diff options
Diffstat (limited to 'kubernetes/common')
-rw-r--r-- | kubernetes/common/roles-wrapper/templates/role.yaml | 16 | ||||
-rw-r--r-- | kubernetes/common/timescaledb/templates/statefulset.yaml | 17 | ||||
-rw-r--r-- | kubernetes/common/timescaledb/values.yaml | 45 |
3 files changed, 46 insertions, 32 deletions
diff --git a/kubernetes/common/roles-wrapper/templates/role.yaml b/kubernetes/common/roles-wrapper/templates/role.yaml index e2a84b4151..0be6c7bbd6 100644 --- a/kubernetes/common/roles-wrapper/templates/role.yaml +++ b/kubernetes/common/roles-wrapper/templates/role.yaml @@ -32,6 +32,7 @@ rules: resources: - pods - deployments + - deployments/status - jobs - jobs/status - statefulsets @@ -52,6 +53,7 @@ rules: resources: - pods - deployments + - deployments/status - jobs - jobs/status - statefulsets @@ -59,6 +61,7 @@ rules: - replicasets/status - daemonsets - secrets + - services verbs: - get - watch @@ -68,6 +71,7 @@ rules: - apps resources: - statefulsets + - configmaps verbs: - patch - apiGroups: @@ -76,6 +80,8 @@ rules: resources: - deployments - secrets + - services + - pods verbs: - create - apiGroups: @@ -85,7 +91,8 @@ rules: - pods - persistentvolumeclaims - secrets - - deployment + - deployments + - services verbs: - delete - apiGroups: @@ -95,6 +102,13 @@ rules: - pods/exec verbs: - create +- apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - create + - delete {{- else }} # if you don't match read or create, then you're not allowed to use API # except to see basic information about yourself diff --git a/kubernetes/common/timescaledb/templates/statefulset.yaml b/kubernetes/common/timescaledb/templates/statefulset.yaml index 435c925eb2..0bd7d30478 100644 --- a/kubernetes/common/timescaledb/templates/statefulset.yaml +++ b/kubernetes/common/timescaledb/templates/statefulset.yaml @@ -29,25 +29,10 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - initContainers: - - name: chowm-mount-path - command: - - /bin/sh - args: - - -c - - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }} /var/lib/postgresql/data - image: {{ include "repositoryGenerator.image.busybox" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /var/lib/postgresql/data - name: {{ include "common.fullname" . }} + {{ include "common.podSecurityContext" . | indent 10 | trim}} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} imagePullPolicy: {{ .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 12 }} livenessProbe: diff --git a/kubernetes/common/timescaledb/values.yaml b/kubernetes/common/timescaledb/values.yaml index 55acd92847..258f516ff0 100644 --- a/kubernetes/common/timescaledb/values.yaml +++ b/kubernetes/common/timescaledb/values.yaml @@ -37,30 +37,45 @@ serviceAccount: roles: - read -podSecurityContext: {} - # fsGroup: 2000 - securityContext: # Uid and gid to run the entrypoint of the container process (uid 70 is postgres user and gid 70 is postgres group) - runAsUser: 70 - runAsGroup: 70 + user_id: 70 + group_id: 70 # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true +flavor: small + +#resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# +# Example: +# Configure resource requests and limits +# ref: http://kubernetes.io/docs/user-guide/compute-resources/ +# Minimum memory for development is 2 CPU cores and 4GB memory +# Minimum memory for production is 4 CPU cores and 8GB memory resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 0.5 - memory: 256Mi - requests: - cpu: 20m - memory: 256Mi + small: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 10m + memory: 90Mi + large: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 2Gi + unlimited: {} nodeSelector: {} |