storage:
|
||||
# s3:
|
||||
# prefix: ""
|
||||
# config: ""
|
||||
# bucketName: ""
|
||||
# endpoint: ""
|
||||
|
||||
schedules:
|
||||
|
||||
## -- Example schedule that backups daily
|
||||
|
||||
# - name: schedule-daily
|
||||
# enabled: true
|
||||
# schedule: "0 0 0 * * *"
|
||||
# timeZone: "US/Central"
|
||||
# deleteBackupData: false
|
||||
# backupProfileName:
|
||||
@@ -1,13 +1,14 @@
|
||||
apiVersion: v2
|
||||
name: postgres-cluster
|
||||
version: 3.4.0
|
||||
description: Chart for cloudnative-pg cluster
|
||||
version: 6.4.1
|
||||
description: Cloudnative-pg Cluster
|
||||
keywords:
|
||||
- database
|
||||
- postgres
|
||||
sources:
|
||||
- https://github.com/cloudnative-pg/cloudnative-pg
|
||||
- https://github.com/cloudnative-pg/charts/tree/main/charts/cluster
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
|
||||
appVersion: v1.23.1
|
||||
appVersion: v1.26.0
|
||||
|
||||
@@ -1,17 +1,115 @@
|
||||
## Introduction
|
||||
# postgres-cluster
|
||||
|
||||
[CloudNative PG](https://github.com/cloudnative-pg/cloudnative-pg)
|
||||
 
|
||||
|
||||
CloudNativePG is the Kubernetes operator that covers the full lifecycle of a highly available PostgreSQL database cluster with a primary/standby architecture, using native streaming replication.
|
||||
Cloudnative-pg Cluster
|
||||
|
||||
This chart bootstraps a [CNPG](https://github.com/cloudnative-pg/cloudnative-pg) cluster on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
|
||||
## Maintainers
|
||||
|
||||
## Prerequisites
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| alexlebens | | |
|
||||
|
||||
- Kubernetes
|
||||
- Helm
|
||||
- CloudNative PG Operator
|
||||
## Source Code
|
||||
|
||||
## Parameters
|
||||
* <https://github.com/cloudnative-pg/cloudnative-pg>
|
||||
* <https://github.com/cloudnative-pg/charts/tree/main/charts/cluster>
|
||||
|
||||
See the [values files](values.yaml).
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| backup | object | `{"enabled":false,"method":"objectStore","objectStore":[],"scheduledBackups":[]}` | Backup settings |
|
||||
| backup.enabled | bool | `false` | You need to configure backups manually, so backups are disabled by default. |
|
||||
| backup.method | string | `"objectStore"` | Method to create backups, options currently are only objectStore |
|
||||
| backup.objectStore | list | `[]` | Options for object store backups |
|
||||
| backup.scheduledBackups | list | `[]` | List of scheduled backups |
|
||||
| cluster | object | `{"additionalLabels":{},"affinity":{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"},"annotations":{},"certificates":{},"enablePDB":true,"enableSuperuserAccess":false,"image":{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"17.5-1-bullseye"},"imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"initdb":{},"instances":3,"logLevel":"info","monitoring":{"customQueries":[],"customQueriesSecret":[],"disableDefaultQueries":false,"enabled":false,"podMonitor":{"enabled":true,"metricRelabelings":[],"relabelings":[]},"prometheusRule":{"enabled":false,"excludeRules":[]}},"postgresGID":-1,"postgresUID":-1,"postgresql":{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}},"primaryUpdateMethod":"switchover","primaryUpdateStrategy":"unsupervised","priorityClassName":"","resources":{"limits":{"hugepages-2Mi":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}},"roles":[],"serviceAccountTemplate":{},"services":{},"storage":{"size":"10Gi","storageClass":""},"superuserSecret":"","walStorage":{"enabled":true,"size":"2Gi","storageClass":""}}` | Cluster settings |
|
||||
| cluster.affinity | object | `{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"}` | Affinity/Anti-affinity rules for Pods. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration |
|
||||
| cluster.certificates | object | `{}` | The configuration for the CA and related certificates. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-CertificatesConfiguration |
|
||||
| cluster.enablePDB | bool | `true` | Allow to disable PDB, mainly useful for upgrade of single-instance clusters or development purposes See: https://cloudnative-pg.io/documentation/current/kubernetes_upgrade/#pod-disruption-budgets |
|
||||
| cluster.enableSuperuserAccess | bool | `false` | When this option is enabled, the operator will use the SuperuserSecret to update the postgres user password. If the secret is not present, the operator will automatically create one. When this option is disabled, the operator will ignore the SuperuserSecret content, delete it when automatically created, and then blank the password of the postgres user by setting it to NULL. |
|
||||
| cluster.image | object | `{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"17.5-1-bullseye"}` | Default image |
|
||||
| cluster.imagePullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images |
|
||||
| cluster.imagePullSecrets | list | `[]` | The list of pull secrets to be used to pull the images. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-LocalObjectReference |
|
||||
| cluster.initdb | object | `{}` | Bootstrap is the configuration of the bootstrap process when initdb is used. See: https://cloudnative-pg.io/documentation/current/bootstrap/ See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb |
|
||||
| cluster.logLevel | string | `"info"` | The instances' log level, one of the following values: error, warning, info (default), debug, trace |
|
||||
| cluster.monitoring | object | `{"customQueries":[],"customQueriesSecret":[],"disableDefaultQueries":false,"enabled":false,"podMonitor":{"enabled":true,"metricRelabelings":[],"relabelings":[]},"prometheusRule":{"enabled":false,"excludeRules":[]}}` | Enable default monitoring and alert rules |
|
||||
| cluster.monitoring.customQueries | list | `[]` | Custom Prometheus metrics Will be stored in the ConfigMap |
|
||||
| cluster.monitoring.customQueriesSecret | list | `[]` | The list of secrets containing the custom queries |
|
||||
| cluster.monitoring.disableDefaultQueries | bool | `false` | Whether the default queries should be injected. Set it to true if you don't want to inject default queries into the cluster. |
|
||||
| cluster.monitoring.enabled | bool | `false` | Whether to enable monitoring |
|
||||
| cluster.monitoring.podMonitor.enabled | bool | `true` | Whether to enable the PodMonitor |
|
||||
| cluster.monitoring.podMonitor.metricRelabelings | list | `[]` | The list of metric relabelings for the PodMonitor. Applied to samples before ingestion. |
|
||||
| cluster.monitoring.podMonitor.relabelings | list | `[]` | The list of relabelings for the PodMonitor. Applied to samples before scraping. |
|
||||
| cluster.monitoring.prometheusRule.enabled | bool | `false` | Whether to enable the PrometheusRule automated alerts |
|
||||
| cluster.monitoring.prometheusRule.excludeRules | list | `[]` | Exclude specified rules |
|
||||
| cluster.postgresUID | int | `-1` | The UID and GID of the postgres user inside the image, defaults to 26 |
|
||||
| cluster.postgresql | object | `{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}}` | Parameters to be set for the database itself See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration |
|
||||
| cluster.postgresql.ldap | object | `{}` | PostgreSQL LDAP configuration (see https://cloudnative-pg.io/documentation/current/postgresql_conf/#ldap-configuration) |
|
||||
| cluster.postgresql.parameters | object | `{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"}` | PostgreSQL configuration options (postgresql.conf) |
|
||||
| cluster.postgresql.pg_hba | list | `[]` | PostgreSQL Host Based Authentication rules (lines to be appended to the pg_hba.conf file) |
|
||||
| cluster.postgresql.pg_ident | list | `[]` | PostgreSQL User Name Maps rules (lines to be appended to the pg_ident.conf file) |
|
||||
| cluster.postgresql.shared_preload_libraries | list | `[]` | Lists of shared preload libraries to add to the default ones |
|
||||
| cluster.postgresql.synchronous | object | `{}` | Quorum-based Synchronous Replication |
|
||||
| cluster.primaryUpdateMethod | string | `"switchover"` | Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated. It can be switchover (default) or restart. |
|
||||
| cluster.primaryUpdateStrategy | string | `"unsupervised"` | Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated: it can be automated (unsupervised - default) or manual (supervised) |
|
||||
| cluster.resources | object | `{"limits":{"hugepages-2Mi":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | Resources requirements of every generated Pod. Please refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information. We strongly advise you use the same setting for limits and requests so that your cluster pods are given a Guaranteed QoS. See: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/ |
|
||||
| cluster.roles | list | `[]` | This feature enables declarative management of existing roles, as well as the creation of new roles if they are not already present in the database. See: https://cloudnative-pg.io/documentation/current/declarative_role_management/ |
|
||||
| cluster.serviceAccountTemplate | object | `{}` | Configure the metadata of the generated service account |
|
||||
| cluster.services | object | `{}` | Customization of service definitions. Please refer to https://cloudnative-pg.io/documentation/current/service_management/ |
|
||||
| cluster.storage | object | `{"size":"10Gi","storageClass":""}` | Default storage size |
|
||||
| mode | string | `"standalone"` | Cluster mode of operation. Available modes: * `standalone` - Default mode. Creates new or updates an existing CNPG cluster. * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup |
|
||||
| nameOverride | string | `""` | Override the name of the cluster |
|
||||
| namespaceOverride | string | `""` | Override the namespace of the chart |
|
||||
| poolers | list | `[]` | List of PgBouncer poolers |
|
||||
| recovery | object | `{"backup":{"backupName":"","database":"app","owner":"","pitrTarget":{"time":""}},"import":{"databases":[],"pgDumpExtraOptions":[],"pgRestoreExtraOptions":[],"postImportApplicationSQL":[],"roles":[],"schemaOnly":false,"source":{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":"app"},"type":"microservice"},"method":"backup","objectStore":{"clusterName":"","data":{"compression":"snappy","encryption":"","jobs":1},"database":"app","destinationPath":"","endpointCA":{"create":false,"key":"","name":""},"endpointCredentials":"","endpointURL":"https://nyc3.digitaloceanspaces.com","index":1,"name":"recovery","owner":"","pitrTarget":{"time":""},"wal":{"compression":"snappy","encryption":"","maxParallel":1}},"pgBaseBackup":{"database":"app","owner":"","secret":"","source":{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":""}}}` | Recovery settings when booting cluster from external cluster |
|
||||
| recovery.backup.backupName | string | `""` | Name of the backup to recover from. |
|
||||
| recovery.backup.database | string | `"app"` | Name of the database used by the application. Default: `app`. |
|
||||
| recovery.backup.owner | string | `""` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. |
|
||||
| recovery.backup.pitrTarget | object | `{"time":""}` | Point in time recovery target. Specify one of the following: |
|
||||
| recovery.backup.pitrTarget.time | string | `""` | Time in RFC3339 format |
|
||||
| recovery.import.databases | list | `[]` | Databases to import |
|
||||
| recovery.import.pgDumpExtraOptions | list | `[]` | List of custom options to pass to the `pg_dump` command. IMPORTANT: Use these options with caution and at your own risk, as the operator does not validate their content. Be aware that certain options may conflict with the operator's intended functionality or design. |
|
||||
| recovery.import.pgRestoreExtraOptions | list | `[]` | List of custom options to pass to the `pg_restore` command. IMPORTANT: Use these options with caution and at your own risk, as the operator does not validate their content. Be aware that certain options may conflict with the operator's intended functionality or design. |
|
||||
| recovery.import.postImportApplicationSQL | list | `[]` | List of SQL queries to be executed as a superuser in the application database right after is imported. To be used with extreme care. Only available in microservice type. |
|
||||
| recovery.import.roles | list | `[]` | Roles to import |
|
||||
| recovery.import.schemaOnly | bool | `false` | When set to true, only the pre-data and post-data sections of pg_restore are invoked, avoiding data import. |
|
||||
| recovery.import.source | object | `{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":"app"}` | Configuration for the source database |
|
||||
| recovery.import.source.passwordSecret.create | bool | `false` | Whether to create a secret for the password |
|
||||
| recovery.import.source.passwordSecret.key | string | `"password"` | The key in the secret containing the password |
|
||||
| recovery.import.source.passwordSecret.name | string | `""` | Name of the secret containing the password |
|
||||
| recovery.import.source.passwordSecret.value | string | `""` | The password value to use when creating the secret |
|
||||
| recovery.import.type | string | `"microservice"` | One of `microservice` or `monolith.` See: https://cloudnative-pg.io/documentation/current/database_import/#how-it-works |
|
||||
| recovery.method | string | `"backup"` | Available recovery methods: * `backup` - Recovers a CNPG cluster from a CNPG backup (PITR supported) Needs to be on the same cluster in the same namespace. * `objectStore` - Recovers a CNPG cluster from a barman object store (PITR supported). * `pgBaseBackup` - Recovers a CNPG cluster viaa streaming replication protocol. Useful if you want to migrate databases to CloudNativePG, even from outside Kubernetes. * `import` - Import one or more databases from an existing Postgres cluster. |
|
||||
| recovery.objectStore.clusterName | string | `""` | Override the name of the backup cluster, defaults to "cluster.name" |
|
||||
| recovery.objectStore.data.compression | string | `"snappy"` | Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
|
||||
| recovery.objectStore.data.encryption | string | `""` | Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
|
||||
| recovery.objectStore.data.jobs | int | `1` | Number of data files to be archived or restored in parallel. |
|
||||
| recovery.objectStore.database | string | `"app"` | Name of the database used by the application. Default: `app`. |
|
||||
| recovery.objectStore.destinationPath | string | `""` | Overrides the provider specific default path. Defaults to: S3: s3://<bucket><path> Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path> Google: gs://<bucket><path> |
|
||||
| recovery.objectStore.endpointCA | object | `{"create":false,"key":"","name":""}` | Specifies a CA bundle to validate a privately signed certificate. |
|
||||
| recovery.objectStore.endpointCA.create | bool | `false` | Creates a secret with the given value if true, otherwise uses an existing secret. |
|
||||
| recovery.objectStore.endpointCredentials | string | `""` | Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
|
||||
| recovery.objectStore.endpointURL | string | `"https://nyc3.digitaloceanspaces.com"` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3.<region>.amazonaws.com" Leave empty if using the default S3 endpoint |
|
||||
| recovery.objectStore.index | int | `1` | Generate external cluster name, uses: {{ .Release.Name }}-postgresql-<major version>-backup-index-{{ index }} |
|
||||
| recovery.objectStore.name | string | `"recovery"` | Object store backup name |
|
||||
| recovery.objectStore.owner | string | `""` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. |
|
||||
| recovery.objectStore.pitrTarget | object | `{"time":""}` | Point in time recovery target. Specify one of the following: |
|
||||
| recovery.objectStore.pitrTarget.time | string | `""` | Time in RFC3339 format |
|
||||
| recovery.objectStore.wal | object | `{"compression":"snappy","encryption":"","maxParallel":1}` | Storage |
|
||||
| recovery.objectStore.wal.compression | string | `"snappy"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
|
||||
| recovery.objectStore.wal.encryption | string | `""` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
|
||||
| recovery.objectStore.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. |
|
||||
| recovery.pgBaseBackup.database | string | `"app"` | Name of the database used by the application. Default: `app`. |
|
||||
| recovery.pgBaseBackup.owner | string | `""` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. |
|
||||
| recovery.pgBaseBackup.secret | string | `""` | Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch |
|
||||
| recovery.pgBaseBackup.source | object | `{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":""}` | Configuration for the source database |
|
||||
| recovery.pgBaseBackup.source.passwordSecret.create | bool | `false` | Whether to create a secret for the password |
|
||||
| recovery.pgBaseBackup.source.passwordSecret.key | string | `"password"` | The key in the secret containing the password |
|
||||
| recovery.pgBaseBackup.source.passwordSecret.name | string | `""` | Name of the secret containing the password |
|
||||
| recovery.pgBaseBackup.source.passwordSecret.value | string | `""` | The password value to use when creating the secret |
|
||||
| type | string | `"postgresql"` | Type of the CNPG database. Available types: * `postgresql` * `tensorchord` |
|
||||
|
||||
----------------------------------------------
|
||||
Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
|
||||
|
||||
@@ -0,0 +1,16 @@
|
||||
{{- $alert := "CNPGClusterBackendsWaitingWarning" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Cluster a backend is waiting for longer than 5 minutes.
|
||||
description: |-
|
||||
Pod {{`{{`}} $labels.pod {{`}}`}}
|
||||
has been waiting for longer than 5 minutes
|
||||
expr: |
|
||||
cnpg_backends_waiting_total > 300
|
||||
for: 1m
|
||||
labels:
|
||||
severity: warning
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,16 @@
|
||||
{{- $alert := "CNPGClusterDatabaseDeadlockConflictsWarning" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Cluster has over 10 deadlock conflicts.
|
||||
description: |-
|
||||
There are over 10 deadlock conflicts in
|
||||
{{`{{`}} $labels.pod {{`}}`}}
|
||||
expr: |
|
||||
cnpg_pg_stat_database_deadlocks > 10
|
||||
for: 1m
|
||||
labels:
|
||||
severity: warning
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,26 @@
|
||||
{{- $alert := "CNPGClusterHACritical" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Cluster has no standby replicas!
|
||||
description: |-
|
||||
CloudNativePG Cluster "{{ .labels.job }}" has no ready standby replicas. Your cluster at a severe
|
||||
risk of data loss and downtime if the primary instance fails.
|
||||
|
||||
The primary instance is still online and able to serve queries, although connections to the `-ro` endpoint
|
||||
will fail. The `-r` endpoint os operating at reduced capacity and all traffic is being served by the main.
|
||||
|
||||
This can happen during a normal fail-over or automated minor version upgrades in a cluster with 2 or less
|
||||
instances. The replaced instance may need some time to catch-up with the cluster primary instance.
|
||||
|
||||
This alarm will be always trigger if your cluster is configured to run with only 1 instance. In this
|
||||
case you may want to silence it.
|
||||
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHACritical.md
|
||||
expr: |
|
||||
max by (job) (cnpg_pg_replication_streaming_replicas{namespace="{{ .namespace }}"} - cnpg_pg_replication_is_wal_receiver_up{namespace="{{ .namespace }}"}) < 1
|
||||
for: 5m
|
||||
labels:
|
||||
severity: critical
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,24 @@
|
||||
{{- $alert := "CNPGClusterHAWarning" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Cluster less than 2 standby replicas.
|
||||
description: |-
|
||||
CloudNativePG Cluster "{{ .labels.job }}" has only {{ .value }} standby replicas, putting
|
||||
your cluster at risk if another instance fails. The cluster is still able to operate normally, although
|
||||
the `-ro` and `-r` endpoints operate at reduced capacity.
|
||||
|
||||
This can happen during a normal fail-over or automated minor version upgrades. The replaced instance may
|
||||
need some time to catch-up with the cluster primary instance.
|
||||
|
||||
This alarm will be constantly triggered if your cluster is configured to run with less than 3 instances.
|
||||
In this case you may want to silence it.
|
||||
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHAWarning.md
|
||||
expr: |
|
||||
max by (job) (cnpg_pg_replication_streaming_replicas{namespace="{{ .namespace }}"} - cnpg_pg_replication_is_wal_receiver_up{namespace="{{ .namespace }}"}) < 2
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,17 @@
|
||||
{{- $alert := "CNPGClusterHighConnectionsCritical" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Instance maximum number of connections critical!
|
||||
description: |-
|
||||
CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" instance {{ .labels.pod }} is using {{ .value }}% of
|
||||
the maximum number of connections.
|
||||
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighConnectionsCritical.md
|
||||
expr: |
|
||||
sum by (pod) (cnpg_backends_total{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) * 100 > 95
|
||||
for: 5m
|
||||
labels:
|
||||
severity: critical
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,17 @@
|
||||
{{- $alert := "CNPGClusterHighConnectionsWarning" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Instance is approaching the maximum number of connections.
|
||||
description: |-
|
||||
CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" instance {{ .labels.pod }} is using {{ .value }}% of
|
||||
the maximum number of connections.
|
||||
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighConnectionsWarning.md
|
||||
expr: |
|
||||
sum by (pod) (cnpg_backends_total{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) * 100 > 80
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,19 @@
|
||||
{{- $alert := "CNPGClusterHighReplicationLag" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Cluster high replication lag
|
||||
description: |-
|
||||
CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" is experiencing a high replication lag of
|
||||
{{ .value }}ms.
|
||||
|
||||
High replication lag indicates network issues, busy instances, slow queries or suboptimal configuration.
|
||||
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighReplicationLag.md
|
||||
expr: |
|
||||
max(cnpg_pg_replication_lag{namespace="{{ .namespace }}",pod=~"{{ .podSelector }}"}) * 1000 > 1000
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,19 @@
|
||||
{{- $alert := "CNPGClusterInstancesOnSameNode" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Cluster instances are located on the same node.
|
||||
description: |-
|
||||
CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" has {{ .value }}
|
||||
instances on the same node {{ .labels.node }}.
|
||||
|
||||
A failure or scheduled downtime of a single node will lead to a potential service disruption and/or data loss.
|
||||
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterInstancesOnSameNode.md
|
||||
expr: |
|
||||
count by (node) (kube_pod_info{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) > 1
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,15 @@
|
||||
{{- $alert := "CNPGClusterLastFailedArchiveTimeWarning" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Cluster last time archiving failed.
|
||||
description: |-
|
||||
Archiving failed for {{`{{`}} $labels.pod {{`}}`}}
|
||||
expr: |
|
||||
(cnpg_pg_stat_archiver_last_failed_time - cnpg_pg_stat_archiver_last_archived_time) > 1
|
||||
for: 1m
|
||||
labels:
|
||||
severity: warning
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,16 @@
|
||||
{{- $alert := "CNPGClusterLongRunningTransactionWarning" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Cluster query is taking longer than 5 minutes.
|
||||
description: |-
|
||||
CloudNativePG Cluster Pod {{`{{`}} $labels.pod {{`}}`}}
|
||||
is taking more than 5 minutes (300 seconds) for a query.
|
||||
expr: |-
|
||||
cnpg_backends_max_tx_duration_seconds > 300
|
||||
for: 1m
|
||||
labels:
|
||||
severity: warning
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,24 @@
|
||||
{{- $alert := "CNPGClusterLowDiskSpaceCritical" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Instance is running out of disk space!
|
||||
description: |-
|
||||
CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" is running extremely low on disk space. Check attached PVCs!
|
||||
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterLowDiskSpaceCritical.md
|
||||
expr: |
|
||||
max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"})) > 0.9 OR
|
||||
max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"})) > 0.9 OR
|
||||
max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
|
||||
/
|
||||
sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
|
||||
*
|
||||
on(namespace, persistentvolumeclaim) group_left(volume)
|
||||
kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"{{ .podSelector }}"}
|
||||
) > 0.9
|
||||
for: 5m
|
||||
labels:
|
||||
severity: critical
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,24 @@
|
||||
{{- $alert := "CNPGClusterLowDiskSpaceWarning" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Instance is running out of disk space.
|
||||
description: |-
|
||||
CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" is running low on disk space. Check attached PVCs.
|
||||
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterLowDiskSpaceWarning.md
|
||||
expr: |
|
||||
max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"})) > 0.7 OR
|
||||
max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"})) > 0.7 OR
|
||||
max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
|
||||
/
|
||||
sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
|
||||
*
|
||||
on(namespace, persistentvolumeclaim) group_left(volume)
|
||||
kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"{{ .podSelector }}"}
|
||||
) > 0.7
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,19 @@
|
||||
{{- $alert := "CNPGClusterOffline" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Cluster has no running instances!
|
||||
description: |-
|
||||
CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" has no ready instances.
|
||||
|
||||
Having an offline cluster means your applications will not be able to access the database, leading to
|
||||
potential service disruption and/or data loss.
|
||||
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterOffline.md
|
||||
expr: |
|
||||
(count(cnpg_collector_up{namespace="{{ .namespace }}",pod=~"{{ .podSelector }}"}) OR on() vector(0)) == 0
|
||||
for: 5m
|
||||
labels:
|
||||
severity: critical
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,16 @@
|
||||
{{- $alert := "CNPGClusterPGDatabaseXidAgeWarning" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Cluster has a number of transactions from the frozen XID to the current one.
|
||||
description: |-
|
||||
Over 300,000,000 transactions from frozen xid
|
||||
on pod {{`{{`}} $labels.pod {{`}}`}}
|
||||
expr: |
|
||||
cnpg_pg_database_xid_age > 300000000
|
||||
for: 1m
|
||||
labels:
|
||||
severity: warning
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,15 @@
|
||||
{{- $alert := "CNPGClusterPGReplicationWarning" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Cluster standby is lagging behind the primary.
|
||||
description: |-
|
||||
Standby is lagging behind by over 300 seconds (5 minutes)
|
||||
expr: |
|
||||
cnpg_pg_replication_lag > 300
|
||||
for: 1m
|
||||
labels:
|
||||
severity: warning
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,16 @@
|
||||
{{- $alert := "CNPGClusterReplicaFailingReplicationWarning" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Cluster has a replica is failing to replicate.
|
||||
description: |-
|
||||
Replica {{`{{`}} $labels.pod {{`}}`}}
|
||||
is failing to replicate
|
||||
expr: |
|
||||
cnpg_pg_replication_in_recovery > cnpg_pg_replication_is_wal_receiver_up
|
||||
for: 1m
|
||||
labels:
|
||||
severity: warning
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,18 @@
|
||||
{{- $alert := "CNPGClusterZoneSpreadWarning" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Cluster instances in the same zone.
|
||||
description: |-
|
||||
CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" has instances in the same availability zone.
|
||||
|
||||
A disaster in one availability zone will lead to a potential service disruption and/or data loss.
|
||||
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterZoneSpreadWarning.md
|
||||
expr: |
|
||||
{{ .Values.cluster.instances }} > count(count by (label_topology_kubernetes_io_zone) (kube_pod_info{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"} * on(node,instance) group_left(label_topology_kubernetes_io_zone) kube_node_labels)) < 3
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -1,30 +0,0 @@
|
||||
{{- define "cluster.backup" -}}
|
||||
{{- if .Values.backup.enabled }}
|
||||
backup:
|
||||
retentionPolicy: {{ .Values.backup.retentionPolicy }}
|
||||
barmanObjectStore:
|
||||
destinationPath: {{ .Values.backup.destinationPath }}
|
||||
endpointURL: {{ .Values.backup.endpointURL }}
|
||||
{{- if .Values.backup.endpointCA }}
|
||||
endpointCA:
|
||||
name: {{ .Values.backup.endpointCA }}
|
||||
key: ca-bundle.crt
|
||||
{{- end }}
|
||||
serverName: "{{ include "cluster.name" . }}-backup-{{ .Values.backup.backupIndex }}"
|
||||
s3Credentials:
|
||||
accessKeyId:
|
||||
name: {{ include "cluster.backupCredentials" . }}
|
||||
key: ACCESS_KEY_ID
|
||||
secretAccessKey:
|
||||
name: {{ include "cluster.backupCredentials" . }}
|
||||
key: ACCESS_SECRET_KEY
|
||||
wal:
|
||||
compression: {{ .Values.backup.wal.compression }}
|
||||
encryption: {{ .Values.backup.wal.encryption }}
|
||||
maxParallel: {{ .Values.backup.wal.maxParallel }}
|
||||
data:
|
||||
compression: {{ .Values.backup.data.compression }}
|
||||
encryption: {{ .Values.backup.data.encryption }}
|
||||
jobs: {{ .Values.backup.data.jobs }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -1,91 +1,147 @@
|
||||
{{- define "cluster.bootstrap" -}}
|
||||
bootstrap:
|
||||
|
||||
{{- if eq .Values.mode "standalone" }}
|
||||
bootstrap:
|
||||
initdb:
|
||||
{{- with .Values.cluster.initdb }}
|
||||
{{- with (omit . "postInitApplicationSQL") }}
|
||||
{{- with (omit . "postInitApplicationSQL" "owner" "import") }}
|
||||
{{- . | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.cluster.initdb.owner }}
|
||||
owner: {{ tpl .Values.cluster.initdb.owner . }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.type "tensorchord" }}
|
||||
dataChecksums: true
|
||||
{{- end }}
|
||||
{{- if or (eq .Values.type "tensorchord") (.Values.cluster.initdb.postInitApplicationSQL) }}
|
||||
postInitApplicationSQL:
|
||||
{{- if eq .Values.type "postgis" }}
|
||||
- CREATE EXTENSION IF NOT EXISTS postgis;
|
||||
- CREATE EXTENSION IF NOT EXISTS postgis_topology;
|
||||
- CREATE EXTENSION IF NOT EXISTS fuzzystrmatch;
|
||||
- CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder;
|
||||
{{- else if eq .Values.type "timescaledb" }}
|
||||
- CREATE EXTENSION IF NOT EXISTS timescaledb;
|
||||
{{- if eq .Values.type "tensorchord" }}
|
||||
- ALTER SYSTEM SET search_path TO "$user", public, vectors;
|
||||
- SET search_path TO "$user", public, vectors;
|
||||
- CREATE EXTENSION IF NOT EXISTS "vectors";
|
||||
- CREATE EXTENSION IF NOT EXISTS "cube";
|
||||
- CREATE EXTENSION IF NOT EXISTS "earthdistance";
|
||||
- ALTER SCHEMA vectors OWNER TO "app";
|
||||
- GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA vectors TO "app";
|
||||
- GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "app";
|
||||
{{- end }}
|
||||
{{- with .Values.cluster.initdb }}
|
||||
{{- range .postInitApplicationSQL }}
|
||||
{{- printf "- %s" . | nindent 6 }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- else if eq .Values.mode "replica" }}
|
||||
|
||||
{{- else if eq .Values.mode "recovery" -}}
|
||||
bootstrap:
|
||||
|
||||
{{- if eq .Values.recovery.method "pgBaseBackup" }}
|
||||
pg_basebackup:
|
||||
source: pgBaseBackupSource
|
||||
{{ with .Values.recovery.pgBaseBackup.database }}
|
||||
database: {{ . }}
|
||||
{{- end }}
|
||||
{{ with .Values.recovery.pgBaseBackup.owner }}
|
||||
owner: {{ . }}
|
||||
{{- end }}
|
||||
{{ with .Values.recovery.pgBaseBackup.secret }}
|
||||
secret:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
externalClusters:
|
||||
{{- include "cluster.externalSourceCluster" (list "pgBaseBackupSource" .Values.recovery.pgBaseBackup.source) | nindent 2 }}
|
||||
|
||||
{{- else if eq .Values.recovery.method "import" }}
|
||||
initdb:
|
||||
{{- with .Values.cluster.initdb }}
|
||||
{{- with (omit . "owner" "import" "postInitApplicationSQL") }}
|
||||
{{- . | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.cluster.initdb.owner }}
|
||||
owner: {{ tpl .Values.cluster.initdb.owner . }}
|
||||
{{- end }}
|
||||
import:
|
||||
type: {{ .Values.replica.importType }}
|
||||
source:
|
||||
externalCluster: importSource
|
||||
type: {{ .Values.recovery.import.type }}
|
||||
databases:
|
||||
{{- if and (gt (len .Values.replica.importDatabases) 1) (eq .Values.replica.importType "microservice") }}
|
||||
{{- if and (gt (len .Values.recovery.import.databases) 1) (eq .Values.recovery.import.type "microservice") }}
|
||||
{{ fail "Too many databases in import type of microservice!" }}
|
||||
{{- else}}
|
||||
{{- with .Values.replica.importDatabases }}
|
||||
{{- with .Values.recovery.import.databases }}
|
||||
{{- . | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.replica.importType "monolith" }}
|
||||
{{- if eq .Values.recovery.import.type "monolith" }}
|
||||
roles:
|
||||
{{- with .Values.replica.importRoles }}
|
||||
{{- . | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if and (.Values.replica.postImportApplicationSQL) (eq .Values.replica.importType "microservice") }}
|
||||
{{- if and (.Values.recovery.import.postImportApplicationSQL) (eq .Values.recovery.import.type "microservice") }}
|
||||
postImportApplicationSQL:
|
||||
{{- with .Values.replica.postImportApplicationSQL }}
|
||||
{{- with .Values.recovery.import.postImportApplicationSQL }}
|
||||
{{- . | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
source:
|
||||
externalCluster: "{{ include "cluster.name" . }}-cluster"
|
||||
externalClusters:
|
||||
- name: "{{ include "cluster.name" . }}-cluster"
|
||||
{{- with .Values.replica.externalCluster }}
|
||||
{{- . | toYaml | nindent 4 }}
|
||||
schemaOnly: {{ .Values.recovery.import.schemaOnly }}
|
||||
{{ with .Values.recovery.import.pgDumpExtraOptions }}
|
||||
pgDumpExtraOptions:
|
||||
{{- . | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- else if eq .Values.mode "recovery" }}
|
||||
{{ with .Values.recovery.import.pgRestoreExtraOptions }}
|
||||
pgRestoreExtraOptions:
|
||||
{{- . | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
externalClusters:
|
||||
{{- include "cluster.externalSourceCluster" (list "importSource" .Values.recovery.import.source) | nindent 2 }}
|
||||
|
||||
{{- else if eq .Values.recovery.method "backup" }}
|
||||
recovery:
|
||||
{{- with .Values.recovery.pitrTarget.time }}
|
||||
{{- with .Values.recovery.backup.pitrTarget.time }}
|
||||
recoveryTarget:
|
||||
targetTime: {{ . }}
|
||||
{{- end }}
|
||||
{{ with .Values.recovery.backup.database }}
|
||||
database: {{ . }}
|
||||
{{- end }}
|
||||
{{ with .Values.recovery.backup.owner }}
|
||||
owner: {{ . }}
|
||||
{{- end }}
|
||||
backup:
|
||||
name: {{ .Values.recovery.backup.backupName }}
|
||||
|
||||
{{- else if eq .Values.recovery.method "objectStore" }}
|
||||
recovery:
|
||||
{{- with .Values.recovery.objectStore.pitrTarget.time }}
|
||||
recoveryTarget:
|
||||
targetTime: {{ . }}
|
||||
{{- end }}
|
||||
{{ with .Values.recovery.objectStore.database }}
|
||||
database: {{ . }}
|
||||
{{- end }}
|
||||
{{ with .Values.recovery.objectStore.owner }}
|
||||
owner: {{ . }}
|
||||
{{- end }}
|
||||
source: {{ include "cluster.recoveryServerName" . }}
|
||||
|
||||
externalClusters:
|
||||
- name: {{ include "cluster.recoveryServerName" . }}
|
||||
barmanObjectStore:
|
||||
plugin:
|
||||
name: barman-cloud.cloudnative-pg.io
|
||||
enabled: true
|
||||
parameters:
|
||||
barmanObjectName: "{{ include "cluster.name" . }}-{{ .Values.recovery.objectStore.name }}"
|
||||
serverName: {{ include "cluster.recoveryServerName" . }}
|
||||
destinationPath: {{ .Values.recovery.destinationPath }}
|
||||
endpointURL: {{ .Values.recovery.endpointURL }}
|
||||
{{- with .Values.recovery.endpointCA }}
|
||||
endpointCA:
|
||||
name: {{ . }}
|
||||
key: ca-bundle.crt
|
||||
|
||||
{{- else }}
|
||||
{{ fail "Invalid recovery mode!" }}
|
||||
{{- end }}
|
||||
s3Credentials:
|
||||
accessKeyId:
|
||||
name: {{ include "cluster.recoveryCredentials" . }}
|
||||
key: ACCESS_KEY_ID
|
||||
secretAccessKey:
|
||||
name: {{ include "cluster.recoveryCredentials" . }}
|
||||
key: ACCESS_SECRET_KEY
|
||||
wal:
|
||||
compression: {{ .Values.recovery.wal.compression }}
|
||||
encryption: {{ .Values.recovery.wal.encryption }}
|
||||
maxParallel: {{ .Values.recovery.wal.maxParallel }}
|
||||
data:
|
||||
compression: {{ .Values.recovery.data.compression }}
|
||||
encryption: {{ .Values.recovery.data.encryption }}
|
||||
jobs: {{ .Values.recovery.data.jobs }}
|
||||
|
||||
{{- else }}
|
||||
{{ fail "Invalid cluster mode!" }}
|
||||
{{- end }}
|
||||
|
||||
{{- end }}
|
||||
|
||||
12
charts/postgres-cluster/templates/_colorize.tpl
Normal file
12
charts/postgres-cluster/templates/_colorize.tpl
Normal file
@@ -0,0 +1,12 @@
|
||||
{{- define "cluster.color-error" }}
|
||||
{{- printf "\033[0;31m%s\033[0m" . -}}
|
||||
{{- end }}
|
||||
{{- define "cluster.color-ok" }}
|
||||
{{- printf "\033[0;32m%s\033[0m" . -}}
|
||||
{{- end }}
|
||||
{{- define "cluster.color-warning" }}
|
||||
{{- printf "\033[0;33m%s\033[0m" . -}}
|
||||
{{- end }}
|
||||
{{- define "cluster.color-info" }}
|
||||
{{- printf "\033[0;34m%s\033[0m" . -}}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,33 @@
|
||||
{{- define "cluster.externalSourceCluster" -}}
|
||||
{{- $name := first . -}}
|
||||
{{- $config := last . -}}
|
||||
- name: {{ first . }}
|
||||
connectionParameters:
|
||||
host: {{ $config.host | quote }}
|
||||
port: {{ $config.port | quote }}
|
||||
user: {{ $config.username | quote }}
|
||||
{{- with $config.database }}
|
||||
dbname: {{ . | quote }}
|
||||
{{- end }}
|
||||
sslmode: {{ $config.sslMode | quote }}
|
||||
{{- if $config.passwordSecret.name }}
|
||||
password:
|
||||
name: {{ $config.passwordSecret.name }}
|
||||
key: {{ $config.passwordSecret.key }}
|
||||
{{- end }}
|
||||
{{- if $config.sslKeySecret.name }}
|
||||
sslKey:
|
||||
name: {{ $config.sslKeySecret.name }}
|
||||
key: {{ $config.sslKeySecret.key }}
|
||||
{{- end }}
|
||||
{{- if $config.sslCertSecret.name }}
|
||||
sslCert:
|
||||
name: {{ $config.sslCertSecret.name }}
|
||||
key: {{ $config.sslCertSecret.key }}
|
||||
{{- end }}
|
||||
{{- if $config.sslRootCertSecret.name }}
|
||||
sslRootCert:
|
||||
name: {{ $config.sslRootCertSecret.name }}
|
||||
key: {{ $config.sslRootCertSecret.key }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -20,25 +20,72 @@ Create chart name and version as used by the chart label.
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "cluster.labels" -}}
|
||||
helm.sh/chart: {{ include "cluster.chart" . }}
|
||||
{{ include "cluster.selectorLabels" . }}
|
||||
helm.sh/chart: {{ include "cluster.chart" $ }}
|
||||
{{ include "cluster.selectorLabels" $ }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
app.kubernetes.io/version: {{ .Chart.Version | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- with .Values.cluster.additionalLabels }}
|
||||
{{ toYaml . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "cluster.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "cluster.name" . }}
|
||||
app.kubernetes.io/name: {{ include "cluster.name" $ }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: cloudnative-pg
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Generate name for object store credentials
|
||||
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
|
||||
*/}}
|
||||
{{- define "cluster.namespace" -}}
|
||||
{{- if .Values.namespaceOverride -}}
|
||||
{{- .Values.namespaceOverride -}}
|
||||
{{- else -}}
|
||||
{{- .Release.Namespace -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Postgres UID
|
||||
*/}}
|
||||
{{- define "cluster.postgresUID" -}}
|
||||
{{- if ge (int .Values.cluster.postgresUID) 0 -}}
|
||||
{{- .Values.cluster.postgresUID }}
|
||||
{{- else -}}
|
||||
{{- 26 -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Postgres GID
|
||||
*/}}
|
||||
{{- define "cluster.postgresGID" -}}
|
||||
{{- if ge (int .Values.cluster.postgresGID) 0 -}}
|
||||
{{- .Values.cluster.postgresGID }}
|
||||
{{- else -}}
|
||||
{{- 26 -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Generate recovery server name
|
||||
*/}}
|
||||
{{- define "cluster.recoveryServerName" -}}
|
||||
{{- if .Values.recovery.recoveryServerName -}}
|
||||
{{- .Values.recovery.recoveryServerName -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-backup-%s" (include "cluster.name" .) (toString .Values.recovery.objectStore.index) | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Generate name for recovery object store credentials
|
||||
*/}}
|
||||
{{- define "cluster.recoveryCredentials" -}}
|
||||
{{- if .Values.recovery.endpointCredentials -}}
|
||||
@@ -48,44 +95,9 @@ Generate name for object store credentials
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Generate name for backup object store credentials
|
||||
*/}}
|
||||
{{- define "cluster.backupCredentials" -}}
|
||||
{{- if .Values.backup.endpointCredentials -}}
|
||||
{{- .Values.backup.endpointCredentials -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Generate backup server name
|
||||
*/}}
|
||||
{{- define "cluster.backupName" -}}
|
||||
{{- if .Values.backup.backupName -}}
|
||||
{{- .Values.backup.backupName -}}
|
||||
{{- else -}}
|
||||
{{ include "cluster.name" . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
{{/*
|
||||
Generate recovery server name
|
||||
*/}}
|
||||
{{- define "cluster.recoveryServerName" -}}
|
||||
{{- if .Values.recovery.recoveryServerName -}}
|
||||
{{- .Values.recovery.recoveryServerName -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-backup-%s" (include "cluster.name" .) (toString .Values.recovery.recoveryIndex) | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Generate recovery instance name
|
||||
*/}}
|
||||
{{- define "cluster.recoveryInstanceName" -}}
|
||||
{{- if .Values.recovery.recoveryInstanceName -}}
|
||||
{{- .Values.recovery.recoveryInstanceName -}}
|
||||
{{- else -}}
|
||||
{{ include "cluster.name" . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@@ -2,28 +2,57 @@ apiVersion: postgresql.cnpg.io/v1
|
||||
kind: Cluster
|
||||
metadata:
|
||||
name: {{ include "cluster.name" . }}-cluster
|
||||
namespace: {{ .Release.Namespace }}
|
||||
namespace: {{ include "cluster.namespace" . }}
|
||||
{{- with .Values.cluster.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "cluster.labels" . | nindent 4 }}
|
||||
{{- with .Values.cluster.additionalLabels }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
instances: {{ .Values.cluster.instances }}
|
||||
imageName: "{{ .Values.cluster.image.repository }}:{{ .Values.cluster.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.cluster.image.pullPolicy }}
|
||||
postgresUID: {{ .Values.cluster.postgresUID }}
|
||||
postgresGID: {{ .Values.cluster.postgresGID }}
|
||||
walStorage:
|
||||
size: {{ .Values.cluster.walStorage.size }}
|
||||
storageClass: {{ .Values.cluster.walStorage.storageClass }}
|
||||
imagePullPolicy: {{ .Values.cluster.imagePullPolicy }}
|
||||
{{- with .Values.cluster.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- . | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
postgresUID: {{ include "cluster.postgresUID" . }}
|
||||
postgresGID: {{ include "cluster.postgresGID" . }}
|
||||
{{ if or (eq .Values.backup.method "objectStore") (eq .Values.recovery.method "objectStore") }}
|
||||
plugins:
|
||||
{{ end }}
|
||||
{{- range $objectStore := .Values.backup.objectStore }}
|
||||
- name: barman-cloud.cloudnative-pg.io
|
||||
enabled: true
|
||||
isWALArchiver: {{ $objectStore.isWALArchiver | default true }}
|
||||
parameters:
|
||||
barmanObjectName: "{{ include "cluster.name" $ }}-{{ $objectStore.name }}-backup"
|
||||
{{- if $objectStore.clusterName }}
|
||||
serverName: "{{ $objectStore.clusterName }}-backup-{{ $objectStore.index }}"
|
||||
{{- else }}
|
||||
serverName: "{{ include "cluster.name" $ }}-backup-{{ $objectStore.index }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{ if eq .Values.recovery.method "objectStore" }}
|
||||
- name: barman-cloud.cloudnative-pg.io
|
||||
enabled: true
|
||||
parameters:
|
||||
barmanObjectName: "{{ include "cluster.name" . }}-{{ .Values.recovery.objectStore.name }}"
|
||||
serverName: {{ include "cluster.recoveryServerName" . }}
|
||||
{{ end }}
|
||||
storage:
|
||||
size: {{ .Values.cluster.storage.size }}
|
||||
{{- if not (empty .Values.cluster.storage.storageClass) }}
|
||||
storageClass: {{ .Values.cluster.storage.storageClass }}
|
||||
{{- end }}
|
||||
{{- if .Values.cluster.walStorage.enabled }}
|
||||
walStorage:
|
||||
size: {{ .Values.cluster.walStorage.size }}
|
||||
{{- if not (empty .Values.cluster.walStorage.storageClass) }}
|
||||
storageClass: {{ .Values.cluster.walStorage.storageClass }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.cluster.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
@@ -32,21 +61,97 @@ spec:
|
||||
affinity:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.cluster.priorityClassName }}
|
||||
priorityClassName: {{ .Values.cluster.priorityClassName }}
|
||||
{{- end }}
|
||||
|
||||
primaryUpdateMethod: {{ .Values.cluster.primaryUpdateMethod }}
|
||||
primaryUpdateStrategy: {{ .Values.cluster.primaryUpdateStrategy }}
|
||||
logLevel: {{ .Values.cluster.logLevel }}
|
||||
{{- with .Values.cluster.certificates }}
|
||||
certificates:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{ end }}
|
||||
enableSuperuserAccess: {{ .Values.cluster.enableSuperuserAccess }}
|
||||
{{- with .Values.cluster.superuserSecret }}
|
||||
superuserSecret:
|
||||
name: {{ . }}
|
||||
{{ end }}
|
||||
enablePDB: {{ .Values.cluster.enablePDB }}
|
||||
|
||||
postgresql:
|
||||
{{- if or (eq .Values.type "tensorchord") (not (empty .Values.cluster.postgresql.shared_preload_libraries)) }}
|
||||
shared_preload_libraries:
|
||||
{{- if eq .Values.type "timescaledb" }}
|
||||
- timescaledb
|
||||
{{- if eq .Values.type "tensorchord" }}
|
||||
- vectors.so
|
||||
{{- end }}
|
||||
{{- with .Values.cluster.postgresql.shared_preload_libraries }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.cluster.postgresql.pg_hba }}
|
||||
pg_hba:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.cluster.postgresql.pg_ident }}
|
||||
pg_ident:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.cluster.postgresql.ldap }}
|
||||
ldap:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end}}
|
||||
{{- with .Values.cluster.postgresql.synchronous }}
|
||||
synchronous:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{ end }}
|
||||
{{- with .Values.cluster.postgresql.parameters }}
|
||||
parameters:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
|
||||
{{- if not (and (empty .Values.cluster.roles) (empty .Values.cluster.services)) }}
|
||||
managed:
|
||||
{{- with .Values.cluster.services }}
|
||||
services:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{ end }}
|
||||
{{- with .Values.cluster.roles }}
|
||||
roles:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{ end }}
|
||||
{{- end }}
|
||||
|
||||
{{- with .Values.cluster.serviceAccountTemplate }}
|
||||
serviceAccountTemplate:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
|
||||
monitoring:
|
||||
enablePodMonitor: {{ and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.podMonitor.enabled }}
|
||||
disableDefaultQueries: {{ .Values.cluster.monitoring.disableDefaultQueries }}
|
||||
{{- if not (empty .Values.cluster.monitoring.customQueries) }}
|
||||
customQueriesConfigMap:
|
||||
- name: {{ include "cluster.name" . }}-monitoring
|
||||
key: custom-queries
|
||||
{{- end }}
|
||||
{{- if not (empty .Values.cluster.monitoring.customQueriesSecret) }}
|
||||
{{- with .Values.cluster.monitoring.customQueriesSecret }}
|
||||
customQueriesSecret:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{ end }}
|
||||
{{- end }}
|
||||
{{- if not (empty .Values.cluster.monitoring.podMonitor.relabelings) }}
|
||||
{{- with .Values.cluster.monitoring.podMonitor.relabelings }}
|
||||
podMonitorRelabelings:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{ end }}
|
||||
{{- end }}
|
||||
{{- if not (empty .Values.cluster.monitoring.podMonitor.metricRelabelings) }}
|
||||
{{- with .Values.cluster.monitoring.podMonitor.metricRelabelings }}
|
||||
podMonitorMetricRelabelings:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{ end }}
|
||||
{{- end }}
|
||||
|
||||
{{ include "cluster.bootstrap" . | nindent 2 }}
|
||||
{{ include "cluster.backup" . | nindent 2 }}
|
||||
|
||||
18
charts/postgres-cluster/templates/config-map.yaml
Normal file
18
charts/postgres-cluster/templates/config-map.yaml
Normal file
@@ -0,0 +1,18 @@
|
||||
{{- if not (empty .Values.cluster.monitoring.customQueries) }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ include "cluster.name" $ }}-monitoring
|
||||
namespace: {{ include "cluster.namespace" $ }}
|
||||
labels:
|
||||
cnpg.io/reload: ""
|
||||
{{- include "cluster.labels" $ | nindent 4 }}
|
||||
data:
|
||||
custom-queries: |
|
||||
{{- range .Values.cluster.monitoring.customQueries }}
|
||||
{{ .name }}:
|
||||
query: {{ .query | quote }}
|
||||
metrics:
|
||||
{{- .metrics | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
93
charts/postgres-cluster/templates/object-store.yaml
Normal file
93
charts/postgres-cluster/templates/object-store.yaml
Normal file
@@ -0,0 +1,93 @@
|
||||
{{ if and (.Values.backup.enabled) (eq .Values.backup.method "objectStore") }}
|
||||
{{ $context := . -}}
|
||||
{{ range .Values.backup.objectStore -}}
|
||||
---
|
||||
apiVersion: barmancloud.cnpg.io/v1
|
||||
kind: ObjectStore
|
||||
metadata:
|
||||
name: "{{ include "cluster.name" $context }}-{{ .name }}-backup"
|
||||
namespace: {{ include "cluster.namespace" $context }}
|
||||
labels:
|
||||
{{- include "cluster.labels" $context | nindent 4 }}
|
||||
spec:
|
||||
retentionPolicy: {{ .retentionPolicy | default "30d" }}
|
||||
configuration:
|
||||
destinationPath: {{ .destinationPath | required "Destination path is required" }}
|
||||
endpointURL: {{ .endpointURL | default "https://nyc3.digitaloceanspaces.com" }}
|
||||
{{- if .endpointCA }}
|
||||
endpointCA:
|
||||
name: {{ .endpointCA.name }}
|
||||
key: {{ .endpointCA.key }}
|
||||
{{- end }}
|
||||
{{- if .wal }}
|
||||
wal:
|
||||
compression: {{ .wal.compression | default "snappy" }}
|
||||
{{ with .wal.encryption }}
|
||||
encryption: {{ . }}
|
||||
{{ end }}
|
||||
maxParallel: {{ .wal.maxParallel | default "1" }}
|
||||
{{- end }}
|
||||
{{- if .wal }}
|
||||
data:
|
||||
compression: {{ .data.compression | default "snappy" }}
|
||||
{{- with .data.encryption }}
|
||||
encryption: {{ . }}
|
||||
{{- end }}
|
||||
jobs: {{ .data.jobs | default 1 }}
|
||||
{{- end }}
|
||||
s3Credentials:
|
||||
accessKeyId:
|
||||
{{- if .endpointCredentials }}
|
||||
name: {{ .endpointCredentials }}
|
||||
{{- else }}
|
||||
name: {{ include "cluster.backupCredentials" $context }}
|
||||
{{- end }}
|
||||
key: ACCESS_KEY_ID
|
||||
secretAccessKey:
|
||||
{{- if .endpointCredentials }}
|
||||
name: {{ .endpointCredentials }}
|
||||
{{- else }}
|
||||
name: {{ include "cluster.backupCredentials" $context }}
|
||||
{{- end }}
|
||||
key: ACCESS_SECRET_KEY
|
||||
{{ end -}}
|
||||
{{ end }}
|
||||
|
||||
{{ if eq .Values.recovery.method "objectStore" }}
|
||||
---
|
||||
apiVersion: barmancloud.cnpg.io/v1
|
||||
kind: ObjectStore
|
||||
metadata:
|
||||
name: "{{ include "cluster.name" . }}-{{ .Values.recovery.objectStore.name }}"
|
||||
namespace: {{ include "cluster.namespace" . }}
|
||||
labels:
|
||||
{{- include "cluster.labels" . | nindent 4 }}
|
||||
spec:
|
||||
configuration:
|
||||
destinationPath: {{ .Values.recovery.objectStore.destinationPath }}
|
||||
endpointURL: {{ .Values.recovery.objectStore.endpointURL }}
|
||||
{{- if .Values.recovery.objectStore.endpointCA.name }}
|
||||
endpointCA:
|
||||
name: {{ .Values.recovery.objectStore.endpointCA.name }}
|
||||
key: {{ .Values.recovery.objectStore.endpointCA.key }}
|
||||
{{- end }}
|
||||
wal:
|
||||
compression: {{ .Values.recovery.objectStore.wal.compression }}
|
||||
{{- with .Values.recovery.objectStore.wal.encryption}}
|
||||
encryption: {{ . }}
|
||||
{{- end }}
|
||||
maxParallel: {{ .Values.recovery.objectStore.wal.maxParallel }}
|
||||
data:
|
||||
compression: {{ .Values.recovery.objectStore.data.compression }}
|
||||
{{- with .Values.recovery.objectStore.data.encryption }}
|
||||
encryption: {{ . }}
|
||||
{{- end }}
|
||||
jobs: {{ .Values.recovery.objectStore.data.jobs }}
|
||||
s3Credentials:
|
||||
accessKeyId:
|
||||
name: {{ include "cluster.recoveryCredentials" . }}
|
||||
key: ACCESS_KEY_ID
|
||||
secretAccessKey:
|
||||
name: {{ include "cluster.recoveryCredentials" . }}
|
||||
key: ACCESS_SECRET_KEY
|
||||
{{ end }}
|
||||
51
charts/postgres-cluster/templates/poolers.yaml
Normal file
51
charts/postgres-cluster/templates/poolers.yaml
Normal file
@@ -0,0 +1,51 @@
|
||||
{{- range .Values.poolers }}
|
||||
---
|
||||
apiVersion: postgresql.cnpg.io/v1
|
||||
kind: Pooler
|
||||
metadata:
|
||||
name: {{ include "cluster.name" $ }}-pooler-{{ .name }}
|
||||
namespace: {{ include "cluster.namespace" $ }}
|
||||
labels:
|
||||
{{- include "cluster.labels" $ | nindent 4 }}
|
||||
spec:
|
||||
cluster:
|
||||
name: {{ include "cluster.name" $ }}
|
||||
instances: {{ .instances }}
|
||||
type: {{ default "rw" .type }}
|
||||
pgbouncer:
|
||||
poolMode: {{ default "session" .poolMode }}
|
||||
{{- with .authQuerySecret }}
|
||||
authQuerySecret:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .authQuery }}
|
||||
authQuery:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .parameters }}
|
||||
parameters:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .pg_hba }}
|
||||
pg_hba:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{ with .monitoring }}
|
||||
monitoring:
|
||||
{{- if not (empty .podMonitor) }}
|
||||
enablePodMonitor: {{ and .enabled .podMonitor.enabled }}
|
||||
{{- with .podMonitor.relabelings }}
|
||||
podMonitorRelabelings:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{ end }}
|
||||
{{- with .podMonitor.metricRelabelings }}
|
||||
podMonitorMetricRelabelings:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{ end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .template }}
|
||||
template:
|
||||
{{- . | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -2,22 +2,19 @@
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PrometheusRule
|
||||
metadata:
|
||||
name: {{ include "cluster.name" . }}-alert-rules
|
||||
namespace: {{ .Release.Namespace }}
|
||||
name: {{ include "cluster.name" $ }}-alert-rules
|
||||
namespace: {{ include "cluster.namespace" $ }}
|
||||
labels:
|
||||
{{- include "cluster.labels" . | nindent 4 }}
|
||||
{{- with .Values.cluster.additionalLabels }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- include "cluster.labels" $ | nindent 4 }}
|
||||
spec:
|
||||
groups:
|
||||
- name: cloudnative-pg/{{ include "cluster.name" . }}
|
||||
rules:
|
||||
{{- $dict := dict "excludeRules" .Values.cluster.monitoring.prometheusRule.excludeRules -}}
|
||||
{{- $_ := set $dict "value" "{{ $value }}" -}}
|
||||
{{- $_ := set $dict "value" "{{`{{`}} $value {{`}}`}}" -}}
|
||||
{{- $_ := set $dict "namespace" .Release.Namespace -}}
|
||||
{{- $_ := set $dict "cluster" (printf "%s-cluster" (include "cluster.name" .) ) -}}
|
||||
{{- $_ := set $dict "labels" (dict "job" "{{ $labels.job }}" "node" "{{ $labels.node }}" "pod" "{{ $labels.pod }}") -}}
|
||||
{{- $_ := set $dict "labels" (dict "job" "{{`{{`}} $labels.job {{`}}`}}" "node" "{{`{{`}} $labels.node {{`}}`}}" "pod" "{{`{{`}} $labels.pod {{`}}`}}") -}}
|
||||
{{- $_ := set $dict "podSelector" (printf "%s-cluster-([1-9][0-9]*)$" (include "cluster.name" .) ) -}}
|
||||
{{- $_ := set $dict "Values" .Values -}}
|
||||
{{- $_ := set $dict "Template" .Template -}}
|
||||
@@ -26,5 +23,5 @@ spec:
|
||||
{{- with $tpl }}
|
||||
- {{ $tpl }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
{{ end }}
|
||||
|
||||
@@ -1,18 +1,25 @@
|
||||
{{ if .Values.backup.enabled }}
|
||||
{{ $context := . -}}
|
||||
{{ range .Values.backup.scheduledBackups -}}
|
||||
---
|
||||
apiVersion: postgresql.cnpg.io/v1
|
||||
kind: ScheduledBackup
|
||||
metadata:
|
||||
name: {{ include "cluster.name" . }}-scheduled-backup
|
||||
namespace: {{ .Release.Namespace }}
|
||||
name: "{{ include "cluster.name" $context }}-{{ .name }}-scheduled-backup"
|
||||
namespace: {{ include "cluster.namespace" $context }}
|
||||
labels:
|
||||
{{- include "cluster.labels" . | nindent 4 }}
|
||||
{{- with .Values.cluster.additionalLabels }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- include "cluster.labels" $context | nindent 4 }}
|
||||
spec:
|
||||
immediate: true
|
||||
schedule: {{ .Values.backup.schedule }}
|
||||
backupOwnerReference: self
|
||||
immediate: {{ .immediate | default true }}
|
||||
suspend: {{ .suspend | default false }}
|
||||
schedule: {{ .schedule | quote | required "Schedule is required" }}
|
||||
backupOwnerReference: {{ .backupOwnerReference | default "self" }}
|
||||
cluster:
|
||||
name: {{ include "cluster.name" . }}-cluster
|
||||
name: {{ include "cluster.name" $context }}-cluster
|
||||
method: plugin
|
||||
pluginConfiguration:
|
||||
name: {{ .plugin | default "barman-cloud.cloudnative-pg.io" }}
|
||||
parameters:
|
||||
barmanObjectName: "{{ include "cluster.name" $context }}-{{ .backupName }}-backup"
|
||||
{{ end -}}
|
||||
{{ end }}
|
||||
|
||||
@@ -1,197 +1,558 @@
|
||||
# -- Override the name of the cluster
|
||||
nameOverride: ""
|
||||
|
||||
###
|
||||
# -- Override the namespace of the chart
|
||||
namespaceOverride: ""
|
||||
|
||||
# -- Type of the CNPG database. Available types:
|
||||
# * `postgresql`
|
||||
# * `postgis`
|
||||
# * `timescaledb`
|
||||
# * `tensorchord`
|
||||
type: postgresql
|
||||
|
||||
###
|
||||
# Cluster mode of operation. Available modes:
|
||||
# -- Cluster mode of operation. Available modes:
|
||||
# * `standalone` - Default mode. Creates new or updates an existing CNPG cluster.
|
||||
# * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup
|
||||
# * `replica` - Create database as a replica from another CNPG cluster
|
||||
mode: standalone
|
||||
|
||||
# -- Cluster settings
|
||||
cluster:
|
||||
instances: 3
|
||||
|
||||
# -- Default image
|
||||
image:
|
||||
repository: ghcr.io/cloudnative-pg/postgresql
|
||||
tag: "16.3"
|
||||
pullPolicy: IfNotPresent
|
||||
tag: "17.5-1-bullseye"
|
||||
|
||||
# The UID and GID of the postgres user inside the image
|
||||
postgresUID: 26
|
||||
postgresGID: 26
|
||||
# -- Image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Cannot be updated.
|
||||
# More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
|
||||
imagePullPolicy: IfNotPresent
|
||||
|
||||
walStorage:
|
||||
size: 2Gi
|
||||
storageClass: ""
|
||||
# -- The list of pull secrets to be used to pull the images.
|
||||
# See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-LocalObjectReference
|
||||
imagePullSecrets: []
|
||||
|
||||
# -- Default storage size
|
||||
storage:
|
||||
size: 10Gi
|
||||
storageClass: ""
|
||||
|
||||
walStorage:
|
||||
enabled: true
|
||||
size: 2Gi
|
||||
storageClass: ""
|
||||
|
||||
# -- The UID and GID of the postgres user inside the image, defaults to 26
|
||||
postgresUID: -1
|
||||
postgresGID: -1
|
||||
|
||||
# -- Customization of service definitions. Please refer to https://cloudnative-pg.io/documentation/current/service_management/
|
||||
services: {}
|
||||
|
||||
# -- Resources requirements of every generated Pod.
|
||||
# Please refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information.
|
||||
# We strongly advise you use the same setting for limits and requests so that your cluster pods are given a Guaranteed QoS.
|
||||
# See: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/
|
||||
resources:
|
||||
requests:
|
||||
memory: 256Mi
|
||||
cpu: 10m
|
||||
cpu: 100m
|
||||
limits:
|
||||
memory: 1Gi
|
||||
cpu: 800m
|
||||
hugepages-2Mi: 256Mi
|
||||
|
||||
priorityClassName: ""
|
||||
|
||||
# -- Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
|
||||
# successfully updated. It can be switchover (default) or restart.
|
||||
primaryUpdateMethod: switchover
|
||||
|
||||
# -- Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
|
||||
# successfully updated: it can be automated (unsupervised - default) or manual (supervised)
|
||||
primaryUpdateStrategy: unsupervised
|
||||
|
||||
# -- The instances' log level, one of the following values: error, warning, info (default), debug, trace
|
||||
logLevel: "info"
|
||||
|
||||
# -- Affinity/Anti-affinity rules for Pods.
|
||||
# See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration
|
||||
affinity:
|
||||
enablePodAntiAffinity: true
|
||||
topologyKey: kubernetes.io/hostname
|
||||
|
||||
additionalLabels: {}
|
||||
annotations: {}
|
||||
# -- The configuration for the CA and related certificates.
|
||||
# See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-CertificatesConfiguration
|
||||
certificates: {}
|
||||
|
||||
priorityClassName: ""
|
||||
# -- When this option is enabled, the operator will use the SuperuserSecret to update the postgres user password.
|
||||
# If the secret is not present, the operator will automatically create one.
|
||||
# When this option is disabled, the operator will ignore the SuperuserSecret content, delete it when automatically created,
|
||||
# and then blank the password of the postgres user by setting it to NULL.
|
||||
enableSuperuserAccess: false
|
||||
superuserSecret: ""
|
||||
|
||||
# Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
|
||||
# successfully updated. It can be switchover (default) or in-place (restart).
|
||||
primaryUpdateMethod: switchover
|
||||
# -- Allow to disable PDB, mainly useful for upgrade of single-instance clusters or development purposes
|
||||
# See: https://cloudnative-pg.io/documentation/current/kubernetes_upgrade/#pod-disruption-budgets
|
||||
enablePDB: true
|
||||
|
||||
# Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
|
||||
# successfully updated: it can be automated (unsupervised - default) or manual (supervised)
|
||||
primaryUpdateStrategy: unsupervised
|
||||
|
||||
logLevel: "info"
|
||||
# -- This feature enables declarative management of existing roles, as well as the creation of new roles if they are not
|
||||
# already present in the database.
|
||||
# See: https://cloudnative-pg.io/documentation/current/declarative_role_management/
|
||||
roles: []
|
||||
# - name: dante
|
||||
# ensure: present
|
||||
# comment: Dante Alighieri
|
||||
# login: true
|
||||
# superuser: false
|
||||
# inRoles:
|
||||
# - pg_monitor
|
||||
# - pg_signal_backend
|
||||
|
||||
# -- Enable default monitoring and alert rules
|
||||
monitoring:
|
||||
|
||||
# -- Whether to enable monitoring
|
||||
enabled: false
|
||||
|
||||
podMonitor:
|
||||
|
||||
# -- Whether to enable the PodMonitor
|
||||
enabled: true
|
||||
|
||||
# --The list of relabelings for the PodMonitor.
|
||||
# Applied to samples before scraping.
|
||||
relabelings: []
|
||||
|
||||
# -- The list of metric relabelings for the PodMonitor.
|
||||
# Applied to samples before ingestion.
|
||||
metricRelabelings: []
|
||||
|
||||
prometheusRule:
|
||||
enabled: true
|
||||
|
||||
# -- Whether to enable the PrometheusRule automated alerts
|
||||
enabled: false
|
||||
|
||||
# -- Exclude specified rules
|
||||
excludeRules: []
|
||||
|
||||
# -- Whether the default queries should be injected.
|
||||
# Set it to true if you don't want to inject default queries into the cluster.
|
||||
disableDefaultQueries: false
|
||||
|
||||
# -- Custom Prometheus metrics
|
||||
# Will be stored in the ConfigMap
|
||||
customQueries: []
|
||||
# - name: "pg_cache_hit_ratio"
|
||||
# query: "SELECT current_database() as datname, sum(heap_blks_hit) / (sum(heap_blks_hit) + sum(heap_blks_read)) as ratio FROM pg_statio_user_tables;"
|
||||
# metrics:
|
||||
# - datname:
|
||||
# usage: "LABEL"
|
||||
# description: "Name of the database"
|
||||
# - ratio:
|
||||
# usage: GAUGE
|
||||
# description: "Cache hit ratio"
|
||||
|
||||
# -- The list of secrets containing the custom queries
|
||||
customQueriesSecret: []
|
||||
# - name: custom-queries-secret
|
||||
# key: custom-queries
|
||||
|
||||
# -- Parameters to be set for the database itself
|
||||
# See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration
|
||||
postgresql:
|
||||
|
||||
# -- PostgreSQL configuration options (postgresql.conf)
|
||||
parameters:
|
||||
shared_buffers: 128MB
|
||||
max_slot_wal_keep_size: 2000MB
|
||||
hot_standby_feedback: "on"
|
||||
|
||||
# BootstrapInitDB is the configuration of the bootstrap process when initdb is used.
|
||||
# -- Quorum-based Synchronous Replication
|
||||
synchronous: {}
|
||||
# method: any
|
||||
# number: 1
|
||||
|
||||
# -- PostgreSQL Host Based Authentication rules (lines to be appended to the pg_hba.conf file)
|
||||
pg_hba: []
|
||||
# - host all all 10.244.0.0/16 md5
|
||||
|
||||
# -- PostgreSQL User Name Maps rules (lines to be appended to the pg_ident.conf file)
|
||||
pg_ident: []
|
||||
# - mymap /^(.*)@mydomain\.com$ \1
|
||||
|
||||
# -- Lists of shared preload libraries to add to the default ones
|
||||
shared_preload_libraries: []
|
||||
# - pgaudit
|
||||
|
||||
# -- PostgreSQL LDAP configuration (see https://cloudnative-pg.io/documentation/current/postgresql_conf/#ldap-configuration)
|
||||
ldap: {}
|
||||
# https://cloudnative-pg.io/documentation/current/postgresql_conf/#ldap-configuration
|
||||
# server: 'openldap.default.svc.cluster.local'
|
||||
# bindSearchAuth:
|
||||
# baseDN: 'ou=org,dc=example,dc=com'
|
||||
# bindDN: 'cn=admin,dc=example,dc=com'
|
||||
# bindPassword:
|
||||
# name: 'ldapBindPassword'
|
||||
# key: 'data'
|
||||
# searchAttribute: 'uid'
|
||||
|
||||
# -- Bootstrap is the configuration of the bootstrap process when initdb is used.
|
||||
# See: https://cloudnative-pg.io/documentation/current/bootstrap/
|
||||
# See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb
|
||||
initdb:
|
||||
{}
|
||||
initdb: {}
|
||||
# database: app
|
||||
# owner: app
|
||||
# secret: "" # Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch
|
||||
# postInitApplicationSQL:
|
||||
# - CREATE TABLE IF NOT EXISTS example;
|
||||
# owner: "" # Defaults to the database name
|
||||
# secret:
|
||||
# name: "" # Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch
|
||||
# options: []
|
||||
# encoding: UTF8
|
||||
# postInitSQL:
|
||||
# - CREATE EXTENSION IF NOT EXISTS vector;
|
||||
# postInitApplicationSQL: []
|
||||
# postInitTemplateSQL: []
|
||||
|
||||
# -- Configure the metadata of the generated service account
|
||||
serviceAccountTemplate: {}
|
||||
|
||||
additionalLabels: {}
|
||||
annotations: {}
|
||||
|
||||
# -- Recovery settings when booting cluster from external cluster
|
||||
recovery:
|
||||
# Point in time recovery target in RFC3339 format
|
||||
|
||||
# -- Available recovery methods:
|
||||
# * `backup` - Recovers a CNPG cluster from a CNPG backup (PITR supported) Needs to be on the same cluster in the same namespace.
|
||||
# * `objectStore` - Recovers a CNPG cluster from a barman object store (PITR supported).
|
||||
# * `pgBaseBackup` - Recovers a CNPG cluster viaa streaming replication protocol. Useful if you want to
|
||||
# migrate databases to CloudNativePG, even from outside Kubernetes.
|
||||
# * `import` - Import one or more databases from an existing Postgres cluster.
|
||||
method: backup
|
||||
|
||||
# See https://cloudnative-pg.io/documentation/current/recovery/#recovery-from-a-backup-object
|
||||
backup:
|
||||
|
||||
# -- Point in time recovery target. Specify one of the following:
|
||||
pitrTarget:
|
||||
|
||||
# -- Time in RFC3339 format
|
||||
time: ""
|
||||
|
||||
# S3 https endpoint and the s3:// path
|
||||
endpointURL: ""
|
||||
destinationPath: ""
|
||||
# -- Name of the database used by the application. Default: `app`.
|
||||
database: app
|
||||
|
||||
# Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
|
||||
endpointCA: ""
|
||||
# -- Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key.
|
||||
owner: ""
|
||||
|
||||
# Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
|
||||
endpointCredentials: ""
|
||||
|
||||
# Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}
|
||||
recoveryIndex: 1
|
||||
|
||||
# Name of the recovery cluster in the object store, defaults to "cluster.name"
|
||||
recoveryServerName: ""
|
||||
|
||||
# Name of the recovery cluster in the object store, defaults to ".Release.Name"
|
||||
recoveryInstanceName: ""
|
||||
|
||||
wal:
|
||||
# WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
|
||||
compression: snappy
|
||||
# Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
|
||||
encryption: ""
|
||||
# Number of WAL files to be archived or restored in parallel.
|
||||
maxParallel: 2
|
||||
data:
|
||||
# Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
|
||||
compression: snappy
|
||||
# Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
|
||||
encryption: ""
|
||||
# Number of data files to be archived or restored in parallel.
|
||||
jobs: 2
|
||||
|
||||
replica:
|
||||
# See https://cloudnative-pg.io/documentation/current/database_import/
|
||||
# * `microservice` - Single database import as expected from cnpg clusters
|
||||
# * `monolith` - Import multiple databases and roles
|
||||
importType: microservice
|
||||
|
||||
# If type microservice only one database is allowed, default is app as standard in cnpg clusters
|
||||
importDatabases:
|
||||
- app
|
||||
|
||||
# If type microservice no roles are imported and ignored
|
||||
importRoles: []
|
||||
|
||||
# If import type is monolith postImportApplicationSQL is not supported and ignored
|
||||
postImportApplicationSQL: []
|
||||
|
||||
# External cluster connection, password specifies a secret name and the key containing the password value
|
||||
externalCluster:
|
||||
connectionParameters:
|
||||
host: postgresql
|
||||
user: app
|
||||
dbname: app
|
||||
password:
|
||||
name: postgresql
|
||||
key: password
|
||||
|
||||
backup:
|
||||
enabled: false
|
||||
|
||||
# S3 endpoint starting with "https://"
|
||||
endpointURL: ""
|
||||
|
||||
# S3 path starting with "s3://"
|
||||
destinationPath: ""
|
||||
|
||||
# Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
|
||||
endpointCA: ""
|
||||
|
||||
# Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
|
||||
endpointCredentials: ""
|
||||
|
||||
# Generate external cluster name, creates: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backups.backupIndex }}"
|
||||
backupIndex: 1
|
||||
|
||||
# Name of the backup cluster in the object store, defaults to "cluster.name"
|
||||
# -- Name of the backup to recover from.
|
||||
backupName: ""
|
||||
|
||||
# See https://cloudnative-pg.io/documentation/current/recovery/#recovery-from-an-object-store
|
||||
objectStore:
|
||||
|
||||
# -- Point in time recovery target. Specify one of the following:
|
||||
pitrTarget:
|
||||
|
||||
# -- Time in RFC3339 format
|
||||
time: ""
|
||||
|
||||
# -- Name of the database used by the application. Default: `app`.
|
||||
database: app
|
||||
|
||||
# -- Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key.
|
||||
owner: ""
|
||||
|
||||
# -- Object store backup name
|
||||
name: recovery
|
||||
|
||||
# -- Overrides the provider specific default path. Defaults to:
|
||||
# S3: s3://<bucket><path>
|
||||
# Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path>
|
||||
# Google: gs://<bucket><path>
|
||||
destinationPath: ""
|
||||
|
||||
# -- Overrides the provider specific default endpoint. Defaults to:
|
||||
# S3: https://s3.<region>.amazonaws.com"
|
||||
# Leave empty if using the default S3 endpoint
|
||||
endpointURL: "https://nyc3.digitaloceanspaces.com"
|
||||
|
||||
# -- Specifies a CA bundle to validate a privately signed certificate.
|
||||
endpointCA:
|
||||
# -- Creates a secret with the given value if true, otherwise uses an existing secret.
|
||||
create: false
|
||||
|
||||
name: ""
|
||||
key: ""
|
||||
|
||||
# -- Generate external cluster name, uses: {{ .Release.Name }}-postgresql-<major version>-backup-index-{{ index }}
|
||||
index: 1
|
||||
|
||||
# -- Override the name of the backup cluster, defaults to "cluster.name"
|
||||
clusterName: ""
|
||||
|
||||
# -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
|
||||
endpointCredentials: ""
|
||||
|
||||
# -- Storage
|
||||
wal:
|
||||
# WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
|
||||
|
||||
# -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
|
||||
compression: snappy
|
||||
# Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
|
||||
|
||||
# -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
|
||||
encryption: ""
|
||||
# Number of WAL files to be archived or restored in parallel.
|
||||
maxParallel: 2
|
||||
|
||||
# -- Number of WAL files to be archived or restored in parallel.
|
||||
maxParallel: 1
|
||||
|
||||
data:
|
||||
# Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
|
||||
# -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
|
||||
compression: snappy
|
||||
# Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
|
||||
|
||||
# -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
|
||||
encryption: ""
|
||||
# Number of data files to be archived or restored in parallel.
|
||||
jobs: 2
|
||||
|
||||
# Retention policy for backups
|
||||
retentionPolicy: "30d"
|
||||
# -- Number of data files to be archived or restored in parallel.
|
||||
jobs: 1
|
||||
|
||||
# Scheduled backup in cron format
|
||||
schedule: "0 0 0 * * *"
|
||||
# See https://cloudnative-pg.io/documentation/current/bootstrap/#bootstrap-from-a-live-cluster-pg_basebackup
|
||||
pgBaseBackup:
|
||||
|
||||
# -- Name of the database used by the application. Default: `app`.
|
||||
database: app
|
||||
|
||||
# -- Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch
|
||||
secret: ""
|
||||
|
||||
# -- Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key.
|
||||
owner: ""
|
||||
|
||||
# -- Configuration for the source database
|
||||
source:
|
||||
host: ""
|
||||
port: 5432
|
||||
username: ""
|
||||
database: "app"
|
||||
sslMode: "verify-full"
|
||||
passwordSecret:
|
||||
|
||||
# -- Whether to create a secret for the password
|
||||
create: false
|
||||
|
||||
# -- Name of the secret containing the password
|
||||
name: ""
|
||||
|
||||
# -- The key in the secret containing the password
|
||||
key: "password"
|
||||
|
||||
# -- The password value to use when creating the secret
|
||||
value: ""
|
||||
sslKeySecret:
|
||||
name: ""
|
||||
key: ""
|
||||
sslCertSecret:
|
||||
name: ""
|
||||
key: ""
|
||||
sslRootCertSecret:
|
||||
name: ""
|
||||
key: ""
|
||||
|
||||
# See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-Import
|
||||
import:
|
||||
|
||||
# -- One of `microservice` or `monolith.`
|
||||
# See: https://cloudnative-pg.io/documentation/current/database_import/#how-it-works
|
||||
type: "microservice"
|
||||
|
||||
# -- Databases to import
|
||||
databases: []
|
||||
|
||||
# -- Roles to import
|
||||
roles: []
|
||||
|
||||
# -- List of SQL queries to be executed as a superuser in the application database right after is imported.
|
||||
# To be used with extreme care. Only available in microservice type.
|
||||
postImportApplicationSQL: []
|
||||
|
||||
# -- When set to true, only the pre-data and post-data sections of pg_restore are invoked, avoiding data import.
|
||||
schemaOnly: false
|
||||
|
||||
# -- List of custom options to pass to the `pg_dump` command. IMPORTANT: Use these options with caution and at your
|
||||
# own risk, as the operator does not validate their content. Be aware that certain options may conflict with the
|
||||
# operator's intended functionality or design.
|
||||
pgDumpExtraOptions: []
|
||||
|
||||
# -- List of custom options to pass to the `pg_restore` command. IMPORTANT: Use these options with caution and at
|
||||
# your own risk, as the operator does not validate their content. Be aware that certain options may conflict with the
|
||||
# operator's intended functionality or design.
|
||||
pgRestoreExtraOptions: []
|
||||
|
||||
# -- Configuration for the source database
|
||||
source:
|
||||
host: ""
|
||||
port: 5432
|
||||
username: app
|
||||
database: app
|
||||
sslMode: "verify-full"
|
||||
passwordSecret:
|
||||
|
||||
# -- Whether to create a secret for the password
|
||||
create: false
|
||||
|
||||
# -- Name of the secret containing the password
|
||||
name: ""
|
||||
|
||||
# -- The key in the secret containing the password
|
||||
key: "password"
|
||||
|
||||
# -- The password value to use when creating the secret
|
||||
value: ""
|
||||
sslKeySecret:
|
||||
name: ""
|
||||
key: ""
|
||||
sslCertSecret:
|
||||
name: ""
|
||||
key: ""
|
||||
sslRootCertSecret:
|
||||
name: ""
|
||||
key: ""
|
||||
|
||||
# -- Backup settings
|
||||
backup:
|
||||
|
||||
# -- You need to configure backups manually, so backups are disabled by default.
|
||||
enabled: false
|
||||
|
||||
# -- Method to create backups, options currently are only objectStore
|
||||
method: objectStore
|
||||
|
||||
# -- Options for object store backups
|
||||
objectStore: []
|
||||
|
||||
# -
|
||||
# # -- Object store backup name
|
||||
# name: external
|
||||
|
||||
# # -- Overrides the provider specific default path. Defaults to:
|
||||
# # S3: s3://<bucket><path>
|
||||
# # Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path>
|
||||
# # Google: gs://<bucket><path>
|
||||
# destinationPath: ""
|
||||
|
||||
# # -- Overrides the provider specific default endpoint. Defaults to:
|
||||
# # https://nyc3.digitaloceanspaces.com
|
||||
# endpointURL: ""
|
||||
|
||||
# # -- Specifies a CA bundle to validate a privately signed certificate.
|
||||
# endpointCA:
|
||||
# # -- Creates a secret with the given value if true, otherwise uses an existing secret.
|
||||
# create: false
|
||||
|
||||
# name: ""
|
||||
# key: ""
|
||||
|
||||
# # -- Generate external cluster name, uses: {{ .Release.Name }}-postgresql-<major version>-backup-index-{{ index }}
|
||||
# index: 1
|
||||
|
||||
# # -- Override the name of the backup cluster, defaults to "cluster.name"
|
||||
# clusterName: ""
|
||||
|
||||
# # -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
|
||||
# endpointCredentials: ""
|
||||
|
||||
# # -- Retention policy for backups
|
||||
# retentionPolicy: "30d"
|
||||
|
||||
# # -- Specificies if this backup will do WALs
|
||||
# isWALArchiver: true
|
||||
|
||||
# # -- Storage
|
||||
# wal:
|
||||
|
||||
# # -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
|
||||
# compression: snappy
|
||||
|
||||
# # -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
|
||||
# encryption: ""
|
||||
|
||||
# # -- Number of WAL files to be archived or restored in parallel.
|
||||
# maxParallel: 1
|
||||
|
||||
# data:
|
||||
# # -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
|
||||
# compression: snappy
|
||||
|
||||
# # -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
|
||||
# encryption: ""
|
||||
|
||||
# # -- Number of data files to be archived or restored in parallel.
|
||||
# jobs: 1
|
||||
|
||||
# -- List of scheduled backups
|
||||
scheduledBackups: []
|
||||
|
||||
# -
|
||||
# # -- Scheduled backup name
|
||||
# name: daily-backup
|
||||
|
||||
# # -- Schedule in cron format
|
||||
# schedule: "0 0 */3 * *"
|
||||
|
||||
# # -- Start backup on deployment
|
||||
# immediate: false
|
||||
|
||||
# # -- Temporarily stop scheduled backups from running
|
||||
# suspend: false
|
||||
|
||||
# # -- Backup owner reference
|
||||
# backupOwnerReference: self
|
||||
|
||||
# # -- Backup method, can be `barman-cloud.cloudnative-pg.io` (default)
|
||||
# plugin: barman-cloud.cloudnative-pg.io
|
||||
|
||||
# # -- Name of backup target
|
||||
# backupName: external
|
||||
|
||||
# -- List of PgBouncer poolers
|
||||
poolers: []
|
||||
# -
|
||||
# # -- Pooler name
|
||||
# name: rw
|
||||
# # -- PgBouncer type of service to forward traffic to.
|
||||
# type: rw
|
||||
# # -- PgBouncer pooling mode
|
||||
# poolMode: transaction
|
||||
# # -- Number of PgBouncer instances
|
||||
# instances: 3
|
||||
# # -- PgBouncer configuration parameters
|
||||
# parameters:
|
||||
# max_client_conn: "1000"
|
||||
# default_pool_size: "25"
|
||||
# monitoring:
|
||||
# # -- Whether to enable monitoring
|
||||
# enabled: false
|
||||
# podMonitor:
|
||||
# # -- Whether to enable the PodMonitor
|
||||
# enabled: true
|
||||
# # -- Custom PgBouncer deployment template.
|
||||
# # Use to override image, specify resources, etc.
|
||||
# template: {}
|
||||
# -
|
||||
# # -- Pooler name
|
||||
# name: ro
|
||||
# # -- PgBouncer type of service to forward traffic to.
|
||||
# type: ro
|
||||
# # -- PgBouncer pooling mode
|
||||
# poolMode: transaction
|
||||
# # -- Number of PgBouncer instances
|
||||
# instances: 3
|
||||
# # -- PgBouncer configuration parameters
|
||||
# parameters:
|
||||
# max_client_conn: "1000"
|
||||
# default_pool_size: "25"
|
||||
# monitoring:
|
||||
# # -- Whether to enable monitoring
|
||||
# enabled: false
|
||||
# podMonitor:
|
||||
# # -- Whether to enable the PodMonitor
|
||||
# enabled: true
|
||||
# # -- Custom PgBouncer deployment template.
|
||||
# # Use to override image, specify resources, etc.
|
||||
# template: {}
|
||||
|
||||
@@ -6,35 +6,18 @@
|
||||
":rebaseStalePrs"
|
||||
],
|
||||
"timezone": "US/Central",
|
||||
"schedule": [
|
||||
"every weekday"
|
||||
],
|
||||
"schedule": [ "* */1 * * *" ],
|
||||
"labels": [],
|
||||
"prHourlyLimit": 0,
|
||||
"prConcurrentLimit": 0,
|
||||
"packageRules": [
|
||||
{
|
||||
"description": "Disables for non major Renovate version",
|
||||
"matchPaths": [
|
||||
".github/renovate-update-notification/Dockerfile"
|
||||
],
|
||||
"matchUpdateTypes": [
|
||||
"minor",
|
||||
"patch",
|
||||
"pin",
|
||||
"digest",
|
||||
"rollback"
|
||||
],
|
||||
"enabled": false
|
||||
},
|
||||
{
|
||||
"description": "Generate for major Renovate version",
|
||||
"matchPaths": [
|
||||
".github/renovate-update-notification/Dockerfile"
|
||||
],
|
||||
"matchUpdateTypes": [
|
||||
"major"
|
||||
"description": "Label charts",
|
||||
"matchDatasources": [
|
||||
"helm"
|
||||
],
|
||||
"addLabels": [
|
||||
"upgrade"
|
||||
"chart"
|
||||
],
|
||||
"automerge": false
|
||||
},
|
||||
@@ -46,19 +29,21 @@
|
||||
"addLabels": [
|
||||
"image"
|
||||
],
|
||||
"automerge": false,
|
||||
"minimumReleaseAge": "3 days"
|
||||
"automerge": false
|
||||
},
|
||||
{
|
||||
"description": "Label charts",
|
||||
"description": "CNPG image",
|
||||
"matchDepNames": [
|
||||
"ghcr.io/cloudnative-pg/postgresql"
|
||||
],
|
||||
"matchDatasources": [
|
||||
"helm"
|
||||
"docker"
|
||||
],
|
||||
"addLabels": [
|
||||
"chart"
|
||||
"image"
|
||||
],
|
||||
"automerge": false,
|
||||
"minimumReleaseAge": "3 days"
|
||||
"versioning": "deb"
|
||||
}
|
||||
]
|
||||
}
|
||||
Reference in New Issue
Block a user