1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
# Copyright © 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#################################################################
# Global configuration defaults.
#################################################################
global:
postgres:
service:
name: pgset
name2: tcp-pgset-primary
container:
name: postgres
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- uid: '{{ include "common.postgres.secret.rootPassUID" . }}'
type: password
externalSecret: '{{ tpl (default "" .Values.config.pgRootPasswordExternalSecret) . }}'
password: '{{ .Values.config.pgRootPassword }}'
- uid: '{{ include "common.postgres.secret.userCredentialsUID" . }}'
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.pgUserExternalSecret) . }}'
login: '{{ .Values.config.pgUserName }}'
password: '{{ .Values.config.pgUserPassword }}'
- uid: '{{ include "common.postgres.secret.primaryPasswordUID" . }}'
type: password
externalSecret: '{{ tpl (default "" .Values.config.pgPrimaryPasswordExternalSecret) . }}'
password: '{{ .Values.config.pgPrimaryPassword }}'
#################################################################
# Application configuration defaults.
#################################################################
pullPolicy: Always
# application configuration
config:
pgUserName: testuser
pgDatabase: userdb
pgDataPath: data
pgRootPasswordExternalSecret: '{{ include "common.namespace" . }}-postgres-db-root-password'
# pgPrimaryPassword: password
# pgUserPassword: password
# pgRootPassword: password
nodeSelector: {}
affinity: {}
flavor: small
#resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
#
# Example:
# Configure resource requests and limits
# ref: http://kubernetes.io/docs/user-guide/compute-resources/
# Minimum memory for development is 2 CPU cores and 4GB memory
# Minimum memory for production is 4 CPU cores and 8GB memory
resources:
small:
limits:
cpu: "100m"
memory: "300Mi"
requests:
cpu: "10m"
memory: "90Mi"
large:
limits:
cpu: "2"
memory: "4Gi"
requests:
cpu: "1"
memory: "2Gi"
unlimited: {}
#Pods Service Account
serviceAccount:
nameOverride: postgres-init
roles:
- read
securityContext:
user_id: 26
group_id: 26
readinessCheck:
wait_for:
services:
- '{{ .Values.global.postgres.service.name2 }}'
wait_for_job_container:
containers:
- '{{ include "common.name" . }}-update-config'
# Annotations to control the execution and deletion of the job
# Can be used to delete a job before an Upgrade
#
# jobAnnotations:
# # In case of an ArgoCD deployment this Hook deletes the job before syncing
# argocd.argoproj.io/hook: Sync
# argocd.argoproj.io/hook-delete-policy: BeforeHookCreation
#
# # In case of an Helm/Flux deployment this Hook deletes the job
# # This is what defines this resource as a hook. Without this line, the
# # job is considered part of the release.
# "helm.sh/hook": "pre-upgrade,pre-rollback,post-install"
# "helm.sh/hook-delete-policy": "before-hook-creation"
# "helm.sh/hook-weight": "1"
jobPodAnnotations:
# Workarround to exclude K8S API from istio communication
# as init-container (readinessCheck) does not work with the
# Istio CNI plugin, see:
# (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers)
traffic.sidecar.istio.io/excludeOutboundPorts: "443"
|
