# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ################################################################# # Global configuration defaults. ################################################################# global: postgres: service: name: pgset name2: tcp-pgset-primary container: name: postgres ################################################################# # Secrets metaconfig ################################################################# secrets: - uid: '{{ include "common.postgres.secret.rootPassUID" . }}' type: password externalSecret: '{{ tpl (default "" .Values.config.pgRootPasswordExternalSecret) . }}' password: '{{ .Values.config.pgRootPassword }}' - uid: '{{ include "common.postgres.secret.userCredentialsUID" . }}' type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.pgUserExternalSecret) . }}' login: '{{ .Values.config.pgUserName }}' password: '{{ .Values.config.pgUserPassword }}' - uid: '{{ include "common.postgres.secret.primaryPasswordUID" . }}' type: password externalSecret: '{{ tpl (default "" .Values.config.pgPrimaryPasswordExternalSecret) . }}' password: '{{ .Values.config.pgPrimaryPassword }}' ################################################################# # Application configuration defaults. ################################################################# pullPolicy: Always # application configuration config: pgUserName: testuser pgDatabase: userdb pgDataPath: data pgRootPasswordExternalSecret: '{{ include "common.namespace" . }}-postgres-db-root-password' # pgPrimaryPassword: password # pgUserPassword: password # pgRootPassword: password nodeSelector: {} affinity: {} flavor: small #resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # # Example: # Configure resource requests and limits # ref: http://kubernetes.io/docs/user-guide/compute-resources/ # Minimum memory for development is 2 CPU cores and 4GB memory # Minimum memory for production is 4 CPU cores and 8GB memory resources: small: limits: cpu: "100m" memory: "300Mi" requests: cpu: "10m" memory: "90Mi" large: limits: cpu: "2" memory: "4Gi" requests: cpu: "1" memory: "2Gi" unlimited: {} #Pods Service Account serviceAccount: nameOverride: postgres-init roles: - read securityContext: user_id: 26 group_id: 26 readinessCheck: wait_for: services: - '{{ .Values.global.postgres.service.name2 }}' wait_for_job_container: containers: - '{{ include "common.name" . }}-update-config' # Annotations to control the execution and deletion of the job # Can be used to delete a job before an Upgrade # # jobAnnotations: # # In case of an ArgoCD deployment this Hook deletes the job before syncing # argocd.argoproj.io/hook: Sync # argocd.argoproj.io/hook-delete-policy: BeforeHookCreation # # # In case of an Helm/Flux deployment this Hook deletes the job # # This is what defines this resource as a hook. Without this line, the # # job is considered part of the release. # "helm.sh/hook": "pre-upgrade,pre-rollback,post-install" # "helm.sh/hook-delete-policy": "before-hook-creation" # "helm.sh/hook-weight": "1" jobPodAnnotations: # Workarround to exclude K8S API from istio communication # as init-container (readinessCheck) does not work with the # Istio CNI plugin, see: # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers) traffic.sidecar.istio.io/excludeOutboundPorts: "443"