From b71f147ff75b22a6aa67f13e8b9acd3bd2fc21cf Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 10 Oct 2023 17:30:38 +0800 Subject: [PATCH 01/22] chore(mysql-cluster): modify networkpolicy --- .../templates/networkpolicy.yaml | 31 ++++++++--------- .../8.0/chart/mysql-cluster/values.yaml | 33 +++++++++---------- 2 files changed, 32 insertions(+), 32 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml index 45a67db3..827f8311 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml @@ -23,23 +23,24 @@ spec: ingress: # Allow inbound connections - ports: - - port: {{ .Values.primary.service.ports.mysql }} - {{- if not .Values.networkPolicy.allowExternal }} + - port: {{ .Values.router.service.portrw }} + - port: {{ .Values.router.service.portro }} + {{- if and .Values.metrics.enabled }} + - port: {{ .Values.metrics.service.port }} + {{ end }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} from: - - podSelector: + {{- if .Values.networkPolicy.allowCurrentNamespace }} + - namespaceSelector: matchLabels: - {{ template "common.names.fullname" . }}-client: "true" - {{- if .Values.networkPolicy.explicitNamespacesSelector }} - namespaceSelector: -{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} - {{- end }} - - podSelector: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- end }} + {{- range $namespace := .Values.networkPolicy.allowNamespaces }} + {{- if $namespace }} + - namespaceSelector: matchLabels: - {{- include "common.labels.matchLabels" . | nindent 14 }} + kubernetes.io/metadata.name: {{ $namespace }} {{- end }} - {{- if .Values.metrics.enabled }} - # Allow prometheus scrapes - - ports: - - port: 9104 - {{- end }} + {{- end }} + {{- end }} {{- end }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index cdbfd0a3..ebfe4ed2 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -971,28 +971,16 @@ rbac: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: false + enabled: true ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port MySQL is listening ## on. When true, MySQL will accept connections from any source ## (with the correct destination port). ## - allowExternal: true - ## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed to MySQL - ## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the DB. - ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - ## - explicitNamespacesSelector: {} + allowCurrentNamespace: true + allowNamespaces: [] + ## @section Volume Permissions parameters @@ -1035,7 +1023,7 @@ volumePermissions: metrics: ## @param metrics.enabled Start a side-car prometheus exporter ## - enabled: false + enabled: true ## @param metrics.image.registry Exporter image registry ## @param metrics.image.repository Exporter image repository ## @param metrics.image.tag Exporter image tag (immutable tags are recommended) @@ -1132,6 +1120,17 @@ metrics: ## cpu: 100m ## memory: 256Mi requests: {} + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsGroup: 0 + runAsNonRoot: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL ## Mysqld Prometheus exporter liveness probe ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## @param metrics.livenessProbe.enabled Enable livenessProbe From d30010a82334ad1a5d6345a43ff3b578e084e79a Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 10 Oct 2023 17:33:07 +0800 Subject: [PATCH 02/22] fix(prometheus): fix typo --- addons/prometheus/2/{plan => plans}/standard-1-2/bind.yaml | 0 .../2/{plan => plans}/standard-1-2/create-instance-schema.json | 0 addons/prometheus/2/{plan => plans}/standard-1-2/meta.yaml | 0 addons/prometheus/2/{plan => plans}/standard-1-2/values.yaml | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename addons/prometheus/2/{plan => plans}/standard-1-2/bind.yaml (100%) rename addons/prometheus/2/{plan => plans}/standard-1-2/create-instance-schema.json (100%) rename addons/prometheus/2/{plan => plans}/standard-1-2/meta.yaml (100%) rename addons/prometheus/2/{plan => plans}/standard-1-2/values.yaml (100%) diff --git a/addons/prometheus/2/plan/standard-1-2/bind.yaml b/addons/prometheus/2/plans/standard-1-2/bind.yaml similarity index 100% rename from addons/prometheus/2/plan/standard-1-2/bind.yaml rename to addons/prometheus/2/plans/standard-1-2/bind.yaml diff --git a/addons/prometheus/2/plan/standard-1-2/create-instance-schema.json b/addons/prometheus/2/plans/standard-1-2/create-instance-schema.json similarity index 100% rename from addons/prometheus/2/plan/standard-1-2/create-instance-schema.json rename to addons/prometheus/2/plans/standard-1-2/create-instance-schema.json diff --git a/addons/prometheus/2/plan/standard-1-2/meta.yaml b/addons/prometheus/2/plans/standard-1-2/meta.yaml similarity index 100% rename from addons/prometheus/2/plan/standard-1-2/meta.yaml rename to addons/prometheus/2/plans/standard-1-2/meta.yaml diff --git a/addons/prometheus/2/plan/standard-1-2/values.yaml b/addons/prometheus/2/plans/standard-1-2/values.yaml similarity index 100% rename from addons/prometheus/2/plan/standard-1-2/values.yaml rename to addons/prometheus/2/plans/standard-1-2/values.yaml From 842cb24e279faaf75683363681d3a1f83bb78071 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 12 Oct 2023 09:41:04 +0800 Subject: [PATCH 03/22] chore(prometheus): add plans 50 --- .../{standard-1-2 => standard-10}/bind.yaml | 0 .../create-instance-schema.json | 0 .../{standard-1-2 => standard-10}/meta.yaml | 0 .../{standard-1-2 => standard-10}/values.yaml | 0 .../prometheus/2/plans/standard-50/bind.yaml | 34 +++++++++++++++++++ .../standard-50/create-instance-schema.json | 12 +++++++ .../prometheus/2/plans/standard-50/meta.yaml | 6 ++++ .../2/plans/standard-50/values.yaml | 7 ++++ 8 files changed, 59 insertions(+) rename addons/prometheus/2/plans/{standard-1-2 => standard-10}/bind.yaml (100%) rename addons/prometheus/2/plans/{standard-1-2 => standard-10}/create-instance-schema.json (100%) rename addons/prometheus/2/plans/{standard-1-2 => standard-10}/meta.yaml (100%) rename addons/prometheus/2/plans/{standard-1-2 => standard-10}/values.yaml (100%) create mode 100644 addons/prometheus/2/plans/standard-50/bind.yaml create mode 100644 addons/prometheus/2/plans/standard-50/create-instance-schema.json create mode 100644 addons/prometheus/2/plans/standard-50/meta.yaml create mode 100644 addons/prometheus/2/plans/standard-50/values.yaml diff --git a/addons/prometheus/2/plans/standard-1-2/bind.yaml b/addons/prometheus/2/plans/standard-10/bind.yaml similarity index 100% rename from addons/prometheus/2/plans/standard-1-2/bind.yaml rename to addons/prometheus/2/plans/standard-10/bind.yaml diff --git a/addons/prometheus/2/plans/standard-1-2/create-instance-schema.json b/addons/prometheus/2/plans/standard-10/create-instance-schema.json similarity index 100% rename from addons/prometheus/2/plans/standard-1-2/create-instance-schema.json rename to addons/prometheus/2/plans/standard-10/create-instance-schema.json diff --git a/addons/prometheus/2/plans/standard-1-2/meta.yaml b/addons/prometheus/2/plans/standard-10/meta.yaml similarity index 100% rename from addons/prometheus/2/plans/standard-1-2/meta.yaml rename to addons/prometheus/2/plans/standard-10/meta.yaml diff --git a/addons/prometheus/2/plans/standard-1-2/values.yaml b/addons/prometheus/2/plans/standard-10/values.yaml similarity index 100% rename from addons/prometheus/2/plans/standard-1-2/values.yaml rename to addons/prometheus/2/plans/standard-10/values.yaml diff --git a/addons/prometheus/2/plans/standard-50/bind.yaml b/addons/prometheus/2/plans/standard-50/bind.yaml new file mode 100644 index 00000000..5ee819d9 --- /dev/null +++ b/addons/prometheus/2/plans/standard-50/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ printf "%s-router" (include "common.names.fullname" .) }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + {{- end }} + diff --git a/addons/prometheus/2/plans/standard-50/create-instance-schema.json b/addons/prometheus/2/plans/standard-50/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/prometheus/2/plans/standard-50/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-50/meta.yaml b/addons/prometheus/2/plans/standard-50/meta.yaml new file mode 100644 index 00000000..0baaf0f9 --- /dev/null +++ b/addons/prometheus/2/plans/standard-50/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-50" +id: eb7b3f73-dd94-4d05-8a48-63e7775f534d +description: "Prometheus Cluster standard-50 plan persistence size 50Gi." +displayName: "50Gi" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/prometheus/2/plans/standard-50/values.yaml b/addons/prometheus/2/plans/standard-50/values.yaml new file mode 100644 index 00000000..0dc80c4f --- /dev/null +++ b/addons/prometheus/2/plans/standard-50/values.yaml @@ -0,0 +1,7 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-prometheus-standard-50 + +server: + persistence: + size: 50Gi \ No newline at end of file From 4155cdf4f1a0cd6eb8df499fd79f57ff7ef5dd61 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 16 Oct 2023 14:16:44 +0800 Subject: [PATCH 04/22] chore(mysql-cluster): add networkpolicy --- .../chart/mysql-cluster/templates/networkpolicy.yaml | 1 + .../mysql-cluster/templates/primary/statefulset.yaml | 2 +- .../mysql-cluster/8.0/chart/mysql-cluster/values.yaml | 10 +++++----- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml index 827f8311..74013298 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml @@ -25,6 +25,7 @@ spec: - ports: - port: {{ .Values.router.service.portrw }} - port: {{ .Values.router.service.portro }} + - port: 24901 {{- if and .Values.metrics.enabled }} - port: {{ .Values.metrics.service.port }} {{ end }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml index 79694e68..56b3ec79 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml @@ -298,7 +298,7 @@ spec: if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") fi - MYSQLD_EXPORTER_PASSWORD=${password_aux} /bin/mysqld_exporter --mysqld.address=localhost:3306 --mysqld.username=root {{- range .Values.metrics.extraArgs.primary }} {{ . }} {{- end }} + MYSQLD_EXPORTER_PASSWORD=${password_aux} /opt/drycc/mysqld_exporter/bin/mysqld_exporter --mysqld.address=localhost:3306 --mysqld.username=root {{- range .Values.metrics.extraArgs.primary }} {{ . }} {{- end }} {{- end }} ports: - name: metrics diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index ebfe4ed2..9d5e4293 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -971,7 +971,7 @@ rbac: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: true + enabled: true ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port MySQL is listening @@ -1023,7 +1023,7 @@ volumePermissions: metrics: ## @param metrics.enabled Start a side-car prometheus exporter ## - enabled: true + enabled: true ## @param metrics.image.registry Exporter image registry ## @param metrics.image.repository Exporter image repository ## @param metrics.image.tag Exporter image tag (immutable tags are recommended) @@ -1032,9 +1032,9 @@ metrics: ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array ## image: - registry: docker.io - repository: drycc/mysqld-exporter - tag: 0.14.0-debian-11-r45 + registry: registry.drycc.cc + repository: drycc-addons/mysqld-exporter + tag: 0 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From f333fe78dd171a94c34f4d75e93a23cd2fc52cdf Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 16 Oct 2023 15:03:23 +0800 Subject: [PATCH 05/22] chore(prometheus): add networkpolicy --- .../2/chart/prometheus/templates/bind.yaml | 34 ++++++++++++++ .../prometheus/templates/networkpolicy.yaml | 47 +++++++++++++++++++ .../prometheus/2/chart/prometheus/values.yaml | 18 ++++++- .../prometheus/2/plans/standard-10/bind.yaml | 42 +++++++---------- .../prometheus/2/plans/standard-50/bind.yaml | 4 +- 5 files changed, 117 insertions(+), 28 deletions(-) create mode 100644 addons/prometheus/2/chart/prometheus/templates/bind.yaml create mode 100644 addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml diff --git a/addons/prometheus/2/chart/prometheus/templates/bind.yaml b/addons/prometheus/2/chart/prometheus/templates/bind.yaml new file mode 100644 index 00000000..8528bf3e --- /dev/null +++ b/addons/prometheus/2/chart/prometheus/templates/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.server.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ printf "%s" (include "common.names.fullname" .) }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + {{- end }} + diff --git a/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml b/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml new file mode 100644 index 00000000..1ef0125d --- /dev/null +++ b/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml @@ -0,0 +1,47 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + ingress: + # Allow inbound connections + - ports: + - port: {{ .Values.alertmanager.service.ports.http }} + - port: {{ .Values.alertmanager.service.ports.cluster }} + - port: {{ .Values.alertmanager.containerPorts.http }} + - port: {{ .Values.alertmanager.containerPorts.cluster }} + - port: {{ .Values.server.containerPorts.http }} + - port: {{ .Values.server.service.ports.http }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} + from: + {{- if .Values.networkPolicy.allowCurrentNamespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- end }} + {{- range $namespace := .Values.networkPolicy.allowNamespaces }} + {{- if $namespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ $namespace }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index 5d24a56a..206aeabe 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -360,7 +360,7 @@ alertmanager: ingress: ## @param alertmanager.ingress.enabled Enable ingress record generation for Alertmanager ## - enabled: false + enabled: true ## @param alertmanager.ingress.pathType Ingress path type ## pathType: ImplementationSpecific @@ -1225,7 +1225,7 @@ server: ingress: ## @param server.ingress.enabled Enable ingress record generation for Prometheus ## - enabled: false + enabled: true ## @param server.ingress.pathType Ingress path type ## pathType: ImplementationSpecific @@ -1460,6 +1460,20 @@ server: ## rules: [] +## Prometheus Nework Policy configuration +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: true + ## @param networkPolicy.allowExternal The Policy model to apply. + ## When set to false, only pods with the correct + ## client label will have network access to the port MySQL is listening + ## on. When true, MySQL will accept connections from any source + ## (with the correct destination port). + ## + allowCurrentNamespace: true + allowNamespaces: [] ## @section Init Container Parameters ## diff --git a/addons/prometheus/2/plans/standard-10/bind.yaml b/addons/prometheus/2/plans/standard-10/bind.yaml index 5ee819d9..c6efaaba 100644 --- a/addons/prometheus/2/plans/standard-10/bind.yaml +++ b/addons/prometheus/2/plans/standard-10/bind.yaml @@ -1,34 +1,28 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} + {{- if (eq .Values.server.service.type "LoadBalancer") }} - name: host valueFrom: serviceRef: - name: {{ printf "%s-router" (include "common.names.fullname" .) }} + name: {{ printf "%s" (include "common.names.fullname" .) }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: database + - name: port valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - - name: password - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: username - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: portrw + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .spec.ports.port }' + {{- end }} + +alertmanager + + {{- if (eq .Values.alertmanager.service.type "LoadBalancer") }} + - name: host valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - - name: portro + serviceRef: + name: {{ printf "%s" (include "common.names.fullname" .) }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: port valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portro }' - {{- end }} - + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .spec.ports.port }' + {{- end }} \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-50/bind.yaml b/addons/prometheus/2/plans/standard-50/bind.yaml index 5ee819d9..3e652f1c 100644 --- a/addons/prometheus/2/plans/standard-50/bind.yaml +++ b/addons/prometheus/2/plans/standard-50/bind.yaml @@ -1,9 +1,9 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} + {{- if (eq .Values.service.type "LoadBalancer") }} - name: host valueFrom: serviceRef: - name: {{ printf "%s-router" (include "common.names.fullname" .) }} + name: {{ printf "%s" (include "common.names.fullname" .) }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - name: database valueFrom: From 14de943df62001dd7fdfc2373671c5162c69e9de Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 18 Oct 2023 14:57:47 +0800 Subject: [PATCH 06/22] chore(promtheus): service discovery in namespace --- .../prometheus/templates/_scrape_config.tpl | 3 +- .../2/chart/prometheus/templates/bind.yaml | 34 ----------- .../prometheus/2/chart/prometheus/values.yaml | 57 +++++++++++++++++-- 3 files changed, 54 insertions(+), 40 deletions(-) delete mode 100644 addons/prometheus/2/chart/prometheus/templates/bind.yaml diff --git a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl index ea669ead..7fb0e110 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl @@ -12,6 +12,7 @@ Usage: kubernetes_sd_configs: - role: endpoints namespaces: + own_namespace: true names: - {{ include "common.names.namespace" .context }} metrics_path: /metrics @@ -83,4 +84,4 @@ relabel_configs: - __tmp_hash regex: 0 action: keep -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/addons/prometheus/2/chart/prometheus/templates/bind.yaml b/addons/prometheus/2/chart/prometheus/templates/bind.yaml deleted file mode 100644 index 8528bf3e..00000000 --- a/addons/prometheus/2/chart/prometheus/templates/bind.yaml +++ /dev/null @@ -1,34 +0,0 @@ -credential: - {{- if (eq .Values.server.service.type "LoadBalancer") }} - - name: host - valueFrom: - serviceRef: - name: {{ printf "%s" (include "common.names.fullname" .) }} - jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: database - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - - name: password - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: username - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: portrw - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - - name: portro - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portro }' - {{- end }} - diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index 206aeabe..a551fa68 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -628,6 +628,9 @@ server: {{- if .Values.server.extraScrapeConfigs}} {{- include "common.tplvalues.render" (dict "value" .Values.server.extraScrapeConfigs "context" $) | nindent 2 }} {{- end }} + {{- if .Values.server.dsScrapeConfigs}} + {{- include "common.tplvalues.render" (dict "value" .Values.server.dsScrapeConfigs "context" $) | nindent 2 }} + {{- end }} {{- if or .Values.alertmanager.enabled .Values.server.alertingEndpoints}} alerting: alertmanagers: @@ -649,7 +652,50 @@ server: ## @param server.extraScrapeConfigs Promethus configuration, useful to declare new scrape_configs. This content will be merged with the 'server.configuration' value and stored in the the prometheus.yaml file. ## ref: ## - extraScrapeConfigs: [] + extraScrapeConfigs: [] + dsScrapeConfigs: + - job_name: 'service-endpoints' + honor_labels: true + kubernetes_sd_configs: + - role: endpoints + namespaces: + own_namespace: true + names: + - default + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] + action: drop + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: (.+?)(?::\d+)?;(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: service + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node ## @param server.replicaCount Number of Prometheus replicas to deploy ## replicaCount: 1 @@ -824,7 +870,7 @@ server: ## StrategyType ## Can be set to RollingUpdate or Recreate ## - type: RollingUpdate + type: Recreate ## @param server.priorityClassName Prometheus pods' priorityClassName ## @@ -1465,7 +1511,7 @@ server: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: true + enabled: true ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port MySQL is listening @@ -1473,7 +1519,8 @@ networkPolicy: ## (with the correct destination port). ## allowCurrentNamespace: true - allowNamespaces: [] + allowNamespaces: + - traefik ## @section Init Container Parameters ## @@ -1521,4 +1568,4 @@ volumePermissions: ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) ## containerSecurityContext: - runAsUser: 0 \ No newline at end of file + runAsUser: 0 From 58ce2cb1700478e79b045cad88a8fe1b238a2cdf Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 25 Oct 2023 11:49:13 +0800 Subject: [PATCH 07/22] chore(mysql-cluster): plans 10 --- .../templates/primary/statefulset.yaml | 4 ++++ .../8.0/chart/mysql-cluster/values.yaml | 8 ++++++-- .../8.0/plans/standard-10/values.yaml | 16 +++++++++------- 3 files changed, 19 insertions(+), 9 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml index 56b3ec79..49b8c703 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml @@ -156,6 +156,10 @@ spec: - name: MYSQL_DATABASE value: {{ .Values.auth.database | quote }} {{- end }} + {{- if and .Values.auth.createDatabase .Values.auth.database }} + - name: MAX_CONNECTION_LIMIT + value: {{ .Values.maxConnectionLimit | quote }} + {{- end }} {{- if or (eq .Values.architecture "replication") (eq .Values.architecture "mgr") }} - name: MYSQL_REPLICATION_MODE value: "master" diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index 9d5e4293..3199eede 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -149,7 +149,7 @@ auth: ## initdbScripts: ## my_init_script.sh: | ## #!/bin/bash -## echo "Do something." +## echo "Do something." ## initdbScripts: int-mysql.sh: | @@ -181,6 +181,8 @@ initdbScripts: echo loose-group_replication_group_seeds="$svc_mgr_host-0.$svc_mgr_host:24901,$svc_mgr_host-1.$svc_mgr_host:24901,$svc_mgr_host-2.$svc_mgr_host:24901" >> $base_conf_file echo plugin_load_add='group_replication.so' >> $base_conf_file + + echo max_connections=$MAX_CONNECTION_LIMIT ## @param initdbScriptsConfigMap ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) ## @@ -211,10 +213,12 @@ primary: ## @param primary.configuration [string] Configure MySQL Primary with a custom my.cnf file ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file ## + maxConnectionLimit: 2000 + configuration: |- [mysqld] # server - max_connections=500 + max_connections=10000 default_authentication_plugin=caching_sha2_password skip-name-resolve relay-log=relay-log diff --git a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml index baca4920..e8d14da0 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml @@ -11,13 +11,15 @@ fullnameOverride: hb-mysql-cluster-standard-10 ## @param resources.limits The resources limits for the MinIO® container ## @param resources.requests The requested resources for the MinIO® container ## -resources: - limits: - cpu: 1000m - memory: 1024Mi - requests: - cpu: 100m - memory: 512Mi +primary: + resources: + limits: + cpu: 1000m + memory: 1024Mi + requests: + cpu: 100m + memory: 512Mi + ## @section Persistence parameters From 7c93cee8b35b03477f674658fdd6ed9f88ddbb62 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 25 Oct 2023 15:11:19 +0800 Subject: [PATCH 08/22] chore(mysql-cluster): add max_connection_limit --- .../chart/mysql-cluster/templates/primary/statefulset.yaml | 5 +++-- addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml index 49b8c703..24d81878 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml @@ -156,9 +156,9 @@ spec: - name: MYSQL_DATABASE value: {{ .Values.auth.database | quote }} {{- end }} - {{- if and .Values.auth.createDatabase .Values.auth.database }} + {{- if .Values.primary.maxConnectionLimit }} - name: MAX_CONNECTION_LIMIT - value: {{ .Values.maxConnectionLimit | quote }} + value: {{ .Values.primary.maxConnectionLimit | quote }} {{- end }} {{- if or (eq .Values.architecture "replication") (eq .Values.architecture "mgr") }} - name: MYSQL_REPLICATION_MODE @@ -397,3 +397,4 @@ spec: selector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.selector "context" $) | nindent 10 }} {{- end -}} {{- end }} + diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index 3199eede..a33e364c 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -182,7 +182,7 @@ initdbScripts: echo plugin_load_add='group_replication.so' >> $base_conf_file - echo max_connections=$MAX_CONNECTION_LIMIT + echo max_connections=$MAX_CONNECTION_LIMIT >> $base_conf_file ## @param initdbScriptsConfigMap ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) ## From ae4809d6a88a8f4c9949139b7fa9a169fc1d7553 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 25 Oct 2023 16:06:56 +0800 Subject: [PATCH 09/22] chore(mysql-cluster): add plans --- .../8.0/plans/standard-10/bind.yaml | 9 ++- .../8.0/plans/standard-10/meta.yaml | 2 +- .../8.0/plans/standard-10/values.yaml | 7 ++- .../8.0/plans/standard-100/bind.yaml | 34 +++++++++++ .../standard-100/create-instance-schema.json | 12 ++++ .../8.0/plans/standard-100/meta.yaml | 6 ++ .../8.0/plans/standard-100/values.yaml | 61 +++++++++++++++++++ .../8.0/plans/standard-20/bind.yaml | 34 +++++++++++ .../standard-20/create-instance-schema.json | 12 ++++ .../8.0/plans/standard-20/meta.yaml | 6 ++ .../8.0/plans/standard-20/values.yaml | 61 +++++++++++++++++++ .../8.0/plans/standard-200/bind.yaml | 34 +++++++++++ .../standard-200/create-instance-schema.json | 12 ++++ .../8.0/plans/standard-200/meta.yaml | 6 ++ .../8.0/plans/standard-200/values.yaml | 61 +++++++++++++++++++ .../8.0/plans/standard-400/bind.yaml | 34 +++++++++++ .../standard-400/create-instance-schema.json | 12 ++++ .../8.0/plans/standard-400/meta.yaml | 6 ++ .../8.0/plans/standard-400/values.yaml | 61 +++++++++++++++++++ .../8.0/plans/standard-50/bind.yaml | 34 +++++++++++ .../standard-50/create-instance-schema.json | 12 ++++ .../8.0/plans/standard-50/meta.yaml | 6 ++ .../8.0/plans/standard-50/values.yaml | 60 ++++++++++++++++++ .../8.0/plans/standard-800/bind.yaml | 34 +++++++++++ .../standard-800/create-instance-schema.json | 12 ++++ .../8.0/plans/standard-800/meta.yaml | 6 ++ .../8.0/plans/standard-800/values.yaml | 61 +++++++++++++++++++ 27 files changed, 689 insertions(+), 6 deletions(-) create mode 100644 addons/mysql-cluster/8.0/plans/standard-100/bind.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-100/create-instance-schema.json create mode 100644 addons/mysql-cluster/8.0/plans/standard-100/meta.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-100/values.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-20/bind.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-20/create-instance-schema.json create mode 100644 addons/mysql-cluster/8.0/plans/standard-20/meta.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-20/values.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-200/bind.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-200/create-instance-schema.json create mode 100644 addons/mysql-cluster/8.0/plans/standard-200/meta.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-200/values.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-400/bind.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-400/create-instance-schema.json create mode 100644 addons/mysql-cluster/8.0/plans/standard-400/meta.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-400/values.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-50/bind.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-50/create-instance-schema.json create mode 100644 addons/mysql-cluster/8.0/plans/standard-50/meta.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-50/values.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-800/bind.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-800/create-instance-schema.json create mode 100644 addons/mysql-cluster/8.0/plans/standard-800/meta.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-800/values.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml index fa1ceb8e..e8b99314 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml @@ -20,10 +20,15 @@ credential: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: port + - name: portro valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.port }' + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' {{- end }} diff --git a/addons/mysql-cluster/8.0/plans/standard-10/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-10/meta.yaml index 426c302e..6c738828 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/meta.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/meta.yaml @@ -1,6 +1,6 @@ name: "standard-10" id: 2b455154-8725-482a-95b2-a193c180d9b5 -description: "Mysql Cluster standard-10 plan which limit persistence size 10Gi." +description: "Mysql Cluster standard-10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G , DB MAX Connection 600" displayName: "standard-10" bindable: true maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml index e8d14da0..f90075a8 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml @@ -12,14 +12,15 @@ fullnameOverride: hb-mysql-cluster-standard-10 ## @param resources.requests The requested resources for the MinIO® container ## primary: + maxConnectionLimit: 600 resources: limits: cpu: 1000m memory: 1024Mi requests: - cpu: 100m - memory: 512Mi - + cpu: 1000m + memory: 1024Mi + ## @section Persistence parameters diff --git a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/mysql-cluster/8.0/plans/standard-100/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-100/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-100/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-100/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-100/meta.yaml new file mode 100644 index 00000000..1856a446 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-100" +id: 8205e5d3-a954-4c68-a570-efa8c607c1d7 +description: "Mysql Cluster standard-100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 4000" +displayName: "standard-100" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-100/values.yaml b/addons/mysql-cluster/8.0/plans/standard-100/values.yaml new file mode 100644 index 00000000..1c6b865b --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-100/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-100 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 4000 + resources: + limits: + cpu: 4000m + memory: 16Gi + requests: + cpu: 4000m + memory: 16Gi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 100Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} diff --git a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/mysql-cluster/8.0/plans/standard-20/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-20/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-20/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-20/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-20/meta.yaml new file mode 100644 index 00000000..e749a7db --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-20/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-20" +id: 95fd7cf2-f2fb-46c9-b3fc-9e7f48899dcc +description: "Mysql Cluster standard-20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" +displayName: "standard-20" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-20/values.yaml b/addons/mysql-cluster/8.0/plans/standard-20/values.yaml new file mode 100644 index 00000000..d9422e70 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-20/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-20 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 1000 + resources: + limits: + cpu: 2000m + memory: 4Gi + requests: + cpu: 2000m + memory: 4Gi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 20Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} diff --git a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/mysql-cluster/8.0/plans/standard-200/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-200/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-200/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-200/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-200/meta.yaml new file mode 100644 index 00000000..b857ef1e --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-200/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-200" +id: 8205e5d3-a954-4c68-a570-efa8c607c1d7 +description: "Mysql Cluster standard-200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 8000" +displayName: "standard-200" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-200/values.yaml b/addons/mysql-cluster/8.0/plans/standard-200/values.yaml new file mode 100644 index 00000000..baf7e8a9 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-200/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-200 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 8000 + resources: + limits: + cpu: 8000m + memory: 32Gi + requests: + cpu: 8000m + memory: 32Gi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 200Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} diff --git a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/mysql-cluster/8.0/plans/standard-400/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-400/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-400/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-400/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-400/meta.yaml new file mode 100644 index 00000000..c802ccc6 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-400/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-400" +id: f96fb7d8-3012-4175-931e-902e26697441 +description: "Mysql Cluster standard-400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 1600" +displayName: "standard-400" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-400/values.yaml b/addons/mysql-cluster/8.0/plans/standard-400/values.yaml new file mode 100644 index 00000000..2cc0d06e --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-400/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-400 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 1600 + resources: + limits: + cpu: 16000m + memory: 64Gi + requests: + cpu: 16000m + memory: 64Gi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 400Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} diff --git a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/mysql-cluster/8.0/plans/standard-50/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-50/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-50/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-50/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-50/meta.yaml new file mode 100644 index 00000000..a6d4e5bd --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-50/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-50" +id: 6f69bee2-6de2-4baf-bbe1-27844a2998b2 +description: "Mysql Cluster standard-10 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" +displayName: "standard-50" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-50/values.yaml b/addons/mysql-cluster/8.0/plans/standard-50/values.yaml new file mode 100644 index 00000000..bc9fd336 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-50/values.yaml @@ -0,0 +1,60 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-50 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 2000 + resources: + limits: + cpu: 2000m + memory: 8Gi + requests: + cpu: 2000m + memory: 8Gi + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 50Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} diff --git a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/mysql-cluster/8.0/plans/standard-800/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-800/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-800/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-800/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-800/meta.yaml new file mode 100644 index 00000000..72806d97 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-800/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-800" +id: 829768aa-f287-42ee-b98c-db40ec670d38 +description: "Mysql Cluster standard-800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 32000" +displayName: "standard-800" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-800/values.yaml b/addons/mysql-cluster/8.0/plans/standard-800/values.yaml new file mode 100644 index 00000000..82a515d7 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-800/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-800 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 32000 + resources: + limits: + cpu: 32000m + memory: 128Gi + requests: + cpu: 32000m + memory: 128Gi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 800Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} From 8a97c7ed3aaf794c1b614b3828415242f749cda5 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 25 Oct 2023 17:00:36 +0800 Subject: [PATCH 10/22] chore(prometheus): support discovery addons in namespaces --- .../prometheus/templates/_scrape_config.tpl | 44 ++++++++++++++ .../prometheus/2/chart/prometheus/values.yaml | 57 ++++--------------- 2 files changed, 55 insertions(+), 46 deletions(-) diff --git a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl index 7fb0e110..316031e2 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl @@ -85,3 +85,47 @@ relabel_configs: regex: 0 action: keep {{- end -}} + +{{- define "addons.ds_scrape_config" -}} +honor_labels: true +kubernetes_sd_configs: + - role: endpoints + namespaces: + own_namespace: true + names: + - {{ include "common.names.namespace" .context }} +relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] + action: drop + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: (.+?)(?::\d+)?;(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: service + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node +{{- end -}} diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index a551fa68..fb195934 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -625,12 +625,16 @@ server: - job_name: alertmanager {{- include "prometheus.scrape_config" (dict "component" "alertmanager" "context" $) | nindent 4 }} {{- end }} + {{- if .Values.scrapeAddons.enabled }} + - job_name: addons + {{- include "addons.ds_scrape_config" (dict "context" $) | nindent 4 }} + {{- end }} {{- if .Values.server.extraScrapeConfigs}} {{- include "common.tplvalues.render" (dict "value" .Values.server.extraScrapeConfigs "context" $) | nindent 2 }} {{- end }} - {{- if .Values.server.dsScrapeConfigs}} - {{- include "common.tplvalues.render" (dict "value" .Values.server.dsScrapeConfigs "context" $) | nindent 2 }} - {{- end }} + # {{- if .Values.server.dsScrapeConfigs}} + # {{- include "common.tplvalues.render" (dict "value" .Values.server.dsScrapeConfigs "context" $) | nindent 2 }} + # {{- end }} {{- if or .Values.alertmanager.enabled .Values.server.alertingEndpoints}} alerting: alertmanagers: @@ -653,49 +657,7 @@ server: ## ref: ## extraScrapeConfigs: [] - dsScrapeConfigs: - - job_name: 'service-endpoints' - honor_labels: true - kubernetes_sd_configs: - - role: endpoints - namespaces: - own_namespace: true - names: - - default - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] - action: drop - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] - action: replace - target_label: __scheme__ - regex: (https?) - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] - action: replace - target_label: __address__ - regex: (.+?)(?::\d+)?;(\d+) - replacement: $1:$2 - - action: labelmap - regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) - replacement: __param_$1 - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_service_name] - action: replace - target_label: service - - source_labels: [__meta_kubernetes_pod_node_name] - action: replace - target_label: node + ## @param server.replicaCount Number of Prometheus replicas to deploy ## replicaCount: 1 @@ -1569,3 +1531,6 @@ volumePermissions: ## containerSecurityContext: runAsUser: 0 + +scrapeAddons: + enable: true From 187ec9991af7c2bc26e58b9f3cfb686d4ed40092 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 25 Oct 2023 17:33:57 +0800 Subject: [PATCH 11/22] fix(prometheus): is enabled scrape addons metrics --- addons/prometheus/2/chart/prometheus/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index fb195934..21331135 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -1533,4 +1533,4 @@ volumePermissions: runAsUser: 0 scrapeAddons: - enable: true + enabled: true From 3a2818243cbcf7f58a6cd822db11716dc5b89545 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 2 Nov 2023 10:36:19 +0800 Subject: [PATCH 12/22] feat(drycc-addons): add postgresql-cluster --- .../15/chart/postgresql/Chart.yaml | 27 ++ .../15/chart/postgresql/README.md | 151 +++++++++++ .../15/chart/postgresql/templates/NOTES.txt | 25 ++ .../chart/postgresql/templates/_helpers.tpl | 43 +++ .../15/chart/postgresql/templates/ep.yaml | 12 + .../postgresql/templates/networkpolicy.yaml | 45 +++ .../15/chart/postgresql/templates/role.yaml | 49 ++++ .../postgresql/templates/rolebinding.yaml | 19 ++ .../15/chart/postgresql/templates/sec.yaml | 16 ++ .../postgresql/templates/serviceaccount.yaml | 12 + .../postgresql/templates/statefulset.yaml | 256 ++++++++++++++++++ .../postgresql/templates/svc-config.yaml | 11 + .../chart/postgresql/templates/svc-relp.yaml | 21 ++ .../15/chart/postgresql/templates/svc.yaml | 18 ++ .../15/chart/postgresql/values.yaml | 147 ++++++++++ addons/postgresql-cluster/15/meta.yaml | 20 ++ 16 files changed, 872 insertions(+) create mode 100644 addons/postgresql-cluster/15/chart/postgresql/Chart.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/README.md create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/NOTES.txt create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/role.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/rolebinding.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/serviceaccount.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/svc-config.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/svc-relp.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/values.yaml create mode 100644 addons/postgresql-cluster/15/meta.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml b/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml new file mode 100644 index 00000000..f0397f67 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml @@ -0,0 +1,27 @@ +annotations: + category: Database +apiVersion: v2 +appVersion: "15" +dependencies: + - name: common + repository: oci://registry.drycc.cc/charts + version: ~1.1.1 +description: PostgreSQL (Postgres) is an open source object-relational database known for reliability and data integrity. ACID-compliant, it supports foreign keys, joins, views, triggers and stored procedures. +engine: gotpl +home: https://github.com/bitnami/charts/tree/master/bitnami/postgresql +icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-220x234.png +keywords: + - postgresql + - postgres + - database + - sql + - replication + - cluster +maintainers: + - email: zhang.eamon@hotmail.com + name: zhangeamon +name: postgresql +sources: + - https://github.com/drycc-addons/ + - https://www.postgresql.org/ +version: 15.4.1 diff --git a/addons/postgresql-cluster/15/chart/postgresql/README.md b/addons/postgresql-cluster/15/chart/postgresql/README.md new file mode 100644 index 00000000..8d44fca1 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/README.md @@ -0,0 +1,151 @@ +# ⚠️ Repo Archive Notice + +As of Nov 13, 2020, charts in this repo will no longer be updated. +For more information, see the Helm Charts [Deprecation and Archive Notice](https://github.com/helm/charts#%EF%B8%8F-deprecation-and-archive-notice), and [Update](https://helm.sh/blog/charts-repo-deprecation/). + +# Patroni Helm Chart + +This directory contains a Kubernetes chart to deploy a five node [Patroni](https://github.com/zalando/patroni/) cluster using a [Spilo](https://github.com/zalando/spilo) and a StatefulSet. + + +## Prerequisites Details +* Kubernetes 1.9+ +* PV support on the underlying infrastructure + +## StatefulSet Details +* https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ + +## StatefulSet Caveats +* https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#limitations + + +## Chart Details +This chart will do the following: + +* Implement a HA scalable PostgreSQL 10 cluster using a Kubernetes StatefulSet. + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm repo add +$ helm dependency update +$ helm install --name my-release postgresql-cluster +``` + +To install the chart with randomly generated passwords: + +```console +$ helm install --name my-release postgresql-cluster \ + --set credentials.superuser="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)",credentials.admin="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)",credentials.standby="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)" +``` + +## Connecting to PostgreSQL + +Your access point is a cluster IP. In order to access it spin up another pod: + +```console +$ kubectl run -i --tty --rm psql --image=postgres --restart=Never -- bash -il +``` + +Then, from inside the pod, connect to PostgreSQL: + +```console +$ psql -U admin -h my-release-patroni.default.svc.cluster.local postgres + +postgres=> +``` + +## Configuration + +The following table lists the configurable parameters of the patroni chart and their default values. + +| Parameter | Description | Default | +|-----------------------------------|---------------------------------------------|-----------------------------------------------------| +| `nameOverride` | Override the name of the chart | `nil` | +| `fullnameOverride` | Override the fullname of the chart | `nil` | +| `replicaCount` | Amount of pods to spawn | `5` | +| `image.repository` | The image to pull | `registry.opensource.zalan.do/acid/spilo-10` | +| `image.tag` | The version of the image to pull | `1.5-p5` | +| `image.pullPolicy` | The pull policy | `IfNotPresent` | +| `credentials.superuser` | Password of the superuser | `tea` | +| `credentials.admin` | Password of the admin | `cola` | +| `credentials.standby` | Password of the replication user | `pinacolada` | +| `kubernetes.dcs.enable` | Using Kubernetes as DCS | `true` | +| `kubernetes.configmaps.enable` | Using Kubernetes configmaps instead of endpoints | `false` | +| `etcd.enable` | Using etcd as DCS | `false` | +| `etcd.deployChart` | Deploy etcd chart | `false` | +| `etcd.host` | Host name of etcd cluster | `nil` | +| `etcd.discovery` | Domain name of etcd cluster | `nil` | +| `zookeeper.enable` | Using ZooKeeper as DCS | `false` | +| `zookeeper.deployChart` | Deploy ZooKeeper chart | `false` | +| `zookeeper.hosts` | List of ZooKeeper cluster members | `host1:port1,host2:port,etc...` | +| `consul.enable` | Using Consul as DCS | `false` | +| `consul.deployChart` | Deploy Consul chart | `false` | +| `consul.host` | Host name of consul cluster | `nil` | +| `env` | Extra custom environment variables | `{}` | +| `walE.enable` | Use of Wal-E tool for base backup/restore | `false` | +| `walE.scheduleCronJob` | Schedule of Wal-E backups | `00 01 * * *` | +| `walE.retainBackups` | Number of base backups to retain | `2` | +| `walE.s3Bucket:` | Amazon S3 bucket used for wal-e backups | `nil` | +| `walE.gcsBucket` | GCS storage used for Wal-E backups | `nil` | +| `walE.kubernetesSecret` | K8s secret name for provider bucket | `nil` | +| `walE.backupThresholdMegabytes` | Maximum size of the WAL segments accumulated after the base backup to consider WAL-E restore instead of pg_basebackup | `1024` | +| `walE.backupThresholdPercentage` | Maximum ratio (in percents) of the accumulated WAL files to the base backup to consider WAL-E restore instead of pg_basebackup | `30` | +| `resources` | Any resources you wish to assign to the pod | `{}` | +| `nodeSelector` | Node label to use for scheduling | `{}` | +| `tolerations` | List of node taints to tolerate | `[]` | +| `affinityTemplate` | A template string to use to generate the affinity settings | Anti-affinity preferred on hostname | +| `affinity` | Affinity settings. Overrides `affinityTemplate` if set. | `{}` | +| `schedulerName` | Alternate scheduler name | `nil` | +| `persistentVolume.accessModes` | Persistent Volume access modes | `[ReadWriteOnce]` | +| `persistentVolume.annotations` | Annotations for Persistent Volume Claim` | `{}` | +| `persistentVolume.mountPath` | Persistent Volume mount root path | `/home/postgres/pgdata` | +| `persistentVolume.size` | Persistent Volume size | `2Gi` | +| `persistentVolume.storageClass` | Persistent Volume Storage Class | `volume.alpha.kubernetes.io/storage-class: default` | +| `persistentVolume.subPath` | Subdirectory of Persistent Volume to mount | `""` | +| `rbac.create` | Create required role and rolebindings | `true` | +| `serviceAccount.create` | If true, create a new service account | `true` | +| `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template | `nil` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```console +$ helm install --name my-release -f values.yaml incubator/patroni +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Cleanup + +To remove the spawned pods you can run a simple `helm delete `. + +Helm will however preserve created persistent volume claims, +to also remove them execute the commands below. + +```console +$ release= +$ helm delete $release +$ kubectl delete pvc -l release=$release +``` + +## Internals + +Patroni is responsible for electing a PostgreSQL master pod by leveraging the +DCS of your choice. After election it adds a `spilo-role=master` label to the +elected master and set the label to `spilo-role=replica` for all replicas. +Simultaneously it will update the `-patroni` endpoint to let the +service route traffic to the elected master. + +```console +$ kubectl get pods -l spilo-role -L spilo-role +NAME READY STATUS RESTARTS AGE SPILO-ROLE +my-release-patroni-0 1/1 Running 0 9m replica +my-release-patroni-1 1/1 Running 0 9m master +my-release-patroni-2 1/1 Running 0 8m replica +my-release-patroni-3 1/1 Running 0 8m replica +my-release-patroni-4 1/1 Running 0 8m replica +``` diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/NOTES.txt b/addons/postgresql-cluster/15/chart/postgresql/templates/NOTES.txt new file mode 100644 index 00000000..22a4f2d2 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/NOTES.txt @@ -0,0 +1,25 @@ +Patroni can be accessed via port 5432 on the following DNS name from within your cluster: +{{ template "patroni.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + +To get your password for superuser run: + + # superuser password + PGPASSWORD_SUPERUSER=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "patroni.fullname" . }} -o jsonpath="{.data.password-superuser}" | base64 --decode) + + # admin password + PGPASSWORD_ADMIN=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "patroni.fullname" . }} -o jsonpath="{.data.password-admin}" | base64 --decode) + +To connect to your database: + +1. Run a postgres pod and connect using the psql cli: + # login as superuser + kubectl run -i --tty --rm psql --image=postgres \ + --env "PGPASSWORD=$PGPASSWORD_SUPERUSER" \ + --command -- psql -U postgres \ + -h {{ template "patroni.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local postgres + + # login as admin + kubectl run -i -tty --rm psql --image=postgres \ + --env "PGPASSWORD=$PGPASSWORD_ADMIN" \ + --command -- psql -U admin \ + -h {{ template "patroni.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local postgres diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl new file mode 100644 index 00000000..2b1b6d45 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "patroni.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "patroni.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "patroni.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use. +*/}} +{{- define "patroni.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "patroni.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml new file mode 100644 index 00000000..23b7b2eb --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} +subsets: [] diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml new file mode 100644 index 00000000..06617f8a --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml @@ -0,0 +1,45 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + ingress: + # Allow inbound connections + - ports: + - port: 5432 + {{- if and .Values.metrics.enabled }} + - port: {{ .Values.metrics.service.port }} + {{ end }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} + from: + {{- if .Values.networkPolicy.allowCurrentNamespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- end }} + {{- range $namespace := .Values.networkPolicy.allowNamespaces }} + {{- if $namespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ $namespace }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/role.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/role.yaml new file mode 100644 index 00000000..c81b39a8 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/role.yaml @@ -0,0 +1,49 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +- apiGroups: [""] + resources: ["configmaps"] + verbs: + - create + - get + - list + - patch + - update + - watch + # delete is required only for 'patronictl remove' + - delete +- apiGroups: [""] + resources: ["services"] + verbs: + - create +- apiGroups: [""] + resources: ["endpoints"] + verbs: + - create + - get + - patch + - update + # the following three privileges are necessary only when using endpoints + - list + - watch + # delete is required only for for 'patronictl remove' + - delete + - deletecollection +- apiGroups: [""] + resources: ["pods"] + verbs: + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/rolebinding.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/rolebinding.yaml new file mode 100644 index 00000000..d09de1c8 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +subjects: + - kind: ServiceAccount + name: {{ template "patroni.serviceAccountName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "patroni.fullname" . }} +{{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml new file mode 100644 index 00000000..40082291 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} +type: Opaque +data: + password-superuser: {{ .Values.credentials.superuser | b64enc }} + password-admin: {{ .Values.credentials.admin | b64enc }} + password-replication: {{ .Values.credentials.standby | b64enc }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/serviceaccount.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/serviceaccount.yaml new file mode 100644 index 00000000..819bb983 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "patroni.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml new file mode 100644 index 00000000..ce657a5e --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml @@ -0,0 +1,256 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} +spec: + serviceName: {{ template "patroni.fullname" . }} + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ template "patroni.fullname" . }} + release: {{ .Release.Name }} + cluster-name: {{ template "patroni.fullname" . }} + template: + metadata: + name: {{ template "patroni.fullname" . }} + labels: + app: {{ template "patroni.fullname" . }} + release: {{ .Release.Name }} + cluster-name: {{ template "patroni.fullname" . }} + spec: + serviceAccountName: {{ template "patroni.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + {{- if .Values.kubernetes.dcs.enable }} + - name: PATRONI_KUBERNETES_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: PATRONI_KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: PATRONI_KUBERNETES_BYPASS_API_SERVICE + value: 'true' + - name: PATRONI_KUBERNETES_USE_ENDPOINTS + value: 'true' + - name: PATRONI_KUBERNETES_LABELS + value: '{app: {{ template "patroni.fullname" . }},release: {{ .Release.Name }},cluster-name: {{ template "patroni.fullname" . }}}' + - name: PATRONI_SUPERUSER_USERNAME + value: postgres + - name: PATRONI_SUPERUSER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-superuser + - name: PATRONI_REPLICATION_USERNAME + value: standby + - name: PATRONI_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-replication + - name: PATRONI_SCOPE + value: {{ template "patroni.fullname" . }} + - name: PATRONI_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: PATRONI_POSTGRESQL_DATA_DIR + value: "{{ .Values.persistentVolume.mountPath }}/data" + - name: PATRONI_POSTGRESQL_PGPASS + value: /tmp/pgpass + - name: PATRONI_POSTGRESQL_LISTEN + value: '0.0.0.0:5432' + - name: PATRONI_RESTAPI_LISTEN + value: '0.0.0.0:8008' + + {{- if .Values.kubernetes.configmaps.enable }} + - name: KUBERNETES_USE_CONFIGMAPS + value: "true" + {{- end }} + {{- end }} + {{- if .Values.etcd.enable }} + {{- if .Values.etcd.deployChart }} + - name: ETCD_DISCOVERY_DOMAIN + value: {{default (printf "%s-etcd" .Release.Name | trunc 63) .Values.etcd.discovery }} + {{- else }} + - name: ETCD_HOST + value: {{ .Values.etcd.host | quote }} + {{- end }} + {{- else if .Values.zookeeper.enable }} + {{- if .Values.zookeeper.deployChart }} + - name: ZOOKEEPER_HOSTS + value: {{(printf "'%s-zookeeper-headless:2181'" .Release.Name | trunc 63)}} + {{- else }} + - name: ZOOKEEPER_HOSTS + value: {{ .Values.zookeeper.hosts | quote }} + {{- end }} + {{- else if .Values.consul.enable }} + {{- if .Values.consul.deployChart }} + - name: PATRONI_CONSUL_HOST + value: {{(printf "'%s-consul'" .Release.Name | trunc 63)}} + {{- else }} + - name: PATRONI_CONSUL_HOST + value: {{ .Values.consul.host | quote }} + {{- end }} + {{- end }} + - name: SCOPE + value: {{ template "patroni.fullname" . }} + {{- if .Values.walE.enable }} + - name: USE_WALE + value: {{ .Values.walE.enable | quote }} + {{- if .Values.walE.scheduleCronJob }} + - name: BACKUP_SCHEDULE + value: {{ .Values.walE.scheduleCronJob | quote}} + {{- end }} + {{- if .Values.walE.retainBackups }} + - name: BACKUP_NUM_TO_RETAIN + value: {{ .Values.walE.retainBackups | quote}} + {{- end }} + {{- if .Values.walE.s3Bucket }} + - name: WAL_S3_BUCKET + value: {{ .Values.walE.s3Bucket | quote }} + {{else if .Values.walE.gcsBucket }} + - name: WAL_GCS_BUCKET + value: {{ .Values.walE.gcsBucket | quote }} + {{- if .Values.walE.kubernetesSecret }} + - name: GOOGLE_APPLICATION_CREDENTIALS + value: "/etc/credentials/{{.Values.walE.kubernetesSecret}}.json" + {{- end }} + {{- end }} + {{- if .Values.walE.backupThresholdMegabytes }} + - name: WALE_BACKUP_THRESHOLD_MEGABYTES + value: {{ .Values.walE.backupThresholdMegabytes | quote }} + {{- end }} + {{- if .Values.walE.backupThresholdPercentage }} + - name: WALE_BACKUP_THRESHOLD_PERCENTAGE + value: {{ .Values.walE.backupThresholdPercentage | quote }} + {{- end }} + {{- else }} + - name: USE_WALE + value: "" + {{- end }} + - name: PGROOT + value: "{{ .Values.persistentVolume.mountPath }}/pgroot" + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + {{- if .Values.env }} + {{- range $key, $val := .Values.env }} + - name: {{ $key | quote | upper }} + value: {{ $val | quote }} + {{- end }} + {{- end }} + readinessProbe: + httpGet: + scheme: HTTP + path: /readiness + port: 8008 + initialDelaySeconds: 3 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /liveness + port: 8008 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + ports: + - containerPort: 8008 + protocol: TCP + - containerPort: 5432 + protocol: TCP + volumeMounts: + - name: storage-volume + mountPath: "{{ .Values.persistentVolume.mountPath }}" + volumeMounts: "{{ .Values.persistentVolume.subPath }}" + # - mountPath: /etc/patroni + # name: patroni-config + # readOnly: true + {{- if .Values.walE.enable }} + {{- if .Values.walE.kubernetesSecret }} + - name: {{ .Values.walE.kubernetesSecret }} + mountPath: /etc/credentials + readOnly: true + {{- end }} + {{- end }} + resources: +{{ toYaml .Values.resources | indent 10 }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName }} + {{- end }} + {{- if .Values.affinity }} + affinity: +{{ .Values.affinity | toYaml | indent 8 }} + {{- else if .Values.affinityTemplate }} + affinity: +{{ tpl .Values.affinityTemplate . | indent 8 }} + {{- end }} + volumes: + - name: patroni-config + secret: + secretName: {{ template "patroni.fullname" . }} + {{- if .Values.walE.enable }} + {{- if .Values.walE.kubernetesSecret }} + - name: {{ .Values.walE.kubernetesSecret }} + secret: + secretName: {{ .Values.walE.kubernetesSecret }} + {{- end }} + {{- end }} + {{- if not .Values.persistentVolume.enabled }} + - name: storage-volume + emptyDir: {} + {{- end }} + {{- if .Values.persistentVolume.enabled }} + volumeClaimTemplates: + - metadata: + name: storage-volume + annotations: + {{- if .Values.persistentVolume.annotations }} +{{ toYaml .Values.persistentVolume.annotations | indent 8 }} + {{- end }} + labels: + app: {{ template "patroni.fullname" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + spec: + accessModes: +{{ toYaml .Values.persistentVolume.accessModes | indent 8 }} + resources: + requests: + storage: "{{ .Values.persistentVolume.size }}" + {{- if .Values.persistentVolume.storageClass }} + {{- if (eq "-" .Values.persistentVolume.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistentVolume.storageClass }}" + {{- end }} + {{- end }} + {{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc-config.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/svc-config.yaml new file mode 100644 index 00000000..442be2f3 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/svc-config.yaml @@ -0,0 +1,11 @@ +# headless service to avoid deletion of patronidemo-config endpoint +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }}-config + labels: + app: {{ template "patroni.fullname" . }} + release: {{ .Release.Name }} + cluster-name: {{ template "patroni.fullname" . }} +spec: + clusterIP: None diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc-relp.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/svc-relp.yaml new file mode 100644 index 00000000..cccaf8ce --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/svc-relp.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }}-repl + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} + role: replica +spec: + type: ClusterIP + selector: + app: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + role: replica + ports: + - port: 5432 + targetPort: 5432 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml new file mode 100644 index 00000000..430a6a8f --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} +spec: + type: ClusterIP + ports: + - name: postgresql + port: 5432 + targetPort: postgresql + protocol: TCP diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql/values.yaml new file mode 100644 index 00000000..1be7c5f6 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/values.yaml @@ -0,0 +1,147 @@ +replicaCount: 3 + +image: + # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 + # https://github.com/zalando/spilo/tree/master/postgres-appliance + repository: registry.drycc.cc/drycc-addons/patroni + tag: 3.2 + pullPolicy: 'IfNotPresent' + +# Credentials used by Patroni +# https://github.com/zalando/patroni/blob/master/docs/SETTINGS.rst#postgresql +# https://github.com/zalando/spilo/blob/master/ENVIRONMENT.rst +credentials: + superuser: tea + admin: cola + standby: reppasswd + +# Distribution Configuration stores +# Please note that only one of the following stores should be enabled. +kubernetes: + dcs: + enable: true + configmaps: + enable: false +etcd: + enable: false + deployChart: false + # If not deploying etcd chart, fill-in value for etcd service + # ..svc.cluster.local + host: + # Leave blank to use vendored etcd chart + discovery: +zookeeper: + enable: false + deployChart: false + # If not deploying etcd chart, fill-in list of ZooKeeper members in format: + # 'host1:port1','host2:port2','etc...' + hosts: +consul: + enable: false + deployChart: false + # Leave blank to use vendored consul chart + hosts: + +# Extra custom environment variables. +env: {} + +walE: + # Specifies whether Wal-E should be enabled + enable: false + # Cron schedule for doing base backups + scheduleCronJob: 00 01 * * * + # Amount of base backups to retain + retainBackups: 2 + # Path to the S3 or GCS bucket used for WAL-E base backups + s3Bucket: + gcsBucket: + # Name of the secret that holds the credentials to the bucket + kubernetesSecret: + # Maximum size of the WAL segments accumulated after the base backup to + # consider WAL-E restore instead of pg_basebackup + backupThresholdMegabytes: 1024 + # Maximum ratio (in percents) of the accumulated WAL files to the base backup + # to consider WAL-E restore instead of pg_basebackup + backupThresholdPercentage: 30 + +persistentVolume: + enabled: false + size: 10G + ## database data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + subPath: "" + mountPath: "/home/postgres/pgdata" + annotations: {} + accessModes: + - ReadWriteOnce + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 1000m + memory: 1Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 1000m + memory: 1Gi + +# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +nodeSelector: {} + +# https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +affinityTemplate: | + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: "kubernetes.io/hostname" + labelSelector: + matchLabels: + app: {{ template "patroni.name" . }} + release: {{ .Release.Name | quote }} +affinity: {} + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +rbac: + # Specifies whether RBAC resources should be created + create: true + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + +## Postgresql Prometheus exporter parameters +## +metrics: + enabled: false +## Postgresql Nework Policy configuration +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: false + ## @param networkPolicy.allowExternal The Policy model to apply. + ## When set to false, only pods with the correct + ## client label will have network access to the port MySQL is listening + ## on. When true, MySQL will accept connections from any source + ## (with the correct destination port). + ## + allowCurrentNamespace: true + allowNamespaces: [] \ No newline at end of file diff --git a/addons/postgresql-cluster/15/meta.yaml b/addons/postgresql-cluster/15/meta.yaml new file mode 100644 index 00000000..f7e21529 --- /dev/null +++ b/addons/postgresql-cluster/15/meta.yaml @@ -0,0 +1,20 @@ +name: postgresql-cluster +version: 15.0 +id: 5cfb0abf-276c-445b-9060-9aa964ede87d +description: "postgresql-cluster" +displayName: "postgresql-cluster-15.0" +metadata: + displayName: "postgresql-cluster-15.0" + provider: + name: drycc + supportURL: https://www.postgresql.org/ + documentationURL: https://github.com/drycc-addons/drycc-docker-postgresql-cluster +tags: postgresql-cluster +bindable: true +instances_retrievable: true +bindings_retrievable: true +plan_updateable: true +allow_parameters: +- name: "networkPolicy.allowNamespaces" + description: "networkPolicy allowNamespaces config for values.yaml" +archive: false \ No newline at end of file From c317ad3ac5802173ffcae6cd2ffa63a3d90fed9f Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 3 Nov 2023 09:13:06 +0800 Subject: [PATCH 13/22] chore(postgresql-cluster): move patroni env to helper --- .../chart/postgresql/templates/_helpers.tpl | 95 +++++++++++++ .../postgresql/templates/statefulset.yaml | 131 ++---------------- .../15/chart/postgresql/values.yaml | 24 +--- 3 files changed, 111 insertions(+), 139 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl index 2b1b6d45..f684f499 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl @@ -41,3 +41,98 @@ Create the name of the service account to use. {{ default "default" .Values.serviceAccount.name }} {{- end -}} {{- end -}} + +{{/* +Create patroni envs. +*/}} +{{- define "patroni.envs" }} +{{- if .Values.kubernetes.configmaps.enable }} +- name: KUBERNETES_USE_CONFIGMAPS + value: "true" +{{- end }} +{{- if .Values.kubernetes.endpoints.enable }} +- name: PATRONI_KUBERNETES_USE_ENDPOINTS + value: 'true' +{{- end }} +- name: PATRONI_KUBERNETES_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP +- name: PATRONI_KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +- name: PATRONI_KUBERNETES_BYPASS_API_SERVICE + value: 'true' +- name: PATRONI_KUBERNETES_LABELS + value: '{app: {{ template "patroni.fullname" . }},release: {{ .Release.Name }},cluster-name: {{ template "patroni.fullname" . }}}' +- name: PATRONI_SUPERUSER_USERNAME + value: postgres +- name: PATRONI_SUPERUSER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-superuser +- name: PATRONI_REPLICATION_USERNAME + value: standby +- name: PATRONI_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-replication +- name: PATRONI_SCOPE + value: {{ template "patroni.fullname" . }} +- name: PATRONI_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name +- name: PATRONI_POSTGRESQL_DATA_DIR + value: "{{ .Values.persistentVolume.mountPath }}/data" +- name: PATRONI_POSTGRESQL_PGPASS + value: /tmp/pgpass +- name: PATRONI_POSTGRESQL_LISTEN + value: '0.0.0.0:5432' +- name: PATRONI_RESTAPI_LISTEN + value: '0.0.0.0:8008' +{{- end -}} + +{{/* +Create wale envs. +*/}} +{{- define "wale.envs" }} +{{- if .Values.walE.enable }} +- name: USE_WALE + value: {{ .Values.walE.enable | quote }} +{{- if .Values.walE.scheduleCronJob }} +- name: BACKUP_SCHEDULE + value: {{ .Values.walE.scheduleCronJob | quote}} +{{- end }} +{{- if .Values.walE.retainBackups }} +- name: BACKUP_NUM_TO_RETAIN + value: {{ .Values.walE.retainBackups | quote}} +{{- end }} +{{- if .Values.walE.s3Bucket }} +- name: WAL_S3_BUCKET + value: {{ .Values.walE.s3Bucket | quote }} +{{else if .Values.walE.gcsBucket }} +- name: WAL_GCS_BUCKET + value: {{ .Values.walE.gcsBucket | quote }} +{{- if .Values.walE.kubernetesSecret }} +- name: GOOGLE_APPLICATION_CREDENTIALS + value: "/etc/credentials/{{.Values.walE.kubernetesSecret}}.json" +{{- end }} + +{{- if .Values.walE.backupThresholdMegabytes }} +- name: WALE_BACKUP_THRESHOLD_MEGABYTES + value: {{ .Values.walE.backupThresholdMegabytes | quote }} +{{- end }} +{{- if .Values.walE.backupThresholdPercentage }} +- name: WALE_BACKUP_THRESHOLD_PERCENTAGE + value: {{ .Values.walE.backupThresholdPercentage | quote }} +{{- end }} +{{- else }} +- name: USE_WALE + value: "" +{{- end }} +{{- end }} +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml index ce657a5e..14895620 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml @@ -31,123 +31,7 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: - {{- if .Values.kubernetes.dcs.enable }} - - name: PATRONI_KUBERNETES_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: PATRONI_KUBERNETES_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: PATRONI_KUBERNETES_BYPASS_API_SERVICE - value: 'true' - - name: PATRONI_KUBERNETES_USE_ENDPOINTS - value: 'true' - - name: PATRONI_KUBERNETES_LABELS - value: '{app: {{ template "patroni.fullname" . }},release: {{ .Release.Name }},cluster-name: {{ template "patroni.fullname" . }}}' - - name: PATRONI_SUPERUSER_USERNAME - value: postgres - - name: PATRONI_SUPERUSER_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "patroni.fullname" . }} - key: password-superuser - - name: PATRONI_REPLICATION_USERNAME - value: standby - - name: PATRONI_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "patroni.fullname" . }} - key: password-replication - - name: PATRONI_SCOPE - value: {{ template "patroni.fullname" . }} - - name: PATRONI_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: PATRONI_POSTGRESQL_DATA_DIR - value: "{{ .Values.persistentVolume.mountPath }}/data" - - name: PATRONI_POSTGRESQL_PGPASS - value: /tmp/pgpass - - name: PATRONI_POSTGRESQL_LISTEN - value: '0.0.0.0:5432' - - name: PATRONI_RESTAPI_LISTEN - value: '0.0.0.0:8008' - - {{- if .Values.kubernetes.configmaps.enable }} - - name: KUBERNETES_USE_CONFIGMAPS - value: "true" - {{- end }} - {{- end }} - {{- if .Values.etcd.enable }} - {{- if .Values.etcd.deployChart }} - - name: ETCD_DISCOVERY_DOMAIN - value: {{default (printf "%s-etcd" .Release.Name | trunc 63) .Values.etcd.discovery }} - {{- else }} - - name: ETCD_HOST - value: {{ .Values.etcd.host | quote }} - {{- end }} - {{- else if .Values.zookeeper.enable }} - {{- if .Values.zookeeper.deployChart }} - - name: ZOOKEEPER_HOSTS - value: {{(printf "'%s-zookeeper-headless:2181'" .Release.Name | trunc 63)}} - {{- else }} - - name: ZOOKEEPER_HOSTS - value: {{ .Values.zookeeper.hosts | quote }} - {{- end }} - {{- else if .Values.consul.enable }} - {{- if .Values.consul.deployChart }} - - name: PATRONI_CONSUL_HOST - value: {{(printf "'%s-consul'" .Release.Name | trunc 63)}} - {{- else }} - - name: PATRONI_CONSUL_HOST - value: {{ .Values.consul.host | quote }} - {{- end }} - {{- end }} - - name: SCOPE - value: {{ template "patroni.fullname" . }} - {{- if .Values.walE.enable }} - - name: USE_WALE - value: {{ .Values.walE.enable | quote }} - {{- if .Values.walE.scheduleCronJob }} - - name: BACKUP_SCHEDULE - value: {{ .Values.walE.scheduleCronJob | quote}} - {{- end }} - {{- if .Values.walE.retainBackups }} - - name: BACKUP_NUM_TO_RETAIN - value: {{ .Values.walE.retainBackups | quote}} - {{- end }} - {{- if .Values.walE.s3Bucket }} - - name: WAL_S3_BUCKET - value: {{ .Values.walE.s3Bucket | quote }} - {{else if .Values.walE.gcsBucket }} - - name: WAL_GCS_BUCKET - value: {{ .Values.walE.gcsBucket | quote }} - {{- if .Values.walE.kubernetesSecret }} - - name: GOOGLE_APPLICATION_CREDENTIALS - value: "/etc/credentials/{{.Values.walE.kubernetesSecret}}.json" - {{- end }} - {{- end }} - {{- if .Values.walE.backupThresholdMegabytes }} - - name: WALE_BACKUP_THRESHOLD_MEGABYTES - value: {{ .Values.walE.backupThresholdMegabytes | quote }} - {{- end }} - {{- if .Values.walE.backupThresholdPercentage }} - - name: WALE_BACKUP_THRESHOLD_PERCENTAGE - value: {{ .Values.walE.backupThresholdPercentage | quote }} - {{- end }} - {{- else }} - - name: USE_WALE - value: "" - {{- end }} - - name: PGROOT - value: "{{ .Values.persistentVolume.mountPath }}/pgroot" - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace + {{- include "patroni.envs" . | indent 8 }} {{- if .Values.env }} {{- range $key, $val := .Values.env }} - name: {{ $key | quote | upper }} @@ -174,6 +58,18 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 + lifecycle: + preStop: + exec: + command: + - /usr/bin/env + - bash + - -c + - | + # switch leader pod if the current pod is the leader + if curl --fail http://localhost:8008/read-write; then + init-stack patronictl switchover --force + fi ports: - containerPort: 8008 protocol: TCP @@ -182,7 +78,6 @@ spec: volumeMounts: - name: storage-volume mountPath: "{{ .Values.persistentVolume.mountPath }}" - volumeMounts: "{{ .Values.persistentVolume.subPath }}" # - mountPath: /etc/patroni # name: patroni-config # readOnly: true diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql/values.yaml index 1be7c5f6..f7bdc8a7 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/values.yaml @@ -5,6 +5,7 @@ image: # https://github.com/zalando/spilo/tree/master/postgres-appliance repository: registry.drycc.cc/drycc-addons/patroni tag: 3.2 + # IfNotPresent , Always pullPolicy: 'IfNotPresent' # Credentials used by Patroni @@ -18,29 +19,10 @@ credentials: # Distribution Configuration stores # Please note that only one of the following stores should be enabled. kubernetes: - dcs: + endpoints: enable: true configmaps: enable: false -etcd: - enable: false - deployChart: false - # If not deploying etcd chart, fill-in value for etcd service - # ..svc.cluster.local - host: - # Leave blank to use vendored etcd chart - discovery: -zookeeper: - enable: false - deployChart: false - # If not deploying etcd chart, fill-in list of ZooKeeper members in format: - # 'host1:port1','host2:port2','etc...' - hosts: -consul: - enable: false - deployChart: false - # Leave blank to use vendored consul chart - hosts: # Extra custom environment variables. env: {} @@ -136,7 +118,7 @@ metrics: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: false + enabled: true ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port MySQL is listening From 9891e1050911ce0c4e2f19453956acb2287f3d9e Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 6 Nov 2023 11:00:32 +0800 Subject: [PATCH 14/22] chore(postgresql-cluster):adjust patroni config use configmap --- .../chart/postgresql/templates/_helpers.tpl | 10 ++++ .../chart/postgresql/templates/configmap.yaml | 19 ++++++++ .../15/chart/postgresql/templates/ep.yaml | 12 ----- .../postgresql/templates/networkpolicy.yaml | 6 +-- .../postgresql/templates/statefulset.yaml | 17 +++++-- .../15/chart/postgresql/values.yaml | 46 +++++++++++++++++++ 6 files changed, 88 insertions(+), 22 deletions(-) create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml delete mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl index f684f499..8e146ffd 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl @@ -42,6 +42,16 @@ Create the name of the service account to use. {{- end -}} {{- end -}} +{{/* +Return true if a configmap object should be created for MySQL Secondary +*/}} +{{- define "patroni.createConfigmap" -}} +{{- if and .Values.configuration }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + {{/* Create patroni envs. */}} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml new file mode 100644 index 00000000..5f26b266 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml @@ -0,0 +1,19 @@ +{{- if (include "patroni.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-cm + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + patroni.sh: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.configuration "context" $ ) | nindent 4 }} +{{- end -}} + diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml deleted file mode 100644 index 23b7b2eb..00000000 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Endpoints -metadata: - name: {{ template "patroni.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: - app: {{ template "patroni.fullname" . }} - chart: {{ template "patroni.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - cluster-name: {{ template "patroni.fullname" . }} -subsets: [] diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml index 06617f8a..a6d317e6 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml @@ -1,8 +1,3 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - {{- if .Values.networkPolicy.enabled }} kind: NetworkPolicy apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} @@ -13,6 +8,7 @@ metadata: {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} + cluster-name: {{ template "patroni.fullname" . }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml index 14895620..4bf6e766 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml @@ -26,10 +26,17 @@ spec: cluster-name: {{ template "patroni.fullname" . }} spec: serviceAccountName: {{ template "patroni.serviceAccountName" . }} + + # securityContext: + # runAsUser: postgres + # fsGroup: postgres containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + # securityContext: + # runAsUser: postgres + # fsGroup: postgres env: {{- include "patroni.envs" . | indent 8 }} {{- if .Values.env }} @@ -78,9 +85,9 @@ spec: volumeMounts: - name: storage-volume mountPath: "{{ .Values.persistentVolume.mountPath }}" - # - mountPath: /etc/patroni - # name: patroni-config - # readOnly: true + - mountPath: "/opt/drycc/scripts/patroni/" + name: patroni-config + # readOnly: true {{- if .Values.walE.enable }} {{- if .Values.walE.kubernetesSecret }} - name: {{ .Values.walE.kubernetesSecret }} @@ -110,8 +117,8 @@ spec: {{- end }} volumes: - name: patroni-config - secret: - secretName: {{ template "patroni.fullname" . }} + configMap: + name: {{ template "common.names.fullname" . }}-cm {{- if .Values.walE.enable }} {{- if .Values.walE.kubernetesSecret }} - name: {{ .Values.walE.kubernetesSecret }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql/values.yaml index f7bdc8a7..6e159f91 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/values.yaml @@ -27,6 +27,52 @@ kubernetes: # Extra custom environment variables. env: {} +# +#custom patroni.yaml used by patroni boot +# configuration: {} +configuration: | + cat > /home/postgres/patroni.yml <<__EOF__ + log: + level: DEBUG + bootstrap: + dcs: + postgresql: + use_pg_rewind: true + use_slots: true + pg_hba: + - host all all 0.0.0.0/0 scram-sha-256 + - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 + parameters: + wal_level: hot_standby + hot_standby: "on" + max_connections: 1000 + max_worker_processes: 8 + wal_keep_segments: 8 + max_wal_senders: 10 + max_replication_slots: 10 + max_prepared_transactions: 0 + max_locks_per_transaction: 64 + wal_log_hints: "on" + track_commit_timestamp: "off" + archive_mode: "on" + archive_timeout: 1800s + initdb: + - auth-host: scram-sha-256 + - auth-local: trust + - encoding: UTF8 + - locale: en_US.UTF-8 + - data-checksums + restapi: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:8008' + postgresql: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:5432' + authentication: + superuser: + password: '${PATRONI_SUPERUSER_PASSWORD}' + replication: + password: '${PATRONI_REPLICATION_PASSWORD}' + __EOF__ + walE: # Specifies whether Wal-E should be enabled enable: false From 4f1a35012c0b68a506175ebb649b6c66d71487a4 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 9 Nov 2023 13:35:34 +0800 Subject: [PATCH 15/22] chore(postgresql-cluster):organize code structure --- .../chart/postgresql/templates/_helpers.tpl | 28 ++++++++- .../chart/postgresql/templates/configmap.yaml | 9 +-- .../15/chart/postgresql/templates/sec.yaml | 7 ++- .../postgresql/templates/statefulset.yaml | 2 +- .../15/chart/postgresql/values.yaml | 61 +++++++++++++++---- .../15/plans/standard-10/bind.yaml | 34 +++++++++++ .../standard-10/create-instance-schema.json | 12 ++++ .../15/plans/standard-10/meta.yaml | 6 ++ .../15/plans/standard-10/values.yaml | 61 +++++++++++++++++++ .../15/plans/standard-20/bind.yaml | 34 +++++++++++ .../standard-20/create-instance-schema.json | 12 ++++ .../15/plans/standard-20/meta.yaml | 6 ++ .../15/plans/standard-20/values.yaml | 61 +++++++++++++++++++ 13 files changed, 311 insertions(+), 22 deletions(-) create mode 100644 addons/postgresql-cluster/15/plans/standard-10/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-10/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-10/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-10/values.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-20/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-20/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-20/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-20/values.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl index 8e146ffd..41b3a94d 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl @@ -43,10 +43,10 @@ Create the name of the service account to use. {{- end -}} {{/* -Return true if a configmap object should be created for MySQL Secondary +Return true if a configmap object should be created for Postgresql HA patroni */}} {{- define "patroni.createConfigmap" -}} -{{- if and .Values.configuration }} +{{- if and .Values.preInitScript }} {{- true -}} {{- else -}} {{- end -}} @@ -90,6 +90,13 @@ Create patroni envs. secretKeyRef: name: {{ template "patroni.fullname" . }} key: password-replication +- name: PATRONI_REWIND_USERNAME + value: rewinder +- name: PATRONI_REWIND_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-rewind - name: PATRONI_SCOPE value: {{ template "patroni.fullname" . }} - name: PATRONI_NAME @@ -104,6 +111,23 @@ Create patroni envs. value: '0.0.0.0:5432' - name: PATRONI_RESTAPI_LISTEN value: '0.0.0.0:8008' + +- name: DATABASE_NAME + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: data-name +- name: DATABASE_USER + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: data-user +- name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: data-password + {{- end -}} {{/* diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml index 5f26b266..877d5879 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml @@ -13,7 +13,8 @@ metadata: annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} data: - patroni.sh: |- - {{- include "common.tplvalues.render" ( dict "value" .Values.configuration "context" $ ) | nindent 4 }} -{{- end -}} - + pre_init.sh: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.preInitScript "context" $ ) | nindent 4 }} + post_init.sh: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.postInitScript "context" $ ) | nindent 4 }} +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml index 40082291..89214502 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml @@ -12,5 +12,8 @@ metadata: type: Opaque data: password-superuser: {{ .Values.credentials.superuser | b64enc }} - password-admin: {{ .Values.credentials.admin | b64enc }} - password-replication: {{ .Values.credentials.standby | b64enc }} + password-rewind: {{ .Values.credentials.rewind | b64enc }} + password-replication: {{ .Values.credentials.replication | b64enc }} + data-user: {{ .Values.dataname.username | b64enc }} + data-name: {{ .Values.dataname.dbname | b64enc }} + data-password: {{ .Values.dataname.password | b64enc }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml index 4bf6e766..29fdbed9 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml @@ -85,7 +85,7 @@ spec: volumeMounts: - name: storage-volume mountPath: "{{ .Values.persistentVolume.mountPath }}" - - mountPath: "/opt/drycc/scripts/patroni/" + - mountPath: "/opt/drycc/postgresql/scripts/" name: patroni-config # readOnly: true {{- if .Values.walE.enable }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql/values.yaml index 6e159f91..679f4072 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/values.yaml @@ -3,18 +3,23 @@ replicaCount: 3 image: # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 # https://github.com/zalando/spilo/tree/master/postgres-appliance - repository: registry.drycc.cc/drycc-addons/patroni - tag: 3.2 + repository: registry.drycc.cc/drycc-addons/postgresql-patroni + tag: 15 # IfNotPresent , Always pullPolicy: 'IfNotPresent' -# Credentials used by Patroni +# Credentials used by Patroni , passwd # https://github.com/zalando/patroni/blob/master/docs/SETTINGS.rst#postgresql # https://github.com/zalando/spilo/blob/master/ENVIRONMENT.rst credentials: superuser: tea - admin: cola - standby: reppasswd + rewind: cola + replication: reppasswd + +dataname: + dbname: db1 + username: us1 + password: 111w # Distribution Configuration stores # Please note that only one of the following stores should be enabled. @@ -30,8 +35,8 @@ env: {} # #custom patroni.yaml used by patroni boot # configuration: {} -configuration: | - cat > /home/postgres/patroni.yml <<__EOF__ +preInitScript: | + cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ log: level: DEBUG bootstrap: @@ -40,12 +45,13 @@ configuration: | use_pg_rewind: true use_slots: true pg_hba: + - local all all peer - host all all 0.0.0.0/0 scram-sha-256 - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 parameters: wal_level: hot_standby hot_standby: "on" - max_connections: 1000 + max_connections: 1005 max_worker_processes: 8 wal_keep_segments: 8 max_wal_senders: 10 @@ -56,23 +62,52 @@ configuration: | track_commit_timestamp: "off" archive_mode: "on" archive_timeout: 1800s + archive_command: /bin/true + # timescaledb.license: 'timescale' + shared_preload_libraries: 'auto_explain,pg_stat_statements' initdb: - - auth-host: scram-sha-256 - - auth-local: trust - - encoding: UTF8 - - locale: en_US.UTF-8 - - data-checksums + - auth-host: scram-sha-256 + - auth-local: trust + - encoding: UTF8 + - locale: en_US.UTF-8 + - data-checksums + post_bootstrap: sh /opt/drycc/postgresql/scripts/post_init.sh restapi: connect_address: '${PATRONI_KUBERNETES_POD_IP}:8008' postgresql: connect_address: '${PATRONI_KUBERNETES_POD_IP}:5432' authentication: superuser: + username: postgres password: '${PATRONI_SUPERUSER_PASSWORD}' replication: + username: standby password: '${PATRONI_REPLICATION_PASSWORD}' + rewind: # Has no effect on postgres 10 and lower + username: rewinder + password: '${PATRONI_REWIND_USERNAME}' + watchdog: + mode: off __EOF__ +postInitScript: | + #!/bin/bash + set -Eeu + # Create monitor user + psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor" + # Create init database & user + if [[( -n "$DATABASE_USER") && ( -n "$DATABASE_PASSWORD") && ( -n "$DATABASE_NAME")]]; then + echo "Creating user ${DATABASE_USER}" + psql -w -c "create user ${DATABASE_USER} WITH LOGIN ENCRYPTED PASSWORD '${DATABASE_PASSWORD}'" + echo "Creating database ${DATABASE_NAME} " + psql -w -c "CREATE DATABASE ${DATABASE_NAME} OWNER ${DATABASE_USER} CONNECTION LIMIT 1000" + psql -w -d ${DATABASE_NAME} -c "create extension postgis" + psql -w -c "CHECKPOINT;CHECKPOINT;" + else + echo "Skipping user creation" + echo "Skipping database creation" + fi + walE: # Specifies whether Wal-E should be enabled enable: false diff --git a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml new file mode 100644 index 00000000..e5b14d98 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.password }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/postgresql-cluster/15/plans/standard-10/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-10/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-10/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-10/meta.yaml b/addons/postgresql-cluster/15/plans/standard-10/meta.yaml new file mode 100644 index 00000000..6c738828 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-10/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-10" +id: 2b455154-8725-482a-95b2-a193c180d9b5 +description: "Mysql Cluster standard-10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G , DB MAX Connection 600" +displayName: "standard-10" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-10/values.yaml b/addons/postgresql-cluster/15/plans/standard-10/values.yaml new file mode 100644 index 00000000..f90075a8 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-10/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-10 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 600 + resources: + limits: + cpu: 1000m + memory: 1024Mi + requests: + cpu: 1000m + memory: 1024Mi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 10Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} diff --git a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/postgresql-cluster/15/plans/standard-20/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-20/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-20/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-20/meta.yaml b/addons/postgresql-cluster/15/plans/standard-20/meta.yaml new file mode 100644 index 00000000..e749a7db --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-20/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-20" +id: 95fd7cf2-f2fb-46c9-b3fc-9e7f48899dcc +description: "Mysql Cluster standard-20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" +displayName: "standard-20" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-20/values.yaml b/addons/postgresql-cluster/15/plans/standard-20/values.yaml new file mode 100644 index 00000000..d9422e70 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-20/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-20 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 1000 + resources: + limits: + cpu: 2000m + memory: 4Gi + requests: + cpu: 2000m + memory: 4Gi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 20Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} From 324971644e32b2961fa02ca51b8f19e9a55d3540 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 9 Nov 2023 17:40:44 +0800 Subject: [PATCH 16/22] chore(postgresql-cluster): add metrics --- .../postgresql/templates/networkpolicy.yaml | 2 +- .../postgresql/templates/statefulset.yaml | 49 +++++++++++++++++++ .../15/chart/postgresql/templates/svc.yaml | 2 +- .../15/chart/postgresql/values.yaml | 41 ++++++++++++++-- 4 files changed, 87 insertions(+), 7 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml index a6d317e6..3b3baa56 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml @@ -21,7 +21,7 @@ spec: - ports: - port: 5432 {{- if and .Values.metrics.enabled }} - - port: {{ .Values.metrics.service.port }} + - port: {{ .Values.metrics.containerPort }} {{ end }} {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} from: diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml index 29fdbed9..630fd990 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml @@ -97,6 +97,55 @@ spec: {{- end }} resources: {{ toYaml .Values.resources | indent 10 }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: "{{ .Values.metrics.image.repository }}:{{ .Values.metrics.image.tag }}" + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.metrics.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.metrics.customMetrics }} + args: ["--extend.query-path", "/conf/custom-metrics.yaml"] + {{- end }} + env: + - name: DATA_SOURCE_NAME + value: {{ printf "postgresql://tea_mon:password@127.0.0.1:5432/%s?sslmode=disable" $.Values.dataname.dbname }} + ports: + - name: http-metrics + containerPort: {{ .Values.metrics.containerPort }} + startupProbe: + initialDelaySeconds: 10 + tcpSocket: + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + livenessProbe: + initialDelaySeconds: 5 + httpGet: + path: / + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + readinessProbe: + initialDelaySeconds: 5 + httpGet: + path: / + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml index 430a6a8f..301216e1 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml @@ -15,4 +15,4 @@ spec: - name: postgresql port: 5432 targetPort: postgresql - protocol: TCP + protocol: TCP \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql/values.yaml index 679f4072..f9f86f8c 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/values.yaml @@ -1,4 +1,6 @@ replicaCount: 3 +diagnosticMode: + enable: false image: # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 @@ -46,6 +48,7 @@ preInitScript: | use_slots: true pg_hba: - local all all peer + - host all tea_mon 127.0.0.1/32 trust - host all all 0.0.0.0/0 scram-sha-256 - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 parameters: @@ -108,6 +111,39 @@ postInitScript: | echo "Skipping database creation" fi +## Postgresql Prometheus exporter parameters +## +metrics: + enabled: true + image: + repository: registry.drycc.cc/drycc-addons/postgres-exporter + tag: "0" + # IfNotPresent , Always + pullPolicy: 'IfNotPresent' + ## @param metrics.customMetrics Define additional custom metrics + ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file + ## customMetrics: + ## pg_database: + ## query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" + ## metrics: + ## - name: + ## usage: "LABEL" + ## description: "Name of the database" + ## - size_bytes: + ## usage: "GAUGE" + ## description: "Size of the database in bytes" + ## + customMetrics: {} + containerPort: 9187 + containerSecurityContext: + enabled: false + runAsUser: 1001 + runAsNonRoot: true + customLivenessProbe: {} + customReadinessProbe: + enabled: true + service: port + resources: {} walE: # Specifies whether Wal-E should be enabled enable: false @@ -189,11 +225,6 @@ serviceAccount: # The name of the ServiceAccount to use. # If not set and create is true, a name is generated using the fullname template name: - -## Postgresql Prometheus exporter parameters -## -metrics: - enabled: false ## Postgresql Nework Policy configuration ## networkPolicy: From 53f6af72ed236ad1e815870ad2ae7d69e0254741 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 10 Nov 2023 11:47:43 +0800 Subject: [PATCH 17/22] chore(postgresql-cluster): add metrics --- .../15/chart/postgresql/Chart.yaml | 3 +- .../postgresql/templates/metrics-svc.yaml | 31 +++++++++++++++++++ .../postgresql/templates/statefulset.yaml | 9 ++++-- .../15/chart/postgresql/values.yaml | 16 +++++++++- 4 files changed, 54 insertions(+), 5 deletions(-) create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/metrics-svc.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml b/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml index f0397f67..375ae4fe 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml @@ -17,6 +17,7 @@ keywords: - sql - replication - cluster + - patroni maintainers: - email: zhang.eamon@hotmail.com name: zhangeamon @@ -24,4 +25,4 @@ name: postgresql sources: - https://github.com/drycc-addons/ - https://www.postgresql.org/ -version: 15.4.1 +version: 15.3.1 diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/metrics-svc.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/metrics-svc.yaml new file mode 100644 index 00000000..0cd24f48 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/metrics-svc.yaml @@ -0,0 +1,31 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-metrics" (include "patroni.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + sessionAffinity: {{ .Values.metrics.service.sessionAffinity }} + {{- if .Values.metrics.service.clusterIP }} + clusterIP: {{ .Values.metrics.service.clusterIP }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.metrics.service.ports.metrics }} + targetPort: http-metrics + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: patroni +{{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml index 630fd990..803b9702 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml @@ -3,7 +3,8 @@ kind: StatefulSet metadata: name: {{ template "patroni.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} - labels: + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni app: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} @@ -13,14 +14,16 @@ spec: serviceName: {{ template "patroni.fullname" . }} replicas: {{ .Values.replicaCount }} selector: - matchLabels: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: patroni app: {{ template "patroni.fullname" . }} release: {{ .Release.Name }} cluster-name: {{ template "patroni.fullname" . }} template: metadata: name: {{ template "patroni.fullname" . }} - labels: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: patroni app: {{ template "patroni.fullname" . }} release: {{ .Release.Name }} cluster-name: {{ template "patroni.fullname" . }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql/values.yaml index f9f86f8c..4d28d660 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/values.yaml @@ -133,6 +133,21 @@ metrics: ## usage: "GAUGE" ## description: "Size of the database in bytes" ## + service: + ports: + metrics: 9187 + clusterIP: "" + ## @param metrics.service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param metrics.service.annotations [object] Annotations for Prometheus to auto-discover the metrics endpoint + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}" + customMetrics: {} containerPort: 9187 containerSecurityContext: @@ -142,7 +157,6 @@ metrics: customLivenessProbe: {} customReadinessProbe: enabled: true - service: port resources: {} walE: # Specifies whether Wal-E should be enabled From c7969725b66e4bb86481c4514ef584f0fc1ec8d8 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 10 Nov 2023 11:51:19 +0800 Subject: [PATCH 18/22] chore(postgresql-cluster): rename postgresql to postgresql-cluster --- .../15/chart/{postgresql => postgresql-cluster}/Chart.yaml | 0 .../15/chart/{postgresql => postgresql-cluster}/README.md | 0 .../chart/{postgresql => postgresql-cluster}/templates/NOTES.txt | 0 .../{postgresql => postgresql-cluster}/templates/_helpers.tpl | 0 .../{postgresql => postgresql-cluster}/templates/configmap.yaml | 0 .../{postgresql => postgresql-cluster}/templates/metrics-svc.yaml | 0 .../templates/networkpolicy.yaml | 0 .../chart/{postgresql => postgresql-cluster}/templates/role.yaml | 0 .../{postgresql => postgresql-cluster}/templates/rolebinding.yaml | 0 .../chart/{postgresql => postgresql-cluster}/templates/sec.yaml | 0 .../templates/serviceaccount.yaml | 0 .../{postgresql => postgresql-cluster}/templates/statefulset.yaml | 0 .../{postgresql => postgresql-cluster}/templates/svc-config.yaml | 0 .../{postgresql => postgresql-cluster}/templates/svc-relp.yaml | 0 .../chart/{postgresql => postgresql-cluster}/templates/svc.yaml | 0 .../15/chart/{postgresql => postgresql-cluster}/values.yaml | 0 16 files changed, 0 insertions(+), 0 deletions(-) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/Chart.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/README.md (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/NOTES.txt (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/_helpers.tpl (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/configmap.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/metrics-svc.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/networkpolicy.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/role.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/rolebinding.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/sec.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/serviceaccount.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/statefulset.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/svc-config.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/svc-relp.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/svc.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/values.yaml (100%) diff --git a/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/Chart.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/Chart.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/Chart.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/README.md rename to addons/postgresql-cluster/15/chart/postgresql-cluster/README.md diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/NOTES.txt b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/NOTES.txt similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/NOTES.txt rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/NOTES.txt diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/configmap.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/configmap.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/metrics-svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/metrics-svc.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/metrics-svc.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/metrics-svc.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/role.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/role.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/role.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/role.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/rolebinding.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/rolebinding.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/rolebinding.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/rolebinding.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/serviceaccount.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/serviceaccount.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/serviceaccount.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/serviceaccount.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc-config.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-config.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/svc-config.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-config.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc-relp.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/svc-relp.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/values.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml From f57e768f3e9c9b3843a3ab17e031958279745b24 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 15 Nov 2023 15:55:53 +0800 Subject: [PATCH 19/22] chore(postgresql-cluster) add wal-g for backup --- addons/postgresql-cluster/15/chart/cj.yaml | 605 ++++++++++++++++++ .../postgresql-cluster/templates/_helpers.tpl | 68 +- .../postgresql-cluster/templates/cronjob.yaml | 58 ++ .../templates/networkpolicy.yaml | 1 + .../postgresql-cluster/templates/role.yaml | 2 +- .../templates/rolebinding.yaml | 2 +- .../postgresql-cluster/templates/sec.yaml | 2 +- .../templates/serviceaccount.yaml | 2 +- .../templates/statefulset.yaml | 26 +- .../templates/svc-config.yaml | 2 +- .../templates/svc-master.yaml | 24 + .../{metrics-svc.yaml => svc-metrics.yaml} | 1 + .../templates/svc-relp.yaml | 9 +- .../postgresql-cluster/templates/svc.yaml | 14 +- .../15/chart/postgresql-cluster/values.yaml | 42 +- .../15/plans/standard-10/bind.yaml | 2 +- .../15/plans/standard-10/meta.yaml | 4 +- .../15/plans/standard-10/values.yaml | 130 ++-- .../15/plans/standard-20/values.yaml | 2 +- 19 files changed, 865 insertions(+), 131 deletions(-) create mode 100644 addons/postgresql-cluster/15/chart/cj.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml rename addons/postgresql-cluster/15/chart/postgresql-cluster/templates/{metrics-svc.yaml => svc-metrics.yaml} (96%) diff --git a/addons/postgresql-cluster/15/chart/cj.yaml b/addons/postgresql-cluster/15/chart/cj.yaml new file mode 100644 index 00000000..48880e1c --- /dev/null +++ b/addons/postgresql-cluster/15/chart/cj.yaml @@ -0,0 +1,605 @@ +--- +# Source: postgresql/templates/networkpolicy.yaml +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: patroni + cluster-name: release-name-postgresql +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: release-name + ingress: + # Allow inbound connections + - ports: + - port: 5432 + - port: 9187 + + from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: default +--- +# Source: postgresql/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm +--- +# Source: postgresql/templates/sec.yaml +apiVersion: v1 +kind: Secret +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm + cluster-name: release-name-postgresql +type: Opaque +data: + password-superuser: dGVh + password-rewind: Y29sYQ== + password-replication: cmVwcGFzc3dk + data-user: dXMx + data-name: ZGIx + data-password: MTExdw== +--- +# Source: postgresql/templates/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: release-name-postgresql-cm + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + cluster-name: release-name-postgresql +data: + pre_init.sh: |- + cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ + log: + level: DEBUG + bootstrap: + dcs: + postgresql: + use_pg_rewind: true + use_slots: true + pg_hba: + - local all all peer + - host all tea_mon 127.0.0.1/32 trust + - host all all 0.0.0.0/0 scram-sha-256 + - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 + parameters: + wal_level: hot_standby + hot_standby: "on" + max_connections: 1005 + max_worker_processes: 8 + wal_keep_segments: 8 + max_wal_senders: 10 + max_replication_slots: 10 + max_prepared_transactions: 0 + max_locks_per_transaction: 64 + wal_log_hints: "on" + track_commit_timestamp: "off" + archive_mode: "on" + archive_timeout: 1800s + archive_command: /bin/true + # timescaledb.license: 'timescale' + shared_preload_libraries: 'auto_explain,pg_stat_statements' + initdb: + - auth-host: scram-sha-256 + - auth-local: trust + - encoding: UTF8 + - locale: en_US.UTF-8 + - data-checksums + post_bootstrap: sh /opt/drycc/postgresql/scripts/post_init.sh + restapi: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:8008' + postgresql: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:5432' + authentication: + superuser: + username: postgres + password: '${PATRONI_SUPERUSER_PASSWORD}' + replication: + username: standby + password: '${PATRONI_REPLICATION_PASSWORD}' + rewind: # Has no effect on postgres 10 and lower + username: rewinder + password: '${PATRONI_REWIND_USERNAME}' + watchdog: + mode: off + __EOF__ + + post_init.sh: |- + #!/bin/bash + set -Eeu + # Create monitor user + psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor" + # Create init database & user + if [[( -n "$DATABASE_USER") && ( -n "$DATABASE_PASSWORD") && ( -n "$DATABASE_NAME")]]; then + echo "Creating user ${DATABASE_USER}" + psql -w -c "create user ${DATABASE_USER} WITH LOGIN ENCRYPTED PASSWORD '${DATABASE_PASSWORD}'" + echo "Creating database ${DATABASE_NAME} " + psql -w -c "CREATE DATABASE ${DATABASE_NAME} OWNER ${DATABASE_USER} CONNECTION LIMIT 1000" + psql -w -d ${DATABASE_NAME} -c "create extension postgis ; create extension pg_stat_statements ; create extension pg_buffercache ;" + psql -w -c "CHECKPOINT;CHECKPOINT;" + else + echo "Skipping user creation" + echo "Skipping database creation" + fi +--- +# Source: postgresql/templates/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm +rules: +- apiGroups: [""] + resources: ["configmaps"] + verbs: + - create + - get + - list + - patch + - update + - watch + # delete is required only for 'patronictl remove' + - delete +- apiGroups: [""] + resources: ["services"] + verbs: + - create +- apiGroups: [""] + resources: ["endpoints"] + verbs: + - create + - get + - patch + - update + # the following three privileges are necessary only when using endpoints + - list + - watch + # delete is required only for for 'patronictl remove' + - delete + - deletecollection +- apiGroups: [""] + resources: ["pods"] + verbs: + - get + - list + - patch + - update + - watch +--- +# Source: postgresql/templates/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm +subjects: + - kind: ServiceAccount + name: release-name-postgresql +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: release-name-postgresql +--- +# Source: postgresql/templates/svc-config.yaml +# headless service to avoid deletion of patronidemo-config endpoint +apiVersion: v1 +kind: Service +metadata: + name: release-name-postgresql-config + labels: + app: release-name-postgresql + release: release-name + cluster-name: release-name-postgresql +spec: + clusterIP: None +--- +# Source: postgresql/templates/svc-metrics.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-postgresql-metrics + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: patroni + app.kubernetes.io/component: metrics + annotations: + prometheus.io/port: '9187' + prometheus.io/scrape: "true" +spec: + type: ClusterIP + sessionAffinity: None + ports: + - name: http-metrics + port: 9187 + targetPort: http-metrics + selector: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: patroni +--- +# Source: postgresql/templates/svc-relp.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-postgresql-repl + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: patroni + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm + cluster-name: release-name-postgresql + role: replica +spec: + type: LoadBalancer + selector: + app: release-name-postgresql + cluster-name: release-name-postgresql + role: replica + ports: + - port: 5432 + targetPort: 5432 +--- +# Source: postgresql/templates/svc.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: patroni + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm + cluster-name: release-name-postgresql + role: master +spec: + type: LoadBalancer + ports: + - name: postgresql + port: 5432 + targetPort: 5432 + protocol: TCP +--- +# Source: postgresql/templates/statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: patroni + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm + cluster-name: release-name-postgresql +spec: + serviceName: release-name-postgresql + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: patroni + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm + cluster-name: release-name-postgresql + template: + metadata: + name: release-name-postgresql + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: patroni + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm + cluster-name: release-name-postgresql + spec: + serviceAccountName: release-name-postgresql + + # securityContext: + # runAsUser: postgres + # fsGroup: postgres + containers: + - name: postgresql + image: "registry.drycc.cc/drycc-addons/postgresql-patroni:15" + imagePullPolicy: IfNotPresent + # securityContext: + # runAsUser: postgres + # fsGroup: postgres + env: + - name: PATRONI_KUBERNETES_USE_ENDPOINTS + value: 'true' + - name: PATRONI_KUBERNETES_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: PATRONI_KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: PATRONI_KUBERNETES_BYPASS_API_SERVICE + value: 'true' + - name: PATRONI_KUBERNETES_LABELS + value: '{app: release-name-postgresql,release: release-name,cluster-name: release-name-postgresql}' + - name: PATRONI_SUPERUSER_USERNAME + value: postgres + - name: PATRONI_SUPERUSER_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: password-superuser + - name: PATRONI_REPLICATION_USERNAME + value: standby + - name: PATRONI_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: password-replication + - name: PATRONI_REWIND_USERNAME + value: rewinder + - name: PATRONI_REWIND_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: password-rewind + - name: PATRONI_SCOPE + value: release-name-postgresql + - name: PATRONI_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: PATRONI_POSTGRESQL_DATA_DIR + value: "/home/postgres/pgdata/data" + - name: PATRONI_POSTGRESQL_PGPASS + value: /tmp/pgpass + - name: PATRONI_POSTGRESQL_LISTEN + value: '0.0.0.0:5432' + - name: PATRONI_RESTAPI_LISTEN + value: '0.0.0.0:8008' + + - name: DATABASE_NAME + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: data-name + - name: DATABASE_USER + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: data-user + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: data-password + readinessProbe: + httpGet: + scheme: HTTP + path: /readiness + port: 8008 + initialDelaySeconds: 3 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /liveness + port: 8008 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + lifecycle: + preStop: + exec: + command: + - /usr/bin/env + - bash + - -c + - | + # switch leader pod if the current pod is the leader + if curl --fail http://localhost:8008/read-write; then + init-stack patronictl switchover --force + fi + ports: + - containerPort: 8008 + protocol: TCP + - containerPort: 5432 + protocol: TCP + volumeMounts: + - name: storage-volume + mountPath: "/home/postgres/pgdata" + - mountPath: "/opt/drycc/postgresql/scripts/" + name: patroni-config + # readOnly: true + resources: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + - name: metrics + image: "registry.drycc.cc/drycc-addons/postgres-exporter:0" + imagePullPolicy: "IfNotPresent" + env: + - name: DATA_SOURCE_NAME + value: postgresql://tea_mon:password@127.0.0.1:5432/db1?sslmode=disable + ports: + - name: http-metrics + containerPort: 9187 + startupProbe: + initialDelaySeconds: 10 + tcpSocket: + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + livenessProbe: + initialDelaySeconds: 5 + httpGet: + path: / + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + readinessProbe: + initialDelaySeconds: 5 + httpGet: + path: / + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + resources: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: "kubernetes.io/hostname" + labelSelector: + matchLabels: + app: postgresql + release: "release-name" + + volumes: + - name: patroni-config + configMap: + name: release-name-postgresql-cm + - name: storage-volume + emptyDir: {} +--- +# Source: postgresql/templates/cronjob.yaml +apiVersion: batch/v1 +kind: CronJob +metadata: + name: release-name-postgresql-backup + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + cluster-name: release-name-postgresql + +spec: + schedule: "*/1 * * * *" + failedJobsHistoryLimit: 1 + successfulJobsHistoryLimit: 1 + jobTemplate: + spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: postgresql-backup + image: "registry.drycc.cc/drycc-addons/postgresql-patroni:15" + imagePullPolicy: Always + #imagePullPolicy: "IfNotPresent" + command: + - /usr/bin/env + - bash + - -c + - | + echo "sleeping ...." + sleep 10000 + echo "Successfull" + init-stack /opt/drycc/wal-g/bin/wal-g backup-push + init-stack /opt/drycc/wal-g/bin/wal-g delete + env: + - name: USE_WALG + value: "true" + - name: BACKUP_SCHEDULE + value: "eee" + - name: BACKUP_NUM_TO_RETAIN + value: "2" + - name: WALG_BACKUP_THRESHOLD_MEGABYTES + value: "1024" + - name: WALE_BACKUP_THRESHOLD_PERCENTAGE + value: "30" + - name: PGHOST + value: release-name-postgresql-repl + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: password-replication + - name: PGUSER + value: standby + - name: PGPORT + value: "5432" diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl index 41b3a94d..c75c3b29 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl @@ -42,6 +42,16 @@ Create the name of the service account to use. {{- end -}} {{- end -}} +{{/* +Return true if a cronjob object should be created for Postgresql HA patroni +*/}} +{{- define "patroni.createCronJob" -}} +{{- if and .Values.walG.enable }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + {{/* Return true if a configmap object should be created for Postgresql HA patroni */}} @@ -75,7 +85,7 @@ Create patroni envs. - name: PATRONI_KUBERNETES_BYPASS_API_SERVICE value: 'true' - name: PATRONI_KUBERNETES_LABELS - value: '{app: {{ template "patroni.fullname" . }},release: {{ .Release.Name }},cluster-name: {{ template "patroni.fullname" . }}}' + value: '{application: {{ template "patroni.fullname" . }},release: {{ .Release.Name }},cluster-name: {{ template "patroni.fullname" . }}}' - name: PATRONI_SUPERUSER_USERNAME value: postgres - name: PATRONI_SUPERUSER_PASSWORD @@ -131,42 +141,44 @@ Create patroni envs. {{- end -}} {{/* -Create wale envs. +Create walg envs. */}} -{{- define "wale.envs" }} -{{- if .Values.walE.enable }} -- name: USE_WALE - value: {{ .Values.walE.enable | quote }} -{{- if .Values.walE.scheduleCronJob }} +{{- define "walg.envs" }} +{{- if .Values.walG.enable }} +- name: USE_WALG + value: {{ .Values.walG.enable | quote }} +{{- if .Values.walG.scheduleCronJob }} - name: BACKUP_SCHEDULE - value: {{ .Values.walE.scheduleCronJob | quote}} + value: {{ .Values.walG.scheduleCronJob | quote}} {{- end }} -{{- if .Values.walE.retainBackups }} +{{- if .Values.walG.retainBackups }} - name: BACKUP_NUM_TO_RETAIN - value: {{ .Values.walE.retainBackups | quote}} + value: {{ .Values.walG.retainBackups | quote}} {{- end }} -{{- if .Values.walE.s3Bucket }} -- name: WAL_S3_BUCKET - value: {{ .Values.walE.s3Bucket | quote }} -{{else if .Values.walE.gcsBucket }} -- name: WAL_GCS_BUCKET - value: {{ .Values.walE.gcsBucket | quote }} -{{- if .Values.walE.kubernetesSecret }} -- name: GOOGLE_APPLICATION_CREDENTIALS - value: "/etc/credentials/{{.Values.walE.kubernetesSecret}}.json" +{{- if .Values.walG.backupThresholdMegabytes }} +- name: WALG_BACKUP_THRESHOLD_MEGABYTES + value: {{ .Values.walG.backupThresholdMegabytes | quote }} {{- end }} - -{{- if .Values.walE.backupThresholdMegabytes }} -- name: WALE_BACKUP_THRESHOLD_MEGABYTES - value: {{ .Values.walE.backupThresholdMegabytes | quote }} -{{- end }} -{{- if .Values.walE.backupThresholdPercentage }} +{{- if .Values.walG.backupThresholdPercentage }} - name: WALE_BACKUP_THRESHOLD_PERCENTAGE - value: {{ .Values.walE.backupThresholdPercentage | quote }} + value: {{ .Values.walG.backupThresholdPercentage | quote }} +{{- end }} +{{- if .Values.walG.s3.used }} +- name: AWS_ACCESS_KEY_ID + value: {{ .Values.walG.s3.awsAccessKeyId | quote }} +- name: AWS_SECRET_ACCESS_KEY + value: {{ .Values.walG.s3.awsSecretAccessKey | quote }} +- name: WALG_S3_PREFIX + value: {{ .Values.walG.s3.walGS3Prefix | quote }} +- name: AWS_ENDPOINT + value: {{ .Values.walG.s3.awsEndpoint | quote }} +- name: AWS_S3_FORCE_PATH_STYLE + value: {{ .Values.walG.s3.awsS3ForcePathStyle | quote }} +- name: AWS_REGION + value: {{ .Values.walG.s3.awsRegion | quote }} {{- end }} {{- else }} -- name: USE_WALE +- name: USE_WALG value: "" {{- end }} {{- end }} -{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml new file mode 100644 index 00000000..0bfb4b40 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml @@ -0,0 +1,58 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} +{{- if (include "patroni.createCronJob" .) }} +apiVersion: {{ include "common.capabilities.cronjob.apiVersion" . }} +kind: CronJob +metadata: + name: {{ include "patroni.fullname" . }}-backup + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + application: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + +spec: + schedule: "*/1 * * * *" + failedJobsHistoryLimit: 1 + successfulJobsHistoryLimit: 1 + jobTemplate: + spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: {{ .Chart.Name }}-backup + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: Always + #imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + command: + - /usr/bin/env + - bash + - -c + - | + echo "sleeping ...." + sleep 10000 + echo "Successfull" + init-stack /opt/drycc/wal-g/bin/wal-g backup-push + init-stack /opt/drycc/wal-g/bin/wal-g delete + env: + {{- include "walg.envs" . | indent 14 }} + - name: PGHOST + value: {{ include "patroni.fullname" . }}-repl + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-replication + - name: PGUSER + value: standby + - name: PGPORT + value: "5432" +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml index 3b3baa56..dfad66c3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml @@ -8,6 +8,7 @@ metadata: {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} + app.kubernetes.io/component: patroni cluster-name: {{ template "patroni.fullname" . }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/role.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/role.yaml index c81b39a8..8dec5309 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/role.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/role.yaml @@ -5,7 +5,7 @@ metadata: name: {{ template "patroni.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/rolebinding.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/rolebinding.yaml index d09de1c8..5e15948f 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/rolebinding.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/rolebinding.yaml @@ -5,7 +5,7 @@ metadata: name: {{ template "patroni.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml index 89214502..306e93e7 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml @@ -4,7 +4,7 @@ metadata: name: {{ template "patroni.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/serviceaccount.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/serviceaccount.yaml index 819bb983..e1b2ebf6 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/serviceaccount.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/serviceaccount.yaml @@ -5,7 +5,7 @@ metadata: name: {{ template "patroni.serviceAccountName" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 803b9702..335ea342 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -5,7 +5,7 @@ metadata: namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} app.kubernetes.io/component: patroni - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -16,16 +16,20 @@ spec: selector: matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} app.kubernetes.io/component: patroni - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} + heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} template: metadata: name: {{ template "patroni.fullname" . }} labels: {{- include "common.labels.standard" . | nindent 8 }} app.kubernetes.io/component: patroni - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} + heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} spec: serviceAccountName: {{ template "patroni.serviceAccountName" . }} @@ -91,13 +95,6 @@ spec: - mountPath: "/opt/drycc/postgresql/scripts/" name: patroni-config # readOnly: true - {{- if .Values.walE.enable }} - {{- if .Values.walE.kubernetesSecret }} - - name: {{ .Values.walE.kubernetesSecret }} - mountPath: /etc/credentials - readOnly: true - {{- end }} - {{- end }} resources: {{ toYaml .Values.resources | indent 10 }} {{- if .Values.metrics.enabled }} @@ -171,13 +168,6 @@ spec: - name: patroni-config configMap: name: {{ template "common.names.fullname" . }}-cm - {{- if .Values.walE.enable }} - {{- if .Values.walE.kubernetesSecret }} - - name: {{ .Values.walE.kubernetesSecret }} - secret: - secretName: {{ .Values.walE.kubernetesSecret }} - {{- end }} - {{- end }} {{- if not .Values.persistentVolume.enabled }} - name: storage-volume emptyDir: {} @@ -191,7 +181,7 @@ spec: {{ toYaml .Values.persistentVolume.annotations | indent 8 }} {{- end }} labels: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-config.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-config.yaml index 442be2f3..5f7b0f60 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-config.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-config.yaml @@ -4,7 +4,7 @@ kind: Service metadata: name: {{ template "patroni.fullname" . }}-config labels: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} release: {{ .Release.Name }} cluster-name: {{ template "patroni.fullname" . }} spec: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml new file mode 100644 index 00000000..48dba13d --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }}-master + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} + role: master +spec: + type: LoadBalancer + selector: + application: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + role: master + ports: + - name: postgresql + port: 5432 + targetPort: 5432 + protocol: TCP \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/metrics-svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-metrics.yaml similarity index 96% rename from addons/postgresql-cluster/15/chart/postgresql-cluster/templates/metrics-svc.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-metrics.yaml index 0cd24f48..862c6a0c 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/metrics-svc.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-metrics.yaml @@ -5,6 +5,7 @@ metadata: name: {{ printf "%s-metrics" (include "patroni.fullname" .) }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni app.kubernetes.io/component: metrics {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml index cccaf8ce..c5861935 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml @@ -3,17 +3,18 @@ kind: Service metadata: name: {{ template "patroni.fullname" . }}-repl namespace: {{ include "common.names.namespace" . | quote }} - labels: - app: {{ template "patroni.fullname" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} role: replica spec: - type: ClusterIP + type: LoadBalancer selector: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} cluster-name: {{ template "patroni.fullname" . }} role: replica ports: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml index 301216e1..adc0ab69 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml @@ -3,16 +3,22 @@ kind: Service metadata: name: {{ template "patroni.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} - labels: - app: {{ template "patroni.fullname" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} + role: master spec: - type: ClusterIP + type: LoadBalancer + selector: + application: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + role: master ports: - name: postgresql port: 5432 - targetPort: postgresql + targetPort: 5432 protocol: TCP \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 4d28d660..43a38eb0 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -1,7 +1,10 @@ -replicaCount: 3 +replicaCount: 1 diagnosticMode: enable: false +service: + type: LoadBalancer + image: # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 # https://github.com/zalando/spilo/tree/master/postgres-appliance @@ -104,7 +107,7 @@ postInitScript: | psql -w -c "create user ${DATABASE_USER} WITH LOGIN ENCRYPTED PASSWORD '${DATABASE_PASSWORD}'" echo "Creating database ${DATABASE_NAME} " psql -w -c "CREATE DATABASE ${DATABASE_NAME} OWNER ${DATABASE_USER} CONNECTION LIMIT 1000" - psql -w -d ${DATABASE_NAME} -c "create extension postgis" + psql -w -d ${DATABASE_NAME} -c "create extension postgis ; create extension pg_stat_statements ; create extension pg_buffercache ;" psql -w -c "CHECKPOINT;CHECKPOINT;" else echo "Skipping user creation" @@ -114,7 +117,7 @@ postInitScript: | ## Postgresql Prometheus exporter parameters ## metrics: - enabled: true + enabled: false image: repository: registry.drycc.cc/drycc-addons/postgres-exporter tag: "0" @@ -157,17 +160,21 @@ metrics: customLivenessProbe: {} customReadinessProbe: enabled: true - resources: {} -walE: + resources: + limits: + cpu: 100m + memory: 512Mi + # hugepages-2Mi: 4Mi + requests: + cpu: 100m + memory: 512Mi +walG: # Specifies whether Wal-E should be enabled enable: false # Cron schedule for doing base backups scheduleCronJob: 00 01 * * * # Amount of base backups to retain retainBackups: 2 - # Path to the S3 or GCS bucket used for WAL-E base backups - s3Bucket: - gcsBucket: # Name of the secret that holds the credentials to the bucket kubernetesSecret: # Maximum size of the WAL segments accumulated after the base backup to @@ -176,6 +183,13 @@ walE: # Maximum ratio (in percents) of the accumulated WAL files to the base backup # to consider WAL-E restore instead of pg_basebackup backupThresholdPercentage: 30 + s3: + awsAccessKeyID: "xxx" + awsSecretAccessKey: "xx" + walGS3Prefix: "xxx" + awsEndpoint: "xxx" + awsS3ForcePathStyle: "true" + awsRegion: dx-1 persistentVolume: enabled: false @@ -198,12 +212,12 @@ resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: - cpu: 1000m - memory: 1Gi + cpu: 100m + memory: 512Mi # hugepages-2Mi: 4Mi requests: - cpu: 1000m - memory: 1Gi + cpu: 100m + memory: 512Mi # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} @@ -220,7 +234,7 @@ affinityTemplate: | topologyKey: "kubernetes.io/hostname" labelSelector: matchLabels: - app: {{ template "patroni.name" . }} + application: {{ template "patroni.name" . }} release: {{ .Release.Name | quote }} affinity: {} @@ -244,7 +258,7 @@ serviceAccount: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: true + enabled: false ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port MySQL is listening diff --git a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml index e5b14d98..cf57e76b 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml @@ -1,5 +1,5 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} + {{- if (eq .Values.service.type "LoadBalancer") }} - name: host valueFrom: secretKeyRef: diff --git a/addons/postgresql-cluster/15/plans/standard-10/meta.yaml b/addons/postgresql-cluster/15/plans/standard-10/meta.yaml index 6c738828..f5c2257b 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/meta.yaml @@ -1,6 +1,6 @@ name: "standard-10" -id: 2b455154-8725-482a-95b2-a193c180d9b5 -description: "Mysql Cluster standard-10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G , DB MAX Connection 600" +id: 83c3b52e-2685-4362-9ea1-42e170060c78 +description: "Postgresql Cluster standard-10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G , DB MAX Connection 600" displayName: "standard-10" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-10/values.yaml b/addons/postgresql-cluster/15/plans/standard-10/values.yaml index f90075a8..2082d76c 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/values.yaml @@ -1,61 +1,83 @@ ## @param fullnameOverride String to fully override common.names.fullname template ## -fullnameOverride: hb-mysql-cluster-standard-10 +fullnameOverride: hb-postgresql-cluster-standard-10 -## MinIO® containers' resource requests and limits -## ref: https://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the MinIO® container -## @param resources.requests The requested resources for the MinIO® container -## -primary: - maxConnectionLimit: 600 - resources: +preInitScript: | + cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ + log: + level: DEBUG + bootstrap: + dcs: + postgresql: + use_pg_rewind: true + use_slots: true + pg_hba: + - local all all peer + - host all tea_mon 127.0.0.1/32 trust + - host all all 0.0.0.0/0 scram-sha-256 + - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 + parameters: + wal_level: hot_standby + hot_standby: "on" + max_connections: 1005 + max_worker_processes: 8 + wal_keep_segments: 8 + max_wal_senders: 10 + max_replication_slots: 10 + max_prepared_transactions: 0 + max_locks_per_transaction: 64 + wal_log_hints: "on" + track_commit_timestamp: "off" + archive_mode: "on" + archive_timeout: 1800s + archive_command: /bin/true + # timescaledb.license: 'timescale' + shared_preload_libraries: 'pg_stat_statements' + initdb: + - auth-host: scram-sha-256 + - auth-local: trust + - encoding: UTF8 + - locale: en_US.UTF-8 + - data-checksums + post_bootstrap: sh /opt/drycc/postgresql/scripts/post_init.sh + restapi: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:8008' + postgresql: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:5432' + authentication: + superuser: + username: postgres + password: '${PATRONI_SUPERUSER_PASSWORD}' + replication: + username: standby + password: '${PATRONI_REPLICATION_PASSWORD}' + rewind: # Has no effect on postgres 10 and lower + username: rewinder + password: '${PATRONI_REWIND_USERNAME}' + watchdog: + mode: off + __EOF__ + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 1000m + memory: 1Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 1000m + memory: 1Gi + +persistentVolume: + enabled: true + size: 10G + +metrics: + resources: limits: cpu: 1000m - memory: 1024Mi + memory: 1Gi requests: cpu: 1000m - memory: 1024Mi - - -## @section Persistence parameters - -## Enable persistence using Persistent Volume Claims -## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ -## - persistence: - ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir - ## - enabled: true - ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas - ## NOTE: When it's set the rest of persistence parameters are ignored - ## - existingClaim: "" - ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations - ## - annotations: {} - ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes - ## - accessModes: - - ReadWriteOnce - ## @param primary.persistence.size MySQL primary persistent volume size - ## - size: 10Gi - ## @param primary.persistence.selector Selector to match an existing Persistent Volume - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} + memory: 1Gi diff --git a/addons/postgresql-cluster/15/plans/standard-20/values.yaml b/addons/postgresql-cluster/15/plans/standard-20/values.yaml index d9422e70..12db2471 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/values.yaml @@ -56,6 +56,6 @@ primary: ## @param primary.persistence.selector Selector to match an existing Persistent Volume ## selector: ## matchLabels: - ## app: my-app + ## application: my-app ## selector: {} From 56ce8454d8837add5343e505a9501b2384d5c2d6 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 17 Nov 2023 15:47:53 +0800 Subject: [PATCH 20/22] chore(postgresql-cluster): redirect postgresql log --- addons/postgresql-cluster/15/chart/cj.yaml | 605 ------------------ .../templates/networkpolicy.yaml | 2 +- .../templates/statefulset.yaml | 12 +- .../postgresql-cluster/templates/svc.yaml | 12 +- .../15/chart/postgresql-cluster/values.yaml | 60 +- 5 files changed, 71 insertions(+), 620 deletions(-) delete mode 100644 addons/postgresql-cluster/15/chart/cj.yaml diff --git a/addons/postgresql-cluster/15/chart/cj.yaml b/addons/postgresql-cluster/15/chart/cj.yaml deleted file mode 100644 index 48880e1c..00000000 --- a/addons/postgresql-cluster/15/chart/cj.yaml +++ /dev/null @@ -1,605 +0,0 @@ ---- -# Source: postgresql/templates/networkpolicy.yaml -kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: patroni - cluster-name: release-name-postgresql -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: postgresql - app.kubernetes.io/instance: release-name - ingress: - # Allow inbound connections - - ports: - - port: 5432 - - port: 9187 - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: default ---- -# Source: postgresql/templates/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm ---- -# Source: postgresql/templates/sec.yaml -apiVersion: v1 -kind: Secret -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm - cluster-name: release-name-postgresql -type: Opaque -data: - password-superuser: dGVh - password-rewind: Y29sYQ== - password-replication: cmVwcGFzc3dk - data-user: dXMx - data-name: ZGIx - data-password: MTExdw== ---- -# Source: postgresql/templates/configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: release-name-postgresql-cm - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - cluster-name: release-name-postgresql -data: - pre_init.sh: |- - cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ - log: - level: DEBUG - bootstrap: - dcs: - postgresql: - use_pg_rewind: true - use_slots: true - pg_hba: - - local all all peer - - host all tea_mon 127.0.0.1/32 trust - - host all all 0.0.0.0/0 scram-sha-256 - - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 - parameters: - wal_level: hot_standby - hot_standby: "on" - max_connections: 1005 - max_worker_processes: 8 - wal_keep_segments: 8 - max_wal_senders: 10 - max_replication_slots: 10 - max_prepared_transactions: 0 - max_locks_per_transaction: 64 - wal_log_hints: "on" - track_commit_timestamp: "off" - archive_mode: "on" - archive_timeout: 1800s - archive_command: /bin/true - # timescaledb.license: 'timescale' - shared_preload_libraries: 'auto_explain,pg_stat_statements' - initdb: - - auth-host: scram-sha-256 - - auth-local: trust - - encoding: UTF8 - - locale: en_US.UTF-8 - - data-checksums - post_bootstrap: sh /opt/drycc/postgresql/scripts/post_init.sh - restapi: - connect_address: '${PATRONI_KUBERNETES_POD_IP}:8008' - postgresql: - connect_address: '${PATRONI_KUBERNETES_POD_IP}:5432' - authentication: - superuser: - username: postgres - password: '${PATRONI_SUPERUSER_PASSWORD}' - replication: - username: standby - password: '${PATRONI_REPLICATION_PASSWORD}' - rewind: # Has no effect on postgres 10 and lower - username: rewinder - password: '${PATRONI_REWIND_USERNAME}' - watchdog: - mode: off - __EOF__ - - post_init.sh: |- - #!/bin/bash - set -Eeu - # Create monitor user - psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor" - # Create init database & user - if [[( -n "$DATABASE_USER") && ( -n "$DATABASE_PASSWORD") && ( -n "$DATABASE_NAME")]]; then - echo "Creating user ${DATABASE_USER}" - psql -w -c "create user ${DATABASE_USER} WITH LOGIN ENCRYPTED PASSWORD '${DATABASE_PASSWORD}'" - echo "Creating database ${DATABASE_NAME} " - psql -w -c "CREATE DATABASE ${DATABASE_NAME} OWNER ${DATABASE_USER} CONNECTION LIMIT 1000" - psql -w -d ${DATABASE_NAME} -c "create extension postgis ; create extension pg_stat_statements ; create extension pg_buffercache ;" - psql -w -c "CHECKPOINT;CHECKPOINT;" - else - echo "Skipping user creation" - echo "Skipping database creation" - fi ---- -# Source: postgresql/templates/role.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: - - create - - get - - list - - patch - - update - - watch - # delete is required only for 'patronictl remove' - - delete -- apiGroups: [""] - resources: ["services"] - verbs: - - create -- apiGroups: [""] - resources: ["endpoints"] - verbs: - - create - - get - - patch - - update - # the following three privileges are necessary only when using endpoints - - list - - watch - # delete is required only for for 'patronictl remove' - - delete - - deletecollection -- apiGroups: [""] - resources: ["pods"] - verbs: - - get - - list - - patch - - update - - watch ---- -# Source: postgresql/templates/rolebinding.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm -subjects: - - kind: ServiceAccount - name: release-name-postgresql -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: release-name-postgresql ---- -# Source: postgresql/templates/svc-config.yaml -# headless service to avoid deletion of patronidemo-config endpoint -apiVersion: v1 -kind: Service -metadata: - name: release-name-postgresql-config - labels: - app: release-name-postgresql - release: release-name - cluster-name: release-name-postgresql -spec: - clusterIP: None ---- -# Source: postgresql/templates/svc-metrics.yaml -apiVersion: v1 -kind: Service -metadata: - name: release-name-postgresql-metrics - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: patroni - app.kubernetes.io/component: metrics - annotations: - prometheus.io/port: '9187' - prometheus.io/scrape: "true" -spec: - type: ClusterIP - sessionAffinity: None - ports: - - name: http-metrics - port: 9187 - targetPort: http-metrics - selector: - app.kubernetes.io/name: postgresql - app.kubernetes.io/instance: release-name - app.kubernetes.io/component: patroni ---- -# Source: postgresql/templates/svc-relp.yaml -apiVersion: v1 -kind: Service -metadata: - name: release-name-postgresql-repl - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: patroni - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm - cluster-name: release-name-postgresql - role: replica -spec: - type: LoadBalancer - selector: - app: release-name-postgresql - cluster-name: release-name-postgresql - role: replica - ports: - - port: 5432 - targetPort: 5432 ---- -# Source: postgresql/templates/svc.yaml -apiVersion: v1 -kind: Service -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: patroni - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm - cluster-name: release-name-postgresql - role: master -spec: - type: LoadBalancer - ports: - - name: postgresql - port: 5432 - targetPort: 5432 - protocol: TCP ---- -# Source: postgresql/templates/statefulset.yaml -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: patroni - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm - cluster-name: release-name-postgresql -spec: - serviceName: release-name-postgresql - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/name: postgresql - app.kubernetes.io/instance: release-name - app.kubernetes.io/component: patroni - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm - cluster-name: release-name-postgresql - template: - metadata: - name: release-name-postgresql - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: patroni - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm - cluster-name: release-name-postgresql - spec: - serviceAccountName: release-name-postgresql - - # securityContext: - # runAsUser: postgres - # fsGroup: postgres - containers: - - name: postgresql - image: "registry.drycc.cc/drycc-addons/postgresql-patroni:15" - imagePullPolicy: IfNotPresent - # securityContext: - # runAsUser: postgres - # fsGroup: postgres - env: - - name: PATRONI_KUBERNETES_USE_ENDPOINTS - value: 'true' - - name: PATRONI_KUBERNETES_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: PATRONI_KUBERNETES_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: PATRONI_KUBERNETES_BYPASS_API_SERVICE - value: 'true' - - name: PATRONI_KUBERNETES_LABELS - value: '{app: release-name-postgresql,release: release-name,cluster-name: release-name-postgresql}' - - name: PATRONI_SUPERUSER_USERNAME - value: postgres - - name: PATRONI_SUPERUSER_PASSWORD - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: password-superuser - - name: PATRONI_REPLICATION_USERNAME - value: standby - - name: PATRONI_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: password-replication - - name: PATRONI_REWIND_USERNAME - value: rewinder - - name: PATRONI_REWIND_PASSWORD - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: password-rewind - - name: PATRONI_SCOPE - value: release-name-postgresql - - name: PATRONI_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: PATRONI_POSTGRESQL_DATA_DIR - value: "/home/postgres/pgdata/data" - - name: PATRONI_POSTGRESQL_PGPASS - value: /tmp/pgpass - - name: PATRONI_POSTGRESQL_LISTEN - value: '0.0.0.0:5432' - - name: PATRONI_RESTAPI_LISTEN - value: '0.0.0.0:8008' - - - name: DATABASE_NAME - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: data-name - - name: DATABASE_USER - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: data-user - - name: DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: data-password - readinessProbe: - httpGet: - scheme: HTTP - path: /readiness - port: 8008 - initialDelaySeconds: 3 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 3 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /liveness - port: 8008 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - lifecycle: - preStop: - exec: - command: - - /usr/bin/env - - bash - - -c - - | - # switch leader pod if the current pod is the leader - if curl --fail http://localhost:8008/read-write; then - init-stack patronictl switchover --force - fi - ports: - - containerPort: 8008 - protocol: TCP - - containerPort: 5432 - protocol: TCP - volumeMounts: - - name: storage-volume - mountPath: "/home/postgres/pgdata" - - mountPath: "/opt/drycc/postgresql/scripts/" - name: patroni-config - # readOnly: true - resources: - limits: - cpu: 100m - memory: 512Mi - requests: - cpu: 100m - memory: 512Mi - - name: metrics - image: "registry.drycc.cc/drycc-addons/postgres-exporter:0" - imagePullPolicy: "IfNotPresent" - env: - - name: DATA_SOURCE_NAME - value: postgresql://tea_mon:password@127.0.0.1:5432/db1?sslmode=disable - ports: - - name: http-metrics - containerPort: 9187 - startupProbe: - initialDelaySeconds: 10 - tcpSocket: - port: http-metrics - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 15 - successThreshold: 1 - livenessProbe: - initialDelaySeconds: 5 - httpGet: - path: / - port: http-metrics - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - readinessProbe: - initialDelaySeconds: 5 - httpGet: - path: / - port: http-metrics - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - resources: - limits: - cpu: 100m - memory: 512Mi - requests: - cpu: 100m - memory: 512Mi - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - topologyKey: "kubernetes.io/hostname" - labelSelector: - matchLabels: - app: postgresql - release: "release-name" - - volumes: - - name: patroni-config - configMap: - name: release-name-postgresql-cm - - name: storage-volume - emptyDir: {} ---- -# Source: postgresql/templates/cronjob.yaml -apiVersion: batch/v1 -kind: CronJob -metadata: - name: release-name-postgresql-backup - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - cluster-name: release-name-postgresql - -spec: - schedule: "*/1 * * * *" - failedJobsHistoryLimit: 1 - successfulJobsHistoryLimit: 1 - jobTemplate: - spec: - template: - spec: - restartPolicy: OnFailure - containers: - - name: postgresql-backup - image: "registry.drycc.cc/drycc-addons/postgresql-patroni:15" - imagePullPolicy: Always - #imagePullPolicy: "IfNotPresent" - command: - - /usr/bin/env - - bash - - -c - - | - echo "sleeping ...." - sleep 10000 - echo "Successfull" - init-stack /opt/drycc/wal-g/bin/wal-g backup-push - init-stack /opt/drycc/wal-g/bin/wal-g delete - env: - - name: USE_WALG - value: "true" - - name: BACKUP_SCHEDULE - value: "eee" - - name: BACKUP_NUM_TO_RETAIN - value: "2" - - name: WALG_BACKUP_THRESHOLD_MEGABYTES - value: "1024" - - name: WALE_BACKUP_THRESHOLD_PERCENTAGE - value: "30" - - name: PGHOST - value: release-name-postgresql-repl - - name: PGPASSWORD - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: password-replication - - name: PGUSER - value: standby - - name: PGPORT - value: "5432" diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml index dfad66c3..8b429517 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml @@ -23,7 +23,7 @@ spec: - port: 5432 {{- if and .Values.metrics.enabled }} - port: {{ .Values.metrics.containerPort }} - {{ end }} + {{ end }} `` {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} from: {{- if .Values.networkPolicy.allowCurrentNamespace }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 335ea342..8e436be3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -32,8 +32,18 @@ spec: heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} spec: + {{- if .Values.patroni.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.patroni.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.patroni.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.patroni.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.patroni.nodeAffinityPreset.type "key" .Values.patroni.nodeAffinityPreset.key "values" .Values.patroni.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.patroni.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.patroni.nodeSelector "context" $) | nindent 8 }} + {{- end }} serviceAccountName: {{ template "patroni.serviceAccountName" . }} - # securityContext: # runAsUser: postgres # fsGroup: postgres diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml index adc0ab69..77ffd855 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml @@ -10,15 +10,9 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} - role: master spec: type: LoadBalancer - selector: - application: {{ template "patroni.fullname" . }} - cluster-name: {{ template "patroni.fullname" . }} - role: master ports: - - name: postgresql - port: 5432 - targetPort: 5432 - protocol: TCP \ No newline at end of file + - port: 5432 + targetPort: 5432 + protocol: TCP \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 43a38eb0..20d57dc3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -1,4 +1,4 @@ -replicaCount: 1 +replicaCount: 3 diagnosticMode: enable: false @@ -41,9 +41,11 @@ env: {} #custom patroni.yaml used by patroni boot # configuration: {} preInitScript: | + mkdir /home/postgres/pgdata/log + ln -sf /dev/stdout "/home/postgres/pgdata/log/postgresql.csv" cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ log: - level: DEBUG + level: INFO bootstrap: dcs: postgresql: @@ -71,6 +73,14 @@ preInitScript: | archive_command: /bin/true # timescaledb.license: 'timescale' shared_preload_libraries: 'auto_explain,pg_stat_statements' + log_destination: 'csvlog' + log_filename: postgresql.log + logging_collector: on + log_directory: /home/postgres/pgdata/log + log_min_messages: 'info' + log_min_duration_statement: 1000 + log_lock_waits: on + log_statement: 'ddl' initdb: - auth-host: scram-sha-256 - auth-local: trust @@ -114,6 +124,48 @@ postInitScript: | echo "Skipping database creation" fi +patroni: + ## @param patroni.podAnnotations Additional pod annotations for Postgresql patroni pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param patroni.podAffinityPreset Postgresql patroni pod affinity preset. Ignored if `patroni.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param patroni.podAntiAffinityPreset Postgresql patroni pod anti-affinity preset. Ignored if `patroni.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Postgresql Primary node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param patroni.nodeAffinityPreset.type Postgresql patroni node affinity preset type. Ignored if `patroni.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param patroni.nodeAffinityPreset.key Postgresql patroni node label key to match Ignored if `patroni.affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param patroni.nodeAffinityPreset.values Postgresql patroni node label values to match. Ignored if `patroni.affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param patroni.affinity Affinity for Postgresql patroni pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param patroni.nodeSelector Node labels for Postgresql patroni pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## Postgresql Prometheus exporter parameters ## metrics: @@ -261,8 +313,8 @@ networkPolicy: enabled: false ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct - ## client label will have network access to the port MySQL is listening - ## on. When true, MySQL will accept connections from any source + ## client label will have network access to the port Postgresql is listening + ## on. When true, Postgresql will accept connections from any source ## (with the correct destination port). ## allowCurrentNamespace: true From 5c95bf455b0c9cdbbc1ba83338422d88ee3baab2 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 22 Nov 2023 09:32:25 +0800 Subject: [PATCH 21/22] chore(postgresql-cluster): add pgbackup --- .../postgresql-cluster/templates/_helpers.tpl | 18 ++++---- .../postgresql-cluster/templates/cronjob.yaml | 25 +++-------- .../templates/statefulset.yaml | 41 ++++++++++++++++++- .../templates/svc-relp.yaml | 8 +++- .../15/chart/postgresql-cluster/values.yaml | 18 ++++---- 5 files changed, 68 insertions(+), 42 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl index c75c3b29..1e4e50bc 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl @@ -43,10 +43,10 @@ Create the name of the service account to use. {{- end -}} {{/* -Return true if a cronjob object should be created for Postgresql HA patroni +Return true if a cronjob object should be created for Postgresql HA patroni ## TODO feature */}} {{- define "patroni.createCronJob" -}} -{{- if and .Values.walG.enable }} +{{- if and .Values.walG.enabled }} {{- true -}} {{- else -}} {{- end -}} @@ -115,13 +115,14 @@ Create patroni envs. fieldPath: metadata.name - name: PATRONI_POSTGRESQL_DATA_DIR value: "{{ .Values.persistentVolume.mountPath }}/data" +- name: PGDATA + value: "{{ .Values.persistentVolume.mountPath }}/data" - name: PATRONI_POSTGRESQL_PGPASS value: /tmp/pgpass - name: PATRONI_POSTGRESQL_LISTEN value: '0.0.0.0:5432' - name: PATRONI_RESTAPI_LISTEN value: '0.0.0.0:8008' - - name: DATABASE_NAME valueFrom: secretKeyRef: @@ -137,20 +138,15 @@ Create patroni envs. secretKeyRef: name: {{ template "patroni.fullname" . }} key: data-password - {{- end -}} {{/* Create walg envs. */}} {{- define "walg.envs" }} -{{- if .Values.walG.enable }} +{{- if .Values.walG.enabled }} - name: USE_WALG - value: {{ .Values.walG.enable | quote }} -{{- if .Values.walG.scheduleCronJob }} -- name: BACKUP_SCHEDULE - value: {{ .Values.walG.scheduleCronJob | quote}} -{{- end }} + value: {{ .Values.walG.enabled | quote }} {{- if .Values.walG.retainBackups }} - name: BACKUP_NUM_TO_RETAIN value: {{ .Values.walG.retainBackups | quote}} @@ -165,7 +161,7 @@ Create walg envs. {{- end }} {{- if .Values.walG.s3.used }} - name: AWS_ACCESS_KEY_ID - value: {{ .Values.walG.s3.awsAccessKeyId | quote }} + value: {{ .Values.walG.s3.awsAccessKeyID | quote }} - name: AWS_SECRET_ACCESS_KEY value: {{ .Values.walG.s3.awsSecretAccessKey | quote }} - name: WALG_S3_PREFIX diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml index 0bfb4b40..39c08de3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml @@ -19,7 +19,7 @@ metadata: {{- end }} spec: - schedule: "*/1 * * * *" + schedule: "{{ .Values.walG.scheduleCronJob }}" failedJobsHistoryLimit: 1 successfulJobsHistoryLimit: 1 jobTemplate: @@ -30,29 +30,14 @@ spec: containers: - name: {{ .Chart.Name }}-backup image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: Always - #imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} command: - /usr/bin/env - bash - -c - | - echo "sleeping ...." - sleep 10000 - echo "Successfull" - init-stack /opt/drycc/wal-g/bin/wal-g backup-push - init-stack /opt/drycc/wal-g/bin/wal-g delete + curl "http://${REPLHOST}:9000/pg_backup" env: - {{- include "walg.envs" . | indent 14 }} - - name: PGHOST - value: {{ include "patroni.fullname" . }}-repl - - name: PGPASSWORD - valueFrom: - secretKeyRef: - name: {{ template "patroni.fullname" . }} - key: password-replication - - name: PGUSER - value: standby - - name: PGPORT - value: "5432" + - name: REPLHOST + value: {{ include "patroni.fullname" . }}-repl {{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 8e436be3..a14a3139 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -56,6 +56,9 @@ spec: # fsGroup: postgres env: {{- include "patroni.envs" . | indent 8 }} + {{- if .Values.walG.enabled }} + {{- include "walg.envs" . | indent 8 }} + {{- end }} {{- if .Values.env }} {{- range $key, $val := .Values.env }} - name: {{ $key | quote | upper }} @@ -156,7 +159,43 @@ spec: resources: {{- toYaml .Values.metrics.resources | nindent 12 }} {{- end }} {{- end }} - {{- with .Values.nodeSelector }} + {{- if .Values.walG.enabled }} + - name: {{ .Chart.Name }}-backup + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + # securityContext: + # runAsUser: postgres + # fsGroup: postgres + command: + - /usr/bin/env + - bash + - -c + - | + python3 /opt/drycc/postgresql/pgbackup.py 0.0.0.0 9000 + env: + {{- include "walg.envs" . | indent 8 }} + - name: PGHOST + value: localhost + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-superuser + - name: PGUSER + value: postgres + - name: PGDATABASE + value: postgres + - name: PGPORT + value: "5432" + - name: PGDATA + value: "{{ .Values.persistentVolume.mountPath }}/data" + ports: + - containerPort: 9000 + volumeMounts: + - name: storage-volume + mountPath: "{{ .Values.persistentVolume.mountPath }}" + {{- end }} + {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} {{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml index c5861935..ba50b3bd 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml @@ -18,5 +18,9 @@ spec: cluster-name: {{ template "patroni.fullname" . }} role: replica ports: - - port: 5432 - targetPort: 5432 \ No newline at end of file + - name: postgresql + port: 5432 + targetPort: 5432 + - name: pgbackup + port: 9000 + targetPort: 9000 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 20d57dc3..693681bf 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -56,6 +56,7 @@ preInitScript: | - host all tea_mon 127.0.0.1/32 trust - host all all 0.0.0.0/0 scram-sha-256 - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 + - host replication postgres 0.0.0.0/0 scram-sha-256 parameters: wal_level: hot_standby hot_standby: "on" @@ -69,8 +70,8 @@ preInitScript: | wal_log_hints: "on" track_commit_timestamp: "off" archive_mode: "on" - archive_timeout: 1800s - archive_command: /bin/true + archive_timeout: 300s + archive_command: sh /opt/drycc/postgresql/walbackup.sh %f # timescaledb.license: 'timescale' shared_preload_libraries: 'auto_explain,pg_stat_statements' log_destination: 'csvlog' @@ -222,9 +223,9 @@ metrics: memory: 512Mi walG: # Specifies whether Wal-E should be enabled - enable: false + enabled: true # Cron schedule for doing base backups - scheduleCronJob: 00 01 * * * + scheduleCronJob: "*/5 * * * *" # Amount of base backups to retain retainBackups: 2 # Name of the secret that holds the credentials to the bucket @@ -236,10 +237,11 @@ walG: # to consider WAL-E restore instead of pg_basebackup backupThresholdPercentage: 30 s3: - awsAccessKeyID: "xxx" - awsSecretAccessKey: "xx" - walGS3Prefix: "xxx" - awsEndpoint: "xxx" + used: true + awsAccessKeyID: "minioadmin" + awsSecretAccessKey: "minioadmin" + walGS3Prefix: "s3://pg1" + awsEndpoint: "http://10.10.2.11:9000" awsS3ForcePathStyle: "true" awsRegion: dx-1 From b940caa3e413a6986eb15feb41338df9ae6a7569 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 22 Nov 2023 14:27:30 +0800 Subject: [PATCH 22/22] chore(postgresql-cluster): add plans --- .../templates/cm -postgresql.yaml | 18 +++ .../{configmap.yaml => cm-patroni.yaml} | 2 +- .../templates/statefulset.yaml | 7 +- .../15/chart/postgresql-cluster/values.yaml | 28 +++- .../15/plans/standard-10/bind.yaml | 39 +++-- .../15/plans/standard-10/values.yaml | 123 ++++++++-------- .../15/plans/standard-100/bind.yaml | 30 ++++ .../standard-100/create-instance-schema.json | 12 ++ .../15/plans/standard-100/meta.yaml | 6 + .../15/plans/standard-100/values.yaml | 76 ++++++++++ .../15/plans/standard-20/bind.yaml | 40 +++--- .../15/plans/standard-20/meta.yaml | 2 +- .../15/plans/standard-20/values.yaml | 134 ++++++++++-------- .../15/plans/standard-200/bind.yaml | 30 ++++ .../standard-200/create-instance-schema.json | 12 ++ .../15/plans/standard-200/meta.yaml | 6 + .../15/plans/standard-200/values.yaml | 75 ++++++++++ .../15/plans/standard-400/bind.yaml | 30 ++++ .../standard-400/create-instance-schema.json | 12 ++ .../15/plans/standard-400/meta.yaml | 6 + .../15/plans/standard-400/values.yaml | 75 ++++++++++ .../15/plans/standard-50/bind.yaml | 30 ++++ .../standard-50/create-instance-schema.json | 12 ++ .../15/plans/standard-50/meta.yaml | 6 + .../15/plans/standard-50/values.yaml | 76 ++++++++++ .../15/plans/standard-800/bind.yaml | 30 ++++ .../standard-800/create-instance-schema.json | 12 ++ .../15/plans/standard-800/meta.yaml | 6 + .../15/plans/standard-800/values.yaml | 75 ++++++++++ 29 files changed, 837 insertions(+), 173 deletions(-) create mode 100644 addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm -postgresql.yaml rename addons/postgresql-cluster/15/chart/postgresql-cluster/templates/{configmap.yaml => cm-patroni.yaml} (93%) create mode 100644 addons/postgresql-cluster/15/plans/standard-100/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-100/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-100/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-100/values.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-200/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-200/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-200/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-200/values.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-400/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-400/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-400/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-400/values.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-50/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-50/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-50/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-50/values.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-800/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-800/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-800/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-800/values.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm -postgresql.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm -postgresql.yaml new file mode 100644 index 00000000..8aba698a --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm -postgresql.yaml @@ -0,0 +1,18 @@ +{{- if (include "patroni.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-postgresql + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + custom_conf.conf: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.postgresql.config "context" $ ) | nindent 4 }} +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/configmap.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-patroni.yaml similarity index 93% rename from addons/postgresql-cluster/15/chart/postgresql-cluster/templates/configmap.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-patroni.yaml index 877d5879..ad4b5849 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/configmap.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-patroni.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "common.names.fullname" . }}-cm + name: {{ template "common.names.fullname" . }}-patroni namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index a14a3139..0d1ed21a 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -107,6 +107,8 @@ spec: mountPath: "{{ .Values.persistentVolume.mountPath }}" - mountPath: "/opt/drycc/postgresql/scripts/" name: patroni-config + - mountPath: "/opt/drycc/postgresql/config/" + name: postgresql-config # readOnly: true resources: {{ toYaml .Values.resources | indent 10 }} @@ -216,7 +218,10 @@ spec: volumes: - name: patroni-config configMap: - name: {{ template "common.names.fullname" . }}-cm + name: {{ template "common.names.fullname" . }}-patroni + - name: postgresql-config + configMap: + name: {{ template "common.names.fullname" . }}-postgresql {{- if not .Values.persistentVolume.enabled }} - name: storage-volume emptyDir: {} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 693681bf..451cb0ba 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -41,13 +41,23 @@ env: {} #custom patroni.yaml used by patroni boot # configuration: {} preInitScript: | - mkdir /home/postgres/pgdata/log + mkdir -p /home/postgres/pgdata/log ln -sf /dev/stdout "/home/postgres/pgdata/log/postgresql.csv" cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ log: level: INFO + restapi: + listen: 0.0.0.0:8008 + connect_address: 0.0.0.0:8008 + authentication: + username: NzUwNjg3MTEtMDgzOS00YTNkLWEyNjAt + password: YjJjMDNjYjQtMDA0Ny00NTgwLTgwYjMt bootstrap: dcs: + ttl: 30 + loop_wait: 10 + retry_timeout: 10 + maximum_lag_on_failover: 1048576 postgresql: use_pg_rewind: true use_slots: true @@ -57,12 +67,13 @@ preInitScript: | - host all all 0.0.0.0/0 scram-sha-256 - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 - host replication postgres 0.0.0.0/0 scram-sha-256 + custom_conf: '/opt/drycc/postgresql/config/custom_conf.conf' parameters: wal_level: hot_standby hot_standby: "on" max_connections: 1005 max_worker_processes: 8 - wal_keep_segments: 8 + wal_keep_segments: 1024 max_wal_senders: 10 max_replication_slots: 10 max_prepared_transactions: 0 @@ -71,7 +82,7 @@ preInitScript: | track_commit_timestamp: "off" archive_mode: "on" archive_timeout: 300s - archive_command: sh /opt/drycc/postgresql/walbackup.sh %f + archive_command: sh /opt/drycc/postgresql/walbackup.sh %p # timescaledb.license: 'timescale' shared_preload_libraries: 'auto_explain,pg_stat_statements' log_destination: 'csvlog' @@ -124,6 +135,17 @@ postInitScript: | echo "Skipping user creation" echo "Skipping database creation" fi +postgresql: + config: |- + log_min_duration_statement = 1008 + max_wal_size = 4GB + min_wal_size = 4GB + max_connections = 1005 + max_worker_processes = 8 + max_wal_senders = 10 + max_replication_slots = 10 + max_prepared_transactions = 0 + max_locks_per_transaction = 64 patroni: ## @param patroni.podAnnotations Additional pod annotations for Postgresql patroni pods diff --git a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml index cf57e76b..d48323b0 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml @@ -1,34 +1,31 @@ credential: - {{- if (eq .Values.service.type "LoadBalancer") }} +{{- if (eq .Values.service.type "LoadBalancer") }} - name: host valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' - name: database valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' - name: password valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.password }' + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' - name: username valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: portro - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portro }' - - name: portrw - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} diff --git a/addons/postgresql-cluster/15/plans/standard-10/values.yaml b/addons/postgresql-cluster/15/plans/standard-10/values.yaml index 2082d76c..b6037e16 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/values.yaml @@ -2,82 +2,75 @@ ## fullnameOverride: hb-postgresql-cluster-standard-10 -preInitScript: | - cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ - log: - level: DEBUG - bootstrap: - dcs: - postgresql: - use_pg_rewind: true - use_slots: true - pg_hba: - - local all all peer - - host all tea_mon 127.0.0.1/32 trust - - host all all 0.0.0.0/0 scram-sha-256 - - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 - parameters: - wal_level: hot_standby - hot_standby: "on" - max_connections: 1005 - max_worker_processes: 8 - wal_keep_segments: 8 - max_wal_senders: 10 - max_replication_slots: 10 - max_prepared_transactions: 0 - max_locks_per_transaction: 64 - wal_log_hints: "on" - track_commit_timestamp: "off" - archive_mode: "on" - archive_timeout: 1800s - archive_command: /bin/true - # timescaledb.license: 'timescale' - shared_preload_libraries: 'pg_stat_statements' - initdb: - - auth-host: scram-sha-256 - - auth-local: trust - - encoding: UTF8 - - locale: en_US.UTF-8 - - data-checksums - post_bootstrap: sh /opt/drycc/postgresql/scripts/post_init.sh - restapi: - connect_address: '${PATRONI_KUBERNETES_POD_IP}:8008' - postgresql: - connect_address: '${PATRONI_KUBERNETES_POD_IP}:5432' - authentication: - superuser: - username: postgres - password: '${PATRONI_SUPERUSER_PASSWORD}' - replication: - username: standby - password: '${PATRONI_REPLICATION_PASSWORD}' - rewind: # Has no effect on postgres 10 and lower - username: rewinder - password: '${PATRONI_REWIND_USERNAME}' - watchdog: - mode: off - __EOF__ +postgresql: + config: |- + # Connectivity + max_connections = 980 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '256 MB' + work_mem = '32 MB' + maintenance_work_mem = '320 MB' + huge_pages = off + effective_cache_size = '1 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '1024 MB' + min_wal_size = '512 MB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '3650 MB' + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 2 + max_parallel_workers_per_gather = 1 + max_parallel_maintenance_workers = 1 + max_parallel_workers = 2 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: cpu: 1000m - memory: 1Gi + memory: 2Gi # hugepages-2Mi: 4Mi requests: cpu: 1000m - memory: 1Gi + memory: 2Gi persistentVolume: enabled: true size: 10G -metrics: - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 1000m - memory: 1Gi diff --git a/addons/postgresql-cluster/15/plans/standard-100/bind.yaml b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml new file mode 100644 index 00000000..619e1429 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml @@ -0,0 +1,30 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-100/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-100/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-100/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-100/meta.yaml b/addons/postgresql-cluster/15/plans/standard-100/meta.yaml new file mode 100644 index 00000000..8b3352c9 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-100" +id: c44160a6-5ec4-49e5-af1e-a1c1676871cf +description: "Mysql Cluster standard-100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 2000" +displayName: "standard-100" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-100/values.yaml b/addons/postgresql-cluster/15/plans/standard-100/values.yaml new file mode 100644 index 00000000..c937e07a --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-100/values.yaml @@ -0,0 +1,76 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-100 + +postgresql: + config: |- + # Connectivity + max_connections = 2000 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '4096 MB' + work_mem = '32 MB' + maintenance_work_mem = '320 MB' + huge_pages = off + effective_cache_size = '11 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '1024 MB' + min_wal_size = '512 MB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '3650 MB' + + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 4 + max_parallel_workers_per_gather = 2 + max_parallel_maintenance_workers = 2 + max_parallel_workers = 4 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 4000m + memory: 16Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 4000m + memory: 16Gi + +persistentVolume: + enabled: true + size: 100G diff --git a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml index e8b99314..619e1429 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml @@ -1,34 +1,30 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} +{{- if (eq .Values.service.type "LoadBalancer") }} - name: host valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' - name: database valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' - name: password valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' - name: username valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: portro - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portro }' - - name: portrw - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} - + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-20/meta.yaml b/addons/postgresql-cluster/15/plans/standard-20/meta.yaml index e749a7db..e9580d73 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/meta.yaml @@ -1,5 +1,5 @@ name: "standard-20" -id: 95fd7cf2-f2fb-46c9-b3fc-9e7f48899dcc +id: edf8bdfe-b1dc-4f41-b042-801153794df7 description: "Mysql Cluster standard-20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" displayName: "standard-20" bindable: true diff --git a/addons/postgresql-cluster/15/plans/standard-20/values.yaml b/addons/postgresql-cluster/15/plans/standard-20/values.yaml index 12db2471..f460d01f 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/values.yaml @@ -1,61 +1,77 @@ ## @param fullnameOverride String to fully override common.names.fullname template ## -fullnameOverride: hb-mysql-cluster-standard-20 - -## MinIO® containers' resource requests and limits -## ref: https://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the MinIO® container -## @param resources.requests The requested resources for the MinIO® container -## -primary: - maxConnectionLimit: 1000 - resources: - limits: - cpu: 2000m - memory: 4Gi - requests: - cpu: 2000m - memory: 4Gi - - -## @section Persistence parameters - -## Enable persistence using Persistent Volume Claims -## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ -## - persistence: - ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir - ## - enabled: true - ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas - ## NOTE: When it's set the rest of persistence parameters are ignored - ## - existingClaim: "" - ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations - ## - annotations: {} - ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes - ## - accessModes: - - ReadWriteOnce - ## @param primary.persistence.size MySQL primary persistent volume size - ## - size: 20Gi - ## @param primary.persistence.selector Selector to match an existing Persistent Volume - ## selector: - ## matchLabels: - ## application: my-app - ## - selector: {} +fullnameOverride: hb-postgresql-cluster-standard-20 + +postgresql: + config: |- + # Connectivity + max_connections = 1000 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '1024 MB' + work_mem = '32 MB' + maintenance_work_mem = '320 MB' + huge_pages = off + effective_cache_size = '3 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '1024 MB' + min_wal_size = '512 MB' + + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '3650 MB' + + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 2 + max_parallel_workers_per_gather = 1 + max_parallel_maintenance_workers = 1 + max_parallel_workers = 2 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 2000m + memory: 4Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 2000m + memory: 4Gi + +persistentVolume: + enabled: true + size: 20G diff --git a/addons/postgresql-cluster/15/plans/standard-200/bind.yaml b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml new file mode 100644 index 00000000..619e1429 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml @@ -0,0 +1,30 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-200/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-200/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-200/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-200/meta.yaml b/addons/postgresql-cluster/15/plans/standard-200/meta.yaml new file mode 100644 index 00000000..89b4292b --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-200/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-200" +id: a2160ac2-6c35-4162-b8a2-8dfb2e01816f +description: "Mysql Cluster standard-200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 2000" +displayName: "standard-200" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-200/values.yaml b/addons/postgresql-cluster/15/plans/standard-200/values.yaml new file mode 100644 index 00000000..9db720e6 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-200/values.yaml @@ -0,0 +1,75 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-200 + +postgresql: + config: |- + # Connectivity + max_connections = 2000 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '8192 MB' + work_mem = '32 MB' + maintenance_work_mem = '420 MB' + huge_pages = try # NB! requires also activation of huge pages via kernel params, see here for more: https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES + effective_cache_size = '22 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '1024 MB' + min_wal_size = '512 MB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '3650 MB' + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 8 + max_parallel_workers_per_gather = 4 + max_parallel_maintenance_workers = 4 + max_parallel_workers = 8 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 8000m + memory: 32Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 8000m + memory: 32Gi + +persistentVolume: + enabled: true + size: 200G diff --git a/addons/postgresql-cluster/15/plans/standard-400/bind.yaml b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml new file mode 100644 index 00000000..619e1429 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml @@ -0,0 +1,30 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-400/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-400/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-400/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-400/meta.yaml b/addons/postgresql-cluster/15/plans/standard-400/meta.yaml new file mode 100644 index 00000000..b9472699 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-400/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-400" +id: 16bfd3a8-1080-4731-93d0-bd90e6ba6dad +description: "Mysql Cluster standard-400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 2000" +displayName: "standard-400" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-400/values.yaml b/addons/postgresql-cluster/15/plans/standard-400/values.yaml new file mode 100644 index 00000000..b1afad1d --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-400/values.yaml @@ -0,0 +1,75 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-400 + +postgresql: + config: |- + # Connectivity + max_connections = 2000 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '16384 MB' + work_mem = '32 MB' + maintenance_work_mem = '520 MB' + huge_pages = try # NB! requires also activation of huge pages via kernel params, see here for more: https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES + effective_cache_size = '45 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '1024 MB' + min_wal_size = '512 MB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '3650 MB' + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 16 + max_parallel_workers_per_gather = 8 + max_parallel_maintenance_workers = 8 + max_parallel_workers = 16 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 16000m + memory: 64Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 16000m + memory: 64Gi + +persistentVolume: + enabled: true + size: 400G diff --git a/addons/postgresql-cluster/15/plans/standard-50/bind.yaml b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml new file mode 100644 index 00000000..619e1429 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml @@ -0,0 +1,30 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-50/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-50/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-50/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml new file mode 100644 index 00000000..9fbb08f1 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-50" +id: 0542f411-4e7b-46af-966c-c9989e54873c +description: "Mysql Cluster standard-50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" +displayName: "standard-50" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-50/values.yaml b/addons/postgresql-cluster/15/plans/standard-50/values.yaml new file mode 100644 index 00000000..fbf8db1f --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-50/values.yaml @@ -0,0 +1,76 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-50 + +postgresql: + config: |- + # Connectivity + max_connections = 1000 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '2048 MB' + work_mem = '32 MB' + maintenance_work_mem = '320 MB' + huge_pages = off + effective_cache_size = '6 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '1024 MB' + min_wal_size = '512 MB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '3650 MB' + + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 2 + max_parallel_workers_per_gather = 1 + max_parallel_maintenance_workers = 1 + max_parallel_workers = 2 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 2000m + memory: 8Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 2000m + memory: 8Gi + +persistentVolume: + enabled: true + size: 50G diff --git a/addons/postgresql-cluster/15/plans/standard-800/bind.yaml b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml new file mode 100644 index 00000000..619e1429 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml @@ -0,0 +1,30 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-800/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-800/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-800/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-800/meta.yaml b/addons/postgresql-cluster/15/plans/standard-800/meta.yaml new file mode 100644 index 00000000..1748ac9e --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-800/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-800" +id: 60f37e20-e69e-4f6f-9cce-e43caec34963 +description: "Mysql Cluster standard-800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 2000" +displayName: "standard-800" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-800/values.yaml b/addons/postgresql-cluster/15/plans/standard-800/values.yaml new file mode 100644 index 00000000..3e88193a --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-800/values.yaml @@ -0,0 +1,75 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-800 + +postgresql: + config: |- + # Connectivity + max_connections = 2000 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '32768 MB' + work_mem = '64 MB' + maintenance_work_mem = '720 MB' + huge_pages = try # NB! requires also activation of huge pages via kernel params, see here for more: https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES + effective_cache_size = '90 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '10240 MB' + min_wal_size = '5120 MB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '22080 MB' + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 32 + max_parallel_workers_per_gather = 16 + max_parallel_maintenance_workers = 16 + max_parallel_workers = 32 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 32000m + memory: 128Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 32000m + memory: 128Gi + +persistentVolume: + enabled: true + size: 800G