Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-14 06:47:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/postgresql-ha] Add standard Bitnami parameters (#3797)

Browse Source 
* [bitnami/postgresql-ha] Add standard Bitnami parameters

* Extend the use of common

* Lint issues

* Lint
This commit is contained in:
Javier J. Salmerón-García
2020-10-08 10:24:41 +02:00
committed by GitHub
parent b5c34a1ed8
commit 8ee923ce98
26 changed files with 725 additions and 478 deletions
Download Patch File Download Diff File Expand all files Collapse all files

407
bitnami/postgresql-ha/README.md
View File

@@ -44,190 +44,213 @@ Additionaly, if `persistence.resourcePolicy` is set to `keep`, you should manual
The following table lists the configurable parameters of the PostgreSQL HA chart and the default values. They can be configured in `values.yaml` or set via `--set` flag during installation.
| Parameter | Description | Default |
| ---------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------ |
| **Global** | | |
| `global.imageRegistry` | Global Docker image registry | `nil` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `global.storageClass` | Global storage class for dynamic provisioning | `nil` |
| `global.postgresql.existingSecret` | Name of existing secret to use for PostgreSQL passwords (overrides `postgresql.existingSecret`) | `nil` |
| `global.postgresql.username` | PostgreSQL username (overrides `postgresql.username`) | `nil` |
| `global.postgresql.password` | PostgreSQL password (overrides `postgresql.password`) | `nil` |
| `global.postgresql.database` | PostgreSQL database (overrides `postgresql.database`) | `nil` |
| `global.postgresql.repmgrUsername` | PostgreSQL repmgr username (overrides `postgresql.repmgrUsername`) | `nil` |
| `global.postgresql.repmgrPassword` | PostgreSQL repmgr password (overrides `postgresql.repmgrpassword`) | `nil` |
| `global.postgresql.repmgrDatabase` | PostgreSQL repmgr database (overrides `postgresql.repmgrDatabase`) | `nil` |
| `global.ldap.existingSecret` | Name of existing secret to use for LDAP passwords (overrides `ldap.existingSecret`) | `nil` |
| `global.ldap.bindpw` | LDAP bind password (overrides `ldap.bindpw`) | `nil` |
| `global.pgpool.adminUsername` | Pgpool Admin username (overrides `pgpool.adminUsername`) | `nil` |
| `global.pgpool.adminPassword` | Pgpool Admin password (overrides `pgpool.adminPassword`) | `nil` |
| **General** | | |
| `nameOverride` | String to partially override postgres-ha.fullname template with a string | `nil` |
| `fullnameOverride` | String to fully override postgres-ha.fullname template with a string | `nil` |
| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` |
| **PostgreSQL with Repmgr** | | |
| `postgresqlImage.registry` | Registry for PostgreSQL with Repmgr image | `docker.io` |
| `postgresqlImage.repository` | Repository for PostgreSQL with Repmgr image | `bitnami/postgresql-repmgr` |
| `postgresqlImage.tag` | Tag for PostgreSQL with Repmgr image | `{TAG_NAME}` |
| `postgresqlImage.pullPolicy` | PostgreSQL with Repmgr image pull policy | `IfNotPresent` |
| `postgresqlImage.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `postgresqlImage.debug` | Specify if debug logs should be enabled | `false` |
| `postgresql.labels` | Map of labels to add to the statefulset. Evaluated as a template | `{}` |
| `postgresql.podLabels` | Map of labels to add to the pods. Evaluated as a template | `{}` |
| `postgresql.replicaCount` | The number of replicas to deploy | `2` |
| `postgresql.updateStrategyType` | Statefulset update strategy policy | `RollingUpdate` |
| `postgresql.podAnnotations` | Additional pod annotations | `{}` |
| `postgresql.affinity` | Map of node/pod affinities | `{}` (The value is evaluated as a template) |
| `postgresql.nodeSelector` | Node labels for pod assignment | `{}` (The value is evaluated as a template) |
| `postgresql.priorityClassName` | Pod priority class | `` |
| `postgresql.tolerations` | Tolerations for pod assignment | `[]` (The value is evaluated as a template) |
| `postgresql.securityContext.*` | Other pod security context to be included as-is in the pod spec | `{}` |
| `postgresql.securityContext.enabled` | Enable security context for PostgreSQL with Repmgr | `true` |
| `postgresql.securityContext.fsGroup` | Group ID for the PostgreSQL with Repmgr filesystem | `1001` |
| `postgresql.containerSecurityContext.*` | Other container security context to be included as-is in the container spec | `{}` |
| `postgrseql.containerSecurityContext.enabled` | Enable container security context | `true` |
| `postgresql.containerSecurityContext.runAsUser` | User ID for the PostgreSQL with Repmgr container | `1001` |
| `postgresql.resources` | The [resources] to allocate for container | `{}` |
| `postgresql.livenessProbe` | Liveness probe configuration for PostgreSQL with Repmgr | `Check values.yaml file` |
| `postgresql.readinessProbe` | Readiness probe configuration for PostgreSQL with Repmgr | `Check values.yaml file` |
| `postgresql.pdb.create` | If true, create a pod disruption budget for PostgreSQL with Repmgr pods | `false` |
| `postgresql.pdb.minAvailable` | Minimum number / percentage of pods that should remain scheduled | `1` |
| `postgresql.pdb.maxUnavailable` | Maximum number / percentage of pods that may be made unavailable | `nil` |
| `postgresql.username` | PostgreSQL username | `postgres` |
| `postgresql.password` | PostgreSQL password | `nil` |
| `postgresql.existingSecret` | Name of existing secret to use for PostgreSQL passwords | `nil` |
| `postgresql.postgresPassword` | PostgreSQL password for the `postgres` user when `username` is not `postgres` | `nil` |
| `postgresql.database` | PostgreSQL database | `postgres` |
| `postgresql.usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` |
| `postgresql.upgradeRepmgrExtension` | Upgrade repmgr extension in the database | `false` |
| `postgresql.pgHbaTrustAll` | Configures PostgreSQL HBA to trust every user | `false` |
| `postgresql.syncReplication` | Make the replication synchronous. This will wait until the data is synchronized in all the replicas before other query can be run. This ensures the data availability at the expenses of speed. | `false` |
| `postgresql.repmgrUsername` | PostgreSQL repmgr username | `repmgr` |
| `postgresql.repmgrPassword` | PostgreSQL repmgr password | `nil` |
| `postgresql.repmgrDatabase` | PostgreSQL repmgr database | `repmgr` |
| `postgresql.repmgrLogLevel` | Repmgr log level (DEBUG, INFO, NOTICE, WARNING, ERROR, ALERT, CRIT or EMERG) | `NOTICE` |
| `postgresql.repmgrConnectTimeout` | Repmgr backend connection timeout (in seconds) | `5` |
| `postgresql.repmgrReconnectAttempts` | Repmgr backend reconnection attempts | `3` |
| `postgresql.repmgrReconnectInterval` | Repmgr backend reconnection interval (in seconds) | `5` |
| `postgresql.repmgrConfiguration` | Repmgr Configuration | `nil` |
| `postgresql.configuration` | PostgreSQL Configuration | `nil` |
| `postgresql.pgHbaConfiguration` | Content of pg\_hba.conf | `nil (do not create pg_hba.conf)` |
| `postgresql.configurationCM` | ConfigMap with the PostgreSQL configuration files (Note: Overrides `postgresql.repmgrConfiguration`, `postgresql.configuration` and `postgresql.pgHbaConfiguration`) | `nil` (The value is evaluated as a template) |
| `postgresql.extendedConf` | Extended PostgreSQL Configuration (appended to main or default configuration) | `nil` |
| `postgresql.extendedConfCM` | ConfigMap with the extended PostgreSQL configuration files (Note: Overrides `postgresql.extendedConf`) | `nil` (The value is evaluated as a template) |
| `postgresql.initdbScripts` | Dictionary of initdb scripts | `nil` |
| `postgresql.initdbScriptsCM` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`). The value is evaluated as a template. | `nil` |
| `postgresql.initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with initdbScriptsCM or initdbScripts). The value is evaluated as a template. | `nil` |
| `postgresql.extraInitContainers` | Additional init containers to add to the postgresql pods. | `[]` |
| `postgresql.extraVolumeMounts` | Additional volume mounts to add to the postgresql pods. | `[]` |
| `postgresql.extraVolumes` | Additional volumes to add to the postgresql pods. | `[]` |
| **Pgpool** | | |
| `pgpoolImage.registry` | Registry for Pgpool | `docker.io` |
| `pgpoolImage.repository` | Repository for Pgpool | `bitnami/pgpool` |
| `pgpoolImage.tag` | Tag for Pgpool | `{TAG_NAME}` |
| `pgpoolImage.pullPolicy` | Pgpool image pull policy | `IfNotPresent` |
| `pgpoolImage.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `pgpoolImage.debug` | Specify if debug logs should be enabled | `false` |
| `pgpool.customUsers.usernames` | Comma or semicolon separeted list of postgres usernames to be added to pgpool_passwd | `nil` |
| `pgpool.customUsers.passwords` | Comma or semicolon separeted list of the associated passwords for the users to be added to pgpool_passwd | `nil` |
| `pgpool.customUsersSecret` | Name of a secret containing the usernames and passwords of accounts that will be added to pgpool_passwd | `nil` |
| `pgpool.srCheckDatabase` | Name of the database to perform streaming replication checks | `postgres` |
| `pgpool.labels` | Map of labels to add to the deployment. Evaluated as a template | `{}` |
| `pgpool.podLabels` | Map of labels to add to the pods. Evaluated as a template | `{}` |
| `pgpool.replicaCount` | The number of replicas to deploy | `1` |
| `pgpool.podAnnotations` | Additional pod annotations | `{}` |
| `pgpool.affinity` | Map of node/pod affinities | `{}` (The value is evaluated as a template) |
| `pgpool.initdbScripts` | Dictionary of initdb scripts | `nil` |
| `pgpool.initdbScriptsCM` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`). The value is evaluated as a template. | `nil` |
| `pgpool.initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with initdbScriptsCM or initdbScripts). The value is evaluated as a template. | `nil` |
| `pgpool.nodeSelector` | Node labels for pod assignment | `{}` (The value is evaluated as a template) |
| `pgpool.priorityClassName` | Pod priority class | `` |
| `pgpool.tolerations` | Tolerations for pod assignment | `[]` (The value is evaluated as a template) |
| `pgpool.securityContext.*` | Other pod security context to be included as-is in the pod spec | `{}` |
| `pgpool.securityContext.enabled` | Enable security context for Pgpool | `true` |
| `pgpool.securityContext.fsGroup` | Group ID for the Pgpool filesystem | `1001` |
| `pgpool.containerSecurityContext.*` | Other container security context to be included as-is in the container spec | `{}` |
| `pgpool.containerSecurityContext.enabled` | Enable container security context | `true` |
| `pgpool.containerSecurityContext.runAsUser` | User ID for the Pgpool container | `1001` |
| `pgpool.resources` | The [resources] to allocate for container | `{}` |
| `pgpool.livenessProbe` | Liveness probe configuration for Pgpool | `Check values.yaml file` |
| `pgpool.readinessProbe` | Readiness probe configuration for Pgpool | `Check values.yaml file` |
| `pgpool.pdb.create` | If true, create a pod disruption budget for Pgpool pods. | `false` |
| `pgpool.pdb.minAvailable` | Minimum number / percentage of pods that should remain scheduled | `1` |
| `pgpool.pdb.maxUnavailable` | Maximum number / percentage of pods that may be made unavailable | `nil` |
| `pgpool.updateStrategy` | Strategy used to replace old Pods by new ones | `{}` |
| `pgpool.minReadySeconds` | How many seconds a pod needs to be ready before killing the next, during update | `nil` |
| `pgpool.adminUsername` | Pgpool Admin username | `admin` |
| `pgpool.adminPassword` | Pgpool Admin password | `nil` |
| `pgpool.maxPool` | The maximum number of cached connections in each child process | `15` |
| `pgpool.numInitChildren` | The number of preforked Pgpool-II server processes. | `32` |
| `pgpool.configuration` | Content of pgpool.conf | `nil` |
| `pgpool.configurationCM` | ConfigMap with the Pgpool configuration file (Note: Overrides `pgpol.configuration`). The file used must be named `pgpool.conf`. | `nil` (The value is evaluated as a template) |
| `pgpool.useLoadBalancing` | If true, use Pgpool Load-Balancing | `true` |
| `pgpool.tls.enabled` | Enable TLS traffic support for end-client connections | `false` |
| `pgpool.tls.preferServerCiphers` | Whether to use the server's TLS cipher preferences rather than the client's | `true` |
| `pgpool.tls.certificatesSecret` | Name of an existing secret that contains the certificates | `nil` |
| `pgpool.tls.certFilename` | Certificate filename | `""` |
| `pgpool.tls.certKeyFilename` | Certificate key filename | `""` |
| `pgpool.tls.certCAFilename` | CA Certificate filename. If provided, PgPool will authenticate TLS/SSL clients by requesting them a certificate. |`nil` |
| **LDAP** | | |
| `ldap.enabled` | Enable LDAP support | `false` |
| `ldap.existingSecret` | Name of existing secret to use for LDAP passwords | `nil` |
| `ldap.uri` | LDAP URL beginning in the form `ldap[s]://<hostname>:<port>` | `nil` |
| `ldap.base` | LDAP base DN | `nil` |
| `ldap.binddn` | LDAP bind DN | `nil` |
| `ldap.bindpw` | LDAP bind password | `nil` |
| `ldap.bslookup` | LDAP base lookup | `nil` |
| `ldap.scope` | LDAP search scope | `nil` |
| `ldap.tlsReqcert` | LDAP TLS check on server certificates | `nil` |
| `ldap.nssInitgroupsIgnoreusers` | LDAP ignored users | `root,nslcd` |
| **Prometheus metrics** | | |
| `metricsImage.registry` | Registry for PostgreSQL Prometheus exporter | `docker.io` |
| `metricsImage.repository` | Repository for PostgreSQL Prometheus exporter | `bitnami/postgres-exporter` |
| `metricsImage.tag` | Tag for PostgreSQL Prometheus exporter | `{TAG_NAME}` |
| `metricsImage.pullPolicy` | PostgreSQL Prometheus exporter image pull policy | `IfNotPresent` |
| `metricsImage.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `metricsImage.debug` | Specify if debug logs should be enabled | `false` |
| `metrics.securityContext.*` | Other container security context to be included as-is in the container spec | `{}` |
| `metrics.securityContext.enabled` | Enable security context for PostgreSQL Prometheus exporter | `true` |
| `metrics.securityContext.runAsUser` | User ID for the PostgreSQL Prometheus exporter container | `1001` |
| `metrics.resources` | The [resources] to allocate for container | `{}` |
| `metrics.livenessProbe` | Liveness probe configuration for PostgreSQL Prometheus exporter | `Check values.yaml file` |
| `metrics.readinessProbe` | Readiness probe configuration for PostgreSQL Prometheus exporter | `Check values.yaml file` |
| `metrics.annotations` | Annotations for PostgreSQL Prometheus exporter service | `{prometheus.io/scrape: "true", prometheus.io/port: "9187"}` |
| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` |
| `metrics.serviceMonitor.namespace` | Optional namespace which Prometheus is running in | `nil` |
| `metrics.serviceMonitor.interval` | How frequently to scrape metrics (use by default, falling back to Prometheus' default) | `nil` |
| `metrics.serviceMonitor.selector` | Default to kube-prometheus install (CoreOS recommended), but should be set according to Prometheus install | `{prometheus: "kube-prometheus"}` |
| `metrics.serviceMonitor.relabelings` | ServiceMonitor relabelings. Value is evaluated as a template | `[]` |
| `metrics.serviceMonitor.metricRelabelings` | ServiceMonitor metricRelabelings. Value is evaluated as a template | `[]` |
| **Init Container to adapt volume permissions** | | |
| `volumePermissionsImage.registry` | Registry for Bitnami Minideb | `docker.io` |
| `volumePermissionsImage.repository` | Repository for Bitnami Minideb | `bitnami/minideb` |
| `volumePermissionsImage.tag` | Tag for Bitnami Minideb | `latest` |
| `volumePermissionsImage.pullPolicy` | Bitnami Minideb exporter image pull policy | `Always` |
| `volumePermissionsImage.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `volumePermissions.enabled` | Enable init container to adapt volume permissions | `false` |
| `volumePermissions.securityContext.*` | Other container security context to be included as-is in the container spec | `{}` |
| `volumePermissions.securityContext.runAsUser` | User ID for the Bitnami Minideb container | `0` |
| **Persistence** | | |
| `persistence.enabled` | Enable data persistence | `true` |
| `persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `nil` |
| `persistence.storageClass` | Specify the `storageClass` used to provision the volume | `nil` |
| `persistence.mountPath` | Path to mount data volume at | `nil` |
| `persistence.accessMode` | Access mode of data volume | `ReadWriteOnce` |
| `persistence.size` | Size of data volume | `8Gi` |
| `persistence.annotations` | Persistent Volume Claim annotations | `{}` |
| **Expose** | | |
| `service.type` | Kubernetes service type (`ClusterIP`, `NodePort` or `LoadBalancer`) | `ClusterIP` |
| `service.port` | PostgreSQL port | `5432` |
| `service.nodePort` | Kubernetes service nodePort | `nil` |
| `service.annotations` | Annotations for PostgreSQL service | `{}` |
| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` |
| `service.loadBalancerSourceRanges` | Address that are allowed when service is LoadBalancer | `[]` |
| `service.clusterIP` | Static clusterIP or None for headless services | `nil` |
| `networkPolicy.enabled` | Enable NetworkPolicy | `false` |
| `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
| Parameter | Description | Default |
|-------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------|
| **Global** | | |
| `global.imageRegistry` | Global Docker image registry | `nil` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `global.storageClass` | Global storage class for dynamic provisioning | `nil` |
| `global.postgresql.existingSecret` | Name of existing secret to use for PostgreSQL passwords (overrides `postgresql.existingSecret`) | `nil` |
| `global.postgresql.username` | PostgreSQL username (overrides `postgresql.username`) | `nil` |
| `global.postgresql.password` | PostgreSQL password (overrides `postgresql.password`) | `nil` |
| `global.postgresql.database` | PostgreSQL database (overrides `postgresql.database`) | `nil` |
| `global.postgresql.repmgrUsername` | PostgreSQL repmgr username (overrides `postgresql.repmgrUsername`) | `nil` |
| `global.postgresql.repmgrPassword` | PostgreSQL repmgr password (overrides `postgresql.repmgrpassword`) | `nil` |
| `global.postgresql.repmgrDatabase` | PostgreSQL repmgr database (overrides `postgresql.repmgrDatabase`) | `nil` |
| `global.ldap.existingSecret` | Name of existing secret to use for LDAP passwords (overrides `ldap.existingSecret`) | `nil` |
| `global.ldap.bindpw` | LDAP bind password (overrides `ldap.bindpw`) | `nil` |
| `global.pgpool.adminUsername` | Pgpool Admin username (overrides `pgpool.adminUsername`) | `nil` |
| `global.pgpool.adminPassword` | Pgpool Admin password (overrides `pgpool.adminPassword`) | `nil` |
| **General** | | |
| `commonLabels` | Labels to add to all deployed objects | `nil` |
| `commonAnnotations` | Annotations to add to all deployed objects | `[]` |
| `nameOverride` | String to partially override postgres-ha.fullname template with a string | `nil` |
| `fullnameOverride` | String to fully override postgres-ha.fullname template with a string | `nil` |
| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` |
| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template). | `nil` |
| **PostgreSQL with Repmgr** | | |
| `postgresqlImage.registry` | Registry for PostgreSQL with Repmgr image | `docker.io` |
| `postgresqlImage.repository` | Repository for PostgreSQL with Repmgr image | `bitnami/postgresql-repmgr` |
| `postgresqlImage.tag` | Tag for PostgreSQL with Repmgr image | `{TAG_NAME}` |
| `postgresqlImage.pullPolicy` | PostgreSQL with Repmgr image pull policy | `IfNotPresent` |
| `postgresqlImage.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `postgresqlImage.debug` | Specify if debug logs should be enabled | `false` |
| `postgresql.labels` | Map of labels to add to the statefulset. Evaluated as a template | `{}` |
| `postgresql.podLabels` | Map of labels to add to the pods. Evaluated as a template | `{}` |
| `postgresql.replicaCount` | The number of replicas to deploy | `2` |
| `postgresql.updateStrategyType` | Statefulset update strategy policy | `RollingUpdate` |
| `postgresql.podAnnotations` | Additional pod annotations | `{}` |
| `postgresql.affinity` | Map of node/pod affinities | `{}` (The value is evaluated as a template) |
| `postgresql.nodeSelector` | Node labels for pod assignment | `{}` (The value is evaluated as a template) |
| `postgresql.priorityClassName` | Pod priority class | `` |
| `postgresql.tolerations` | Tolerations for pod assignment | `[]` (The value is evaluated as a template) |
| `postgresql.securityContext.*` | Other pod security context to be included as-is in the pod spec | `{}` |
| `postgresql.securityContext.enabled` | Enable security context for PostgreSQL with Repmgr | `true` |
| `postgresql.securityContext.fsGroup` | Group ID for the PostgreSQL with Repmgr filesystem | `1001` |
| `postgresql.containerSecurityContext.*` | Other container security context to be included as-is in the container spec | `{}` |
| `postgresql.containerSecurityContext.enabled` | Enable container security context | `true` |
| `postgresql.containerSecurityContext.runAsUser` | User ID for the PostgreSQL with Repmgr container | `1001` |
| `postgresql.resources` | The [resources] to allocate for container | `{}` |
| `postgresql.livenessProbe` | Liveness probe configuration for PostgreSQL with Repmgr | `Check values.yaml file` |
| `postgresql.readinessProbe` | Readiness probe configuration for PostgreSQL with Repmgr | `Check values.yaml file` |
| `postgresql.customLivenessProbe` | Override default liveness probe | `nil` |
| `postgresql.customReadinessProbe` | Override default readiness probe | `nil` |
| `postgresql.extraVolumeMounts` | Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`. | `nil` |
| `postgresql.sidecars` | Attach additional containers to the pod (evaluated as a template) | `nil` |
| `postgresql.initContainers` | Add additional init containers to the pod (evaluated as a template) | `nil` |
| `postgresql.extraEnvVars` | Array containing extra env vars | `nil` |
| `postgresql.extraEnvVarsCM` | ConfigMap containing extra env vars | `nil` |
| `postgresql.extraEnvVarsSecret` | Secret containing extra env vars (in case of sensitive data) | `nil` |
| `postgresql.command` | Override default container command (useful when using custom images) | `nil` |
| `postgresql.args` | Override default container args (useful when using custom images) | `nil` |
| `postgresql.lifecycleHooks` | LifecycleHook to set additional configuration at startup, e.g. LDAP settings via REST API. Evaluated as a template | `` |
| `postgresql.pdb.create` | If true, create a pod disruption budget for PostgreSQL with Repmgr pods | `false` |
| `postgresql.pdb.minAvailable` | Minimum number / percentage of pods that should remain scheduled | `1` |
| `postgresql.pdb.maxUnavailable` | Maximum number / percentage of pods that may be made unavailable | `nil` |
| `postgresql.username` | PostgreSQL username | `postgres` |
| `postgresql.password` | PostgreSQL password | `nil` |
| `postgresql.existingSecret` | Name of existing secret to use for PostgreSQL passwords | `nil` |
| `postgresql.postgresPassword` | PostgreSQL password for the `postgres` user when `username` is not `postgres` | `nil` |
| `postgresql.database` | PostgreSQL database | `postgres` |
| `postgresql.usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` |
| `postgresql.upgradeRepmgrExtension` | Upgrade repmgr extension in the database | `false` |
| `postgresql.pgHbaTrustAll` | Configures PostgreSQL HBA to trust every user | `false` |
| `postgresql.syncReplication` | Make the replication synchronous. This will wait until the data is synchronized in all the replicas before other query can be run. This ensures the data availability at the expenses of speed. | `false` |
| `postgresql.repmgrUsername` | PostgreSQL repmgr username | `repmgr` |
| `postgresql.repmgrPassword` | PostgreSQL repmgr password | `nil` |
| `postgresql.repmgrDatabase` | PostgreSQL repmgr database | `repmgr` |
| `postgresql.repmgrLogLevel` | Repmgr log level (DEBUG, INFO, NOTICE, WARNING, ERROR, ALERT, CRIT or EMERG) | `NOTICE` |
| `postgresql.repmgrConnectTimeout` | Repmgr backend connection timeout (in seconds) | `5` |
| `postgresql.repmgrReconnectAttempts` | Repmgr backend reconnection attempts | `3` |
| `postgresql.repmgrReconnectInterval` | Repmgr backend reconnection interval (in seconds) | `5` |
| `postgresql.repmgrConfiguration` | Repmgr Configuration | `nil` |
| `postgresql.configuration` | PostgreSQL Configuration | `nil` |
| `postgresql.pgHbaConfiguration` | Content of pg\_hba.conf | `nil (do not create pg_hba.conf)` |
| `postgresql.configurationCM` | ConfigMap with the PostgreSQL configuration files (Note: Overrides `postgresql.repmgrConfiguration`, `postgresql.configuration` and `postgresql.pgHbaConfiguration`) | `nil` (The value is evaluated as a template) |
| `postgresql.extendedConf` | Extended PostgreSQL Configuration (appended to main or default configuration) | `nil` |
| `postgresql.extendedConfCM` | ConfigMap with the extended PostgreSQL configuration files (Note: Overrides `postgresql.extendedConf`) | `nil` (The value is evaluated as a template) |
| `postgresql.initdbScripts` | Dictionary of initdb scripts | `nil` |
| `postgresql.initdbScriptsCM` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`). The value is evaluated as a template. | `nil` |
| `postgresql.initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with initdbScriptsCM or initdbScripts). The value is evaluated as a template. | `nil` |
| **Pgpool** | | |
| `pgpoolImage.registry` | Registry for Pgpool | `docker.io` |
| `pgpoolImage.repository` | Repository for Pgpool | `bitnami/pgpool` |
| `pgpoolImage.tag` | Tag for Pgpool | `{TAG_NAME}` |
| `pgpoolImage.pullPolicy` | Pgpool image pull policy | `IfNotPresent` |
| `pgpoolImage.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `pgpoolImage.debug` | Specify if debug logs should be enabled | `false` |
| `pgpool.customUsers.usernames` | Comma or semicolon separeted list of postgres usernames to be added to pgpool_passwd | `nil` |
| `pgpool.customUsers.passwords` | Comma or semicolon separeted list of the associated passwords for the users to be added to pgpool_passwd | `nil` |
| `pgpool.customUsersSecret` | Name of a secret containing the usernames and passwords of accounts that will be added to pgpool_passwd | `nil` |
| `pgpool.srCheckDatabase` | Name of the database to perform streaming replication checks | `postgres` |
| `pgpool.labels` | Map of labels to add to the deployment. Evaluated as a template | `{}` |
| `pgpool.podLabels` | Map of labels to add to the pods. Evaluated as a template | `{}` |
| `pgpool.replicaCount` | The number of replicas to deploy | `1` |
| `pgpool.customLivenessProbe` | Override default liveness probe | `nil` |
| `pgpool.customReadinessProbe` | Override default readiness probe | `nil` |
| `pgpool.extraVolumeMounts` | Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`. | `nil` |
| `pgpool.sidecars` | Attach additional containers to the pod (evaluated as a template) | `nil` |
| `pgpool.initContainers` | Add additional init containers to the pod (evaluated as a template) | `nil` |
| `pgpool.extraEnvVars` | Array containing extra env vars | `nil` |
| `pgpool.extraEnvVarsCM` | ConfigMap containing extra env vars | `nil` |
| `pgpool.extraEnvVarsSecret` | Secret containing extra env vars (in case of sensitive data) | `nil` |
| `pgpool.command` | Override default container command (useful when using custom images) | `nil` |
| `pgpool.args` | Override default container args (useful when using custom images) | `nil` |
| `pgpool.lifecycleHooks` | LifecycleHook to set additional configuration at startup, e.g. LDAP settings via REST API. Evaluated as a template | `` |
| `pgpool.podAnnotations` | Additional pod annotations | `{}` |
| `pgpool.affinity` | Map of node/pod affinities | `{}` (The value is evaluated as a template) |
| `pgpool.initdbScripts` | Dictionary of initdb scripts | `nil` |
| `pgpool.initdbScriptsCM` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`). The value is evaluated as a template. | `nil` |
| `pgpool.initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with initdbScriptsCM or initdbScripts). The value is evaluated as a template. | `nil` |
| `pgpool.nodeSelector` | Node labels for pod assignment | `{}` (The value is evaluated as a template) |
| `pgpool.priorityClassName` | Pod priority class | `` |
| `pgpool.tolerations` | Tolerations for pod assignment | `[]` (The value is evaluated as a template) |
| `pgpool.securityContext.*` | Other pod security context to be included as-is in the pod spec | `{}` |
| `pgpool.securityContext.enabled` | Enable security context for Pgpool | `true` |
| `pgpool.securityContext.fsGroup` | Group ID for the Pgpool filesystem | `1001` |
| `pgpool.containerSecurityContext.*` | Other container security context to be included as-is in the container spec | `{}` |
| `pgpool.containerSecurityContext.enabled` | Enable container security context | `true` |
| `pgpool.containerSecurityContext.runAsUser` | User ID for the Pgpool container | `1001` |
| `pgpool.resources` | The [resources] to allocate for container | `{}` |
| `pgpool.livenessProbe` | Liveness probe configuration for Pgpool | `Check values.yaml file` |
| `pgpool.readinessProbe` | Readiness probe configuration for Pgpool | `Check values.yaml file` |
| `pgpool.pdb.create` | If true, create a pod disruption budget for Pgpool pods. | `false` |
| `pgpool.pdb.minAvailable` | Minimum number / percentage of pods that should remain scheduled | `1` |
| `pgpool.pdb.maxUnavailable` | Maximum number / percentage of pods that may be made unavailable | `nil` |
| `pgpool.updateStrategy` | Strategy used to replace old Pods by new ones | `{}` |
| `pgpool.minReadySeconds` | How many seconds a pod needs to be ready before killing the next, during update | `nil` |
| `pgpool.adminUsername` | Pgpool Admin username | `admin` |
| `pgpool.adminPassword` | Pgpool Admin password | `nil` |
| `pgpool.maxPool` | The maximum number of cached connections in each child process | `15` |
| `pgpool.numInitChildren` | The number of preforked Pgpool-II server processes. | `32` |
| `pgpool.configuration` | Content of pgpool.conf | `nil` |
| `pgpool.configurationCM` | ConfigMap with the Pgpool configuration file (Note: Overrides `pgpol.configuration`). The file used must be named `pgpool.conf`. | `nil` (The value is evaluated as a template) |
| `pgpool.useLoadBalancing` | If true, use Pgpool Load-Balancing | `true` |
| `pgpool.tls.enabled` | Enable TLS traffic support for end-client connections | `false` |
| `pgpool.tls.preferServerCiphers` | Whether to use the server's TLS cipher preferences rather than the client's | `true` |
| `pgpool.tls.certificatesSecret` | Name of an existing secret that contains the certificates | `nil` |
| `pgpool.tls.certFilename` | Certificate filename | `""` |
| `pgpool.tls.certKeyFilename` | Certificate key filename | `""` |
| `pgpool.tls.certCAFilename` | CA Certificate filename. If provided, PgPool will authenticate TLS/SSL clients by requesting them a certificate. | `nil` |
| **LDAP** | | |
| `ldap.enabled` | Enable LDAP support | `false` |
| `ldap.existingSecret` | Name of existing secret to use for LDAP passwords | `nil` |
| `ldap.uri` | LDAP URL beginning in the form `ldap[s]://<hostname>:<port>` | `nil` |
| `ldap.base` | LDAP base DN | `nil` |
| `ldap.binddn` | LDAP bind DN | `nil` |
| `ldap.bindpw` | LDAP bind password | `nil` |
| `ldap.bslookup` | LDAP base lookup | `nil` |
| `ldap.scope` | LDAP search scope | `nil` |
| `ldap.tlsReqcert` | LDAP TLS check on server certificates | `nil` |
| `ldap.nssInitgroupsIgnoreusers` | LDAP ignored users | `root,nslcd` |
| **Prometheus metrics** | | |
| `metricsImage.registry` | Registry for PostgreSQL Prometheus exporter | `docker.io` |
| `metricsImage.repository` | Repository for PostgreSQL Prometheus exporter | `bitnami/postgres-exporter` |
| `metricsImage.tag` | Tag for PostgreSQL Prometheus exporter | `{TAG_NAME}` |
| `metricsImage.pullPolicy` | PostgreSQL Prometheus exporter image pull policy | `IfNotPresent` |
| `metricsImage.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `metricsImage.debug` | Specify if debug logs should be enabled | `false` |
| `metrics.securityContext.*` | Other container security context to be included as-is in the container spec | `{}` |
| `metrics.securityContext.enabled` | Enable security context for PostgreSQL Prometheus exporter | `true` |
| `metrics.securityContext.runAsUser` | User ID for the PostgreSQL Prometheus exporter container | `1001` |
| `metrics.resources` | The [resources] to allocate for container | `{}` |
| `metrics.livenessProbe` | Liveness probe configuration for PostgreSQL Prometheus exporter | `Check values.yaml file` |
| `metrics.readinessProbe` | Readiness probe configuration for PostgreSQL Prometheus exporter | `Check values.yaml file` |
| `metrics.annotations` | Annotations for PostgreSQL Prometheus exporter service | `{prometheus.io/scrape: "true", prometheus.io/port: "9187"}` |
| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` |
| `metrics.serviceMonitor.namespace` | Optional namespace which Prometheus is running in | `nil` |
| `metrics.serviceMonitor.interval` | How frequently to scrape metrics (use by default, falling back to Prometheus' default) | `nil` |
| `metrics.serviceMonitor.selector` | Default to kube-prometheus install (CoreOS recommended), but should be set according to Prometheus install | `{prometheus: "kube-prometheus"}` |
| `metrics.serviceMonitor.relabelings` | ServiceMonitor relabelings. Value is evaluated as a template | `[]` |
| `metrics.serviceMonitor.metricRelabelings` | ServiceMonitor metricRelabelings. Value is evaluated as a template | `[]` |
| **Init Container to adapt volume permissions** | | |
| `volumePermissionsImage.registry` | Registry for Bitnami Minideb | `docker.io` |
| `volumePermissionsImage.repository` | Repository for Bitnami Minideb | `bitnami/minideb` |
| `volumePermissionsImage.tag` | Tag for Bitnami Minideb | `latest` |
| `volumePermissionsImage.pullPolicy` | Bitnami Minideb exporter image pull policy | `Always` |
| `volumePermissionsImage.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `volumePermissions.enabled` | Enable init container to adapt volume permissions | `false` |
| `volumePermissions.securityContext.*` | Other container security context to be included as-is in the container spec | `{}` |
| `volumePermissions.securityContext.enabled` | Enable security context for Bitnami Minideb | `false` |
| `volumePermissions.securityContext.runAsUser` | User ID for the Bitnami Minideb container | `0` |
| **Persistence** | | |
| `persistence.enabled` | Enable data persistence | `true` |
| `persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `nil` |
| `persistence.storageClass` | Specify the `storageClass` used to provision the volume | `nil` |
| `persistence.mountPath` | Path to mount data volume at | `nil` |
| `persistence.accessMode` | Access mode of data volume | `ReadWriteOnce` |
| `persistence.size` | Size of data volume | `8Gi` |
| `persistence.annotations` | Persistent Volume Claim annotations | `{}` |
| **Expose** | | |
| `service.type` | Kubernetes service type (`ClusterIP`, `NodePort` or `LoadBalancer`) | `ClusterIP` |
| `service.port` | PostgreSQL port | `5432` |
| `service.nodePort` | Kubernetes service nodePort | `nil` |
| `service.annotations` | Annotations for PostgreSQL service | `{}` |
| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` |
| `service.loadBalancerSourceRanges` | Address that are allowed when service is LoadBalancer | `[]` |
| `service.clusterIP` | Static clusterIP or None for headless services | `nil` |
| `networkPolicy.enabled` | Enable NetworkPolicy | `false` |
| `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
@@ -281,6 +304,22 @@ To horizontally scale this chart, you can use the `--replicaCount` flag to modif
To modify the PostgreSQL version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/postgresql-repmgr/tags/) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters.
### Use a volume for /dev/shm
When working with huge databeses, `/dev/shm` can run out of space. A way to fix this is to use the `postgresql.extraVolumes` and `postgresql.extraVolumeMounts` values. In the example below, we set an `emptyDir` volume with 512Mb:
```yaml
postgresql:
extraVolumes:
- name: dshm
emptyDir: {}
medium: Memory
sizeLimit: 512Mi
extraVolumeMounts:
- name: dshm
mountPath: /dev/shm
```
### Configure the way how to expose PostgreSQL
- **ClusterIP**: Exposes the service on a cluster-internal IP. Choosing this value makes the service only reachable from within the cluster. Set `service.type=ClusterIP` to choose this service type.