Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / refs/heads/main / . / charts / postgresql / templates / read / statefulset.yaml
blob: 9d280177d27a6fd777950216cf1329c237cc6448 [file] [log] [blame]
Giorgi Lekveishvili8c99d622023-05-30 14:40:50 +0400[diff] [blame]1{{- if eq .Values.architecture "replication" }}
2{{- $customUser := include "postgresql.username" . }}
3apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
4kind: StatefulSet
5metadata:
6 name: {{ include "postgresql.readReplica.fullname" . }}
7 namespace: {{ .Release.Namespace | quote }}
8 labels: {{- include "common.labels.standard" . | nindent 4 }}
9 app.kubernetes.io/component: read
10 {{- if .Values.commonLabels }}
11 {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
12 {{- end }}
13 {{- if .Values.readReplicas.labels }}
14 {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.labels "context" $ ) | nindent 4 }}
15 {{- end }}
16 {{- if or .Values.commonAnnotations .Values.readReplicas.annotations }}
17 annotations:
18 {{- if .Values.commonAnnotations }}
19 {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
20 {{- end }}
21 {{- if .Values.readReplicas.annotations }}
22 {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.annotations "context" $ ) | nindent 4 }}
23 {{- end }}
24 {{- end }}
25spec:
26 replicas: {{ .Values.readReplicas.replicaCount }}
27 serviceName: {{ include "postgresql.readReplica.svc.headless" . }}
28 {{- if .Values.readReplicas.updateStrategy }}
29 updateStrategy: {{- toYaml .Values.readReplicas.updateStrategy | nindent 4 }}
30 {{- end }}
31 selector:
32 matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
33 app.kubernetes.io/component: read
34 template:
35 metadata:
36 name: {{ include "postgresql.readReplica.fullname" . }}
37 labels: {{- include "common.labels.standard" . | nindent 8 }}
38 app.kubernetes.io/component: read
39 {{- if .Values.commonLabels }}
40 {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }}
41 {{- end }}
42 {{- if .Values.readReplicas.podLabels }}
43 {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.podLabels "context" $ ) | nindent 8 }}
44 {{- end }}
45 {{- if or (include "postgresql.readReplicas.createExtendedConfigmap" .) .Values.readReplicas.podAnnotations }}
46 annotations:
47 {{- if (include "postgresql.readReplicas.createExtendedConfigmap" .) }}
48 checksum/extended-configuration: {{ include (print $.Template.BasePath "/read/extended-configmap.yaml") . | sha256sum }}
49 {{- end }}
50 {{- if .Values.readReplicas.podAnnotations }}
51 {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.podAnnotations "context" $ ) | nindent 8 }}
52 {{- end }}
53 {{- end }}
54 spec:
55 {{- if .Values.readReplicas.extraPodSpec }}
56 {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.extraPodSpec "context" $) | nindent 6 }}
57 {{- end }}
58 serviceAccountName: {{ include "postgresql.serviceAccountName" . }}
59 {{- include "postgresql.imagePullSecrets" . | nindent 6 }}
60 {{- if .Values.readReplicas.hostAliases }}
61 hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.hostAliases "context" $) | nindent 8 }}
62 {{- end }}
63 {{- if .Values.readReplicas.affinity }}
64 affinity: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.affinity "context" $) | nindent 8 }}
65 {{- else }}
66 affinity:
67 podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.readReplicas.podAffinityPreset "component" "read" "context" $) | nindent 10 }}
68 podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.readReplicas.podAntiAffinityPreset "component" "read" "context" $) | nindent 10 }}
69 nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.readReplicas.nodeAffinityPreset.type "key" .Values.readReplicas.nodeAffinityPreset.key "values" .Values.readReplicas.nodeAffinityPreset.values) | nindent 10 }}
70 {{- end }}
71 {{- if .Values.readReplicas.nodeSelector }}
72 nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.nodeSelector "context" $) | nindent 8 }}
73 {{- end }}
74 {{- if .Values.readReplicas.tolerations }}
75 tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.tolerations "context" $) | nindent 8 }}
76 {{- end }}
77 {{- if .Values.readReplicas.topologySpreadConstraints }}
78 topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.topologySpreadConstraints "context" $) | nindent 8 }}
79 {{- end }}
80 {{- if .Values.readReplicas.priorityClassName }}
81 priorityClassName: {{ .Values.readReplicas.priorityClassName }}
82 {{- end }}
83 {{- if .Values.readReplicas.schedulerName }}
84 schedulerName: {{ .Values.readReplicas.schedulerName | quote }}
85 {{- end }}
86 {{- if .Values.readReplicas.terminationGracePeriodSeconds }}
87 terminationGracePeriodSeconds: {{ .Values.readReplicas.terminationGracePeriodSeconds }}
88 {{- end }}
89 {{- if .Values.readReplicas.podSecurityContext.enabled }}
90 securityContext: {{- omit .Values.readReplicas.podSecurityContext "enabled" | toYaml | nindent 8 }}
91 {{- end }}
92 hostNetwork: {{ .Values.readReplicas.hostNetwork }}
93 hostIPC: {{ .Values.readReplicas.hostIPC }}
94 {{- if or (and .Values.tls.enabled (not .Values.volumePermissions.enabled)) (and .Values.volumePermissions.enabled (or .Values.readReplicas.persistence.enabled .Values.shmVolume.enabled)) .Values.readReplicas.initContainers }}
95 initContainers:
96 {{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }}
97 - name: copy-certs
98 image: {{ include "postgresql.volumePermissions.image" . }}
99 imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
100 {{- if .Values.readReplicas.resources }}
101 resources: {{- toYaml .Values.readReplicas.resources | nindent 12 }}
102 {{- end }}
103 # We don't require a privileged container in this case
104 {{- if .Values.readReplicas.containerSecurityContext.enabled }}
105 securityContext: {{- omit .Values.readReplicas.containerSecurityContext "enabled" | toYaml | nindent 12 }}
106 {{- end }}
107 command:
108 - /bin/sh
109 - -ec
110 - |
111 cp /tmp/certs/* /opt/bitnami/postgresql/certs/
112 chmod 600 {{ include "postgresql.tlsCertKey" . }}
113 volumeMounts:
114 - name: raw-certificates
115 mountPath: /tmp/certs
116 - name: postgresql-certificates
117 mountPath: /opt/bitnami/postgresql/certs
118 {{- else if and .Values.volumePermissions.enabled (or .Values.readReplicas.persistence.enabled .Values.shmVolume.enabled) }}
119 - name: init-chmod-data
120 image: {{ include "postgresql.volumePermissions.image" . }}
121 imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
122 {{- if .Values.readReplicas.resources }}
123 resources: {{- toYaml .Values.readReplicas.resources | nindent 12 }}
124 {{- end }}
125 command:
126 - /bin/sh
127 - -ec
128 - |
129 {{- if .Values.readReplicas.persistence.enabled }}
130 {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }}
131 chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.readReplicas.persistence.mountPath }}
132 {{- else }}
133 chown {{ .Values.readReplicas.containerSecurityContext.runAsUser }}:{{ .Values.readReplicas.podSecurityContext.fsGroup }} {{ .Values.readReplicas.persistence.mountPath }}
134 {{- end }}
135 mkdir -p {{ .Values.readReplicas.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.readReplicas.persistence.mountPath }}/conf {{- end }}
136 chmod 700 {{ .Values.readReplicas.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.readReplicas.persistence.mountPath }}/conf {{- end }}
137 find {{ .Values.readReplicas.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \
138 {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }}
139 xargs -r chown -R `id -u`:`id -G | cut -d " " -f2`
140 {{- else }}
141 xargs -r chown -R {{ .Values.readReplicas.containerSecurityContext.runAsUser }}:{{ .Values.readReplicas.podSecurityContext.fsGroup }}
142 {{- end }}
143 {{- end }}
144 {{- if .Values.shmVolume.enabled }}
145 chmod -R 777 /dev/shm
146 {{- end }}
147 {{- if .Values.tls.enabled }}
148 cp /tmp/certs/* /opt/bitnami/postgresql/certs/
149 {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }}
150 chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/
151 {{- else }}
152 chown -R {{ .Values.readReplicas.containerSecurityContext.runAsUser }}:{{ .Values.readReplicas.podSecurityContext.fsGroup }} /opt/bitnami/postgresql/certs/
153 {{- end }}
154 chmod 600 {{ include "postgresql.tlsCertKey" . }}
155 {{- end }}
156 {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }}
157 securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }}
158 {{- else }}
159 securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }}
160 {{- end }}
161 volumeMounts:
162 {{ if .Values.readReplicas.persistence.enabled }}
163 - name: data
164 mountPath: {{ .Values.readReplicas.persistence.mountPath }}
165 {{- if .Values.readReplicas.persistence.subPath }}
166 subPath: {{ .Values.readReplicas.persistence.subPath }}
167 {{- end }}
168 {{- end }}
169 {{- if .Values.shmVolume.enabled }}
170 - name: dshm
171 mountPath: /dev/shm
172 {{- end }}
173 {{- if .Values.tls.enabled }}
174 - name: raw-certificates
175 mountPath: /tmp/certs
176 - name: postgresql-certificates
177 mountPath: /opt/bitnami/postgresql/certs
178 {{- end }}
179 {{- end }}
180 {{- if .Values.readReplicas.initContainers }}
181 {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.initContainers "context" $ ) | nindent 8 }}
182 {{- end }}
183 {{- end }}
184 containers:
185 - name: postgresql
186 image: {{ include "postgresql.image" . }}
187 imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
188 {{- if .Values.readReplicas.containerSecurityContext.enabled }}
189 securityContext: {{- omit .Values.readReplicas.containerSecurityContext "enabled" | toYaml | nindent 12 }}
190 {{- end }}
191 {{- if .Values.diagnosticMode.enabled }}
192 command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
193 {{- else if .Values.readReplicas.command }}
194 command: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.command "context" $) | nindent 12 }}
195 {{- end }}
196 {{- if .Values.diagnosticMode.enabled }}
197 args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
198 {{- else if .Values.readReplicas.args }}
199 args: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.args "context" $) | nindent 12 }}
200 {{- end }}
201 env:
202 - name: BITNAMI_DEBUG
203 value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
204 - name: POSTGRESQL_PORT_NUMBER
205 value: {{ .Values.containerPorts.postgresql | quote }}
206 - name: POSTGRESQL_VOLUME_DIR
207 value: {{ .Values.readReplicas.persistence.mountPath | quote }}
208 {{- if .Values.readReplicas.persistence.mountPath }}
209 - name: PGDATA
210 value: {{ .Values.postgresqlDataDir | quote }}
211 {{- end }}
212 # Authentication
213 {{- if and (not (empty $customUser)) (ne $customUser "postgres") .Values.auth.enablePostgresUser }}
214 {{- if .Values.auth.usePasswordFiles }}
215 - name: POSTGRES_POSTGRES_PASSWORD_FILE
216 value: {{ printf "/opt/bitnami/postgresql/secrets/%s" (include "postgresql.adminPasswordKey" .) }}
217 {{- else }}
218 - name: POSTGRES_POSTGRES_PASSWORD
219 valueFrom:
220 secretKeyRef:
221 name: {{ include "postgresql.secretName" . }}
222 key: {{ include "postgresql.adminPasswordKey" . }}
223 {{- end }}
224 {{- end }}
225 {{- if .Values.auth.usePasswordFiles }}
226 - name: POSTGRES_PASSWORD_FILE
227 value: {{ printf "/opt/bitnami/postgresql/secrets/%s" (include "postgresql.userPasswordKey" .) }}
228 {{- else }}
229 - name: POSTGRES_PASSWORD
230 valueFrom:
231 secretKeyRef:
232 name: {{ include "postgresql.secretName" . }}
233 key: {{ include "postgresql.userPasswordKey" . }}
234 {{- end }}
235 # Replication
236 - name: POSTGRES_REPLICATION_MODE
237 value: "slave"
238 - name: POSTGRES_REPLICATION_USER
239 value: {{ .Values.auth.replicationUsername | quote }}
240 {{- if .Values.auth.usePasswordFiles }}
241 - name: POSTGRES_REPLICATION_PASSWORD_FILE
242 value: {{ printf "/opt/bitnami/postgresql/secrets/%s" (include "postgresql.replicationPasswordKey" .) }}
243 {{- else }}
244 - name: POSTGRES_REPLICATION_PASSWORD
245 valueFrom:
246 secretKeyRef:
247 name: {{ include "postgresql.secretName" . }}
248 key: {{ include "postgresql.replicationPasswordKey" . }}
249 {{- end }}
250 - name: POSTGRES_CLUSTER_APP_NAME
251 value: {{ .Values.replication.applicationName }}
252 - name: POSTGRES_MASTER_HOST
253 value: {{ include "postgresql.primary.fullname" . }}
254 - name: POSTGRES_MASTER_PORT_NUMBER
255 value: {{ include "postgresql.service.port" . | quote }}
256 # TLS
257 - name: POSTGRESQL_ENABLE_TLS
258 value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
259 {{- if .Values.tls.enabled }}
260 - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS
261 value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }}
262 - name: POSTGRESQL_TLS_CERT_FILE
263 value: {{ include "postgresql.tlsCert" . }}
264 - name: POSTGRESQL_TLS_KEY_FILE
265 value: {{ include "postgresql.tlsCertKey" . }}
266 {{- if .Values.tls.certCAFilename }}
267 - name: POSTGRESQL_TLS_CA_FILE
268 value: {{ include "postgresql.tlsCACert" . }}
269 {{- end }}
270 {{- if .Values.tls.crlFilename }}
271 - name: POSTGRESQL_TLS_CRL_FILE
272 value: {{ include "postgresql.tlsCRL" . }}
273 {{- end }}
274 {{- end }}
275 # Audit
276 - name: POSTGRESQL_LOG_HOSTNAME
277 value: {{ .Values.audit.logHostname | quote }}
278 - name: POSTGRESQL_LOG_CONNECTIONS
279 value: {{ .Values.audit.logConnections | quote }}
280 - name: POSTGRESQL_LOG_DISCONNECTIONS
281 value: {{ .Values.audit.logDisconnections | quote }}
282 {{- if .Values.audit.logLinePrefix }}
283 - name: POSTGRESQL_LOG_LINE_PREFIX
284 value: {{ .Values.audit.logLinePrefix | quote }}
285 {{- end }}
286 {{- if .Values.audit.logTimezone }}
287 - name: POSTGRESQL_LOG_TIMEZONE
288 value: {{ .Values.audit.logTimezone | quote }}
289 {{- end }}
290 {{- if .Values.audit.pgAuditLog }}
291 - name: POSTGRESQL_PGAUDIT_LOG
292 value: {{ .Values.audit.pgAuditLog | quote }}
293 {{- end }}
294 - name: POSTGRESQL_PGAUDIT_LOG_CATALOG
295 value: {{ .Values.audit.pgAuditLogCatalog | quote }}
296 # Others
297 - name: POSTGRESQL_CLIENT_MIN_MESSAGES
298 value: {{ .Values.audit.clientMinMessages | quote }}
299 - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES
300 value: {{ .Values.postgresqlSharedPreloadLibraries | quote }}
301 {{- if .Values.readReplicas.extraEnvVars }}
302 {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.extraEnvVars "context" $) | nindent 12 }}
303 {{- end }}
304 {{- if or .Values.readReplicas.extraEnvVarsCM .Values.readReplicas.extraEnvVarsSecret }}
305 envFrom:
306 {{- if .Values.readReplicas.extraEnvVarsCM }}
307 - configMapRef:
308 name: {{ .Values.readReplicas.extraEnvVarsCM }}
309 {{- end }}
310 {{- if .Values.readReplicas.extraEnvVarsSecret }}
311 - secretRef:
312 name: {{ .Values.readReplicas.extraEnvVarsSecret }}
313 {{- end }}
314 {{- end }}
315 ports:
316 - name: tcp-postgresql
317 containerPort: {{ .Values.containerPorts.postgresql }}
318 {{- if not .Values.diagnosticMode.enabled }}
319 {{- if .Values.readReplicas.customStartupProbe }}
320 startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.customStartupProbe "context" $) | nindent 12 }}
321 {{- else if .Values.readReplicas.startupProbe.enabled }}
322 startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readReplicas.startupProbe "enabled") "context" $) | nindent 12 }}
323 exec:
324 command:
325 - /bin/sh
326 - -c
327 {{- if (include "postgresql.database" .) }}
328 - exec pg_isready -U {{ default "postgres" $customUser| quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }}
329 {{- else }}
330 - exec pg_isready -U {{ default "postgres" $customUser | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }}
331 {{- end }}
332 {{- end }}
333 {{- if .Values.readReplicas.customLivenessProbe }}
334 livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.customLivenessProbe "context" $) | nindent 12 }}
335 {{- else if .Values.readReplicas.livenessProbe.enabled }}
336 livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readReplicas.livenessProbe "enabled") "context" $) | nindent 12 }}
337 exec:
338 command:
339 - /bin/sh
340 - -c
341 {{- if (include "postgresql.database" .) }}
342 - exec pg_isready -U {{ default "postgres" $customUser | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }}
343 {{- else }}
344 - exec pg_isready -U {{default "postgres" $customUser | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }}
345 {{- end }}
346 {{- end }}
347 {{- if .Values.readReplicas.customReadinessProbe }}
348 readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.customReadinessProbe "context" $) | nindent 12 }}
349 {{- else if .Values.readReplicas.readinessProbe.enabled }}
350 readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readReplicas.readinessProbe "enabled") "context" $) | nindent 12 }}
351 exec:
352 command:
353 - /bin/sh
354 - -c
355 - -e
356 {{- include "postgresql.readinessProbeCommand" . | nindent 16 }}
357 {{- end }}
358 {{- end }}
359 {{- if .Values.readReplicas.resources }}
360 resources: {{- toYaml .Values.readReplicas.resources | nindent 12 }}
361 {{- end }}
362 {{- if .Values.readReplicas.lifecycleHooks }}
363 lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.lifecycleHooks "context" $) | nindent 12 }}
364 {{- end }}
365 volumeMounts:
366 {{- if .Values.auth.usePasswordFiles }}
367 - name: postgresql-password
368 mountPath: /opt/bitnami/postgresql/secrets/
369 {{- end }}
370 {{- if .Values.readReplicas.extendedConfiguration }}
371 - name: postgresql-extended-config
372 mountPath: {{ .Values.readReplicas.persistence.mountPath }}/conf/conf.d/
373 {{- end }}
374 {{- if .Values.tls.enabled }}
375 - name: postgresql-certificates
376 mountPath: /opt/bitnami/postgresql/certs
377 readOnly: true
378 {{- end }}
379 {{- if .Values.shmVolume.enabled }}
380 - name: dshm
381 mountPath: /dev/shm
382 {{- end }}
383 {{- if .Values.readReplicas.persistence.enabled }}
384 - name: data
385 mountPath: {{ .Values.readReplicas.persistence.mountPath }}
386 {{- if .Values.readReplicas.persistence.subPath }}
387 subPath: {{ .Values.readReplicas.persistence.subPath }}
388 {{- end }}
389 {{- end }}
390 {{- if .Values.readReplicas.extraVolumeMounts }}
391 {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.extraVolumeMounts "context" $) | nindent 12 }}
392 {{- end }}
393 {{- if .Values.metrics.enabled }}
394 - name: metrics
395 image: {{ include "postgresql.metrics.image" . }}
396 imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
397 {{- if .Values.metrics.containerSecurityContext.enabled }}
398 securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }}
399 {{- end }}
400 {{- if .Values.diagnosticMode.enabled }}
401 command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
402 args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
403 {{- else if .Values.metrics.customMetrics }}
404 args: [ "--extend.query-path", "/conf/custom-metrics.yaml" ]
405 {{- end }}
406 env:
407 {{- $database := required "In order to enable metrics you need to specify a database (.Values.auth.database or .Values.global.postgresql.auth.database)" (include "postgresql.database" .) }}
408 - name: DATA_SOURCE_URI
409 value: {{ printf "127.0.0.1:%d/%s?sslmode=disable" (int (include "postgresql.service.port" .)) $database }}
410 {{- if .Values.auth.usePasswordFiles }}
411 - name: DATA_SOURCE_PASS_FILE
412 value: {{ printf "/opt/bitnami/postgresql/secrets/%s" (include "postgresql.userPasswordKey" .) }}
413 {{- else }}
414 - name: DATA_SOURCE_PASS
415 valueFrom:
416 secretKeyRef:
417 name: {{ include "postgresql.secretName" . }}
418 key: {{ include "postgresql.userPasswordKey" . }}
419 {{- end }}
420 - name: DATA_SOURCE_USER
421 value: {{ default "postgres" $customUser | quote }}
422 {{- if .Values.metrics.extraEnvVars }}
423 {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }}
424 {{- end }}
425 ports:
426 - name: http-metrics
427 containerPort: {{ .Values.metrics.containerPorts.metrics }}
428 {{- if not .Values.diagnosticMode.enabled }}
429 {{- if .Values.metrics.customStartupProbe }}
430 startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }}
431 {{- else if .Values.metrics.startupProbe.enabled }}
432 startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }}
433 tcpSocket:
434 port: http-metrics
435 {{- end }}
436 {{- if .Values.metrics.customLivenessProbe }}
437 livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }}
438 {{- else if .Values.metrics.livenessProbe.enabled }}
439 livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }}
440 httpGet:
441 path: /
442 port: http-metrics
443 {{- end }}
444 {{- if .Values.metrics.customReadinessProbe }}
445 readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }}
446 {{- else if .Values.metrics.readinessProbe.enabled }}
447 readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }}
448 httpGet:
449 path: /
450 port: http-metrics
451 {{- end }}
452 {{- end }}
453 volumeMounts:
454 {{- if .Values.auth.usePasswordFiles }}
455 - name: postgresql-password
456 mountPath: /opt/bitnami/postgresql/secrets/
457 {{- end }}
458 {{- if .Values.metrics.customMetrics }}
459 - name: custom-metrics
460 mountPath: /conf
461 readOnly: true
462 {{- end }}
463 {{- if .Values.metrics.resources }}
464 resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
465 {{- end }}
466 {{- end }}
467 {{- if .Values.readReplicas.sidecars }}
468 {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.sidecars "context" $ ) | nindent 8 }}
469 {{- end }}
470 volumes:
471 {{- if .Values.readReplicas.extendedConfiguration }}
472 - name: postgresql-extended-config
473 configMap:
474 name: {{ include "postgresql.readReplicas.extendedConfigmapName" . }}
475 {{- end }}
476 {{- if .Values.auth.usePasswordFiles }}
477 - name: postgresql-password
478 secret:
479 secretName: {{ include "postgresql.secretName" . }}
480 {{- end }}
481 {{- if .Values.tls.enabled }}
482 - name: raw-certificates
483 secret:
484 secretName: {{ include "postgresql.tlsSecretName" . }}
485 - name: postgresql-certificates
486 emptyDir: {}
487 {{- end }}
488 {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }}
489 - name: custom-metrics
490 configMap:
491 name: {{ printf "%s-metrics" (include "postgresql.readReplica.fullname" .) }}
492 {{- end }}
493 {{- if .Values.shmVolume.enabled }}
494 - name: dshm
495 emptyDir:
496 medium: Memory
497 {{- if .Values.shmVolume.sizeLimit }}
498 sizeLimit: {{ .Values.shmVolume.sizeLimit }}
499 {{- end }}
500 {{- end }}
501 {{- if .Values.readReplicas.extraVolumes }}
502 {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.extraVolumes "context" $ ) | nindent 8 }}
503 {{- end }}
504 {{- if and .Values.readReplicas.persistence.enabled .Values.readReplicas.persistence.existingClaim }}
505 - name: data
506 persistentVolumeClaim:
507 claimName: {{ tpl .Values.readReplicas.persistence.existingClaim $ }}
508 {{- else if not .Values.readReplicas.persistence.enabled }}
509 - name: data
510 emptyDir: {}
511 {{- else }}
512 volumeClaimTemplates:
513 - metadata:
514 name: data
515 {{- if .Values.readReplicas.persistence.annotations }}
516 annotations: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.persistence.annotations "context" $) | nindent 10 }}
517 {{- end }}
518 {{- if .Values.readReplicas.persistence.labels }}
519 labels: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.persistence.labels "context" $) | nindent 10 }}
520 {{- end }}
521 spec:
522 accessModes:
523 {{- range .Values.readReplicas.persistence.accessModes }}
524 - {{ . | quote }}
525 {{- end }}
526 {{- if .Values.readReplicas.persistence.dataSource }}
527 dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.persistence.dataSource "context" $) | nindent 10 }}
528 {{- end }}
529 resources:
530 requests:
531 storage: {{ .Values.readReplicas.persistence.size | quote }}
532 {{- if .Values.readReplicas.persistence.selector }}
533 selector: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.persistence.selector "context" $) | nindent 10 }}
534 {{- end -}}
535 {{- include "common.storage.class" (dict "persistence" .Values.readReplicas.persistence "global" .Values.global) | nindent 8 }}
536 {{- end }}
537{{- end }}