Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-05 14:57:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

Synchronize upstreamed folder to 89cb1e0a8

Browse Source
This commit is contained in:
bitnami-bot
2020-02-05 12:35:12 +00:00
parent d4446eca53
commit 69e0bc91aa
6 changed files with 48 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
upstreamed/postgresql/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v1
name: postgresql
version: 8.2.1
version: 8.3.0
appVersion: 11.6.0
description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance.
keywords:

5
upstreamed/postgresql/README.md
View File

@@ -70,7 +70,7 @@ The following tables lists the configurable parameters of the PostgreSQL chart a
| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag | `stretch` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` |
| `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` |
| `volumePermissions.securityContext.runAsUser` | User ID for the init container (when facing issues in OpenShift or uid unknown, try value "auto") | `0` |
| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` |
| `ldap.enabled` | Enable LDAP support | `false` |
| `ldap.existingSecret` | Name of existing secret to use for LDAP passwords | `nil` |
@@ -121,6 +121,7 @@ The following tables lists the configurable parameters of the PostgreSQL chart a
| `service.loadBalancerSourceRanges` | Address that are allowed when svc is LoadBalancer | [] |
| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` |
| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for master and slave(s) Pod(s) | `true` |
| `shmVolume.chmod.enabled` | Run at init chmod 777 of the /dev/shm (when shmVolume.enabled is also true) | `true` |
| `persistence.enabled` | Enable persistence using PVC | `true` |
| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template. | `nil` |
| `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` |
@@ -377,6 +378,8 @@ This label will be displayed in the output of a successful install.
- The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image.
- The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift.
- For OpenShift, one may either define the runAsUser and fsGroup accordingly, or try this more dynamic option: volumePermissions.securityContext.runAsUser="auto",securityContext.enabled=false,shmVolume.chmod.enabled=false
### Deploy chart using Docker Official PostgreSQL Image

15
upstreamed/postgresql/templates/statefulset-slaves.yaml
View File

@@ -77,17 +77,26 @@ spec:
{{- end }}
command:
- /bin/sh
- -c
- -cx
- |
echo "current user id: `id`"
mkdir -p {{ .Values.persistence.mountPath }}/data
chmod 700 {{ .Values.persistence.mountPath }}/data
find {{ .Values.persistence.mountPath }} -mindepth 0 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \
find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
xargs chown -R `id -u`:`id -G | cut -d " " -f2`
{{- else }}
xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }}
{{- if .Values.shmVolume.enabled }}
{{- end }}
{{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }}
chmod -R 777 /dev/shm
{{- end }}
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
securityContext:
{{- else }}
securityContext:
runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }}
{{- end }}
volumeMounts:
- name: data
mountPath: {{ .Values.persistence.mountPath }}

15
upstreamed/postgresql/templates/statefulset.yaml
View File

@@ -81,17 +81,26 @@ spec:
{{- end }}
command:
- /bin/sh
- -c
- -cx
- |
echo "current user id: `id`"
mkdir -p {{ .Values.persistence.mountPath }}/data
chmod 700 {{ .Values.persistence.mountPath }}/data
find {{ .Values.persistence.mountPath }} -mindepth 0 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \
find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
xargs chown -R `id -u`:`id -G | cut -d " " -f2`
{{- else }}
xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }}
{{- if .Values.shmVolume.enabled }}
{{- end }}
{{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }}
chmod -R 777 /dev/shm
{{- end }}
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
securityContext:
{{- else }}
securityContext:
runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }}
{{- end }}
volumeMounts:
- name: data
mountPath: {{ .Values.persistence.mountPath }}

9
upstreamed/postgresql/values-production.yaml
View File

@@ -63,6 +63,13 @@ volumePermissions:
# pullSecrets:
# - myRegistryKeySecretName
## Init container Security Context
## Note: the chown of the data folder is done to securityContext.runAsUser
## and not the below volumePermissions.securityContext.runAsUser
## When runAsUser is set to special value "auto", init container will try to chwon the
## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed).
## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with
## pod securityContext.enabled=false and shmVolume.chmod.enabled=false .
securityContext:
runAsUser: 0
@@ -263,6 +270,8 @@ service:
## this limitation.
shmVolume:
enabled: true
chmod:
enabled: true
## PostgreSQL data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>

10
upstreamed/postgresql/values.yaml
View File

@@ -63,6 +63,13 @@ volumePermissions:
# pullSecrets:
# - myRegistryKeySecretName
## Init container Security Context
## Note: the chown of the data folder is done to securityContext.runAsUser
## and not the below volumePermissions.securityContext.runAsUser
## When runAsUser is set to special value "auto", init container will try to chwon the
## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed).
## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with
## pod securityContext.enabled=false and shmVolume.chmod.enabled=false .
securityContext:
runAsUser: 0
@@ -261,8 +268,11 @@ service:
## If this option is present and value is `true`,
## to the target database pod will be mounted a new tmpfs volume to remove
## this limitation.
## If chmod.enabled is `true`, init container will chmod 777 `/dev/shm`.
shmVolume:
enabled: true
chmod:
enabled: true
## PostgreSQL data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>