summaryrefslogtreecommitdiffstats
path: root/kubernetes/common
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/common')
-rw-r--r--kubernetes/common/roles-wrapper/templates/role.yaml16
-rw-r--r--kubernetes/common/timescaledb/templates/statefulset.yaml17
-rw-r--r--kubernetes/common/timescaledb/values.yaml45
3 files changed, 46 insertions, 32 deletions
diff --git a/kubernetes/common/roles-wrapper/templates/role.yaml b/kubernetes/common/roles-wrapper/templates/role.yaml
index e2a84b4151..0be6c7bbd6 100644
--- a/kubernetes/common/roles-wrapper/templates/role.yaml
+++ b/kubernetes/common/roles-wrapper/templates/role.yaml
@@ -32,6 +32,7 @@ rules:
resources:
- pods
- deployments
+ - deployments/status
- jobs
- jobs/status
- statefulsets
@@ -52,6 +53,7 @@ rules:
resources:
- pods
- deployments
+ - deployments/status
- jobs
- jobs/status
- statefulsets
@@ -59,6 +61,7 @@ rules:
- replicasets/status
- daemonsets
- secrets
+ - services
verbs:
- get
- watch
@@ -68,6 +71,7 @@ rules:
- apps
resources:
- statefulsets
+ - configmaps
verbs:
- patch
- apiGroups:
@@ -76,6 +80,8 @@ rules:
resources:
- deployments
- secrets
+ - services
+ - pods
verbs:
- create
- apiGroups:
@@ -85,7 +91,8 @@ rules:
- pods
- persistentvolumeclaims
- secrets
- - deployment
+ - deployments
+ - services
verbs:
- delete
- apiGroups:
@@ -95,6 +102,13 @@ rules:
- pods/exec
verbs:
- create
+- apiGroups:
+ - cert-manager.io
+ resources:
+ - certificates
+ verbs:
+ - create
+ - delete
{{- else }}
# if you don't match read or create, then you're not allowed to use API
# except to see basic information about yourself
diff --git a/kubernetes/common/timescaledb/templates/statefulset.yaml b/kubernetes/common/timescaledb/templates/statefulset.yaml
index 435c925eb2..0bd7d30478 100644
--- a/kubernetes/common/timescaledb/templates/statefulset.yaml
+++ b/kubernetes/common/timescaledb/templates/statefulset.yaml
@@ -29,25 +29,10 @@ spec:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
- securityContext:
- {{- toYaml .Values.podSecurityContext | nindent 8 }}
- initContainers:
- - name: chowm-mount-path
- command:
- - /bin/sh
- args:
- - -c
- - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }} /var/lib/postgresql/data
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /var/lib/postgresql/data
- name: {{ include "common.fullname" . }}
+ {{ include "common.podSecurityContext" . | indent 10 | trim}}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
- securityContext:
- {{- toYaml .Values.securityContext | nindent 12 }}
imagePullPolicy: {{ .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
livenessProbe:
diff --git a/kubernetes/common/timescaledb/values.yaml b/kubernetes/common/timescaledb/values.yaml
index 55acd92847..258f516ff0 100644
--- a/kubernetes/common/timescaledb/values.yaml
+++ b/kubernetes/common/timescaledb/values.yaml
@@ -37,30 +37,45 @@ serviceAccount:
roles:
- read
-podSecurityContext: {}
- # fsGroup: 2000
-
securityContext:
# Uid and gid to run the entrypoint of the container process (uid 70 is postgres user and gid 70 is postgres group)
- runAsUser: 70
- runAsGroup: 70
+ user_id: 70
+ group_id: 70
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
+flavor: small
+
+#resources: {}
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+#
+# Example:
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+# Minimum memory for development is 2 CPU cores and 4GB memory
+# Minimum memory for production is 4 CPU cores and 8GB memory
resources:
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- limits:
- cpu: 0.5
- memory: 256Mi
- requests:
- cpu: 20m
- memory: 256Mi
+ small:
+ limits:
+ cpu: 100m
+ memory: 300Mi
+ requests:
+ cpu: 10m
+ memory: 90Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ unlimited: {}
nodeSelector: {}