diff --git a/charts/dso-cnpg/.helmignore b/charts/dso-cnpg/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/dso-cnpg/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/dso-cnpg/Chart.yaml b/charts/dso-cnpg/Chart.yaml new file mode 100644 index 0000000..22f596b --- /dev/null +++ b/charts/dso-cnpg/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v2 +name: cpn-cnpg +description: A Helm Chart to deploy easily a CNPG cluster +type: application +version: 1.0.0 +appVersion: 1.0.0 +keywords: [] +home: https://cloud-pi-native.fr +sources: + - https://github.com/cloud-pi-native/helm-charts +deprecated: false +annotations: {} +maintainers: + - name: this-is-tobi + email: thibault.colin@interieur.gouv.fr + url: https://this-is-tobi.com diff --git a/charts/dso-cnpg/README.md b/charts/dso-cnpg/README.md new file mode 100644 index 0000000..5c25acf --- /dev/null +++ b/charts/dso-cnpg/README.md @@ -0,0 +1,53 @@ +# cpn-cnpg + +![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) + +A Helm Chart to deploy easily a CNPG cluster + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| this-is-tobi | | | + +## Source Code + +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| annotations | object | `{}` | Additional cnpg cluster annotations. | +| backup.cron | string | `"0 0 */6 * * *"` | The cron rule used for cnpg backups. By default it runs every 6 hours. | +| backup.destinationPath | string | `""` | S3 destination path for cnpg backups (it should be set like `s3:///`). | +| backup.enabled | bool | `false` | Whether or not cnpg cluster deployment should be enabled. | +| backup.endpointCA.key | string | `""` | The secret key containing S3 CA for cnpg backups. | +| backup.endpointCA.name | string | `""` | The secret name containing S3 CA for cnpg backups. | +| backup.endpointURL | string | `""` | S3 endpoint for cnpg backups. | +| backup.retentionPolicy | string | `"14d"` | Retention policy for cnpg backups recurrences. | +| backup.s3Credentials.accessKeyId.key | string | `"accessKeyId"` | S3 accessKeyId kubernetes secret key used for cnpg backups. | +| backup.s3Credentials.accessKeyId.value | string | `""` | S3 accessKeyId value used for cnpg backups. Only needed if `backup.s3Credentials.create` is set to `true`. | +| backup.s3Credentials.create | bool | `false` | Whether or not to create kuebernetes secret used for cnpg backups. It will use `name`, `accessKeyId.key`, `accessKeyId.value`, `secretAccessKey.key` and `secretAccessKey.value` to create the secret. | +| backup.s3Credentials.secretAccessKey.key | string | `"secretAccessKey"` | S3 secretAccessKey kubernetes secret key used for cnpg backups. | +| backup.s3Credentials.secretAccessKey.value | string | `""` | S3 secretAccessKey value used for cnpg backups. Only needed if `backup.s3Credentials.create` is set to `true`. | +| backup.s3Credentials.secretName | string | `""` | S3 kuebernetes secret name used for cnpg backups. | +| dbName | string | `"dbname"` | Name of the database. | +| enableSuperuserAccess | bool | `true` | Enable superuser access. | +| exposed | bool | `false` | Whether or not a NodePort service should be created to exposed the database. | +| fullnameOverride | string | `""` | String to fully override the default application name. | +| imageName | string | `""` | Name of the image used for database. By default (empty string), the operator will install the latest available minor version of the latest major version of PostgreSQL when the operator was released | +| instances | int | `3` | Number of instances to spawn in the cluster. | +| mode | string | `"primary"` | Mode used to deploy the cnpg cluster, it should be `primary`, `replica` or `restore`. | +| nameOverride | string | `""` | Provide a name in place of the default application name. | +| nodePort | string | `nil` | Port used for NodePort service. Needs `exposed` tu be true. | +| primaryUpdateStrategy | string | `"unsupervised"` | Rolling update strategy used : unsupervised: automated update of the primary once all replicas have been upgraded (default) supervised: requires manual supervision to perform the switchover of the primary | +| pvcSize | string | `"10Gi"` | Size of the PVC used by each cnpg instance. | +| replica.host | string | `""` | Primary cnpg cluster host used for replica mode. | +| replica.port | int | `5432` | Primary cnpg cluster port used for replica mode. | +| username | string | `"username"` | Username of the database user. | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/charts/dso-cnpg/templates/_helpers.tpl b/charts/dso-cnpg/templates/_helpers.tpl new file mode 100644 index 0000000..2bb91ee --- /dev/null +++ b/charts/dso-cnpg/templates/_helpers.tpl @@ -0,0 +1,106 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "cpnCnpg.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cpnCnpg.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + + +{{/* +Create image pull secret +*/}} +{{- define "cpnCnpg.imagePullSecret" }} +{{- with .Values.imageCredentials }} +{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }} +{{- end }} +{{- end }} + + +{{/* +Create container environment variables from configmap +*/}} +{{- define "cpnCnpg.env" -}} +{{ range $key, $val := .env }} +{{ $key }}: {{ $val | quote }} +{{- end }} +{{- end }} + + +{{/* +Create container environment variables from secret +*/}} +{{- define "cpnCnpg.secret" -}} +{{ range $key, $val := .secrets }} +{{ $key }}: {{ $val | b64enc | quote }} +{{- end }} +{{- end }} + + +{{/* +Define a file checksum to trigger rollout on configmap of secret change +*/}} +{{- define "checksum" -}} +{{- $ := index . 0 }} +{{- $path := index . 1 }} +{{- $resourceType := include (print $.Template.BasePath $path) $ | fromYaml -}} +{{- if $resourceType -}} +checksum/{{ $resourceType.metadata.name }}: {{ $resourceType.data | toYaml | sha256sum }} +{{- end -}} +{{- end -}} + + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cpnCnpg.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + + +{{/* +Common labels +*/}} +{{- define "cpnCnpg.common.labels" -}} +helm.sh/chart: {{ include "cpnCnpg.chart" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + + +{{/* +Selector labels +*/}} +{{- define "cpnCnpg.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cpnCnpg.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + + +{{/* +Labels +*/}} +{{- define "cpnCnpg.labels" -}} +{{ include "cpnCnpg.common.labels" . }} +{{ include "cpnCnpg.selectorLabels" . }} +{{- end }} diff --git a/charts/dso-cnpg/templates/backup-secret.yaml b/charts/dso-cnpg/templates/backup-secret.yaml new file mode 100644 index 0000000..1bc6a47 --- /dev/null +++ b/charts/dso-cnpg/templates/backup-secret.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.backup.enabled .Values.backup.s3Credentials.create }} +kind: Secret +apiVersion: v1 +metadata: + name: {{ .Values.backup.s3Credentials.secretName | default (printf "%s-%s" (include "cpnConsole.fullname" .) "pg-cluster") }} + labels: + {{- include "cpnCnpg.labels" . | nindent 4 }} +data: + {{ .Values.backup.s3Credentials.accessKeyId.key | indent 2 -}}: {{ .Values.backup.s3Credentials.accessKeyId.value | b64enc }} + {{ .Values.backup.s3Credentials.secretAccessKey.key | indent 2 -}}: {{ .Values.backup.s3Credentials.secretAccessKey.value | b64enc }} +{{- end -}} diff --git a/charts/dso-cnpg/templates/pg-cluster.yaml b/charts/dso-cnpg/templates/pg-cluster.yaml new file mode 100644 index 0000000..9fabdcd --- /dev/null +++ b/charts/dso-cnpg/templates/pg-cluster.yaml @@ -0,0 +1,92 @@ +apiVersion: postgresql.io/v1 +kind: Cluster +metadata: + name: {{ .Values.nameOverride | default (printf "%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster") }} + labels: + {{- include "cpnCnpg.labels" . | nindent 4 }} + annotations: + {{- with .Values.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + instances: {{ .Values.instances }} + {{- if .Values.imageName }} + imageName: {{ .Values.imageName }} + {{- end }} + postgresql: + {{- end }} + parameters: + max_worker_processes: "60" + pg_hba: + - {{ printf "%s %s %s %s %s" "host" .Values.dbName .Values.username "all" "md5" }} + - {{ printf "%s %s %s %s %s" "host" .Values.dbName "streaming_replica" "all" "md5" }} + bootstrap: + {{- if eq .Values.mode "primary" }} + initdb: + database: {{ .Values.dbName }} + owner: {{ .Values.username }} + {{- else if or (eq .Values.mode "replica") (eq .Values.mode "restore") }} + recovery: + source: {{ .Values.nameOverride | default (printf "%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster") }} + externalClusters: + - name: {{ .Values.nameOverride | default (printf "%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster") }} + {{- if or (.Values.backup.enabled) (eq .Values.mode "restore") }} + barmanObjectStore: + destinationPath: {{ .Values.backup.destinationPath }} + endpointURL: {{ .Values.backup.endpointURL }} + {{- if .Values.backup.endpointCA.name }} + endpointCA: + name: {{ .Values.backup.endpointCA.name }} + key: {{ .Values.backup.endpointCA.key }} + {{- end }} + s3Credentials: + accessKeyId: + name: {{ .Values.backup.s3Credentials.secretName | default (printf "%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster") }} + key: {{ .Values.backup.s3Credentials.accessKeyId.key }} + secretAccessKey: + name: {{ .Values.backup.s3Credentials.secretName | default (printf "%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster") }} + key: {{ .Values.backup.s3Credentials.secretAccessKey.key }} + {{- end }} + {{- if eq .Values.mode "replica" }} + connectionParameters: + host: {{ .Values.replica.host }} + port: {{ .Values.replica.port }} + dbname: {{ .Values.dbName }} + sslmode: prefer + sslKey: + name: {{ (printf "%s-%s" .Values.nameOverride "replication") | default (printf "%s-%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster" "replication") }} + key: tls.key + sslCert: + name: {{ (printf "%s-%s" .Values.nameOverride "replication") | default (printf "%s-%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster" "replication") }} + key: tls.crt + sslRootCert: + name: {{ (printf "%s-%s" .Values.nameOverride "ca") | default (printf "%s-%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster" "ca") }} + key: ca.crt + {{- end }} + {{- end }} + {{- if eq .Values.mode "replica" }} + replica: + enabled: true + source: {{ .Values.nameOverride | default (printf "%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster") }} + {{- end }} + enableSuperuserAccess: {{ .Values.enableSuperuserAccess }} + primaryUpdateStrategy: {{ .Values.primaryUpdateStrategy }} + storage: + size: {{ .Values.pvcSize }} + {{- if .Values.backup.enabled }} + backup: + barmanObjectStore: + destinationPath: {{ .Values.backup.destinationPath }} + endpointURL: {{ .Values.backup.endpointURL }} + endpointCA: + name: {{ .Values.backup.endpointCA.name }} + key: {{ .Values.backup.endpointCA.key }} + s3Credentials: + accessKeyId: + name: {{ .Values.backup.s3Credentials.secretName | default (printf "%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster") }} + key: {{ .Values.backup.s3Credentials.accessKeyId.key }} + secretAccessKey: + name: {{ .Values.backup.s3Credentials.secretName | default (printf "%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster") }} + key: {{ .Values.backup.s3Credentials.secretAccessKey.key }} + retentionPolicy: {{ .Values.backup.retentionPolicy }} + {{- end }} diff --git a/charts/dso-cnpg/templates/scheduled-backup.yaml b/charts/dso-cnpg/templates/scheduled-backup.yaml new file mode 100644 index 0000000..85ddbcd --- /dev/null +++ b/charts/dso-cnpg/templates/scheduled-backup.yaml @@ -0,0 +1,13 @@ +{{- if .Values.backup.enabled }} +apiVersion: postgresql.io/v1 +kind: ScheduledBackup +metadata: + name: {{ .Values.nameOverride | default (printf "%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster") }} + labels: + {{- include "cpnCnpg.labels" . | nindent 4 }} +spec: + schedule: {{ .Values.backup.cron }} + backupOwnerReference: self + cluster: + name: {{ .Values.nameOverride | default (printf "%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster") }} +{{- end }} diff --git a/charts/dso-cnpg/templates/service-nodeport.yaml b/charts/dso-cnpg/templates/service-nodeport.yaml new file mode 100644 index 0000000..42cd7c3 --- /dev/null +++ b/charts/dso-cnpg/templates/service-nodeport.yaml @@ -0,0 +1,22 @@ +{{- if .Values.exposed }} +apiVersion: v1 +kind: Service +metadata: + name: {{ (printf "%s-%s" .Values.nameOverride "rw-nodeport") | default (printf "%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster") }} + labels: + {{- include "cpnCnpg.labels" . | nindent 4 }} + annotations: + {{- with .Values.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ports: + - name: postgres + port: 5432 + protocol: TCP + nodePort: {{ .Values.nodePort }} + selector: + cnpg.io/cluster: {{ .Values.nameOverride | default (printf "%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster") }} + role: primary + type: NodePort +{{- end }} diff --git a/charts/dso-cnpg/values.yaml b/charts/dso-cnpg/values.yaml new file mode 100644 index 0000000..0e702f9 --- /dev/null +++ b/charts/dso-cnpg/values.yaml @@ -0,0 +1,71 @@ +# -- Provide a name in place of the default application name. +nameOverride: &cnpgNameOverride "" +# -- String to fully override the default application name. +fullnameOverride: "" + +# CNPG configuration + +# -- Number of instances to spawn in the cluster. +instances: 3 +# -- Name of the image used for database. +# By default (empty string), the operator will install the latest available minor version of the latest major version of PostgreSQL when the operator was released +imageName: "" +# -- Username of the database user. +username: "username" +# -- Name of the database. +dbName: "dbname" +# -- Enable superuser access. +enableSuperuserAccess: true +# -- Rolling update strategy used : +# unsupervised: automated update of the primary once all replicas have been upgraded (default) +# supervised: requires manual supervision to perform the switchover of the primary +primaryUpdateStrategy: "unsupervised" +# -- Size of the PVC used by each cnpg instance. +pvcSize: "10Gi" +# -- Additional cnpg cluster annotations. +annotations: {} +# -- Whether or not a NodePort service should be created to exposed the database. +exposed: false +# -- Port used for NodePort service. Needs `exposed` tu be true. +nodePort: +# -- Mode used to deploy the cnpg cluster, it should be `primary`, `replica` or `restore`. +mode: "primary" +replica: + # -- Primary cnpg cluster host used for replica mode. + host: "" + # -- Primary cnpg cluster port used for replica mode. + port: 5432 +backup: + # -- Whether or not cnpg cluster deployment should be enabled. + enabled: false + # -- S3 destination path for cnpg backups (it should be set like `s3:///`). + destinationPath: "" + # -- S3 endpoint for cnpg backups. + endpointURL: "" + endpointCA: + # -- The secret name containing S3 CA for cnpg backups. + name: "" + # -- The secret key containing S3 CA for cnpg backups. + key: "" + s3Credentials: + # -- Whether or not to create kuebernetes secret used for cnpg backups. + # It will use `name`, `accessKeyId.key`, `accessKeyId.value`, `secretAccessKey.key` and `secretAccessKey.value` to create the secret. + create: false + # -- S3 kuebernetes secret name used for cnpg backups. + secretName: *cnpgNameOverride + accessKeyId: + # -- S3 accessKeyId kubernetes secret key used for cnpg backups. + key: "accessKeyId" + # -- S3 accessKeyId value used for cnpg backups. + # Only needed if `backup.s3Credentials.create` is set to `true`. + value: "" + secretAccessKey: + # -- S3 secretAccessKey kubernetes secret key used for cnpg backups. + key: "secretAccessKey" + # -- S3 secretAccessKey value used for cnpg backups. + # Only needed if `backup.s3Credentials.create` is set to `true`. + value: "" + # -- The cron rule used for cnpg backups. By default it runs every 6 hours. + cron: "0 0 */6 * * *" + # -- Retention policy for cnpg backups recurrences. + retentionPolicy: "14d" diff --git a/charts/dso-console/Chart.yaml b/charts/dso-console/Chart.yaml index 4ba14b3..e69c26a 100644 --- a/charts/dso-console/Chart.yaml +++ b/charts/dso-console/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: cpn-console description: A Helm chart to deploy Cloud Pi Native Console type: application -version: 1.5.2 +version: 1.6.0 appVersion: 8.8.2 keywords: [] home: https://cloud-pi-native.fr diff --git a/charts/dso-console/README.md b/charts/dso-console/README.md index f32f73c..f8acac8 100644 --- a/charts/dso-console/README.md +++ b/charts/dso-console/README.md @@ -1,6 +1,6 @@ # cpn-console -![Version: 1.5.2](https://img.shields.io/badge/Version-1.5.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 8.8.2](https://img.shields.io/badge/AppVersion-8.8.2-informational?style=flat-square) +![Version: 1.6.0](https://img.shields.io/badge/Version-1.6.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 8.8.2](https://img.shields.io/badge/AppVersion-8.8.2-informational?style=flat-square) A Helm chart to deploy Cloud Pi Native Console @@ -90,23 +90,24 @@ A Helm chart to deploy Cloud Pi Native Console | cnpg.backup.endpointURL | string | `""` | S3 endpoint for cnpg backups. | | cnpg.backup.retentionPolicy | string | `"30d"` | Retention policy for cnpg backups recurrences. | | cnpg.backup.s3Credentials.accessKeyId.key | string | `"accessKeyId"` | S3 accessKeyId kubernetes secret key used for cnpg backups. | -| cnpg.backup.s3Credentials.accessKeyId.value | string | `""` | S3 accessKeyId value used for cnpg backups. | +| cnpg.backup.s3Credentials.accessKeyId.value | string | `""` | S3 accessKeyId value used for cnpg backups. Only needed if `backup.s3Credentials.create` is set to `true`. | | cnpg.backup.s3Credentials.create | bool | `false` | Whether or not to create kuebernetes secret used for cnpg backups. It will use `name`, `accessKeyId.key`, `accessKeyId.value`, `secretAccessKey.key` and `secretAccessKey.value` to create the secret. | -| cnpg.backup.s3Credentials.name | string | `""` | S3 kuebernetes secret name used for cnpg backups. | | cnpg.backup.s3Credentials.secretAccessKey.key | string | `"secretAccessKey"` | S3 secretAccessKey kubernetes secret key used for cnpg backups. | -| cnpg.backup.s3Credentials.secretAccessKey.value | string | `""` | S3 secretAccessKey value used for cnpg backups. | +| cnpg.backup.s3Credentials.secretAccessKey.value | string | `""` | S3 secretAccessKey value used for cnpg backups. Only needed if `backup.s3Credentials.create` is set to `true`. | +| cnpg.backup.s3Credentials.secretName | string | `""` | S3 kuebernetes secret name used for cnpg backups. | | cnpg.dbName | string | `"dso-console-db"` | Name of the database. | | cnpg.enableSuperuserAccess | bool | `true` | Enable superuser access. | | cnpg.enabled | bool | `false` | Whether or not cnpg cluster deployment should be enabled. | | cnpg.exposed | bool | `false` | Whether or not a NodePort service should be created to exposed the database. | +| cnpg.imageName | string | `""` | Name of the image used for database. By default (empty string), the operator will install the latest available minor version of the latest major version of PostgreSQL when the operator was released | | cnpg.instances | int | `3` | Number of instances to spawn in the cluster. | -| cnpg.mode | string | `"primary"` | Mode used to deploy the cnpg cluster, it should be `primary` or `replica`. | +| cnpg.mode | string | `"primary"` | Mode used to deploy the cnpg cluster, it should be `primary`, `replica` or `restore`. | | cnpg.nameOverride | string | `""` | Provide a name in place of the default cnpg cluster name. | | cnpg.nodePort | string | `nil` | Port used for NodePort service. Needs `exposed` tu be true. | | cnpg.primaryUpdateStrategy | string | `"unsupervised"` | Rolling update strategy used : unsupervised: automated update of the primary once all replicas have been upgraded (default) supervised: requires manual supervision to perform the switchover of the primary | | cnpg.pvcSize | string | `"10Gi"` | Size of the PVC used by each cnpg instance. | -| cnpg.replica.host | string | `nil` | Primary cnpg cluster host used for replica mode. | -| cnpg.replica.port | string | `nil` | Primary cnpg cluster port used for replica mode. | +| cnpg.replica.host | string | `""` | Primary cnpg cluster host used for replica mode. | +| cnpg.replica.port | int | `5432` | Primary cnpg cluster port used for replica mode. | | cnpg.username | string | `"dso"` | Username of the database user. | | config.create | bool | `false` | Whether or not helm should create the console config. | | config.name | string | `"dso-config"` | Name of the genrated config. | diff --git a/charts/dso-console/templates/cnpg/backup-secret.yaml b/charts/dso-console/templates/cnpg/backup-secret.yaml index 68f3ea0..c760079 100644 --- a/charts/dso-console/templates/cnpg/backup-secret.yaml +++ b/charts/dso-console/templates/cnpg/backup-secret.yaml @@ -2,7 +2,7 @@ kind: Secret apiVersion: v1 metadata: - name: {{ .Values.cnpg.backup.s3Credentials.name | default (printf "%s-%s" (include "cpnConsole.fullname" .) "pg-cluster") }} + name: {{ .Values.cnpg.backup.s3Credentials.secretName | default (printf "%s-%s" (include "cpnConsole.fullname" .) "pg-cluster") }} labels: {{- include "cpnConsole.common.labels" . | nindent 4 }} data: diff --git a/charts/dso-console/templates/cnpg/pg-cluster.yaml b/charts/dso-console/templates/cnpg/pg-cluster.yaml index 3f3f0bc..5350320 100644 --- a/charts/dso-console/templates/cnpg/pg-cluster.yaml +++ b/charts/dso-console/templates/cnpg/pg-cluster.yaml @@ -15,8 +15,6 @@ spec: imageName: {{ .Values.cnpg.imageName }} {{- end }} postgresql: - {{- if .Values.cnpg.imageName }} - image: {{ .Values.cnpg.imageName }} {{- end }} parameters: max_worker_processes: "60" @@ -28,29 +26,29 @@ spec: initdb: database: {{ .Values.cnpg.dbName }} owner: {{ .Values.cnpg.username }} - {{- else if eq .Values.cnpg.mode "replica" }} + {{- else if or (eq .Values.cnpg.mode "replica") (eq .Values.cnpg.mode "restore") }} recovery: - source: cluster-primary - replica: - enabled: true - source: cluster-primary + source: {{ .Values.cnpg.nameOverride | default (printf "%s-%s" (include "cpnConsole.fullname" .) "pg-cluster") }} externalClusters: - - name: cluster-primary - {{- if .Values.cnpg.backup }} + - name: {{ .Values.cnpg.nameOverride | default (printf "%s-%s" (include "cpnConsole.fullname" .) "pg-cluster") }} + {{- if or (.Values.cnpg.backup.enabled) (eq .Values.cnpg.mode "restore") }} barmanObjectStore: destinationPath: {{ .Values.cnpg.backup.destinationPath }} endpointURL: {{ .Values.cnpg.backup.endpointURL }} + {{- if .Values.cnpg.backup.endpointCA.name }} endpointCA: name: {{ .Values.cnpg.backup.endpointCA.name }} key: {{ .Values.cnpg.backup.endpointCA.key }} + {{- end }} s3Credentials: accessKeyId: - name: {{ .Values.cnpg.backup.s3Credentials.name | default (printf "%s-%s" (include "cpnConsole.fullname" .) "pg-cluster") }} + name: {{ .Values.cnpg.backup.s3Credentials.secretName | default (printf "%s-%s" (include "cpnConsole.fullname" .) "pg-cluster") }} key: {{ .Values.cnpg.backup.s3Credentials.accessKeyId.key }} secretAccessKey: - name: {{ .Values.cnpg.backup.s3Credentials.name | default (printf "%s-%s" (include "cpnConsole.fullname" .) "pg-cluster") }} + name: {{ .Values.cnpg.backup.s3Credentials.secretName | default (printf "%s-%s" (include "cpnConsole.fullname" .) "pg-cluster") }} key: {{ .Values.cnpg.backup.s3Credentials.secretAccessKey.key }} {{- end }} + {{- if eq .Values.cnpg.mode "replica" }} connectionParameters: host: {{ .Values.cnpg.replica.host }} port: {{ .Values.cnpg.replica.port }} @@ -65,6 +63,12 @@ spec: sslRootCert: name: {{ (printf "%s-%s" .Values.cnpg.nameOverride "ca") | default (printf "%s-%s-%s" (include "cpnConsole.fullname" .) "pg-cluster" "ca") }} key: ca.crt + {{- end }} + {{- end }} + {{- if eq .Values.cnpg.mode "replica" }} + replica: + enabled: true + source: {{ .Values.cnpg.nameOverride | default (printf "%s-%s" (include "cpnConsole.fullname" .) "pg-cluster") }} {{- end }} enableSuperuserAccess: {{ .Values.cnpg.enableSuperuserAccess }} primaryUpdateStrategy: {{ .Values.cnpg.primaryUpdateStrategy }} @@ -80,10 +84,10 @@ spec: key: {{ .Values.cnpg.backup.endpointCA.key }} s3Credentials: accessKeyId: - name: {{ .Values.cnpg.backup.s3Credentials.name | default (printf "%s-%s" (include "cpnConsole.fullname" .) "pg-cluster") }} + name: {{ .Values.cnpg.backup.s3Credentials.secretName | default (printf "%s-%s" (include "cpnConsole.fullname" .) "pg-cluster") }} key: {{ .Values.cnpg.backup.s3Credentials.accessKeyId.key }} secretAccessKey: - name: {{ .Values.cnpg.backup.s3Credentials.name | default (printf "%s-%s" (include "cpnConsole.fullname" .) "pg-cluster") }} + name: {{ .Values.cnpg.backup.s3Credentials.secretName | default (printf "%s-%s" (include "cpnConsole.fullname" .) "pg-cluster") }} key: {{ .Values.cnpg.backup.s3Credentials.secretAccessKey.key }} retentionPolicy: {{ .Values.cnpg.backup.retentionPolicy }} {{- end }} diff --git a/charts/dso-console/values.yaml b/charts/dso-console/values.yaml index 86f235d..32985f4 100644 --- a/charts/dso-console/values.yaml +++ b/charts/dso-console/values.yaml @@ -468,6 +468,9 @@ cnpg: nameOverride: &cnpgNameOverride "" # -- Number of instances to spawn in the cluster. instances: 3 + # -- Name of the image used for database. + # By default (empty string), the operator will install the latest available minor version of the latest major version of PostgreSQL when the operator was released + imageName: "" # -- Username of the database user. username: "dso" # -- Name of the database. @@ -485,14 +488,14 @@ cnpg: # -- Whether or not a NodePort service should be created to exposed the database. exposed: false # -- Port used for NodePort service. Needs `exposed` tu be true. - nodePort: - # -- Mode used to deploy the cnpg cluster, it should be `primary` or `replica`. + nodePort: + # -- Mode used to deploy the cnpg cluster, it should be `primary`, `replica` or `restore`. mode: "primary" replica: # -- Primary cnpg cluster host used for replica mode. - host: + host: "" # -- Primary cnpg cluster port used for replica mode. - port: + port: 5432 backup: # -- Whether or not cnpg cluster deployment should be enabled. enabled: false @@ -510,16 +513,18 @@ cnpg: # It will use `name`, `accessKeyId.key`, `accessKeyId.value`, `secretAccessKey.key` and `secretAccessKey.value` to create the secret. create: false # -- S3 kuebernetes secret name used for cnpg backups. - name: *cnpgNameOverride + secretName: *cnpgNameOverride accessKeyId: # -- S3 accessKeyId kubernetes secret key used for cnpg backups. key: "accessKeyId" # -- S3 accessKeyId value used for cnpg backups. + # Only needed if `backup.s3Credentials.create` is set to `true`. value: "" secretAccessKey: # -- S3 secretAccessKey kubernetes secret key used for cnpg backups. key: "secretAccessKey" # -- S3 secretAccessKey value used for cnpg backups. + # Only needed if `backup.s3Credentials.create` is set to `true`. value: "" # -- The cron rule used for cnpg backups. By default it runs every 6 hours. cron: "0 0 */6 * * *"