diff --git a/addons/index.yaml b/addons/index.yaml index 75ec5191..fb67bcb2 100644 --- a/addons/index.yaml +++ b/addons/index.yaml @@ -1,5 +1,8 @@ apiVersion: v1 entries: + cloudbeaver: + - version: 23 + description: "Cloud Database Manager." mysql-cluster: - version: 8.0 description: "The world's most popular open source database cluster." diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md index 8d44fca1..5fe50e3b 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md @@ -1,151 +1,154 @@ -# ⚠️ Repo Archive Notice -As of Nov 13, 2020, charts in this repo will no longer be updated. -For more information, see the Helm Charts [Deprecation and Archive Notice](https://github.com/helm/charts#%EF%B8%8F-deprecation-and-archive-notice), and [Update](https://helm.sh/blog/charts-repo-deprecation/). - -# Patroni Helm Chart - -This directory contains a Kubernetes chart to deploy a five node [Patroni](https://github.com/zalando/patroni/) cluster using a [Spilo](https://github.com/zalando/spilo) and a StatefulSet. +# Postgresql cluster addons +## Plans +View and choose the service resource specifications you need. +``` + # drycc resources:plans postgresql-cluster +``` +### Resource specification list +| Resource Specification | Cores | MEMORY | Storage SIZE | +| :---: | :---: | :---: | :---: | +| standard-10 | 1C | 2G | 10G | +| standard-20 | 2C | 4G | 20G | +| standard-50 | 2C | 8G | 50G | +| standard-100 | 4C | 16G | 100G | +| standard-200 | 8C | 32G | 200G | +| standard-400 | 16C | 64G | 400G | +| standard-800 | 32C | 128G | 800G | + +In order to obtain a better experience, it is recommended not to exceed 80% usage of resource utilization for a long period of time. If there is a need for larger resource scale, please apply for private customization. + +## Create Postgresql Cluster Service instance + +- Create Postgresql service +``` +# drycc resources:create postgresql-cluster:standard-10 `my_pg_001` +``` +- View service status +``` +# drycc resources:describe `my_pg_001` +``` +- Bind service +``` +# drycc resources:bind `my_pg_001` +``` +- View resource status +``` +# drycc resources:describe `my_pg_001` +``` -## Prerequisites Details -* Kubernetes 1.9+ -* PV support on the underlying infrastructure +## Create Service with values file -## StatefulSet Details -* https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ +`vim values.yaml` +``` +# create or update pg instance template yaml +networkPolicy.allowNamespaces: + - mx-test1 +service.type: ClusterIP +metrics.enabled: true +backup: + # whether BackUP should be enabled + enabled: true + # Cron schedule for doing base backups + scheduleCronJob: "20 0 * * 0" + Amount of base backups to retain + retainBackups: 2 + s3: + awsAccessKeyID: "" + awsSecretAccessKey: "" + walGS3Prefix: "s3://xx" + awsEndpoint: "http://xxxx:9000" + awsS3ForcePathStyle: "true" + awsRegion: dx-1 +``` +``` + drycc resources:create postgresql-cluster:standard-10 `my_pg_001` -f ./values.yaml +``` -## StatefulSet Caveats -* https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#limitations +## Update Service +### Create app user and database +- Login database web with admin user & password -## Chart Details -This chart will do the following: +- CREATE APP USER +``` +CREATE USER `my_user` WITH CONNECTION LIMIT `conn_limit` LOGIN ENCRYPTED PASSWORD 'password'; +``` +- CREATE APP DATABASE +``` +CREATE DATABASE `my_db` OWNER `my_user`; +``` +- CREATE EXTENSIONS +``` +CREATE EXTENSION pg_buffercache; +``` -* Implement a HA scalable PostgreSQL 10 cluster using a Kubernetes StatefulSet. +### Network Access -## Installing the Chart +Default access allow policy: only namespace scope. -To install the chart with the release name `my-release`: +- allow `mx-test1` namespace access -```console -$ helm repo add -$ helm dependency update -$ helm install --name my-release postgresql-cluster +`vim values.yaml ` ``` - -To install the chart with randomly generated passwords: - -```console -$ helm install --name my-release postgresql-cluster \ - --set credentials.superuser="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)",credentials.admin="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)",credentials.standby="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)" +networkPolicy.allowNamespaces: + - mx-test1 ``` - -## Connecting to PostgreSQL - -Your access point is a cluster IP. In order to access it spin up another pod: - -```console -$ kubectl run -i --tty --rm psql --image=postgres --restart=Never -- bash -il ``` - -Then, from inside the pod, connect to PostgreSQL: - -```console -$ psql -U admin -h my-release-patroni.default.svc.cluster.local postgres - -postgres=> +drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./values.yaml ``` -## Configuration - -The following table lists the configurable parameters of the patroni chart and their default values. + - Assign external network IP address -| Parameter | Description | Default | -|-----------------------------------|---------------------------------------------|-----------------------------------------------------| -| `nameOverride` | Override the name of the chart | `nil` | -| `fullnameOverride` | Override the fullname of the chart | `nil` | -| `replicaCount` | Amount of pods to spawn | `5` | -| `image.repository` | The image to pull | `registry.opensource.zalan.do/acid/spilo-10` | -| `image.tag` | The version of the image to pull | `1.5-p5` | -| `image.pullPolicy` | The pull policy | `IfNotPresent` | -| `credentials.superuser` | Password of the superuser | `tea` | -| `credentials.admin` | Password of the admin | `cola` | -| `credentials.standby` | Password of the replication user | `pinacolada` | -| `kubernetes.dcs.enable` | Using Kubernetes as DCS | `true` | -| `kubernetes.configmaps.enable` | Using Kubernetes configmaps instead of endpoints | `false` | -| `etcd.enable` | Using etcd as DCS | `false` | -| `etcd.deployChart` | Deploy etcd chart | `false` | -| `etcd.host` | Host name of etcd cluster | `nil` | -| `etcd.discovery` | Domain name of etcd cluster | `nil` | -| `zookeeper.enable` | Using ZooKeeper as DCS | `false` | -| `zookeeper.deployChart` | Deploy ZooKeeper chart | `false` | -| `zookeeper.hosts` | List of ZooKeeper cluster members | `host1:port1,host2:port,etc...` | -| `consul.enable` | Using Consul as DCS | `false` | -| `consul.deployChart` | Deploy Consul chart | `false` | -| `consul.host` | Host name of consul cluster | `nil` | -| `env` | Extra custom environment variables | `{}` | -| `walE.enable` | Use of Wal-E tool for base backup/restore | `false` | -| `walE.scheduleCronJob` | Schedule of Wal-E backups | `00 01 * * *` | -| `walE.retainBackups` | Number of base backups to retain | `2` | -| `walE.s3Bucket:` | Amazon S3 bucket used for wal-e backups | `nil` | -| `walE.gcsBucket` | GCS storage used for Wal-E backups | `nil` | -| `walE.kubernetesSecret` | K8s secret name for provider bucket | `nil` | -| `walE.backupThresholdMegabytes` | Maximum size of the WAL segments accumulated after the base backup to consider WAL-E restore instead of pg_basebackup | `1024` | -| `walE.backupThresholdPercentage` | Maximum ratio (in percents) of the accumulated WAL files to the base backup to consider WAL-E restore instead of pg_basebackup | `30` | -| `resources` | Any resources you wish to assign to the pod | `{}` | -| `nodeSelector` | Node label to use for scheduling | `{}` | -| `tolerations` | List of node taints to tolerate | `[]` | -| `affinityTemplate` | A template string to use to generate the affinity settings | Anti-affinity preferred on hostname | -| `affinity` | Affinity settings. Overrides `affinityTemplate` if set. | `{}` | -| `schedulerName` | Alternate scheduler name | `nil` | -| `persistentVolume.accessModes` | Persistent Volume access modes | `[ReadWriteOnce]` | -| `persistentVolume.annotations` | Annotations for Persistent Volume Claim` | `{}` | -| `persistentVolume.mountPath` | Persistent Volume mount root path | `/home/postgres/pgdata` | -| `persistentVolume.size` | Persistent Volume size | `2Gi` | -| `persistentVolume.storageClass` | Persistent Volume Storage Class | `volume.alpha.kubernetes.io/storage-class: default` | -| `persistentVolume.subPath` | Subdirectory of Persistent Volume to mount | `""` | -| `rbac.create` | Create required role and rolebindings | `true` | -| `serviceAccount.create` | If true, create a new service account | `true` | -| `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template | `nil` | +`vim values.yaml` +``` + service.type: LoadBlancer +``` +``` +drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./values.yaml +``` +- View resource status +``` +# drycc resources:describe `my_pg_001` +``` -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + ### Manger backup your data `Very important` + +`Strongly recommend enabling this feature.` +`Strongly recommend enabling this feature.` +`Strongly recommend enabling this feature.` -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, +PG data backup use S3 as backenp store. Choose an independent storage space `outside of the current environment` as your backup space. -```console -$ helm install --name my-release -f values.yaml incubator/patroni +`vim values.yaml` +``` +backup: + # whether BackUP should be enabled + enabled: true + # Cron schedule for doing base backups + scheduleCronJob: "20 0 * * 0" + Amount of base backups to retain + retainBackups: 2 + s3: + awsAccessKeyID: DO9l771LqiwZkhhz + awsSecretAccessKey: R3Dv0NEmJBo8JFdn1q8jz49ArWwpDjFn + walGS3Prefix: mx-test +``` +``` +drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./values.yaml ``` -> **Tip**: You can use the default [values.yaml](values.yaml) +You can modify multiple content at once, there is no need to modify part of it each time. -## Cleanup -To remove the spawned pods you can run a simple `helm delete `. +## Destroy Service -Helm will however preserve created persistent volume claims, -to also remove them execute the commands below. - -```console -$ release= -$ helm delete $release -$ kubectl delete pvc -l release=$release -``` - -## Internals - -Patroni is responsible for electing a PostgreSQL master pod by leveraging the -DCS of your choice. After election it adds a `spilo-role=master` label to the -elected master and set the label to `spilo-role=replica` for all replicas. -Simultaneously it will update the `-patroni` endpoint to let the -service route traffic to the elected master. - -```console -$ kubectl get pods -l spilo-role -L spilo-role -NAME READY STATUS RESTARTS AGE SPILO-ROLE -my-release-patroni-0 1/1 Running 0 9m replica -my-release-patroni-1 1/1 Running 0 9m master -my-release-patroni-2 1/1 Running 0 8m replica -my-release-patroni-3 1/1 Running 0 8m replica -my-release-patroni-4 1/1 Running 0 8m replica +- Unbind service first +``` +# drycc resources:unbind `my_pg_001` +``` +- Destroy service ``` +# drycc resources:destroy `my_pg_001` +``` \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl index 1e4e50bc..e3bedca5 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl @@ -46,7 +46,7 @@ Create the name of the service account to use. Return true if a cronjob object should be created for Postgresql HA patroni ## TODO feature */}} {{- define "patroni.createCronJob" -}} -{{- if and .Values.walG.enabled }} +{{- if and .Values.backup.enabled }} {{- true -}} {{- else -}} {{- end -}} @@ -107,6 +107,16 @@ Create patroni envs. secretKeyRef: name: {{ template "patroni.fullname" . }} key: password-rewind +- name: ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: admin-user +- name: ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: admin-password - name: PATRONI_SCOPE value: {{ template "patroni.fullname" . }} - name: PATRONI_NAME @@ -123,58 +133,77 @@ Create patroni envs. value: '0.0.0.0:5432' - name: PATRONI_RESTAPI_LISTEN value: '0.0.0.0:8008' -- name: DATABASE_NAME - valueFrom: - secretKeyRef: - name: {{ template "patroni.fullname" . }} - key: data-name -- name: DATABASE_USER - valueFrom: - secretKeyRef: - name: {{ template "patroni.fullname" . }} - key: data-user -- name: DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "patroni.fullname" . }} - key: data-password {{- end -}} {{/* -Create walg envs. +Return true if a configmap object should be created for PG backup. */}} -{{- define "walg.envs" }} -{{- if .Values.walG.enabled }} -- name: USE_WALG - value: {{ .Values.walG.enabled | quote }} -{{- if .Values.walG.retainBackups }} -- name: BACKUP_NUM_TO_RETAIN - value: {{ .Values.walG.retainBackups | quote}} -{{- end }} -{{- if .Values.walG.backupThresholdMegabytes }} -- name: WALG_BACKUP_THRESHOLD_MEGABYTES - value: {{ .Values.walG.backupThresholdMegabytes | quote }} +{{- define "backup.createConfigmap" -}} +{{- if and .Values.backup.enabled }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Generate random password +*/}} + +{{/* +Get the super user password ; +*/}} +{{- define "credentials.superuserValue" }} +{{- if .Values.credentials.superuser }} + {{- .Values.credentials.superuser -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-superuser") -}} +{{- end -}} {{- end }} -{{- if .Values.walG.backupThresholdPercentage }} -- name: WALE_BACKUP_THRESHOLD_PERCENTAGE - value: {{ .Values.walG.backupThresholdPercentage | quote }} + +{{/* +Get the rewind password ; +*/}} +{{- define "credentials.rewindValue" }} +{{- if .Values.credentials.rewind }} + {{- .Values.credentials.rewind -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-rewind") -}} +{{- end -}} {{- end }} -{{- if .Values.walG.s3.used }} -- name: AWS_ACCESS_KEY_ID - value: {{ .Values.walG.s3.awsAccessKeyID | quote }} -- name: AWS_SECRET_ACCESS_KEY - value: {{ .Values.walG.s3.awsSecretAccessKey | quote }} -- name: WALG_S3_PREFIX - value: {{ .Values.walG.s3.walGS3Prefix | quote }} -- name: AWS_ENDPOINT - value: {{ .Values.walG.s3.awsEndpoint | quote }} -- name: AWS_S3_FORCE_PATH_STYLE - value: {{ .Values.walG.s3.awsS3ForcePathStyle | quote }} -- name: AWS_REGION - value: {{ .Values.walG.s3.awsRegion | quote }} + +{{/* +Get the replication password ; +*/}} +{{- define "credentials.replicationValue" }} +{{- if .Values.credentials.replication }} + {{- .Values.credentials.replication -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-replication") -}} +{{- end -}} {{- end }} -{{- else }} -- name: USE_WALG - value: "" + +{{/* +Get the administrator password ; +*/}} +{{- define "adminRole.passwordValue" }} +{{- if .Values.adminRole.password }} + {{- .Values.adminRole.password -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-replication") -}} +{{- end -}} {{- end }} + +{{/* +Returns the available value for certain key in an existing secret (if it exists), +otherwise it generates a random value. +*/}} +{{- define "getValueFromSecret" }} +{{- $len := (default 16 .Length) | int -}} +{{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} +{{- if $obj }} +{{- index $obj .Key | b64dec -}} +{{- else -}} +{{- randAlphaNum $len -}} +{{- end -}} {{- end }} + diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml new file mode 100644 index 00000000..b7eb7331 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml @@ -0,0 +1,22 @@ +{{- if (include "backup.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-backup + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + backup.env: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.backupEnv "context" $ ) | nindent 4 }} + # archive_command.sh: | - + # #/bin/bash + # source backup.env + # [ $USE_WALG ] ? sh /opt/drycc/postgresql/walbackup.sh %p : /bin/true +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml index 39c08de3..41e42886 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml @@ -19,7 +19,7 @@ metadata: {{- end }} spec: - schedule: "{{ .Values.walG.scheduleCronJob }}" + schedule: "{{ .Values.backup.scheduleCronJob }}" failedJobsHistoryLimit: 1 successfulJobsHistoryLimit: 1 jobTemplate: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml index 8b429517..dfad66c3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml @@ -23,7 +23,7 @@ spec: - port: 5432 {{- if and .Values.metrics.enabled }} - port: {{ .Values.metrics.containerPort }} - {{ end }} `` + {{ end }} {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} from: {{- if .Values.networkPolicy.allowCurrentNamespace }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml index 306e93e7..8c94ae26 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml @@ -10,10 +10,9 @@ metadata: heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} type: Opaque -data: - password-superuser: {{ .Values.credentials.superuser | b64enc }} - password-rewind: {{ .Values.credentials.rewind | b64enc }} - password-replication: {{ .Values.credentials.replication | b64enc }} - data-user: {{ .Values.dataname.username | b64enc }} - data-name: {{ .Values.dataname.dbname | b64enc }} - data-password: {{ .Values.dataname.password | b64enc }} +data: + password-superuser: {{ include "credentials.superuserValue" . | b64enc | quote }} + password-rewind: {{ include "credentials.rewindValue" . | b64enc | quote }} + password-replication: {{ include "credentials.replicationValue" . | b64enc | quote }} + admin-user: {{ .Values.adminRole.username | b64enc }} + admin-password: {{ .Values.adminRole.password | b64enc }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 0d1ed21a..3aa16bdb 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -56,9 +56,6 @@ spec: # fsGroup: postgres env: {{- include "patroni.envs" . | indent 8 }} - {{- if .Values.walG.enabled }} - {{- include "walg.envs" . | indent 8 }} - {{- end }} {{- if .Values.env }} {{- range $key, $val := .Values.env }} - name: {{ $key | quote | upper }} @@ -110,6 +107,9 @@ spec: - mountPath: "/opt/drycc/postgresql/config/" name: postgresql-config # readOnly: true + - mountPath: "/opt/drycc/postgresql/backup/" + name: backup-config + # readOnly: true resources: {{ toYaml .Values.resources | indent 10 }} {{- if .Values.metrics.enabled }} @@ -127,7 +127,7 @@ spec: {{- end }} env: - name: DATA_SOURCE_NAME - value: {{ printf "postgresql://tea_mon:password@127.0.0.1:5432/%s?sslmode=disable" $.Values.dataname.dbname }} + value: {{ printf "postgresql://tea_mon:password@127.0.0.1:5432/postgres?sslmode=disable" }} ports: - name: http-metrics containerPort: {{ .Values.metrics.containerPort }} @@ -161,7 +161,7 @@ spec: resources: {{- toYaml .Values.metrics.resources | nindent 12 }} {{- end }} {{- end }} - {{- if .Values.walG.enabled }} + {{- if .Values.backup.enabled }} - name: {{ .Chart.Name }}-backup image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -175,7 +175,6 @@ spec: - | python3 /opt/drycc/postgresql/pgbackup.py 0.0.0.0 9000 env: - {{- include "walg.envs" . | indent 8 }} - name: PGHOST value: localhost - name: PGPASSWORD @@ -222,6 +221,9 @@ spec: - name: postgresql-config configMap: name: {{ template "common.names.fullname" . }}-postgresql + - name: backup-config + configMap: + name: {{ template "common.names.fullname" . }}-backup {{- if not .Values.persistentVolume.enabled }} - name: storage-volume emptyDir: {} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index e3128f72..deb83746 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -17,14 +17,13 @@ image: # https://github.com/zalando/patroni/blob/master/docs/SETTINGS.rst#postgresql # https://github.com/zalando/spilo/blob/master/ENVIRONMENT.rst credentials: - superuser: tea - rewind: cola - replication: reppasswd + superuser: "" + rewind: "" + replication: "" -dataname: - dbname: db1 - username: us1 - password: 111w +adminRole: + username: administrator + password: "" # Distribution Configuration stores # Please note that only one of the following stores should be enabled. @@ -122,22 +121,32 @@ postInitScript: | #!/bin/bash set -Eeu # Create monitor user - psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor" - # Create init database & user - if [[( -n "$DATABASE_USER") && ( -n "$DATABASE_PASSWORD") && ( -n "$DATABASE_NAME")]]; then - echo "Creating user ${DATABASE_USER}" - psql -w -c "create user ${DATABASE_USER} WITH LOGIN ENCRYPTED PASSWORD '${DATABASE_PASSWORD}'" - echo "Creating database ${DATABASE_NAME} " - psql -w -c "CREATE DATABASE ${DATABASE_NAME} OWNER ${DATABASE_USER} CONNECTION LIMIT 1000" - psql -w -d ${DATABASE_NAME} -c "create extension postgis ; create extension pg_stat_statements ; create extension pg_buffercache ;" - psql -w -c "CHECKPOINT;CHECKPOINT;" + psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor;create extension pg_stat_statements;create extension pg_buffercache ;" + # Create admin user + if [[( -n "$ADMIN_USER") && ( -n "$ADMIN_PASSWORD")]]; then + echo "Creating user ${ADMIN_USER}" + # psql -w -c "CREATE USER ${ADMIN_USER} WITH NOSUPERUSER CREATEDB CREATEROLE REPLICATION CONNECTION LIMIT 10 LOGIN ENCRYPTED PASSWORD '${ADMIN_PASSWORD}'" else - echo "Skipping user creation" - echo "Skipping database creation" + echo "Skipping create admin user" fi + psql -w -c "CHECKPOINT;CHECKPOINT;" + +backupEnv: | + #!/bin/bash + export USE_WALG={{ .Values.backup.enabled | quote }} + export BACKUP_NUM_TO_RETAIN={{ .Values.backup.retainBackups | quote}} + export WALG_BACKUP_THRESHOLD_MEGABYTES={{ .Values.backup.backupThresholdMegabytes | quote }} + export WALE_BACKUP_THRESHOLD_PERCENTAGE={{ .Values.backup.backupThresholdPercentage | quote }} + export AWS_ACCESS_KEY_ID={{ .Values.backup.s3.awsAccessKeyID | quote }} + export AWS_SECRET_ACCESS_KEY={{ .Values.backup.s3.awsSecretAccessKey | quote }} + export WALG_S3_PREFIX={{ .Values.backup.s3.walGS3Prefix | quote }} + export AWS_ENDPOINT={{ .Values.backup.s3.awsEndpoint | quote }} + export AWS_S3_FORCE_PATH_STYLE={{ .Values.backup.s3.awsS3ForcePathStyle | quote }} + export AWS_REGION={{ .Values.backup.s3.awsRegion | quote }} + postgresql: config: |- - log_min_duration_statement = 1008 + log_min_duration_statement = 1000 max_wal_size = 4GB min_wal_size = 4GB max_connections = 1005 @@ -192,7 +201,7 @@ patroni: ## Postgresql Prometheus exporter parameters ## metrics: - enabled: false + enabled: true image: repository: registry.drycc.cc/drycc-addons/postgres-exporter tag: "0" @@ -239,36 +248,36 @@ metrics: limits: cpu: 100m memory: 512Mi - # hugepages-2Mi: 4Mi + hugepages-2Mi: 20Mi requests: cpu: 100m memory: 512Mi -walG: +backup: # Specifies whether Wal-G should be enabled - enabled: true + enabled: false # Cron schedule for doing base backups - scheduleCronJob: "*/5 * * * *" + scheduleCronJob: "22 0 * * 0" # Amount of base backups to retain retainBackups: 2 # Name of the secret that holds the credentials to the bucket kubernetesSecret: # Maximum size of the WAL segments accumulated after the base backup to - # consider WAL-E restore instead of pg_basebackup + # consider WAL-G restore instead of pg_basebackup backupThresholdMegabytes: 1024 # Maximum ratio (in percents) of the accumulated WAL files to the base backup - # to consider WAL-E restore instead of pg_basebackup + # to consider WAL-G restore instead of pg_basebackup backupThresholdPercentage: 30 s3: used: true - awsAccessKeyID: "minioadmin" - awsSecretAccessKey: "minioadmin" - walGS3Prefix: "s3://pg1" - awsEndpoint: "http://10.10.2.11:9000" + awsAccessKeyID: "" + awsSecretAccessKey: "" + walGS3Prefix: "s3://xx" + awsEndpoint: "http://xxxx:9000" awsS3ForcePathStyle: "true" awsRegion: dx-1 persistentVolume: - enabled: false + enabled: true size: 10G ## database data Persistent Volume Storage Class ## If defined, storageClassName: @@ -334,7 +343,7 @@ serviceAccount: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: false + enabled: true ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port Postgresql is listening @@ -342,4 +351,4 @@ networkPolicy: ## (with the correct destination port). ## allowCurrentNamespace: true - allowNamespaces: [] \ No newline at end of file + allowNamespaces: \ No newline at end of file diff --git a/addons/postgresql-cluster/15/meta.yaml b/addons/postgresql-cluster/15/meta.yaml index 1b5450bc..baa53c9e 100644 --- a/addons/postgresql-cluster/15/meta.yaml +++ b/addons/postgresql-cluster/15/meta.yaml @@ -21,6 +21,6 @@ allow_parameters: description: "service type config for values.yaml" - name: "metrics.enabled" description: "Whether to enable metrics. default true" -- name: "walG.enabled" - description: "Whether to use S3 for backup your data. default true . ps: Make sure there is a available S3 " +- name: "backup" + description: "Whether to use S3 for backup your data. default false . ps: Make sure there is a available S3 " archive: false \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml index 41676f6e..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,7 +21,6 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: DADABASE valueFrom: secretKeyRef: @@ -38,5 +37,4 @@ credential: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-user }' - name: PORT - value: 5432 - + value: 5432 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-10/values.yaml b/addons/postgresql-cluster/15/plans/standard-10/values.yaml index b6037e16..94917aff 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/values.yaml @@ -65,7 +65,7 @@ resources: limits: cpu: 1000m memory: 2Gi - # hugepages-2Mi: 4Mi + hugepages-2Mi: 4Mi requests: cpu: 1000m memory: 2Gi diff --git a/addons/postgresql-cluster/15/plans/standard-100/bind.yaml b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml index 5b215a03..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,7 +21,6 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: DADABASE valueFrom: secretKeyRef: diff --git a/addons/postgresql-cluster/15/plans/standard-100/meta.yaml b/addons/postgresql-cluster/15/plans/standard-100/meta.yaml index 8b3352c9..699f4aaa 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/meta.yaml @@ -1,6 +1,6 @@ name: "standard-100" id: c44160a6-5ec4-49e5-af1e-a1c1676871cf -description: "Mysql Cluster standard-100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 2000" +description: "PostgreSQL Cluster standard-100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 2000" displayName: "standard-100" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-100/values.yaml b/addons/postgresql-cluster/15/plans/standard-100/values.yaml index c937e07a..2f4c4841 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/values.yaml @@ -66,7 +66,6 @@ resources: limits: cpu: 4000m memory: 16Gi - # hugepages-2Mi: 4Mi requests: cpu: 4000m memory: 16Gi diff --git a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml index 5b215a03..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,7 +21,6 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: DADABASE valueFrom: secretKeyRef: diff --git a/addons/postgresql-cluster/15/plans/standard-20/meta.yaml b/addons/postgresql-cluster/15/plans/standard-20/meta.yaml index e9580d73..0f67097a 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/meta.yaml @@ -1,6 +1,6 @@ name: "standard-20" id: edf8bdfe-b1dc-4f41-b042-801153794df7 -description: "Mysql Cluster standard-20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" +description: "PostgreSQL Cluster standard-20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" displayName: "standard-20" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-20/values.yaml b/addons/postgresql-cluster/15/plans/standard-20/values.yaml index f460d01f..3ef08abf 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/values.yaml @@ -67,7 +67,7 @@ resources: limits: cpu: 2000m memory: 4Gi - # hugepages-2Mi: 4Mi + hugepages-2Mi: 20Mi requests: cpu: 2000m memory: 4Gi diff --git a/addons/postgresql-cluster/15/plans/standard-200/bind.yaml b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml index 5b215a03..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,7 +21,6 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: DADABASE valueFrom: secretKeyRef: diff --git a/addons/postgresql-cluster/15/plans/standard-200/meta.yaml b/addons/postgresql-cluster/15/plans/standard-200/meta.yaml index 89b4292b..cbfb48ce 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/meta.yaml @@ -1,6 +1,6 @@ name: "standard-200" id: a2160ac2-6c35-4162-b8a2-8dfb2e01816f -description: "Mysql Cluster standard-200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 2000" +description: "PostgreSQL Cluster standard-200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 2000" displayName: "standard-200" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-200/values.yaml b/addons/postgresql-cluster/15/plans/standard-200/values.yaml index 9db720e6..5e9d641b 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/values.yaml @@ -65,7 +65,6 @@ resources: limits: cpu: 8000m memory: 32Gi - # hugepages-2Mi: 4Mi requests: cpu: 8000m memory: 32Gi diff --git a/addons/postgresql-cluster/15/plans/standard-400/bind.yaml b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml index a95ec5b2..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-400/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,8 +21,7 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - - name: DATABASE + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} diff --git a/addons/postgresql-cluster/15/plans/standard-400/meta.yaml b/addons/postgresql-cluster/15/plans/standard-400/meta.yaml index b9472699..8ec2aacb 100644 --- a/addons/postgresql-cluster/15/plans/standard-400/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-400/meta.yaml @@ -1,6 +1,6 @@ name: "standard-400" id: 16bfd3a8-1080-4731-93d0-bd90e6ba6dad -description: "Mysql Cluster standard-400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 2000" +description: "PostgreSQL Cluster standard-400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 2000" displayName: "standard-400" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-50/bind.yaml b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml index 5b215a03..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,7 +21,6 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: DADABASE valueFrom: secretKeyRef: diff --git a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml index 9fbb08f1..29e67ad5 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml @@ -1,6 +1,6 @@ name: "standard-50" id: 0542f411-4e7b-46af-966c-c9989e54873c -description: "Mysql Cluster standard-50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" +description: "PostgreSQL standard-50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" displayName: "standard-50" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-50/values.yaml b/addons/postgresql-cluster/15/plans/standard-50/values.yaml index fbf8db1f..046e87ea 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/values.yaml @@ -66,7 +66,6 @@ resources: limits: cpu: 2000m memory: 8Gi - # hugepages-2Mi: 4Mi requests: cpu: 2000m memory: 8Gi diff --git a/addons/postgresql-cluster/15/plans/standard-800/bind.yaml b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml index 5b215a03..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-800/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,7 +21,6 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: DADABASE valueFrom: secretKeyRef: diff --git a/addons/postgresql-cluster/15/plans/standard-800/meta.yaml b/addons/postgresql-cluster/15/plans/standard-800/meta.yaml index 1748ac9e..72ab5126 100644 --- a/addons/postgresql-cluster/15/plans/standard-800/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-800/meta.yaml @@ -1,6 +1,6 @@ name: "standard-800" id: 60f37e20-e69e-4f6f-9cce-e43caec34963 -description: "Mysql Cluster standard-800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 2000" +description: "PostgreSQL Cluster standard-800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 2000" displayName: "standard-800" bindable: true maximum_polling_duration: 1800