From 97fee8da2c7d968aa37ab5729535fc4b438f5034 Mon Sep 17 00:00:00 2001 From: Steven Sheehy <17552371+steven-sheehy@users.noreply.github.com> Date: Thu, 9 Apr 2020 02:57:25 -0500 Subject: [PATCH] [bitnami/postgresql-ha] Add labels and init DB scripts secret (#2225) * [bitnami/postgresql-ha] Add labels and init DB scripts secret Signed-off-by: Steven Sheehy --- bitnami/postgresql-ha/Chart.yaml | 2 +- bitnami/postgresql-ha/README.md | 14 +++++++-- bitnami/postgresql-ha/templates/_helpers.tpl | 18 +++++++++++ .../templates/pgpool/deployment.yaml | 15 ++++++++++ .../templates/postgresql/statefulset.yaml | 15 ++++++++++ bitnami/postgresql-ha/values-production.yaml | 30 +++++++++++++++++-- bitnami/postgresql-ha/values.yaml | 30 +++++++++++++++++-- 7 files changed, 116 insertions(+), 8 deletions(-) diff --git a/bitnami/postgresql-ha/Chart.yaml b/bitnami/postgresql-ha/Chart.yaml index 24b83596d8..aee8de3ad9 100644 --- a/bitnami/postgresql-ha/Chart.yaml +++ b/bitnami/postgresql-ha/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: postgresql-ha -version: 2.2.2 +version: 2.3.0 appVersion: 11.7.0 description: Chart for PostgreSQL with HA architecture (using Replication Manager (repmgr) and Pgpool). keywords: diff --git a/bitnami/postgresql-ha/README.md b/bitnami/postgresql-ha/README.md index fd5df9760a..9cf681c255 100644 --- a/bitnami/postgresql-ha/README.md +++ b/bitnami/postgresql-ha/README.md @@ -72,12 +72,14 @@ The following table lists the configurable parameters of the PostgreSQL HA chart | `postgresqlImage.pullPolicy` | PostgreSQL with Repmgr image pull policy | `IfNotPresent` | | `postgresqlImage.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | | `postgresqlImage.debug` | Specify if debug logs should be enabled | `false` | +| `postgresql.labels` | Map of labels to add to the statefulset. Evaluated as a template | `{}` | +| `postgresql.podLabels` | Map of labels to add to the pods. Evaluated as a template | `{}` | | `postgresql.replicaCount` | The number of replicas to deploy | `2` | | `postgresql.updateStrategyType` | Statefulset update strategy policy | `RollingUpdate` | | `postgresql.podAnnotations` | Additional pod annotations | `{}` | | `postgresql.affinity` | Map of node/pod affinities | `{}` (The value is evaluated as a template) | | `postgresql.nodeSelector` | Node labels for pod assignment | `{}` (The value is evaluated as a template) | -| `postgresql.priorityClassName` | Pod priority class | `` | +| `postgresql.priorityClassName` | Pod priority class | `` | | `postgresql.tolerations` | Tolerations for pod assignment | `[]` (The value is evaluated as a template) | | `postgresql.securityContext.enabled` | Enable security context for PostgreSQL with Repmgr | `true` | | `postgresql.securityContext.fsGroup` | Group ID for the PostgreSQL with Repmgr filesystem | `1001` | @@ -107,7 +109,8 @@ The following table lists the configurable parameters of the PostgreSQL HA chart | `postgresql.extendedConf` | Extended PostgreSQL Configuration (appended to main or default configuration) | `nil` | | `postgresql.extendedConfCM` | ConfigMap with the extended PostgreSQL configuration files (Note: Overrides `postgresql.extendedConf`) | `nil` (The value is evaluated as a template) | | `postgresql.initdbScripts` | Dictionary of initdb scripts | `nil` | -| `postgresql.initdbScriptsCM` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `nil` (The value is evaluated as a template) | +| `postgresql.initdbScriptsCM` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`). The value is evaluated as a template. | `nil` | +| `postgresql.initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with initdbScriptsCM or initdbScripts). The value is evaluated as a template. | `nil` | | **Pgpool** | | | | `pgpoolImage.registry` | Registry for Pgpool | `docker.io` | | `pgpoolImage.repository` | Repository for Pgpool | `bitnami/pgpool` | @@ -115,11 +118,16 @@ The following table lists the configurable parameters of the PostgreSQL HA chart | `pgpoolImage.pullPolicy` | Pgpool image pull policy | `IfNotPresent` | | `pgpoolImage.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | | `pgpoolImage.debug` | Specify if debug logs should be enabled | `false` | +| `pgpool.labels` | Map of labels to add to the deployment. Evaluated as a template | `{}` | +| `pgpool.podLabels` | Map of labels to add to the pods. Evaluated as a template | `{}` | | `pgpool.replicaCount` | The number of replicas to deploy | `2` | | `pgpool.podAnnotations` | Additional pod annotations | `{}` | | `pgpool.affinity` | Map of node/pod affinities | `{}` (The value is evaluated as a template) | +| `pgpool.initdbScripts` | Dictionary of initdb scripts | `nil` | +| `pgpool.initdbScriptsCM` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`). The value is evaluated as a template. | `nil` | +| `pgpool.initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with initdbScriptsCM or initdbScripts). The value is evaluated as a template. | `nil` | | `pgpool.nodeSelector` | Node labels for pod assignment | `{}` (The value is evaluated as a template) | -| `pgpool.priorityClassName` | Pod priority class | `` | +| `pgpool.priorityClassName` | Pod priority class | `` | | `pgpool.tolerations` | Tolerations for pod assignment | `[]` (The value is evaluated as a template) | | `pgpool.securityContext.enabled` | Enable security context for Pgpool | `true` | | `pgpool.securityContext.fsGroup` | Group ID for the Pgpool filesystem | `1001` | diff --git a/bitnami/postgresql-ha/templates/_helpers.tpl b/bitnami/postgresql-ha/templates/_helpers.tpl index b3cd3a296f..bc5d0c9539 100644 --- a/bitnami/postgresql-ha/templates/_helpers.tpl +++ b/bitnami/postgresql-ha/templates/_helpers.tpl @@ -546,6 +546,15 @@ Return the PostgreSQL initdb scripts configmap. {{- end -}} {{- end -}} +{{/* +Get the initialization scripts Secret name. +*/}} +{{- define "postgresql-ha.postgresqlInitdbScriptsSecret" -}} +{{- if .Values.postgresql.initdbScriptsSecret -}} +{{- include "postgresql-ha.tplValue" (dict "value" .Values.postgresql.initdbScriptsSecret "context" $) -}} +{{- end -}} +{{- end -}} + {{/* Return the Pgpool initdb scripts configmap. */}} @@ -557,6 +566,15 @@ Return the Pgpool initdb scripts configmap. {{- end -}} {{- end -}} +{{/* +Get the pgpool initialization scripts Secret name. +*/}} +{{- define "postgresql-ha.pgpoolInitdbScriptsSecret" -}} +{{- if .Values.pgpool.initdbScriptsSecret -}} +{{- include "postgresql-ha.tplValue" (dict "value" .Values.pgpool.initdbScriptsSecret "context" $) -}} +{{- end -}} +{{- end -}} + {{/* Return the LDAP bind password */}} diff --git a/bitnami/postgresql-ha/templates/pgpool/deployment.yaml b/bitnami/postgresql-ha/templates/pgpool/deployment.yaml index ae2bbcb0e1..b3616d22c2 100644 --- a/bitnami/postgresql-ha/templates/pgpool/deployment.yaml +++ b/bitnami/postgresql-ha/templates/pgpool/deployment.yaml @@ -4,6 +4,9 @@ metadata: name: {{ include "postgresql-ha.pgpool" . }} labels: {{ include "postgresql-ha.labels" . | nindent 4 }} app.kubernetes.io/component: pgpool + {{- if .Values.pgpool.labels }} + {{- include "postgresql-ha.tplValue" (dict "value" .Values.pgpool.labels "context" $) | nindent 4 }} + {{- end }} spec: replicas: {{ .Values.pgpool.replicaCount }} selector: @@ -13,6 +16,9 @@ spec: metadata: labels: {{ include "postgresql-ha.labels" . | nindent 8 }} app.kubernetes.io/component: pgpool + {{- if .Values.pgpool.podLabels }} + {{- include "postgresql-ha.tplValue" (dict "value" .Values.pgpool.podLabels "context" $) | nindent 8 }} + {{- end }} {{- if .Values.pgpool.podAnnotations }} annotations: {{- include "postgresql-ha.tplValue" (dict "value" .Values.pgpool.podAnnotations "context" $) | nindent 8 }} {{- end }} @@ -166,6 +172,10 @@ spec: - name: custom-init-scripts mountPath: /docker-entrypoint-initdb.d/ {{- end }} + {{- if .Values.pgpool.initdbScriptsSecret }} + - name: custom-init-scripts-secret + mountPath: /docker-entrypoint-initdb.d/secret + {{- end }} {{- if .Values.postgresql.usePasswordFile }} - name: postgresql-password mountPath: /opt/bitnami/pgpool/secrets/ @@ -185,6 +195,11 @@ spec: configMap: name: {{ template "postgresql-ha.pgpoolInitdbScriptsCM" . }} {{- end }} + {{- if .Values.pgpool.initdbScriptsSecret }} + - name: custom-init-scripts-secret + secret: + secretName: {{ template "postgresql-ha.pgpoolInitdbScriptsSecret" . }} + {{- end }} {{- if .Values.postgresql.usePasswordFile }} - name: postgresql-password secret: diff --git a/bitnami/postgresql-ha/templates/postgresql/statefulset.yaml b/bitnami/postgresql-ha/templates/postgresql/statefulset.yaml index 99ebdec767..b54974c624 100644 --- a/bitnami/postgresql-ha/templates/postgresql/statefulset.yaml +++ b/bitnami/postgresql-ha/templates/postgresql/statefulset.yaml @@ -4,6 +4,9 @@ metadata: name: {{ include "postgresql-ha.postgresql" . }} labels: {{- include "postgresql-ha.labels" . | nindent 4 }} app.kubernetes.io/component: postgresql + {{- if .Values.postgresql.labels }} + {{- include "postgresql-ha.tplValue" (dict "value" .Values.postgresql.labels "context" $) | nindent 4 }} + {{- end }} spec: serviceName: {{ include "postgresql-ha.postgresql" . }}-headless replicas: {{ .Values.postgresql.replicaCount }} @@ -19,6 +22,9 @@ spec: metadata: labels: {{- include "postgresql-ha.labels" . | nindent 8 }} app.kubernetes.io/component: postgresql + {{- if .Values.postgresql.podLabels }} + {{- include "postgresql-ha.tplValue" (dict "value" .Values.postgresql.podLabels "context" $) | nindent 8 }} + {{- end }} {{- if .Values.postgresql.podAnnotations }} annotations: {{- include "postgresql-ha.tplValue" (dict "value" .Values.postgresql.podAnnotations "context" $) | nindent 8 }} {{- end }} @@ -187,6 +193,10 @@ spec: - name: custom-init-scripts mountPath: /docker-entrypoint-initdb.d/ {{- end }} + {{- if .Values.postgresql.initdbScriptsSecret }} + - name: custom-init-scripts-secret + mountPath: /docker-entrypoint-initdb.d/secret + {{- end }} {{- if .Values.postgresql.usePasswordFile }} - name: postgresql-password mountPath: /opt/bitnami/postgresql/secrets/ @@ -264,6 +274,11 @@ spec: configMap: name: {{ template "postgresql-ha.postgresqlExtendedConfCM" . }} {{- end }} + {{- if .Values.postgresql.initdbScriptsSecret }} + - name: custom-init-scripts-secret + secret: + secretName: {{ template "postgresql-ha.postgresqlInitdbScriptsSecret" . }} + {{- end }} {{- if .Values.postgresql.usePasswordFile }} - name: postgresql-password secret: diff --git a/bitnami/postgresql-ha/values-production.yaml b/bitnami/postgresql-ha/values-production.yaml index e542192e33..1dbcd36b69 100644 --- a/bitnami/postgresql-ha/values-production.yaml +++ b/bitnami/postgresql-ha/values-production.yaml @@ -29,7 +29,7 @@ postgresqlImage: registry: docker.io repository: bitnami/postgresql-repmgr - tag: 11.7.0-debian-10-r74 + tag: 11.7.0-debian-10-r75 ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## @@ -90,7 +90,7 @@ volumePermissionsImage: metricsImage: registry: docker.io repository: bitnami/postgres-exporter - tag: 0.8.0-debian-10-r71 + tag: 0.8.0-debian-10-r72 ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## @@ -121,6 +121,14 @@ clusterDomain: cluster.local ## PostgreSQL parameters ## postgresql: + ## Labels to add to the StatefulSet. Evaluated as template + ## + labels: {} + + ## Labels to add to the StatefulSet pods. Evaluated as template + ## + podLabels: {} + ## Number of replicas to deploy ## replicaCount: 2 @@ -287,9 +295,22 @@ postgresql: ## # initdbScriptsCM: + ## Secret with scripts to be run at first boot + ## Note: can be used with initdbScriptsCM or initdbScripts + ## + # initdbScriptsSecret: + ## Pgpool parameters ## pgpool: + ## Labels to add to the Deployment. Evaluated as template + ## + labels: {} + + ## Labels to add to the pods. Evaluated as template + ## + podLabels: {} + ## Number of replicas to deploy ## replicaCount: 1 @@ -409,6 +430,11 @@ pgpool: ## # initdbScriptsCM: + ## Secret with scripts to be run at first boot + ## Note: can be used with initdbScriptsCM or initdbScripts + ## + # initdbScriptsSecret: + ## Use Pgpool Load-Balancing ## useLoadBalancing: true diff --git a/bitnami/postgresql-ha/values.yaml b/bitnami/postgresql-ha/values.yaml index e328792dd2..b98fb14154 100644 --- a/bitnami/postgresql-ha/values.yaml +++ b/bitnami/postgresql-ha/values.yaml @@ -29,7 +29,7 @@ postgresqlImage: registry: docker.io repository: bitnami/postgresql-repmgr - tag: 11.7.0-debian-10-r74 + tag: 11.7.0-debian-10-r75 ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## @@ -90,7 +90,7 @@ volumePermissionsImage: metricsImage: registry: docker.io repository: bitnami/postgres-exporter - tag: 0.8.0-debian-10-r71 + tag: 0.8.0-debian-10-r72 ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## @@ -121,6 +121,14 @@ clusterDomain: cluster.local ## PostgreSQL parameters ## postgresql: + ## Labels to add to the StatefulSet. Evaluated as template + ## + labels: {} + + ## Labels to add to the StatefulSet pods. Evaluated as template + ## + podLabels: {} + ## Number of replicas to deploy ## replicaCount: 2 @@ -287,9 +295,22 @@ postgresql: ## # initdbScriptsCM: + ## Secret with scripts to be run at first boot + ## Note: can be used with initdbScriptsCM or initdbScripts + ## + # initdbScriptsSecret: + ## Pgpool parameters ## pgpool: + ## Labels to add to the Deployment. Evaluated as template + ## + labels: {} + + ## Labels to add to the pods. Evaluated as template + ## + podLabels: {} + ## Number of replicas to deploy ## replicaCount: 1 @@ -409,6 +430,11 @@ pgpool: ## # initdbScriptsCM: + ## Secret with scripts to be run everytime Pgpool container is initialized + ## Note: can be used with initdbScriptsCM or initdbScripts + ## + # initdbScriptsSecret: + ## Use Pgpool Load-Balancing ## useLoadBalancing: true