summaryrefslogtreecommitdiffstats
path: root/kubernetes/common/postgres
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/common/postgres')
-rw-r--r--kubernetes/common/postgres/configs/setup.sql40
-rw-r--r--kubernetes/common/postgres/templates/_deployment.tpl48
-rw-r--r--kubernetes/common/postgres/templates/secrets.yaml2
-rw-r--r--kubernetes/common/postgres/values.yaml3
4 files changed, 85 insertions, 8 deletions
diff --git a/kubernetes/common/postgres/configs/setup.sql b/kubernetes/common/postgres/configs/setup.sql
new file mode 100644
index 0000000000..f60b473242
--- /dev/null
+++ b/kubernetes/common/postgres/configs/setup.sql
@@ -0,0 +1,40 @@
+--- System Setup
+SET application_name="container_setup";
+
+CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
+CREATE EXTENSION IF NOT EXISTS pgaudit;
+
+ALTER USER postgres PASSWORD '${PG_ROOT_PASSWORD}';
+
+CREATE USER ${PG_PRIMARY_USER} WITH REPLICATION;
+ALTER USER ${PG_PRIMARY_USER} PASSWORD '${PG_PRIMARY_PASSWORD}';
+
+CREATE USER "${PG_USER}" LOGIN;
+ALTER USER "${PG_USER}" PASSWORD '${PG_PASSWORD}';
+
+CREATE DATABASE ${PG_DATABASE};
+GRANT ALL PRIVILEGES ON DATABASE ${PG_DATABASE} TO "${PG_USER}";
+
+CREATE TABLE IF NOT EXISTS primarytable (key varchar(20), value varchar(20));
+GRANT ALL ON primarytable TO ${PG_PRIMARY_USER};
+
+--- PG_DATABASE Setup
+
+\c ${PG_DATABASE}
+
+CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
+CREATE EXTENSION IF NOT EXISTS pgaudit;
+
+--- Verify permissions via PG_USER
+
+\c ${PG_DATABASE} "${PG_USER}";
+
+CREATE SCHEMA IF NOT EXISTS "${PG_USER}";
+
+CREATE TABLE IF NOT EXISTS "${PG_USER}".testtable (
+ name varchar(30) PRIMARY KEY,
+ value varchar(50) NOT NULL,
+ updatedt timestamp NOT NULL
+);
+
+INSERT INTO "${PG_USER}".testtable (name, value, updatedt) VALUES ('CPU', '256', now());
diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl
index 3777c1b2e4..e3ac66933f 100644
--- a/kubernetes/common/postgres/templates/_deployment.tpl
+++ b/kubernetes/common/postgres/templates/_deployment.tpl
@@ -40,6 +40,34 @@ spec:
name: "{{ index $dot.Values "container" "name" $pgMode }}"
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: PG_PRIMARY_USER
+ value: primaryuser
+ - name: PG_PRIMARY_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
+ - name: PG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
+ - name: PG_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
+ - name: PG_DATABASE
+ value: "{{ $dot.Values.config.pgDatabase }}"
+ - name: PG_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input/setup.sql
+ name: config
+ subPath: setup.sql
+ - mountPath: /config
+ name: pgconf
+ image: "{{ $dot.Values.global.envsubstImage }}"
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+ name: {{ include "common.name" $dot }}-update-config
+
- name: init-sysctl
command:
- /bin/sh
@@ -88,19 +116,22 @@ spec:
- name: PG_PRIMARY_PORT
value: "{{ $dot.Values.service.internalPort }}"
- name: PG_PRIMARY_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
- name: PG_USER
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
- name: PG_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
- name: PG_DATABASE
value: "{{ $dot.Values.config.pgDatabase }}"
- name: PG_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
volumeMounts:
- - name: pool-hba-conf
+ - name: config
mountPath: /pgconf/pool_hba.conf
subPath: pool_hba.conf
+ - name: pgconf
+ mountPath: /pgconf/setup.sql
+ subPath: setup.sql
- mountPath: /pgdata
name: {{ include "common.fullname" $dot }}-data
- mountPath: /backup
@@ -129,7 +160,10 @@ spec:
{{- else }}
emptyDir: {}
{{ end }}
- - name: pool-hba-conf
+ - name: config
configMap:
name: {{ include "common.fullname" $dot }}
-{{- end -}} \ No newline at end of file
+ - name: pgconf
+ emptyDir:
+ medium: Memory
+{{- end -}}
diff --git a/kubernetes/common/postgres/templates/secrets.yaml b/kubernetes/common/postgres/templates/secrets.yaml
index 4c68015528..c4cde05216 100644
--- a/kubernetes/common/postgres/templates/secrets.yaml
+++ b/kubernetes/common/postgres/templates/secrets.yaml
@@ -13,4 +13,4 @@
# # See the License for the specific language governing permissions and
# # limitations under the License.
*/}}
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml
index 7aff189ba9..10f9405de6 100644
--- a/kubernetes/common/postgres/values.yaml
+++ b/kubernetes/common/postgres/values.yaml
@@ -21,6 +21,9 @@ global:
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.0
+ # envsusbt
+ envsubstImage: dibi/envsubst
+
#################################################################
# Secrets metaconfig
#################################################################