blob: fa25a421582eaf8633fbbe0c1f4f712097a3d365 [file] [log] [blame]
{{/*
# Copyright © 2018 Amdocs, AT&T, Bell Canada
# Copyright © 2020 Samsung Electronics
# Copyright © 2021 Orange
# Modifications Copyright (C) 2021 Bell Canada.
# #
# # Licensed under the Apache License, Version 2.0 (the "License");
# # you may not use this file except in compliance with the License.
# # You may obtain a copy of the License at
# #
# # http://www.apache.org/licenses/LICENSE-2.0
# #
# # Unless required by applicable law or agreed to in writing, software
# # distributed under the License is distributed on an "AS IS" BASIS,
# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# # See the License for the specific language governing permissions and
# # limitations under the License.
*/}}
{{- define "common.postgres.deployment" -}}
{{- $dot := .dot }}
{{- $pgMode := .pgMode }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" $dot }}-{{ $pgMode }}
namespace: {{ include "common.namespace" $dot }}
labels:
app: {{ include "common.name" $dot }}-{{ $pgMode }}
app.kubernetes.io/name: {{ include "common.name" $dot }}-{{ $pgMode }}
{{- if $dot.Chart.AppVersion }}
version: "{{ $dot.Chart.AppVersion | replace "+" "_" }}"
{{- else }}
version: "{{ $dot.Chart.Version | replace "+" "_" }}"
{{- end }}
chart: {{ $dot.Chart.Name }}-{{ $dot.Chart.Version | replace "+" "_" }}
release: {{ include "common.release" $dot }}
heritage: {{ $dot.Release.Service }}
name: "{{ index $dot.Values "container" "name" $pgMode }}"
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: {{ include "common.name" $dot }}-{{ $pgMode }}
template:
metadata:
labels:
app: {{ include "common.name" $dot }}-{{ $pgMode }}
app.kubernetes.io/name: {{ include "common.name" $dot }}-{{ $pgMode }}
{{- if $dot.Chart.AppVersion }}
version: "{{ $dot.Chart.AppVersion | replace "+" "_" }}"
{{- else }}
version: "{{ $dot.Chart.Version | replace "+" "_" }}"
{{- end }}
release: {{ include "common.release" $dot }}
name: "{{ index $dot.Values "container" "name" $pgMode }}"
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" $dot }}-docker-registry-key"
initContainers:
- command:
- sh
args:
- -c
- |
function prepare_password {
echo -n $1 | sed -e "s/'/''/g"
}
export PG_PRIMARY_PASSWORD=`prepare_password $PG_PRIMARY_PASSWORD_INPUT`;
export PG_PASSWORD=`prepare_password $PG_PASSWORD_INPUT`;
export PG_ROOT_PASSWORD=`prepare_password $PG_ROOT_PASSWORD_INPUT`;
cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done
env:
- name: PG_PRIMARY_USER
value: primaryuser
- name: MODE
value: postgres
- name: PG_PRIMARY_PASSWORD_INPUT
{{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
- name: PG_USER
{{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
- name: PG_PASSWORD_INPUT
{{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
- name: PG_DATABASE
value: "{{ $dot.Values.config.pgDatabase }}"
- name: PG_ROOT_PASSWORD_INPUT
{{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input/setup.sql
name: config
subPath: setup.sql
- mountPath: /config
name: pgconf
image: {{ include "repositoryGenerator.image.envsubst" $dot }}
imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
name: {{ include "common.name" $dot }}-update-config
- name: init-sysctl
command:
- /bin/sh
- -c
- |
chown 26:26 /podroot/;
chmod 700 /podroot/;
image: {{ include "repositoryGenerator.image.busybox" $dot }}
imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" $dot }}-data
mountPath: /podroot/
containers:
- name: {{ include "common.name" $dot }}
image: {{ include "repositoryGenerator.image.postgres" $dot }}
imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
ports:
- containerPort: {{ $dot.Values.service.internalPort }}
name: {{ $dot.Values.service.portName }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq $dot.Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
port: {{ $dot.Values.service.internalPort }}
initialDelaySeconds: {{ $dot.Values.liveness.initialDelaySeconds }}
periodSeconds: {{ $dot.Values.liveness.periodSeconds }}
timeoutSeconds: {{ $dot.Values.liveness.timeoutSeconds }}
{{- end }}
readinessProbe:
tcpSocket:
port: {{ $dot.Values.service.internalPort }}
initialDelaySeconds: {{ $dot.Values.readiness.initialDelaySeconds }}
periodSeconds: {{ $dot.Values.readiness.periodSeconds }}
env:
- name: PGHOST
value: /tmp
- name: PG_PRIMARY_USER
value: primaryuser
- name: MODE
value: postgres
- name: PG_MODE
value: {{ $pgMode }}
- name: PG_PRIMARY_HOST
value: "{{ $dot.Values.service.name2 }}"
- name: PG_REPLICA_HOST
value: "{{ $dot.Values.service.name3 }}"
- name: PG_PRIMARY_PORT
value: "{{ $dot.Values.service.internalPort }}"
- name: PG_PRIMARY_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
- name: PG_USER
{{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
- name: PG_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
- name: PG_DATABASE
value: "{{ $dot.Values.config.pgDatabase }}"
- name: PG_ROOT_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
- name: PGDATA_PATH_OVERRIDE
value: "{{ $dot.Values.config.pgDataPath }}"
volumeMounts:
- name: config
mountPath: /pgconf/pool_hba.conf
subPath: pool_hba.conf
- name: pgconf
mountPath: /pgconf/setup.sql
subPath: setup.sql
- mountPath: /pgdata
name: {{ include "common.fullname" $dot }}-data
- mountPath: /backup
name: {{ include "common.fullname" $dot }}-backup
readOnly: true
resources: {{ include "common.resources" $dot | nindent 10 }}
{{- if (default false $dot.Values.metrics.enabled) }}
- name: {{ include "common.name" $dot }}-metrics
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ $dot.Values.metrics.image }}
imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.metrics.pullPolicy | quote}}
env:
- name: POSTGRES_METRICS_EXTRA_FLAGS
value: {{ default "" (join " " $dot.Values.metrics.extraFlags) | quote }}
- name: DATA_SOURCE_USER
value: "{{ $dot.Values.metrics.postgresUser }}"
- name: DATA_SOURCE_PASS
{{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 12 }}
command:
- sh
- -c
- |
DATA_SOURCE_URI="127.0.0.1:5432/?sslmode=disable" ./bin/postgres_exporter $POSTGRES_METRICS_EXTRA_FLAGS
ports:
{{- range $index, $metricPort := $dot.Values.metrics.ports }}
- name: {{ $metricPort.name }}
containerPort: {{ $metricPort.port }}
protocol: TCP
{{- end }}
livenessProbe:
httpGet:
path: /metrics
port: tcp-metrics
initialDelaySeconds: {{ $dot.Values.metrics.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ $dot.Values.metrics.livenessProbe.periodSeconds }}
timeoutSeconds: {{ $dot.Values.metrics.livenessProbe.timeoutSeconds }}
successThreshold: {{ $dot.Values.metrics.livenessProbe.successThreshold }}
failureThreshold: {{ $dot.Values.metrics.livenessProbe.failureThreshold }}
readinessProbe:
httpGet:
path: /metrics
port: tcp-metrics
initialDelaySeconds: {{ $dot.Values.metrics.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ $dot.Values.metrics.readinessProbe.periodSeconds }}
timeoutSeconds: {{ $dot.Values.metrics.readinessProbe.timeoutSeconds }}
successThreshold: {{ $dot.Values.metrics.readinessProbe.successThreshold }}
failureThreshold: {{ $dot.Values.metrics.readinessProbe.failureThreshold }}
{{ include "common.containerSecurityContext" $dot | indent 10 | trim }}
resources: {{- toYaml $dot.Values.metrics.resources | nindent 12 }}
{{ end }}
{{- if $dot.Values.nodeSelector }}
nodeSelector:
{{ toYaml $dot.Values.nodeSelector | indent 10 }}
{{- end -}}
{{- if $dot.Values.affinity }}
affinity:
{{ toYaml $dot.Values.affinity | indent 10 }}
{{- end }}
volumes:
- name: localtime
hostPath:
path: /etc/localtime
- name: {{ include "common.fullname" $dot }}-backup
emptyDir: {}
- name: {{ include "common.fullname" $dot }}-data
{{- if $dot.Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ include "common.fullname" $dot }}-{{ $pgMode }}
{{- else }}
emptyDir: {}
{{ end }}
- name: config
configMap:
name: {{ include "common.fullname" $dot }}
- name: pgconf
emptyDir:
medium: Memory
{{- end -}}