diff options
Diffstat (limited to 'kubernetes/common/postgres')
-rw-r--r-- | kubernetes/common/postgres/configs/setup.sql | 40 | ||||
-rw-r--r-- | kubernetes/common/postgres/templates/_deployment.tpl | 48 | ||||
-rw-r--r-- | kubernetes/common/postgres/templates/secrets.yaml | 2 | ||||
-rw-r--r-- | kubernetes/common/postgres/values.yaml | 3 |
4 files changed, 85 insertions, 8 deletions
diff --git a/kubernetes/common/postgres/configs/setup.sql b/kubernetes/common/postgres/configs/setup.sql new file mode 100644 index 0000000000..f60b473242 --- /dev/null +++ b/kubernetes/common/postgres/configs/setup.sql @@ -0,0 +1,40 @@ +--- System Setup +SET application_name="container_setup"; + +CREATE EXTENSION IF NOT EXISTS pg_stat_statements; +CREATE EXTENSION IF NOT EXISTS pgaudit; + +ALTER USER postgres PASSWORD '${PG_ROOT_PASSWORD}'; + +CREATE USER ${PG_PRIMARY_USER} WITH REPLICATION; +ALTER USER ${PG_PRIMARY_USER} PASSWORD '${PG_PRIMARY_PASSWORD}'; + +CREATE USER "${PG_USER}" LOGIN; +ALTER USER "${PG_USER}" PASSWORD '${PG_PASSWORD}'; + +CREATE DATABASE ${PG_DATABASE}; +GRANT ALL PRIVILEGES ON DATABASE ${PG_DATABASE} TO "${PG_USER}"; + +CREATE TABLE IF NOT EXISTS primarytable (key varchar(20), value varchar(20)); +GRANT ALL ON primarytable TO ${PG_PRIMARY_USER}; + +--- PG_DATABASE Setup + +\c ${PG_DATABASE} + +CREATE EXTENSION IF NOT EXISTS pg_stat_statements; +CREATE EXTENSION IF NOT EXISTS pgaudit; + +--- Verify permissions via PG_USER + +\c ${PG_DATABASE} "${PG_USER}"; + +CREATE SCHEMA IF NOT EXISTS "${PG_USER}"; + +CREATE TABLE IF NOT EXISTS "${PG_USER}".testtable ( + name varchar(30) PRIMARY KEY, + value varchar(50) NOT NULL, + updatedt timestamp NOT NULL +); + +INSERT INTO "${PG_USER}".testtable (name, value, updatedt) VALUES ('CPU', '256', now()); diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl index 3777c1b2e4..e3ac66933f 100644 --- a/kubernetes/common/postgres/templates/_deployment.tpl +++ b/kubernetes/common/postgres/templates/_deployment.tpl @@ -40,6 +40,34 @@ spec: name: "{{ index $dot.Values "container" "name" $pgMode }}" spec: initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: PG_PRIMARY_USER + value: primaryuser + - name: PG_PRIMARY_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }} + - name: PG_USER + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }} + - name: PG_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }} + - name: PG_DATABASE + value: "{{ $dot.Values.config.pgDatabase }}" + - name: PG_ROOT_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input/setup.sql + name: config + subPath: setup.sql + - mountPath: /config + name: pgconf + image: "{{ $dot.Values.global.envsubstImage }}" + imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} + name: {{ include "common.name" $dot }}-update-config + - name: init-sysctl command: - /bin/sh @@ -88,19 +116,22 @@ spec: - name: PG_PRIMARY_PORT value: "{{ $dot.Values.service.internalPort }}" - name: PG_PRIMARY_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }} - name: PG_USER - {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }} - name: PG_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }} - name: PG_DATABASE value: "{{ $dot.Values.config.pgDatabase }}" - name: PG_ROOT_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }} volumeMounts: - - name: pool-hba-conf + - name: config mountPath: /pgconf/pool_hba.conf subPath: pool_hba.conf + - name: pgconf + mountPath: /pgconf/setup.sql + subPath: setup.sql - mountPath: /pgdata name: {{ include "common.fullname" $dot }}-data - mountPath: /backup @@ -129,7 +160,10 @@ spec: {{- else }} emptyDir: {} {{ end }} - - name: pool-hba-conf + - name: config configMap: name: {{ include "common.fullname" $dot }} -{{- end -}}
\ No newline at end of file + - name: pgconf + emptyDir: + medium: Memory +{{- end -}} diff --git a/kubernetes/common/postgres/templates/secrets.yaml b/kubernetes/common/postgres/templates/secrets.yaml index 4c68015528..c4cde05216 100644 --- a/kubernetes/common/postgres/templates/secrets.yaml +++ b/kubernetes/common/postgres/templates/secrets.yaml @@ -13,4 +13,4 @@ # # See the License for the specific language governing permissions and # # limitations under the License. */}} -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml index 7aff189ba9..10f9405de6 100644 --- a/kubernetes/common/postgres/values.yaml +++ b/kubernetes/common/postgres/values.yaml @@ -21,6 +21,9 @@ global: readinessRepository: oomk8s readinessImage: readiness-check:2.0.0 + # envsusbt + envsubstImage: dibi/envsubst + ################################################################# # Secrets metaconfig ################################################################# |