From b71f147ff75b22a6aa67f13e8b9acd3bd2fc21cf Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 10 Oct 2023 17:30:38 +0800 Subject: [PATCH 01/53] chore(mysql-cluster): modify networkpolicy --- .../templates/networkpolicy.yaml | 31 ++++++++--------- .../8.0/chart/mysql-cluster/values.yaml | 33 +++++++++---------- 2 files changed, 32 insertions(+), 32 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml index 45a67db3..827f8311 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml @@ -23,23 +23,24 @@ spec: ingress: # Allow inbound connections - ports: - - port: {{ .Values.primary.service.ports.mysql }} - {{- if not .Values.networkPolicy.allowExternal }} + - port: {{ .Values.router.service.portrw }} + - port: {{ .Values.router.service.portro }} + {{- if and .Values.metrics.enabled }} + - port: {{ .Values.metrics.service.port }} + {{ end }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} from: - - podSelector: + {{- if .Values.networkPolicy.allowCurrentNamespace }} + - namespaceSelector: matchLabels: - {{ template "common.names.fullname" . }}-client: "true" - {{- if .Values.networkPolicy.explicitNamespacesSelector }} - namespaceSelector: -{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} - {{- end }} - - podSelector: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- end }} + {{- range $namespace := .Values.networkPolicy.allowNamespaces }} + {{- if $namespace }} + - namespaceSelector: matchLabels: - {{- include "common.labels.matchLabels" . | nindent 14 }} + kubernetes.io/metadata.name: {{ $namespace }} {{- end }} - {{- if .Values.metrics.enabled }} - # Allow prometheus scrapes - - ports: - - port: 9104 - {{- end }} + {{- end }} + {{- end }} {{- end }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index cdbfd0a3..ebfe4ed2 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -971,28 +971,16 @@ rbac: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: false + enabled: true ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port MySQL is listening ## on. When true, MySQL will accept connections from any source ## (with the correct destination port). ## - allowExternal: true - ## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed to MySQL - ## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the DB. - ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - ## - explicitNamespacesSelector: {} + allowCurrentNamespace: true + allowNamespaces: [] + ## @section Volume Permissions parameters @@ -1035,7 +1023,7 @@ volumePermissions: metrics: ## @param metrics.enabled Start a side-car prometheus exporter ## - enabled: false + enabled: true ## @param metrics.image.registry Exporter image registry ## @param metrics.image.repository Exporter image repository ## @param metrics.image.tag Exporter image tag (immutable tags are recommended) @@ -1132,6 +1120,17 @@ metrics: ## cpu: 100m ## memory: 256Mi requests: {} + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsGroup: 0 + runAsNonRoot: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL ## Mysqld Prometheus exporter liveness probe ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## @param metrics.livenessProbe.enabled Enable livenessProbe From d30010a82334ad1a5d6345a43ff3b578e084e79a Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 10 Oct 2023 17:33:07 +0800 Subject: [PATCH 02/53] fix(prometheus): fix typo --- addons/prometheus/2/{plan => plans}/standard-1-2/bind.yaml | 0 .../2/{plan => plans}/standard-1-2/create-instance-schema.json | 0 addons/prometheus/2/{plan => plans}/standard-1-2/meta.yaml | 0 addons/prometheus/2/{plan => plans}/standard-1-2/values.yaml | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename addons/prometheus/2/{plan => plans}/standard-1-2/bind.yaml (100%) rename addons/prometheus/2/{plan => plans}/standard-1-2/create-instance-schema.json (100%) rename addons/prometheus/2/{plan => plans}/standard-1-2/meta.yaml (100%) rename addons/prometheus/2/{plan => plans}/standard-1-2/values.yaml (100%) diff --git a/addons/prometheus/2/plan/standard-1-2/bind.yaml b/addons/prometheus/2/plans/standard-1-2/bind.yaml similarity index 100% rename from addons/prometheus/2/plan/standard-1-2/bind.yaml rename to addons/prometheus/2/plans/standard-1-2/bind.yaml diff --git a/addons/prometheus/2/plan/standard-1-2/create-instance-schema.json b/addons/prometheus/2/plans/standard-1-2/create-instance-schema.json similarity index 100% rename from addons/prometheus/2/plan/standard-1-2/create-instance-schema.json rename to addons/prometheus/2/plans/standard-1-2/create-instance-schema.json diff --git a/addons/prometheus/2/plan/standard-1-2/meta.yaml b/addons/prometheus/2/plans/standard-1-2/meta.yaml similarity index 100% rename from addons/prometheus/2/plan/standard-1-2/meta.yaml rename to addons/prometheus/2/plans/standard-1-2/meta.yaml diff --git a/addons/prometheus/2/plan/standard-1-2/values.yaml b/addons/prometheus/2/plans/standard-1-2/values.yaml similarity index 100% rename from addons/prometheus/2/plan/standard-1-2/values.yaml rename to addons/prometheus/2/plans/standard-1-2/values.yaml From 842cb24e279faaf75683363681d3a1f83bb78071 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 12 Oct 2023 09:41:04 +0800 Subject: [PATCH 03/53] chore(prometheus): add plans 50 --- .../{standard-1-2 => standard-10}/bind.yaml | 0 .../create-instance-schema.json | 0 .../{standard-1-2 => standard-10}/meta.yaml | 0 .../{standard-1-2 => standard-10}/values.yaml | 0 .../prometheus/2/plans/standard-50/bind.yaml | 34 +++++++++++++++++++ .../standard-50/create-instance-schema.json | 12 +++++++ .../prometheus/2/plans/standard-50/meta.yaml | 6 ++++ .../2/plans/standard-50/values.yaml | 7 ++++ 8 files changed, 59 insertions(+) rename addons/prometheus/2/plans/{standard-1-2 => standard-10}/bind.yaml (100%) rename addons/prometheus/2/plans/{standard-1-2 => standard-10}/create-instance-schema.json (100%) rename addons/prometheus/2/plans/{standard-1-2 => standard-10}/meta.yaml (100%) rename addons/prometheus/2/plans/{standard-1-2 => standard-10}/values.yaml (100%) create mode 100644 addons/prometheus/2/plans/standard-50/bind.yaml create mode 100644 addons/prometheus/2/plans/standard-50/create-instance-schema.json create mode 100644 addons/prometheus/2/plans/standard-50/meta.yaml create mode 100644 addons/prometheus/2/plans/standard-50/values.yaml diff --git a/addons/prometheus/2/plans/standard-1-2/bind.yaml b/addons/prometheus/2/plans/standard-10/bind.yaml similarity index 100% rename from addons/prometheus/2/plans/standard-1-2/bind.yaml rename to addons/prometheus/2/plans/standard-10/bind.yaml diff --git a/addons/prometheus/2/plans/standard-1-2/create-instance-schema.json b/addons/prometheus/2/plans/standard-10/create-instance-schema.json similarity index 100% rename from addons/prometheus/2/plans/standard-1-2/create-instance-schema.json rename to addons/prometheus/2/plans/standard-10/create-instance-schema.json diff --git a/addons/prometheus/2/plans/standard-1-2/meta.yaml b/addons/prometheus/2/plans/standard-10/meta.yaml similarity index 100% rename from addons/prometheus/2/plans/standard-1-2/meta.yaml rename to addons/prometheus/2/plans/standard-10/meta.yaml diff --git a/addons/prometheus/2/plans/standard-1-2/values.yaml b/addons/prometheus/2/plans/standard-10/values.yaml similarity index 100% rename from addons/prometheus/2/plans/standard-1-2/values.yaml rename to addons/prometheus/2/plans/standard-10/values.yaml diff --git a/addons/prometheus/2/plans/standard-50/bind.yaml b/addons/prometheus/2/plans/standard-50/bind.yaml new file mode 100644 index 00000000..5ee819d9 --- /dev/null +++ b/addons/prometheus/2/plans/standard-50/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ printf "%s-router" (include "common.names.fullname" .) }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + {{- end }} + diff --git a/addons/prometheus/2/plans/standard-50/create-instance-schema.json b/addons/prometheus/2/plans/standard-50/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/prometheus/2/plans/standard-50/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-50/meta.yaml b/addons/prometheus/2/plans/standard-50/meta.yaml new file mode 100644 index 00000000..0baaf0f9 --- /dev/null +++ b/addons/prometheus/2/plans/standard-50/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-50" +id: eb7b3f73-dd94-4d05-8a48-63e7775f534d +description: "Prometheus Cluster standard-50 plan persistence size 50Gi." +displayName: "50Gi" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/prometheus/2/plans/standard-50/values.yaml b/addons/prometheus/2/plans/standard-50/values.yaml new file mode 100644 index 00000000..0dc80c4f --- /dev/null +++ b/addons/prometheus/2/plans/standard-50/values.yaml @@ -0,0 +1,7 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-prometheus-standard-50 + +server: + persistence: + size: 50Gi \ No newline at end of file From 4155cdf4f1a0cd6eb8df499fd79f57ff7ef5dd61 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 16 Oct 2023 14:16:44 +0800 Subject: [PATCH 04/53] chore(mysql-cluster): add networkpolicy --- .../chart/mysql-cluster/templates/networkpolicy.yaml | 1 + .../mysql-cluster/templates/primary/statefulset.yaml | 2 +- .../mysql-cluster/8.0/chart/mysql-cluster/values.yaml | 10 +++++----- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml index 827f8311..74013298 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml @@ -25,6 +25,7 @@ spec: - ports: - port: {{ .Values.router.service.portrw }} - port: {{ .Values.router.service.portro }} + - port: 24901 {{- if and .Values.metrics.enabled }} - port: {{ .Values.metrics.service.port }} {{ end }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml index 79694e68..56b3ec79 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml @@ -298,7 +298,7 @@ spec: if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") fi - MYSQLD_EXPORTER_PASSWORD=${password_aux} /bin/mysqld_exporter --mysqld.address=localhost:3306 --mysqld.username=root {{- range .Values.metrics.extraArgs.primary }} {{ . }} {{- end }} + MYSQLD_EXPORTER_PASSWORD=${password_aux} /opt/drycc/mysqld_exporter/bin/mysqld_exporter --mysqld.address=localhost:3306 --mysqld.username=root {{- range .Values.metrics.extraArgs.primary }} {{ . }} {{- end }} {{- end }} ports: - name: metrics diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index ebfe4ed2..9d5e4293 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -971,7 +971,7 @@ rbac: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: true + enabled: true ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port MySQL is listening @@ -1023,7 +1023,7 @@ volumePermissions: metrics: ## @param metrics.enabled Start a side-car prometheus exporter ## - enabled: true + enabled: true ## @param metrics.image.registry Exporter image registry ## @param metrics.image.repository Exporter image repository ## @param metrics.image.tag Exporter image tag (immutable tags are recommended) @@ -1032,9 +1032,9 @@ metrics: ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array ## image: - registry: docker.io - repository: drycc/mysqld-exporter - tag: 0.14.0-debian-11-r45 + registry: registry.drycc.cc + repository: drycc-addons/mysqld-exporter + tag: 0 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From f333fe78dd171a94c34f4d75e93a23cd2fc52cdf Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 16 Oct 2023 15:03:23 +0800 Subject: [PATCH 05/53] chore(prometheus): add networkpolicy --- .../2/chart/prometheus/templates/bind.yaml | 34 ++++++++++++++ .../prometheus/templates/networkpolicy.yaml | 47 +++++++++++++++++++ .../prometheus/2/chart/prometheus/values.yaml | 18 ++++++- .../prometheus/2/plans/standard-10/bind.yaml | 42 +++++++---------- .../prometheus/2/plans/standard-50/bind.yaml | 4 +- 5 files changed, 117 insertions(+), 28 deletions(-) create mode 100644 addons/prometheus/2/chart/prometheus/templates/bind.yaml create mode 100644 addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml diff --git a/addons/prometheus/2/chart/prometheus/templates/bind.yaml b/addons/prometheus/2/chart/prometheus/templates/bind.yaml new file mode 100644 index 00000000..8528bf3e --- /dev/null +++ b/addons/prometheus/2/chart/prometheus/templates/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.server.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ printf "%s" (include "common.names.fullname" .) }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + {{- end }} + diff --git a/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml b/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml new file mode 100644 index 00000000..1ef0125d --- /dev/null +++ b/addons/prometheus/2/chart/prometheus/templates/networkpolicy.yaml @@ -0,0 +1,47 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + ingress: + # Allow inbound connections + - ports: + - port: {{ .Values.alertmanager.service.ports.http }} + - port: {{ .Values.alertmanager.service.ports.cluster }} + - port: {{ .Values.alertmanager.containerPorts.http }} + - port: {{ .Values.alertmanager.containerPorts.cluster }} + - port: {{ .Values.server.containerPorts.http }} + - port: {{ .Values.server.service.ports.http }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} + from: + {{- if .Values.networkPolicy.allowCurrentNamespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- end }} + {{- range $namespace := .Values.networkPolicy.allowNamespaces }} + {{- if $namespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ $namespace }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index 5d24a56a..206aeabe 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -360,7 +360,7 @@ alertmanager: ingress: ## @param alertmanager.ingress.enabled Enable ingress record generation for Alertmanager ## - enabled: false + enabled: true ## @param alertmanager.ingress.pathType Ingress path type ## pathType: ImplementationSpecific @@ -1225,7 +1225,7 @@ server: ingress: ## @param server.ingress.enabled Enable ingress record generation for Prometheus ## - enabled: false + enabled: true ## @param server.ingress.pathType Ingress path type ## pathType: ImplementationSpecific @@ -1460,6 +1460,20 @@ server: ## rules: [] +## Prometheus Nework Policy configuration +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: true + ## @param networkPolicy.allowExternal The Policy model to apply. + ## When set to false, only pods with the correct + ## client label will have network access to the port MySQL is listening + ## on. When true, MySQL will accept connections from any source + ## (with the correct destination port). + ## + allowCurrentNamespace: true + allowNamespaces: [] ## @section Init Container Parameters ## diff --git a/addons/prometheus/2/plans/standard-10/bind.yaml b/addons/prometheus/2/plans/standard-10/bind.yaml index 5ee819d9..c6efaaba 100644 --- a/addons/prometheus/2/plans/standard-10/bind.yaml +++ b/addons/prometheus/2/plans/standard-10/bind.yaml @@ -1,34 +1,28 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} + {{- if (eq .Values.server.service.type "LoadBalancer") }} - name: host valueFrom: serviceRef: - name: {{ printf "%s-router" (include "common.names.fullname" .) }} + name: {{ printf "%s" (include "common.names.fullname" .) }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: database + - name: port valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - - name: password - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: username - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: portrw + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .spec.ports.port }' + {{- end }} + +alertmanager + + {{- if (eq .Values.alertmanager.service.type "LoadBalancer") }} + - name: host valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - - name: portro + serviceRef: + name: {{ printf "%s" (include "common.names.fullname" .) }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: port valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portro }' - {{- end }} - + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .spec.ports.port }' + {{- end }} \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-50/bind.yaml b/addons/prometheus/2/plans/standard-50/bind.yaml index 5ee819d9..3e652f1c 100644 --- a/addons/prometheus/2/plans/standard-50/bind.yaml +++ b/addons/prometheus/2/plans/standard-50/bind.yaml @@ -1,9 +1,9 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} + {{- if (eq .Values.service.type "LoadBalancer") }} - name: host valueFrom: serviceRef: - name: {{ printf "%s-router" (include "common.names.fullname" .) }} + name: {{ printf "%s" (include "common.names.fullname" .) }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - name: database valueFrom: From 14de943df62001dd7fdfc2373671c5162c69e9de Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 18 Oct 2023 14:57:47 +0800 Subject: [PATCH 06/53] chore(promtheus): service discovery in namespace --- .../prometheus/templates/_scrape_config.tpl | 3 +- .../2/chart/prometheus/templates/bind.yaml | 34 ----------- .../prometheus/2/chart/prometheus/values.yaml | 57 +++++++++++++++++-- 3 files changed, 54 insertions(+), 40 deletions(-) delete mode 100644 addons/prometheus/2/chart/prometheus/templates/bind.yaml diff --git a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl index ea669ead..7fb0e110 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl @@ -12,6 +12,7 @@ Usage: kubernetes_sd_configs: - role: endpoints namespaces: + own_namespace: true names: - {{ include "common.names.namespace" .context }} metrics_path: /metrics @@ -83,4 +84,4 @@ relabel_configs: - __tmp_hash regex: 0 action: keep -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/addons/prometheus/2/chart/prometheus/templates/bind.yaml b/addons/prometheus/2/chart/prometheus/templates/bind.yaml deleted file mode 100644 index 8528bf3e..00000000 --- a/addons/prometheus/2/chart/prometheus/templates/bind.yaml +++ /dev/null @@ -1,34 +0,0 @@ -credential: - {{- if (eq .Values.server.service.type "LoadBalancer") }} - - name: host - valueFrom: - serviceRef: - name: {{ printf "%s" (include "common.names.fullname" .) }} - jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: database - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - - name: password - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: username - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: portrw - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - - name: portro - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portro }' - {{- end }} - diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index 206aeabe..a551fa68 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -628,6 +628,9 @@ server: {{- if .Values.server.extraScrapeConfigs}} {{- include "common.tplvalues.render" (dict "value" .Values.server.extraScrapeConfigs "context" $) | nindent 2 }} {{- end }} + {{- if .Values.server.dsScrapeConfigs}} + {{- include "common.tplvalues.render" (dict "value" .Values.server.dsScrapeConfigs "context" $) | nindent 2 }} + {{- end }} {{- if or .Values.alertmanager.enabled .Values.server.alertingEndpoints}} alerting: alertmanagers: @@ -649,7 +652,50 @@ server: ## @param server.extraScrapeConfigs Promethus configuration, useful to declare new scrape_configs. This content will be merged with the 'server.configuration' value and stored in the the prometheus.yaml file. ## ref: ## - extraScrapeConfigs: [] + extraScrapeConfigs: [] + dsScrapeConfigs: + - job_name: 'service-endpoints' + honor_labels: true + kubernetes_sd_configs: + - role: endpoints + namespaces: + own_namespace: true + names: + - default + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] + action: drop + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: (.+?)(?::\d+)?;(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: service + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node ## @param server.replicaCount Number of Prometheus replicas to deploy ## replicaCount: 1 @@ -824,7 +870,7 @@ server: ## StrategyType ## Can be set to RollingUpdate or Recreate ## - type: RollingUpdate + type: Recreate ## @param server.priorityClassName Prometheus pods' priorityClassName ## @@ -1465,7 +1511,7 @@ server: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: true + enabled: true ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port MySQL is listening @@ -1473,7 +1519,8 @@ networkPolicy: ## (with the correct destination port). ## allowCurrentNamespace: true - allowNamespaces: [] + allowNamespaces: + - traefik ## @section Init Container Parameters ## @@ -1521,4 +1568,4 @@ volumePermissions: ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) ## containerSecurityContext: - runAsUser: 0 \ No newline at end of file + runAsUser: 0 From 58ce2cb1700478e79b045cad88a8fe1b238a2cdf Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 25 Oct 2023 11:49:13 +0800 Subject: [PATCH 07/53] chore(mysql-cluster): plans 10 --- .../templates/primary/statefulset.yaml | 4 ++++ .../8.0/chart/mysql-cluster/values.yaml | 8 ++++++-- .../8.0/plans/standard-10/values.yaml | 16 +++++++++------- 3 files changed, 19 insertions(+), 9 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml index 56b3ec79..49b8c703 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml @@ -156,6 +156,10 @@ spec: - name: MYSQL_DATABASE value: {{ .Values.auth.database | quote }} {{- end }} + {{- if and .Values.auth.createDatabase .Values.auth.database }} + - name: MAX_CONNECTION_LIMIT + value: {{ .Values.maxConnectionLimit | quote }} + {{- end }} {{- if or (eq .Values.architecture "replication") (eq .Values.architecture "mgr") }} - name: MYSQL_REPLICATION_MODE value: "master" diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index 9d5e4293..3199eede 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -149,7 +149,7 @@ auth: ## initdbScripts: ## my_init_script.sh: | ## #!/bin/bash -## echo "Do something." +## echo "Do something." ## initdbScripts: int-mysql.sh: | @@ -181,6 +181,8 @@ initdbScripts: echo loose-group_replication_group_seeds="$svc_mgr_host-0.$svc_mgr_host:24901,$svc_mgr_host-1.$svc_mgr_host:24901,$svc_mgr_host-2.$svc_mgr_host:24901" >> $base_conf_file echo plugin_load_add='group_replication.so' >> $base_conf_file + + echo max_connections=$MAX_CONNECTION_LIMIT ## @param initdbScriptsConfigMap ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) ## @@ -211,10 +213,12 @@ primary: ## @param primary.configuration [string] Configure MySQL Primary with a custom my.cnf file ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file ## + maxConnectionLimit: 2000 + configuration: |- [mysqld] # server - max_connections=500 + max_connections=10000 default_authentication_plugin=caching_sha2_password skip-name-resolve relay-log=relay-log diff --git a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml index baca4920..e8d14da0 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml @@ -11,13 +11,15 @@ fullnameOverride: hb-mysql-cluster-standard-10 ## @param resources.limits The resources limits for the MinIO® container ## @param resources.requests The requested resources for the MinIO® container ## -resources: - limits: - cpu: 1000m - memory: 1024Mi - requests: - cpu: 100m - memory: 512Mi +primary: + resources: + limits: + cpu: 1000m + memory: 1024Mi + requests: + cpu: 100m + memory: 512Mi + ## @section Persistence parameters From 7c93cee8b35b03477f674658fdd6ed9f88ddbb62 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 25 Oct 2023 15:11:19 +0800 Subject: [PATCH 08/53] chore(mysql-cluster): add max_connection_limit --- .../chart/mysql-cluster/templates/primary/statefulset.yaml | 5 +++-- addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml index 49b8c703..24d81878 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml @@ -156,9 +156,9 @@ spec: - name: MYSQL_DATABASE value: {{ .Values.auth.database | quote }} {{- end }} - {{- if and .Values.auth.createDatabase .Values.auth.database }} + {{- if .Values.primary.maxConnectionLimit }} - name: MAX_CONNECTION_LIMIT - value: {{ .Values.maxConnectionLimit | quote }} + value: {{ .Values.primary.maxConnectionLimit | quote }} {{- end }} {{- if or (eq .Values.architecture "replication") (eq .Values.architecture "mgr") }} - name: MYSQL_REPLICATION_MODE @@ -397,3 +397,4 @@ spec: selector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.selector "context" $) | nindent 10 }} {{- end -}} {{- end }} + diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index 3199eede..a33e364c 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -182,7 +182,7 @@ initdbScripts: echo plugin_load_add='group_replication.so' >> $base_conf_file - echo max_connections=$MAX_CONNECTION_LIMIT + echo max_connections=$MAX_CONNECTION_LIMIT >> $base_conf_file ## @param initdbScriptsConfigMap ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) ## From ae4809d6a88a8f4c9949139b7fa9a169fc1d7553 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 25 Oct 2023 16:06:56 +0800 Subject: [PATCH 09/53] chore(mysql-cluster): add plans --- .../8.0/plans/standard-10/bind.yaml | 9 ++- .../8.0/plans/standard-10/meta.yaml | 2 +- .../8.0/plans/standard-10/values.yaml | 7 ++- .../8.0/plans/standard-100/bind.yaml | 34 +++++++++++ .../standard-100/create-instance-schema.json | 12 ++++ .../8.0/plans/standard-100/meta.yaml | 6 ++ .../8.0/plans/standard-100/values.yaml | 61 +++++++++++++++++++ .../8.0/plans/standard-20/bind.yaml | 34 +++++++++++ .../standard-20/create-instance-schema.json | 12 ++++ .../8.0/plans/standard-20/meta.yaml | 6 ++ .../8.0/plans/standard-20/values.yaml | 61 +++++++++++++++++++ .../8.0/plans/standard-200/bind.yaml | 34 +++++++++++ .../standard-200/create-instance-schema.json | 12 ++++ .../8.0/plans/standard-200/meta.yaml | 6 ++ .../8.0/plans/standard-200/values.yaml | 61 +++++++++++++++++++ .../8.0/plans/standard-400/bind.yaml | 34 +++++++++++ .../standard-400/create-instance-schema.json | 12 ++++ .../8.0/plans/standard-400/meta.yaml | 6 ++ .../8.0/plans/standard-400/values.yaml | 61 +++++++++++++++++++ .../8.0/plans/standard-50/bind.yaml | 34 +++++++++++ .../standard-50/create-instance-schema.json | 12 ++++ .../8.0/plans/standard-50/meta.yaml | 6 ++ .../8.0/plans/standard-50/values.yaml | 60 ++++++++++++++++++ .../8.0/plans/standard-800/bind.yaml | 34 +++++++++++ .../standard-800/create-instance-schema.json | 12 ++++ .../8.0/plans/standard-800/meta.yaml | 6 ++ .../8.0/plans/standard-800/values.yaml | 61 +++++++++++++++++++ 27 files changed, 689 insertions(+), 6 deletions(-) create mode 100644 addons/mysql-cluster/8.0/plans/standard-100/bind.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-100/create-instance-schema.json create mode 100644 addons/mysql-cluster/8.0/plans/standard-100/meta.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-100/values.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-20/bind.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-20/create-instance-schema.json create mode 100644 addons/mysql-cluster/8.0/plans/standard-20/meta.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-20/values.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-200/bind.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-200/create-instance-schema.json create mode 100644 addons/mysql-cluster/8.0/plans/standard-200/meta.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-200/values.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-400/bind.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-400/create-instance-schema.json create mode 100644 addons/mysql-cluster/8.0/plans/standard-400/meta.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-400/values.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-50/bind.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-50/create-instance-schema.json create mode 100644 addons/mysql-cluster/8.0/plans/standard-50/meta.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-50/values.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-800/bind.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-800/create-instance-schema.json create mode 100644 addons/mysql-cluster/8.0/plans/standard-800/meta.yaml create mode 100644 addons/mysql-cluster/8.0/plans/standard-800/values.yaml diff --git a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml index fa1ceb8e..e8b99314 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml @@ -20,10 +20,15 @@ credential: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: port + - name: portro valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.port }' + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' {{- end }} diff --git a/addons/mysql-cluster/8.0/plans/standard-10/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-10/meta.yaml index 426c302e..6c738828 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/meta.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/meta.yaml @@ -1,6 +1,6 @@ name: "standard-10" id: 2b455154-8725-482a-95b2-a193c180d9b5 -description: "Mysql Cluster standard-10 plan which limit persistence size 10Gi." +description: "Mysql Cluster standard-10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G , DB MAX Connection 600" displayName: "standard-10" bindable: true maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml index e8d14da0..f90075a8 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml @@ -12,14 +12,15 @@ fullnameOverride: hb-mysql-cluster-standard-10 ## @param resources.requests The requested resources for the MinIO® container ## primary: + maxConnectionLimit: 600 resources: limits: cpu: 1000m memory: 1024Mi requests: - cpu: 100m - memory: 512Mi - + cpu: 1000m + memory: 1024Mi + ## @section Persistence parameters diff --git a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/mysql-cluster/8.0/plans/standard-100/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-100/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-100/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-100/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-100/meta.yaml new file mode 100644 index 00000000..1856a446 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-100" +id: 8205e5d3-a954-4c68-a570-efa8c607c1d7 +description: "Mysql Cluster standard-100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 4000" +displayName: "standard-100" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-100/values.yaml b/addons/mysql-cluster/8.0/plans/standard-100/values.yaml new file mode 100644 index 00000000..1c6b865b --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-100/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-100 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 4000 + resources: + limits: + cpu: 4000m + memory: 16Gi + requests: + cpu: 4000m + memory: 16Gi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 100Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} diff --git a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/mysql-cluster/8.0/plans/standard-20/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-20/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-20/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-20/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-20/meta.yaml new file mode 100644 index 00000000..e749a7db --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-20/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-20" +id: 95fd7cf2-f2fb-46c9-b3fc-9e7f48899dcc +description: "Mysql Cluster standard-20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" +displayName: "standard-20" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-20/values.yaml b/addons/mysql-cluster/8.0/plans/standard-20/values.yaml new file mode 100644 index 00000000..d9422e70 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-20/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-20 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 1000 + resources: + limits: + cpu: 2000m + memory: 4Gi + requests: + cpu: 2000m + memory: 4Gi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 20Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} diff --git a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/mysql-cluster/8.0/plans/standard-200/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-200/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-200/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-200/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-200/meta.yaml new file mode 100644 index 00000000..b857ef1e --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-200/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-200" +id: 8205e5d3-a954-4c68-a570-efa8c607c1d7 +description: "Mysql Cluster standard-200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 8000" +displayName: "standard-200" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-200/values.yaml b/addons/mysql-cluster/8.0/plans/standard-200/values.yaml new file mode 100644 index 00000000..baf7e8a9 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-200/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-200 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 8000 + resources: + limits: + cpu: 8000m + memory: 32Gi + requests: + cpu: 8000m + memory: 32Gi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 200Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} diff --git a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/mysql-cluster/8.0/plans/standard-400/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-400/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-400/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-400/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-400/meta.yaml new file mode 100644 index 00000000..c802ccc6 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-400/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-400" +id: f96fb7d8-3012-4175-931e-902e26697441 +description: "Mysql Cluster standard-400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 1600" +displayName: "standard-400" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-400/values.yaml b/addons/mysql-cluster/8.0/plans/standard-400/values.yaml new file mode 100644 index 00000000..2cc0d06e --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-400/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-400 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 1600 + resources: + limits: + cpu: 16000m + memory: 64Gi + requests: + cpu: 16000m + memory: 64Gi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 400Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} diff --git a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/mysql-cluster/8.0/plans/standard-50/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-50/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-50/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-50/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-50/meta.yaml new file mode 100644 index 00000000..a6d4e5bd --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-50/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-50" +id: 6f69bee2-6de2-4baf-bbe1-27844a2998b2 +description: "Mysql Cluster standard-10 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" +displayName: "standard-50" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-50/values.yaml b/addons/mysql-cluster/8.0/plans/standard-50/values.yaml new file mode 100644 index 00000000..bc9fd336 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-50/values.yaml @@ -0,0 +1,60 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-50 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 2000 + resources: + limits: + cpu: 2000m + memory: 8Gi + requests: + cpu: 2000m + memory: 8Gi + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 50Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} diff --git a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/mysql-cluster/8.0/plans/standard-800/create-instance-schema.json b/addons/mysql-cluster/8.0/plans/standard-800/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-800/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-800/meta.yaml b/addons/mysql-cluster/8.0/plans/standard-800/meta.yaml new file mode 100644 index 00000000..72806d97 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-800/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-800" +id: 829768aa-f287-42ee-b98c-db40ec670d38 +description: "Mysql Cluster standard-800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 32000" +displayName: "standard-800" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/mysql-cluster/8.0/plans/standard-800/values.yaml b/addons/mysql-cluster/8.0/plans/standard-800/values.yaml new file mode 100644 index 00000000..82a515d7 --- /dev/null +++ b/addons/mysql-cluster/8.0/plans/standard-800/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-800 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 32000 + resources: + limits: + cpu: 32000m + memory: 128Gi + requests: + cpu: 32000m + memory: 128Gi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 800Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} From 8a97c7ed3aaf794c1b614b3828415242f749cda5 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 25 Oct 2023 17:00:36 +0800 Subject: [PATCH 10/53] chore(prometheus): support discovery addons in namespaces --- .../prometheus/templates/_scrape_config.tpl | 44 ++++++++++++++ .../prometheus/2/chart/prometheus/values.yaml | 57 ++++--------------- 2 files changed, 55 insertions(+), 46 deletions(-) diff --git a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl index 7fb0e110..316031e2 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_scrape_config.tpl @@ -85,3 +85,47 @@ relabel_configs: regex: 0 action: keep {{- end -}} + +{{- define "addons.ds_scrape_config" -}} +honor_labels: true +kubernetes_sd_configs: + - role: endpoints + namespaces: + own_namespace: true + names: + - {{ include "common.names.namespace" .context }} +relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] + action: drop + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: (.+?)(?::\d+)?;(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: service + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node +{{- end -}} diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index a551fa68..fb195934 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -625,12 +625,16 @@ server: - job_name: alertmanager {{- include "prometheus.scrape_config" (dict "component" "alertmanager" "context" $) | nindent 4 }} {{- end }} + {{- if .Values.scrapeAddons.enabled }} + - job_name: addons + {{- include "addons.ds_scrape_config" (dict "context" $) | nindent 4 }} + {{- end }} {{- if .Values.server.extraScrapeConfigs}} {{- include "common.tplvalues.render" (dict "value" .Values.server.extraScrapeConfigs "context" $) | nindent 2 }} {{- end }} - {{- if .Values.server.dsScrapeConfigs}} - {{- include "common.tplvalues.render" (dict "value" .Values.server.dsScrapeConfigs "context" $) | nindent 2 }} - {{- end }} + # {{- if .Values.server.dsScrapeConfigs}} + # {{- include "common.tplvalues.render" (dict "value" .Values.server.dsScrapeConfigs "context" $) | nindent 2 }} + # {{- end }} {{- if or .Values.alertmanager.enabled .Values.server.alertingEndpoints}} alerting: alertmanagers: @@ -653,49 +657,7 @@ server: ## ref: ## extraScrapeConfigs: [] - dsScrapeConfigs: - - job_name: 'service-endpoints' - honor_labels: true - kubernetes_sd_configs: - - role: endpoints - namespaces: - own_namespace: true - names: - - default - relabel_configs: - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] - action: drop - regex: true - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] - action: replace - target_label: __scheme__ - regex: (https?) - - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] - action: replace - target_label: __address__ - regex: (.+?)(?::\d+)?;(\d+) - replacement: $1:$2 - - action: labelmap - regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) - replacement: __param_$1 - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: namespace - - source_labels: [__meta_kubernetes_service_name] - action: replace - target_label: service - - source_labels: [__meta_kubernetes_pod_node_name] - action: replace - target_label: node + ## @param server.replicaCount Number of Prometheus replicas to deploy ## replicaCount: 1 @@ -1569,3 +1531,6 @@ volumePermissions: ## containerSecurityContext: runAsUser: 0 + +scrapeAddons: + enable: true From 187ec9991af7c2bc26e58b9f3cfb686d4ed40092 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 25 Oct 2023 17:33:57 +0800 Subject: [PATCH 11/53] fix(prometheus): is enabled scrape addons metrics --- addons/prometheus/2/chart/prometheus/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index fb195934..21331135 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -1533,4 +1533,4 @@ volumePermissions: runAsUser: 0 scrapeAddons: - enable: true + enabled: true From 3a2818243cbcf7f58a6cd822db11716dc5b89545 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 2 Nov 2023 10:36:19 +0800 Subject: [PATCH 12/53] feat(drycc-addons): add postgresql-cluster --- .../15/chart/postgresql/Chart.yaml | 27 ++ .../15/chart/postgresql/README.md | 151 +++++++++++ .../15/chart/postgresql/templates/NOTES.txt | 25 ++ .../chart/postgresql/templates/_helpers.tpl | 43 +++ .../15/chart/postgresql/templates/ep.yaml | 12 + .../postgresql/templates/networkpolicy.yaml | 45 +++ .../15/chart/postgresql/templates/role.yaml | 49 ++++ .../postgresql/templates/rolebinding.yaml | 19 ++ .../15/chart/postgresql/templates/sec.yaml | 16 ++ .../postgresql/templates/serviceaccount.yaml | 12 + .../postgresql/templates/statefulset.yaml | 256 ++++++++++++++++++ .../postgresql/templates/svc-config.yaml | 11 + .../chart/postgresql/templates/svc-relp.yaml | 21 ++ .../15/chart/postgresql/templates/svc.yaml | 18 ++ .../15/chart/postgresql/values.yaml | 147 ++++++++++ addons/postgresql-cluster/15/meta.yaml | 20 ++ 16 files changed, 872 insertions(+) create mode 100644 addons/postgresql-cluster/15/chart/postgresql/Chart.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/README.md create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/NOTES.txt create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/role.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/rolebinding.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/serviceaccount.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/svc-config.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/svc-relp.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql/values.yaml create mode 100644 addons/postgresql-cluster/15/meta.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml b/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml new file mode 100644 index 00000000..f0397f67 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml @@ -0,0 +1,27 @@ +annotations: + category: Database +apiVersion: v2 +appVersion: "15" +dependencies: + - name: common + repository: oci://registry.drycc.cc/charts + version: ~1.1.1 +description: PostgreSQL (Postgres) is an open source object-relational database known for reliability and data integrity. ACID-compliant, it supports foreign keys, joins, views, triggers and stored procedures. +engine: gotpl +home: https://github.com/bitnami/charts/tree/master/bitnami/postgresql +icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-220x234.png +keywords: + - postgresql + - postgres + - database + - sql + - replication + - cluster +maintainers: + - email: zhang.eamon@hotmail.com + name: zhangeamon +name: postgresql +sources: + - https://github.com/drycc-addons/ + - https://www.postgresql.org/ +version: 15.4.1 diff --git a/addons/postgresql-cluster/15/chart/postgresql/README.md b/addons/postgresql-cluster/15/chart/postgresql/README.md new file mode 100644 index 00000000..8d44fca1 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/README.md @@ -0,0 +1,151 @@ +# ⚠️ Repo Archive Notice + +As of Nov 13, 2020, charts in this repo will no longer be updated. +For more information, see the Helm Charts [Deprecation and Archive Notice](https://github.com/helm/charts#%EF%B8%8F-deprecation-and-archive-notice), and [Update](https://helm.sh/blog/charts-repo-deprecation/). + +# Patroni Helm Chart + +This directory contains a Kubernetes chart to deploy a five node [Patroni](https://github.com/zalando/patroni/) cluster using a [Spilo](https://github.com/zalando/spilo) and a StatefulSet. + + +## Prerequisites Details +* Kubernetes 1.9+ +* PV support on the underlying infrastructure + +## StatefulSet Details +* https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ + +## StatefulSet Caveats +* https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#limitations + + +## Chart Details +This chart will do the following: + +* Implement a HA scalable PostgreSQL 10 cluster using a Kubernetes StatefulSet. + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm repo add +$ helm dependency update +$ helm install --name my-release postgresql-cluster +``` + +To install the chart with randomly generated passwords: + +```console +$ helm install --name my-release postgresql-cluster \ + --set credentials.superuser="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)",credentials.admin="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)",credentials.standby="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)" +``` + +## Connecting to PostgreSQL + +Your access point is a cluster IP. In order to access it spin up another pod: + +```console +$ kubectl run -i --tty --rm psql --image=postgres --restart=Never -- bash -il +``` + +Then, from inside the pod, connect to PostgreSQL: + +```console +$ psql -U admin -h my-release-patroni.default.svc.cluster.local postgres + +postgres=> +``` + +## Configuration + +The following table lists the configurable parameters of the patroni chart and their default values. + +| Parameter | Description | Default | +|-----------------------------------|---------------------------------------------|-----------------------------------------------------| +| `nameOverride` | Override the name of the chart | `nil` | +| `fullnameOverride` | Override the fullname of the chart | `nil` | +| `replicaCount` | Amount of pods to spawn | `5` | +| `image.repository` | The image to pull | `registry.opensource.zalan.do/acid/spilo-10` | +| `image.tag` | The version of the image to pull | `1.5-p5` | +| `image.pullPolicy` | The pull policy | `IfNotPresent` | +| `credentials.superuser` | Password of the superuser | `tea` | +| `credentials.admin` | Password of the admin | `cola` | +| `credentials.standby` | Password of the replication user | `pinacolada` | +| `kubernetes.dcs.enable` | Using Kubernetes as DCS | `true` | +| `kubernetes.configmaps.enable` | Using Kubernetes configmaps instead of endpoints | `false` | +| `etcd.enable` | Using etcd as DCS | `false` | +| `etcd.deployChart` | Deploy etcd chart | `false` | +| `etcd.host` | Host name of etcd cluster | `nil` | +| `etcd.discovery` | Domain name of etcd cluster | `nil` | +| `zookeeper.enable` | Using ZooKeeper as DCS | `false` | +| `zookeeper.deployChart` | Deploy ZooKeeper chart | `false` | +| `zookeeper.hosts` | List of ZooKeeper cluster members | `host1:port1,host2:port,etc...` | +| `consul.enable` | Using Consul as DCS | `false` | +| `consul.deployChart` | Deploy Consul chart | `false` | +| `consul.host` | Host name of consul cluster | `nil` | +| `env` | Extra custom environment variables | `{}` | +| `walE.enable` | Use of Wal-E tool for base backup/restore | `false` | +| `walE.scheduleCronJob` | Schedule of Wal-E backups | `00 01 * * *` | +| `walE.retainBackups` | Number of base backups to retain | `2` | +| `walE.s3Bucket:` | Amazon S3 bucket used for wal-e backups | `nil` | +| `walE.gcsBucket` | GCS storage used for Wal-E backups | `nil` | +| `walE.kubernetesSecret` | K8s secret name for provider bucket | `nil` | +| `walE.backupThresholdMegabytes` | Maximum size of the WAL segments accumulated after the base backup to consider WAL-E restore instead of pg_basebackup | `1024` | +| `walE.backupThresholdPercentage` | Maximum ratio (in percents) of the accumulated WAL files to the base backup to consider WAL-E restore instead of pg_basebackup | `30` | +| `resources` | Any resources you wish to assign to the pod | `{}` | +| `nodeSelector` | Node label to use for scheduling | `{}` | +| `tolerations` | List of node taints to tolerate | `[]` | +| `affinityTemplate` | A template string to use to generate the affinity settings | Anti-affinity preferred on hostname | +| `affinity` | Affinity settings. Overrides `affinityTemplate` if set. | `{}` | +| `schedulerName` | Alternate scheduler name | `nil` | +| `persistentVolume.accessModes` | Persistent Volume access modes | `[ReadWriteOnce]` | +| `persistentVolume.annotations` | Annotations for Persistent Volume Claim` | `{}` | +| `persistentVolume.mountPath` | Persistent Volume mount root path | `/home/postgres/pgdata` | +| `persistentVolume.size` | Persistent Volume size | `2Gi` | +| `persistentVolume.storageClass` | Persistent Volume Storage Class | `volume.alpha.kubernetes.io/storage-class: default` | +| `persistentVolume.subPath` | Subdirectory of Persistent Volume to mount | `""` | +| `rbac.create` | Create required role and rolebindings | `true` | +| `serviceAccount.create` | If true, create a new service account | `true` | +| `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template | `nil` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```console +$ helm install --name my-release -f values.yaml incubator/patroni +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Cleanup + +To remove the spawned pods you can run a simple `helm delete `. + +Helm will however preserve created persistent volume claims, +to also remove them execute the commands below. + +```console +$ release= +$ helm delete $release +$ kubectl delete pvc -l release=$release +``` + +## Internals + +Patroni is responsible for electing a PostgreSQL master pod by leveraging the +DCS of your choice. After election it adds a `spilo-role=master` label to the +elected master and set the label to `spilo-role=replica` for all replicas. +Simultaneously it will update the `-patroni` endpoint to let the +service route traffic to the elected master. + +```console +$ kubectl get pods -l spilo-role -L spilo-role +NAME READY STATUS RESTARTS AGE SPILO-ROLE +my-release-patroni-0 1/1 Running 0 9m replica +my-release-patroni-1 1/1 Running 0 9m master +my-release-patroni-2 1/1 Running 0 8m replica +my-release-patroni-3 1/1 Running 0 8m replica +my-release-patroni-4 1/1 Running 0 8m replica +``` diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/NOTES.txt b/addons/postgresql-cluster/15/chart/postgresql/templates/NOTES.txt new file mode 100644 index 00000000..22a4f2d2 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/NOTES.txt @@ -0,0 +1,25 @@ +Patroni can be accessed via port 5432 on the following DNS name from within your cluster: +{{ template "patroni.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + +To get your password for superuser run: + + # superuser password + PGPASSWORD_SUPERUSER=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "patroni.fullname" . }} -o jsonpath="{.data.password-superuser}" | base64 --decode) + + # admin password + PGPASSWORD_ADMIN=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "patroni.fullname" . }} -o jsonpath="{.data.password-admin}" | base64 --decode) + +To connect to your database: + +1. Run a postgres pod and connect using the psql cli: + # login as superuser + kubectl run -i --tty --rm psql --image=postgres \ + --env "PGPASSWORD=$PGPASSWORD_SUPERUSER" \ + --command -- psql -U postgres \ + -h {{ template "patroni.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local postgres + + # login as admin + kubectl run -i -tty --rm psql --image=postgres \ + --env "PGPASSWORD=$PGPASSWORD_ADMIN" \ + --command -- psql -U admin \ + -h {{ template "patroni.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local postgres diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl new file mode 100644 index 00000000..2b1b6d45 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "patroni.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "patroni.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "patroni.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use. +*/}} +{{- define "patroni.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "patroni.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml new file mode 100644 index 00000000..23b7b2eb --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} +subsets: [] diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml new file mode 100644 index 00000000..06617f8a --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml @@ -0,0 +1,45 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + ingress: + # Allow inbound connections + - ports: + - port: 5432 + {{- if and .Values.metrics.enabled }} + - port: {{ .Values.metrics.service.port }} + {{ end }} + {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} + from: + {{- if .Values.networkPolicy.allowCurrentNamespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- end }} + {{- range $namespace := .Values.networkPolicy.allowNamespaces }} + {{- if $namespace }} + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ $namespace }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/role.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/role.yaml new file mode 100644 index 00000000..c81b39a8 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/role.yaml @@ -0,0 +1,49 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +- apiGroups: [""] + resources: ["configmaps"] + verbs: + - create + - get + - list + - patch + - update + - watch + # delete is required only for 'patronictl remove' + - delete +- apiGroups: [""] + resources: ["services"] + verbs: + - create +- apiGroups: [""] + resources: ["endpoints"] + verbs: + - create + - get + - patch + - update + # the following three privileges are necessary only when using endpoints + - list + - watch + # delete is required only for for 'patronictl remove' + - delete + - deletecollection +- apiGroups: [""] + resources: ["pods"] + verbs: + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/rolebinding.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/rolebinding.yaml new file mode 100644 index 00000000..d09de1c8 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +subjects: + - kind: ServiceAccount + name: {{ template "patroni.serviceAccountName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "patroni.fullname" . }} +{{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml new file mode 100644 index 00000000..40082291 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} +type: Opaque +data: + password-superuser: {{ .Values.credentials.superuser | b64enc }} + password-admin: {{ .Values.credentials.admin | b64enc }} + password-replication: {{ .Values.credentials.standby | b64enc }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/serviceaccount.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/serviceaccount.yaml new file mode 100644 index 00000000..819bb983 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "patroni.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml new file mode 100644 index 00000000..ce657a5e --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml @@ -0,0 +1,256 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} +spec: + serviceName: {{ template "patroni.fullname" . }} + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ template "patroni.fullname" . }} + release: {{ .Release.Name }} + cluster-name: {{ template "patroni.fullname" . }} + template: + metadata: + name: {{ template "patroni.fullname" . }} + labels: + app: {{ template "patroni.fullname" . }} + release: {{ .Release.Name }} + cluster-name: {{ template "patroni.fullname" . }} + spec: + serviceAccountName: {{ template "patroni.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + {{- if .Values.kubernetes.dcs.enable }} + - name: PATRONI_KUBERNETES_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: PATRONI_KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: PATRONI_KUBERNETES_BYPASS_API_SERVICE + value: 'true' + - name: PATRONI_KUBERNETES_USE_ENDPOINTS + value: 'true' + - name: PATRONI_KUBERNETES_LABELS + value: '{app: {{ template "patroni.fullname" . }},release: {{ .Release.Name }},cluster-name: {{ template "patroni.fullname" . }}}' + - name: PATRONI_SUPERUSER_USERNAME + value: postgres + - name: PATRONI_SUPERUSER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-superuser + - name: PATRONI_REPLICATION_USERNAME + value: standby + - name: PATRONI_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-replication + - name: PATRONI_SCOPE + value: {{ template "patroni.fullname" . }} + - name: PATRONI_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: PATRONI_POSTGRESQL_DATA_DIR + value: "{{ .Values.persistentVolume.mountPath }}/data" + - name: PATRONI_POSTGRESQL_PGPASS + value: /tmp/pgpass + - name: PATRONI_POSTGRESQL_LISTEN + value: '0.0.0.0:5432' + - name: PATRONI_RESTAPI_LISTEN + value: '0.0.0.0:8008' + + {{- if .Values.kubernetes.configmaps.enable }} + - name: KUBERNETES_USE_CONFIGMAPS + value: "true" + {{- end }} + {{- end }} + {{- if .Values.etcd.enable }} + {{- if .Values.etcd.deployChart }} + - name: ETCD_DISCOVERY_DOMAIN + value: {{default (printf "%s-etcd" .Release.Name | trunc 63) .Values.etcd.discovery }} + {{- else }} + - name: ETCD_HOST + value: {{ .Values.etcd.host | quote }} + {{- end }} + {{- else if .Values.zookeeper.enable }} + {{- if .Values.zookeeper.deployChart }} + - name: ZOOKEEPER_HOSTS + value: {{(printf "'%s-zookeeper-headless:2181'" .Release.Name | trunc 63)}} + {{- else }} + - name: ZOOKEEPER_HOSTS + value: {{ .Values.zookeeper.hosts | quote }} + {{- end }} + {{- else if .Values.consul.enable }} + {{- if .Values.consul.deployChart }} + - name: PATRONI_CONSUL_HOST + value: {{(printf "'%s-consul'" .Release.Name | trunc 63)}} + {{- else }} + - name: PATRONI_CONSUL_HOST + value: {{ .Values.consul.host | quote }} + {{- end }} + {{- end }} + - name: SCOPE + value: {{ template "patroni.fullname" . }} + {{- if .Values.walE.enable }} + - name: USE_WALE + value: {{ .Values.walE.enable | quote }} + {{- if .Values.walE.scheduleCronJob }} + - name: BACKUP_SCHEDULE + value: {{ .Values.walE.scheduleCronJob | quote}} + {{- end }} + {{- if .Values.walE.retainBackups }} + - name: BACKUP_NUM_TO_RETAIN + value: {{ .Values.walE.retainBackups | quote}} + {{- end }} + {{- if .Values.walE.s3Bucket }} + - name: WAL_S3_BUCKET + value: {{ .Values.walE.s3Bucket | quote }} + {{else if .Values.walE.gcsBucket }} + - name: WAL_GCS_BUCKET + value: {{ .Values.walE.gcsBucket | quote }} + {{- if .Values.walE.kubernetesSecret }} + - name: GOOGLE_APPLICATION_CREDENTIALS + value: "/etc/credentials/{{.Values.walE.kubernetesSecret}}.json" + {{- end }} + {{- end }} + {{- if .Values.walE.backupThresholdMegabytes }} + - name: WALE_BACKUP_THRESHOLD_MEGABYTES + value: {{ .Values.walE.backupThresholdMegabytes | quote }} + {{- end }} + {{- if .Values.walE.backupThresholdPercentage }} + - name: WALE_BACKUP_THRESHOLD_PERCENTAGE + value: {{ .Values.walE.backupThresholdPercentage | quote }} + {{- end }} + {{- else }} + - name: USE_WALE + value: "" + {{- end }} + - name: PGROOT + value: "{{ .Values.persistentVolume.mountPath }}/pgroot" + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + {{- if .Values.env }} + {{- range $key, $val := .Values.env }} + - name: {{ $key | quote | upper }} + value: {{ $val | quote }} + {{- end }} + {{- end }} + readinessProbe: + httpGet: + scheme: HTTP + path: /readiness + port: 8008 + initialDelaySeconds: 3 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /liveness + port: 8008 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + ports: + - containerPort: 8008 + protocol: TCP + - containerPort: 5432 + protocol: TCP + volumeMounts: + - name: storage-volume + mountPath: "{{ .Values.persistentVolume.mountPath }}" + volumeMounts: "{{ .Values.persistentVolume.subPath }}" + # - mountPath: /etc/patroni + # name: patroni-config + # readOnly: true + {{- if .Values.walE.enable }} + {{- if .Values.walE.kubernetesSecret }} + - name: {{ .Values.walE.kubernetesSecret }} + mountPath: /etc/credentials + readOnly: true + {{- end }} + {{- end }} + resources: +{{ toYaml .Values.resources | indent 10 }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName }} + {{- end }} + {{- if .Values.affinity }} + affinity: +{{ .Values.affinity | toYaml | indent 8 }} + {{- else if .Values.affinityTemplate }} + affinity: +{{ tpl .Values.affinityTemplate . | indent 8 }} + {{- end }} + volumes: + - name: patroni-config + secret: + secretName: {{ template "patroni.fullname" . }} + {{- if .Values.walE.enable }} + {{- if .Values.walE.kubernetesSecret }} + - name: {{ .Values.walE.kubernetesSecret }} + secret: + secretName: {{ .Values.walE.kubernetesSecret }} + {{- end }} + {{- end }} + {{- if not .Values.persistentVolume.enabled }} + - name: storage-volume + emptyDir: {} + {{- end }} + {{- if .Values.persistentVolume.enabled }} + volumeClaimTemplates: + - metadata: + name: storage-volume + annotations: + {{- if .Values.persistentVolume.annotations }} +{{ toYaml .Values.persistentVolume.annotations | indent 8 }} + {{- end }} + labels: + app: {{ template "patroni.fullname" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + spec: + accessModes: +{{ toYaml .Values.persistentVolume.accessModes | indent 8 }} + resources: + requests: + storage: "{{ .Values.persistentVolume.size }}" + {{- if .Values.persistentVolume.storageClass }} + {{- if (eq "-" .Values.persistentVolume.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistentVolume.storageClass }}" + {{- end }} + {{- end }} + {{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc-config.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/svc-config.yaml new file mode 100644 index 00000000..442be2f3 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/svc-config.yaml @@ -0,0 +1,11 @@ +# headless service to avoid deletion of patronidemo-config endpoint +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }}-config + labels: + app: {{ template "patroni.fullname" . }} + release: {{ .Release.Name }} + cluster-name: {{ template "patroni.fullname" . }} +spec: + clusterIP: None diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc-relp.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/svc-relp.yaml new file mode 100644 index 00000000..cccaf8ce --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/svc-relp.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }}-repl + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} + role: replica +spec: + type: ClusterIP + selector: + app: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + role: replica + ports: + - port: 5432 + targetPort: 5432 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml new file mode 100644 index 00000000..430a6a8f --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + app: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} +spec: + type: ClusterIP + ports: + - name: postgresql + port: 5432 + targetPort: postgresql + protocol: TCP diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql/values.yaml new file mode 100644 index 00000000..1be7c5f6 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/values.yaml @@ -0,0 +1,147 @@ +replicaCount: 3 + +image: + # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 + # https://github.com/zalando/spilo/tree/master/postgres-appliance + repository: registry.drycc.cc/drycc-addons/patroni + tag: 3.2 + pullPolicy: 'IfNotPresent' + +# Credentials used by Patroni +# https://github.com/zalando/patroni/blob/master/docs/SETTINGS.rst#postgresql +# https://github.com/zalando/spilo/blob/master/ENVIRONMENT.rst +credentials: + superuser: tea + admin: cola + standby: reppasswd + +# Distribution Configuration stores +# Please note that only one of the following stores should be enabled. +kubernetes: + dcs: + enable: true + configmaps: + enable: false +etcd: + enable: false + deployChart: false + # If not deploying etcd chart, fill-in value for etcd service + # ..svc.cluster.local + host: + # Leave blank to use vendored etcd chart + discovery: +zookeeper: + enable: false + deployChart: false + # If not deploying etcd chart, fill-in list of ZooKeeper members in format: + # 'host1:port1','host2:port2','etc...' + hosts: +consul: + enable: false + deployChart: false + # Leave blank to use vendored consul chart + hosts: + +# Extra custom environment variables. +env: {} + +walE: + # Specifies whether Wal-E should be enabled + enable: false + # Cron schedule for doing base backups + scheduleCronJob: 00 01 * * * + # Amount of base backups to retain + retainBackups: 2 + # Path to the S3 or GCS bucket used for WAL-E base backups + s3Bucket: + gcsBucket: + # Name of the secret that holds the credentials to the bucket + kubernetesSecret: + # Maximum size of the WAL segments accumulated after the base backup to + # consider WAL-E restore instead of pg_basebackup + backupThresholdMegabytes: 1024 + # Maximum ratio (in percents) of the accumulated WAL files to the base backup + # to consider WAL-E restore instead of pg_basebackup + backupThresholdPercentage: 30 + +persistentVolume: + enabled: false + size: 10G + ## database data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + subPath: "" + mountPath: "/home/postgres/pgdata" + annotations: {} + accessModes: + - ReadWriteOnce + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 1000m + memory: 1Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 1000m + memory: 1Gi + +# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +nodeSelector: {} + +# https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +affinityTemplate: | + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: "kubernetes.io/hostname" + labelSelector: + matchLabels: + app: {{ template "patroni.name" . }} + release: {{ .Release.Name | quote }} +affinity: {} + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +rbac: + # Specifies whether RBAC resources should be created + create: true + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + +## Postgresql Prometheus exporter parameters +## +metrics: + enabled: false +## Postgresql Nework Policy configuration +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: false + ## @param networkPolicy.allowExternal The Policy model to apply. + ## When set to false, only pods with the correct + ## client label will have network access to the port MySQL is listening + ## on. When true, MySQL will accept connections from any source + ## (with the correct destination port). + ## + allowCurrentNamespace: true + allowNamespaces: [] \ No newline at end of file diff --git a/addons/postgresql-cluster/15/meta.yaml b/addons/postgresql-cluster/15/meta.yaml new file mode 100644 index 00000000..f7e21529 --- /dev/null +++ b/addons/postgresql-cluster/15/meta.yaml @@ -0,0 +1,20 @@ +name: postgresql-cluster +version: 15.0 +id: 5cfb0abf-276c-445b-9060-9aa964ede87d +description: "postgresql-cluster" +displayName: "postgresql-cluster-15.0" +metadata: + displayName: "postgresql-cluster-15.0" + provider: + name: drycc + supportURL: https://www.postgresql.org/ + documentationURL: https://github.com/drycc-addons/drycc-docker-postgresql-cluster +tags: postgresql-cluster +bindable: true +instances_retrievable: true +bindings_retrievable: true +plan_updateable: true +allow_parameters: +- name: "networkPolicy.allowNamespaces" + description: "networkPolicy allowNamespaces config for values.yaml" +archive: false \ No newline at end of file From c317ad3ac5802173ffcae6cd2ffa63a3d90fed9f Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 3 Nov 2023 09:13:06 +0800 Subject: [PATCH 13/53] chore(postgresql-cluster): move patroni env to helper --- .../chart/postgresql/templates/_helpers.tpl | 95 +++++++++++++ .../postgresql/templates/statefulset.yaml | 131 ++---------------- .../15/chart/postgresql/values.yaml | 24 +--- 3 files changed, 111 insertions(+), 139 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl index 2b1b6d45..f684f499 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl @@ -41,3 +41,98 @@ Create the name of the service account to use. {{ default "default" .Values.serviceAccount.name }} {{- end -}} {{- end -}} + +{{/* +Create patroni envs. +*/}} +{{- define "patroni.envs" }} +{{- if .Values.kubernetes.configmaps.enable }} +- name: KUBERNETES_USE_CONFIGMAPS + value: "true" +{{- end }} +{{- if .Values.kubernetes.endpoints.enable }} +- name: PATRONI_KUBERNETES_USE_ENDPOINTS + value: 'true' +{{- end }} +- name: PATRONI_KUBERNETES_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP +- name: PATRONI_KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +- name: PATRONI_KUBERNETES_BYPASS_API_SERVICE + value: 'true' +- name: PATRONI_KUBERNETES_LABELS + value: '{app: {{ template "patroni.fullname" . }},release: {{ .Release.Name }},cluster-name: {{ template "patroni.fullname" . }}}' +- name: PATRONI_SUPERUSER_USERNAME + value: postgres +- name: PATRONI_SUPERUSER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-superuser +- name: PATRONI_REPLICATION_USERNAME + value: standby +- name: PATRONI_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-replication +- name: PATRONI_SCOPE + value: {{ template "patroni.fullname" . }} +- name: PATRONI_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name +- name: PATRONI_POSTGRESQL_DATA_DIR + value: "{{ .Values.persistentVolume.mountPath }}/data" +- name: PATRONI_POSTGRESQL_PGPASS + value: /tmp/pgpass +- name: PATRONI_POSTGRESQL_LISTEN + value: '0.0.0.0:5432' +- name: PATRONI_RESTAPI_LISTEN + value: '0.0.0.0:8008' +{{- end -}} + +{{/* +Create wale envs. +*/}} +{{- define "wale.envs" }} +{{- if .Values.walE.enable }} +- name: USE_WALE + value: {{ .Values.walE.enable | quote }} +{{- if .Values.walE.scheduleCronJob }} +- name: BACKUP_SCHEDULE + value: {{ .Values.walE.scheduleCronJob | quote}} +{{- end }} +{{- if .Values.walE.retainBackups }} +- name: BACKUP_NUM_TO_RETAIN + value: {{ .Values.walE.retainBackups | quote}} +{{- end }} +{{- if .Values.walE.s3Bucket }} +- name: WAL_S3_BUCKET + value: {{ .Values.walE.s3Bucket | quote }} +{{else if .Values.walE.gcsBucket }} +- name: WAL_GCS_BUCKET + value: {{ .Values.walE.gcsBucket | quote }} +{{- if .Values.walE.kubernetesSecret }} +- name: GOOGLE_APPLICATION_CREDENTIALS + value: "/etc/credentials/{{.Values.walE.kubernetesSecret}}.json" +{{- end }} + +{{- if .Values.walE.backupThresholdMegabytes }} +- name: WALE_BACKUP_THRESHOLD_MEGABYTES + value: {{ .Values.walE.backupThresholdMegabytes | quote }} +{{- end }} +{{- if .Values.walE.backupThresholdPercentage }} +- name: WALE_BACKUP_THRESHOLD_PERCENTAGE + value: {{ .Values.walE.backupThresholdPercentage | quote }} +{{- end }} +{{- else }} +- name: USE_WALE + value: "" +{{- end }} +{{- end }} +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml index ce657a5e..14895620 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml @@ -31,123 +31,7 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: - {{- if .Values.kubernetes.dcs.enable }} - - name: PATRONI_KUBERNETES_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: PATRONI_KUBERNETES_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: PATRONI_KUBERNETES_BYPASS_API_SERVICE - value: 'true' - - name: PATRONI_KUBERNETES_USE_ENDPOINTS - value: 'true' - - name: PATRONI_KUBERNETES_LABELS - value: '{app: {{ template "patroni.fullname" . }},release: {{ .Release.Name }},cluster-name: {{ template "patroni.fullname" . }}}' - - name: PATRONI_SUPERUSER_USERNAME - value: postgres - - name: PATRONI_SUPERUSER_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "patroni.fullname" . }} - key: password-superuser - - name: PATRONI_REPLICATION_USERNAME - value: standby - - name: PATRONI_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "patroni.fullname" . }} - key: password-replication - - name: PATRONI_SCOPE - value: {{ template "patroni.fullname" . }} - - name: PATRONI_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: PATRONI_POSTGRESQL_DATA_DIR - value: "{{ .Values.persistentVolume.mountPath }}/data" - - name: PATRONI_POSTGRESQL_PGPASS - value: /tmp/pgpass - - name: PATRONI_POSTGRESQL_LISTEN - value: '0.0.0.0:5432' - - name: PATRONI_RESTAPI_LISTEN - value: '0.0.0.0:8008' - - {{- if .Values.kubernetes.configmaps.enable }} - - name: KUBERNETES_USE_CONFIGMAPS - value: "true" - {{- end }} - {{- end }} - {{- if .Values.etcd.enable }} - {{- if .Values.etcd.deployChart }} - - name: ETCD_DISCOVERY_DOMAIN - value: {{default (printf "%s-etcd" .Release.Name | trunc 63) .Values.etcd.discovery }} - {{- else }} - - name: ETCD_HOST - value: {{ .Values.etcd.host | quote }} - {{- end }} - {{- else if .Values.zookeeper.enable }} - {{- if .Values.zookeeper.deployChart }} - - name: ZOOKEEPER_HOSTS - value: {{(printf "'%s-zookeeper-headless:2181'" .Release.Name | trunc 63)}} - {{- else }} - - name: ZOOKEEPER_HOSTS - value: {{ .Values.zookeeper.hosts | quote }} - {{- end }} - {{- else if .Values.consul.enable }} - {{- if .Values.consul.deployChart }} - - name: PATRONI_CONSUL_HOST - value: {{(printf "'%s-consul'" .Release.Name | trunc 63)}} - {{- else }} - - name: PATRONI_CONSUL_HOST - value: {{ .Values.consul.host | quote }} - {{- end }} - {{- end }} - - name: SCOPE - value: {{ template "patroni.fullname" . }} - {{- if .Values.walE.enable }} - - name: USE_WALE - value: {{ .Values.walE.enable | quote }} - {{- if .Values.walE.scheduleCronJob }} - - name: BACKUP_SCHEDULE - value: {{ .Values.walE.scheduleCronJob | quote}} - {{- end }} - {{- if .Values.walE.retainBackups }} - - name: BACKUP_NUM_TO_RETAIN - value: {{ .Values.walE.retainBackups | quote}} - {{- end }} - {{- if .Values.walE.s3Bucket }} - - name: WAL_S3_BUCKET - value: {{ .Values.walE.s3Bucket | quote }} - {{else if .Values.walE.gcsBucket }} - - name: WAL_GCS_BUCKET - value: {{ .Values.walE.gcsBucket | quote }} - {{- if .Values.walE.kubernetesSecret }} - - name: GOOGLE_APPLICATION_CREDENTIALS - value: "/etc/credentials/{{.Values.walE.kubernetesSecret}}.json" - {{- end }} - {{- end }} - {{- if .Values.walE.backupThresholdMegabytes }} - - name: WALE_BACKUP_THRESHOLD_MEGABYTES - value: {{ .Values.walE.backupThresholdMegabytes | quote }} - {{- end }} - {{- if .Values.walE.backupThresholdPercentage }} - - name: WALE_BACKUP_THRESHOLD_PERCENTAGE - value: {{ .Values.walE.backupThresholdPercentage | quote }} - {{- end }} - {{- else }} - - name: USE_WALE - value: "" - {{- end }} - - name: PGROOT - value: "{{ .Values.persistentVolume.mountPath }}/pgroot" - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace + {{- include "patroni.envs" . | indent 8 }} {{- if .Values.env }} {{- range $key, $val := .Values.env }} - name: {{ $key | quote | upper }} @@ -174,6 +58,18 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 + lifecycle: + preStop: + exec: + command: + - /usr/bin/env + - bash + - -c + - | + # switch leader pod if the current pod is the leader + if curl --fail http://localhost:8008/read-write; then + init-stack patronictl switchover --force + fi ports: - containerPort: 8008 protocol: TCP @@ -182,7 +78,6 @@ spec: volumeMounts: - name: storage-volume mountPath: "{{ .Values.persistentVolume.mountPath }}" - volumeMounts: "{{ .Values.persistentVolume.subPath }}" # - mountPath: /etc/patroni # name: patroni-config # readOnly: true diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql/values.yaml index 1be7c5f6..f7bdc8a7 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/values.yaml @@ -5,6 +5,7 @@ image: # https://github.com/zalando/spilo/tree/master/postgres-appliance repository: registry.drycc.cc/drycc-addons/patroni tag: 3.2 + # IfNotPresent , Always pullPolicy: 'IfNotPresent' # Credentials used by Patroni @@ -18,29 +19,10 @@ credentials: # Distribution Configuration stores # Please note that only one of the following stores should be enabled. kubernetes: - dcs: + endpoints: enable: true configmaps: enable: false -etcd: - enable: false - deployChart: false - # If not deploying etcd chart, fill-in value for etcd service - # ..svc.cluster.local - host: - # Leave blank to use vendored etcd chart - discovery: -zookeeper: - enable: false - deployChart: false - # If not deploying etcd chart, fill-in list of ZooKeeper members in format: - # 'host1:port1','host2:port2','etc...' - hosts: -consul: - enable: false - deployChart: false - # Leave blank to use vendored consul chart - hosts: # Extra custom environment variables. env: {} @@ -136,7 +118,7 @@ metrics: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: false + enabled: true ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port MySQL is listening From 9891e1050911ce0c4e2f19453956acb2287f3d9e Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 6 Nov 2023 11:00:32 +0800 Subject: [PATCH 14/53] chore(postgresql-cluster):adjust patroni config use configmap --- .../chart/postgresql/templates/_helpers.tpl | 10 ++++ .../chart/postgresql/templates/configmap.yaml | 19 ++++++++ .../15/chart/postgresql/templates/ep.yaml | 12 ----- .../postgresql/templates/networkpolicy.yaml | 6 +-- .../postgresql/templates/statefulset.yaml | 17 +++++-- .../15/chart/postgresql/values.yaml | 46 +++++++++++++++++++ 6 files changed, 88 insertions(+), 22 deletions(-) create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml delete mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl index f684f499..8e146ffd 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl @@ -42,6 +42,16 @@ Create the name of the service account to use. {{- end -}} {{- end -}} +{{/* +Return true if a configmap object should be created for MySQL Secondary +*/}} +{{- define "patroni.createConfigmap" -}} +{{- if and .Values.configuration }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + {{/* Create patroni envs. */}} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml new file mode 100644 index 00000000..5f26b266 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml @@ -0,0 +1,19 @@ +{{- if (include "patroni.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-cm + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + patroni.sh: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.configuration "context" $ ) | nindent 4 }} +{{- end -}} + diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml deleted file mode 100644 index 23b7b2eb..00000000 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/ep.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Endpoints -metadata: - name: {{ template "patroni.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: - app: {{ template "patroni.fullname" . }} - chart: {{ template "patroni.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - cluster-name: {{ template "patroni.fullname" . }} -subsets: [] diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml index 06617f8a..a6d317e6 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml @@ -1,8 +1,3 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - {{- if .Values.networkPolicy.enabled }} kind: NetworkPolicy apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} @@ -13,6 +8,7 @@ metadata: {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} + cluster-name: {{ template "patroni.fullname" . }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml index 14895620..4bf6e766 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml @@ -26,10 +26,17 @@ spec: cluster-name: {{ template "patroni.fullname" . }} spec: serviceAccountName: {{ template "patroni.serviceAccountName" . }} + + # securityContext: + # runAsUser: postgres + # fsGroup: postgres containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + # securityContext: + # runAsUser: postgres + # fsGroup: postgres env: {{- include "patroni.envs" . | indent 8 }} {{- if .Values.env }} @@ -78,9 +85,9 @@ spec: volumeMounts: - name: storage-volume mountPath: "{{ .Values.persistentVolume.mountPath }}" - # - mountPath: /etc/patroni - # name: patroni-config - # readOnly: true + - mountPath: "/opt/drycc/scripts/patroni/" + name: patroni-config + # readOnly: true {{- if .Values.walE.enable }} {{- if .Values.walE.kubernetesSecret }} - name: {{ .Values.walE.kubernetesSecret }} @@ -110,8 +117,8 @@ spec: {{- end }} volumes: - name: patroni-config - secret: - secretName: {{ template "patroni.fullname" . }} + configMap: + name: {{ template "common.names.fullname" . }}-cm {{- if .Values.walE.enable }} {{- if .Values.walE.kubernetesSecret }} - name: {{ .Values.walE.kubernetesSecret }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql/values.yaml index f7bdc8a7..6e159f91 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/values.yaml @@ -27,6 +27,52 @@ kubernetes: # Extra custom environment variables. env: {} +# +#custom patroni.yaml used by patroni boot +# configuration: {} +configuration: | + cat > /home/postgres/patroni.yml <<__EOF__ + log: + level: DEBUG + bootstrap: + dcs: + postgresql: + use_pg_rewind: true + use_slots: true + pg_hba: + - host all all 0.0.0.0/0 scram-sha-256 + - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 + parameters: + wal_level: hot_standby + hot_standby: "on" + max_connections: 1000 + max_worker_processes: 8 + wal_keep_segments: 8 + max_wal_senders: 10 + max_replication_slots: 10 + max_prepared_transactions: 0 + max_locks_per_transaction: 64 + wal_log_hints: "on" + track_commit_timestamp: "off" + archive_mode: "on" + archive_timeout: 1800s + initdb: + - auth-host: scram-sha-256 + - auth-local: trust + - encoding: UTF8 + - locale: en_US.UTF-8 + - data-checksums + restapi: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:8008' + postgresql: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:5432' + authentication: + superuser: + password: '${PATRONI_SUPERUSER_PASSWORD}' + replication: + password: '${PATRONI_REPLICATION_PASSWORD}' + __EOF__ + walE: # Specifies whether Wal-E should be enabled enable: false From 4f1a35012c0b68a506175ebb649b6c66d71487a4 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 9 Nov 2023 13:35:34 +0800 Subject: [PATCH 15/53] chore(postgresql-cluster):organize code structure --- .../chart/postgresql/templates/_helpers.tpl | 28 ++++++++- .../chart/postgresql/templates/configmap.yaml | 9 +-- .../15/chart/postgresql/templates/sec.yaml | 7 ++- .../postgresql/templates/statefulset.yaml | 2 +- .../15/chart/postgresql/values.yaml | 61 +++++++++++++++---- .../15/plans/standard-10/bind.yaml | 34 +++++++++++ .../standard-10/create-instance-schema.json | 12 ++++ .../15/plans/standard-10/meta.yaml | 6 ++ .../15/plans/standard-10/values.yaml | 61 +++++++++++++++++++ .../15/plans/standard-20/bind.yaml | 34 +++++++++++ .../standard-20/create-instance-schema.json | 12 ++++ .../15/plans/standard-20/meta.yaml | 6 ++ .../15/plans/standard-20/values.yaml | 61 +++++++++++++++++++ 13 files changed, 311 insertions(+), 22 deletions(-) create mode 100644 addons/postgresql-cluster/15/plans/standard-10/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-10/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-10/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-10/values.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-20/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-20/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-20/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-20/values.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl index 8e146ffd..41b3a94d 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl @@ -43,10 +43,10 @@ Create the name of the service account to use. {{- end -}} {{/* -Return true if a configmap object should be created for MySQL Secondary +Return true if a configmap object should be created for Postgresql HA patroni */}} {{- define "patroni.createConfigmap" -}} -{{- if and .Values.configuration }} +{{- if and .Values.preInitScript }} {{- true -}} {{- else -}} {{- end -}} @@ -90,6 +90,13 @@ Create patroni envs. secretKeyRef: name: {{ template "patroni.fullname" . }} key: password-replication +- name: PATRONI_REWIND_USERNAME + value: rewinder +- name: PATRONI_REWIND_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-rewind - name: PATRONI_SCOPE value: {{ template "patroni.fullname" . }} - name: PATRONI_NAME @@ -104,6 +111,23 @@ Create patroni envs. value: '0.0.0.0:5432' - name: PATRONI_RESTAPI_LISTEN value: '0.0.0.0:8008' + +- name: DATABASE_NAME + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: data-name +- name: DATABASE_USER + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: data-user +- name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: data-password + {{- end -}} {{/* diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml index 5f26b266..877d5879 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml @@ -13,7 +13,8 @@ metadata: annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} data: - patroni.sh: |- - {{- include "common.tplvalues.render" ( dict "value" .Values.configuration "context" $ ) | nindent 4 }} -{{- end -}} - + pre_init.sh: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.preInitScript "context" $ ) | nindent 4 }} + post_init.sh: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.postInitScript "context" $ ) | nindent 4 }} +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml index 40082291..89214502 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml @@ -12,5 +12,8 @@ metadata: type: Opaque data: password-superuser: {{ .Values.credentials.superuser | b64enc }} - password-admin: {{ .Values.credentials.admin | b64enc }} - password-replication: {{ .Values.credentials.standby | b64enc }} + password-rewind: {{ .Values.credentials.rewind | b64enc }} + password-replication: {{ .Values.credentials.replication | b64enc }} + data-user: {{ .Values.dataname.username | b64enc }} + data-name: {{ .Values.dataname.dbname | b64enc }} + data-password: {{ .Values.dataname.password | b64enc }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml index 4bf6e766..29fdbed9 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml @@ -85,7 +85,7 @@ spec: volumeMounts: - name: storage-volume mountPath: "{{ .Values.persistentVolume.mountPath }}" - - mountPath: "/opt/drycc/scripts/patroni/" + - mountPath: "/opt/drycc/postgresql/scripts/" name: patroni-config # readOnly: true {{- if .Values.walE.enable }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql/values.yaml index 6e159f91..679f4072 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/values.yaml @@ -3,18 +3,23 @@ replicaCount: 3 image: # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 # https://github.com/zalando/spilo/tree/master/postgres-appliance - repository: registry.drycc.cc/drycc-addons/patroni - tag: 3.2 + repository: registry.drycc.cc/drycc-addons/postgresql-patroni + tag: 15 # IfNotPresent , Always pullPolicy: 'IfNotPresent' -# Credentials used by Patroni +# Credentials used by Patroni , passwd # https://github.com/zalando/patroni/blob/master/docs/SETTINGS.rst#postgresql # https://github.com/zalando/spilo/blob/master/ENVIRONMENT.rst credentials: superuser: tea - admin: cola - standby: reppasswd + rewind: cola + replication: reppasswd + +dataname: + dbname: db1 + username: us1 + password: 111w # Distribution Configuration stores # Please note that only one of the following stores should be enabled. @@ -30,8 +35,8 @@ env: {} # #custom patroni.yaml used by patroni boot # configuration: {} -configuration: | - cat > /home/postgres/patroni.yml <<__EOF__ +preInitScript: | + cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ log: level: DEBUG bootstrap: @@ -40,12 +45,13 @@ configuration: | use_pg_rewind: true use_slots: true pg_hba: + - local all all peer - host all all 0.0.0.0/0 scram-sha-256 - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 parameters: wal_level: hot_standby hot_standby: "on" - max_connections: 1000 + max_connections: 1005 max_worker_processes: 8 wal_keep_segments: 8 max_wal_senders: 10 @@ -56,23 +62,52 @@ configuration: | track_commit_timestamp: "off" archive_mode: "on" archive_timeout: 1800s + archive_command: /bin/true + # timescaledb.license: 'timescale' + shared_preload_libraries: 'auto_explain,pg_stat_statements' initdb: - - auth-host: scram-sha-256 - - auth-local: trust - - encoding: UTF8 - - locale: en_US.UTF-8 - - data-checksums + - auth-host: scram-sha-256 + - auth-local: trust + - encoding: UTF8 + - locale: en_US.UTF-8 + - data-checksums + post_bootstrap: sh /opt/drycc/postgresql/scripts/post_init.sh restapi: connect_address: '${PATRONI_KUBERNETES_POD_IP}:8008' postgresql: connect_address: '${PATRONI_KUBERNETES_POD_IP}:5432' authentication: superuser: + username: postgres password: '${PATRONI_SUPERUSER_PASSWORD}' replication: + username: standby password: '${PATRONI_REPLICATION_PASSWORD}' + rewind: # Has no effect on postgres 10 and lower + username: rewinder + password: '${PATRONI_REWIND_USERNAME}' + watchdog: + mode: off __EOF__ +postInitScript: | + #!/bin/bash + set -Eeu + # Create monitor user + psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor" + # Create init database & user + if [[( -n "$DATABASE_USER") && ( -n "$DATABASE_PASSWORD") && ( -n "$DATABASE_NAME")]]; then + echo "Creating user ${DATABASE_USER}" + psql -w -c "create user ${DATABASE_USER} WITH LOGIN ENCRYPTED PASSWORD '${DATABASE_PASSWORD}'" + echo "Creating database ${DATABASE_NAME} " + psql -w -c "CREATE DATABASE ${DATABASE_NAME} OWNER ${DATABASE_USER} CONNECTION LIMIT 1000" + psql -w -d ${DATABASE_NAME} -c "create extension postgis" + psql -w -c "CHECKPOINT;CHECKPOINT;" + else + echo "Skipping user creation" + echo "Skipping database creation" + fi + walE: # Specifies whether Wal-E should be enabled enable: false diff --git a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml new file mode 100644 index 00000000..e5b14d98 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.password }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/postgresql-cluster/15/plans/standard-10/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-10/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-10/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-10/meta.yaml b/addons/postgresql-cluster/15/plans/standard-10/meta.yaml new file mode 100644 index 00000000..6c738828 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-10/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-10" +id: 2b455154-8725-482a-95b2-a193c180d9b5 +description: "Mysql Cluster standard-10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G , DB MAX Connection 600" +displayName: "standard-10" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-10/values.yaml b/addons/postgresql-cluster/15/plans/standard-10/values.yaml new file mode 100644 index 00000000..f90075a8 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-10/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-10 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 600 + resources: + limits: + cpu: 1000m + memory: 1024Mi + requests: + cpu: 1000m + memory: 1024Mi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 10Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} diff --git a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml new file mode 100644 index 00000000..e8b99314 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml @@ -0,0 +1,34 @@ +credential: + {{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: host + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.host }' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.database }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.username }' + - name: portro + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portro }' + - name: portrw + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }}-svcbind-custom-user + jsonpath: '{ .data.portrw }' + {{- end }} + diff --git a/addons/postgresql-cluster/15/plans/standard-20/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-20/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-20/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-20/meta.yaml b/addons/postgresql-cluster/15/plans/standard-20/meta.yaml new file mode 100644 index 00000000..e749a7db --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-20/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-20" +id: 95fd7cf2-f2fb-46c9-b3fc-9e7f48899dcc +description: "Mysql Cluster standard-20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" +displayName: "standard-20" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-20/values.yaml b/addons/postgresql-cluster/15/plans/standard-20/values.yaml new file mode 100644 index 00000000..d9422e70 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-20/values.yaml @@ -0,0 +1,61 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-mysql-cluster-standard-20 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## +primary: + maxConnectionLimit: 1000 + resources: + limits: + cpu: 2000m + memory: 4Gi + requests: + cpu: 2000m + memory: 4Gi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## + persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 20Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} From 324971644e32b2961fa02ca51b8f19e9a55d3540 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 9 Nov 2023 17:40:44 +0800 Subject: [PATCH 16/53] chore(postgresql-cluster): add metrics --- .../postgresql/templates/networkpolicy.yaml | 2 +- .../postgresql/templates/statefulset.yaml | 49 +++++++++++++++++++ .../15/chart/postgresql/templates/svc.yaml | 2 +- .../15/chart/postgresql/values.yaml | 41 ++++++++++++++-- 4 files changed, 87 insertions(+), 7 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml index a6d317e6..3b3baa56 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml @@ -21,7 +21,7 @@ spec: - ports: - port: 5432 {{- if and .Values.metrics.enabled }} - - port: {{ .Values.metrics.service.port }} + - port: {{ .Values.metrics.containerPort }} {{ end }} {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} from: diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml index 29fdbed9..630fd990 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml @@ -97,6 +97,55 @@ spec: {{- end }} resources: {{ toYaml .Values.resources | indent 10 }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: "{{ .Values.metrics.image.repository }}:{{ .Values.metrics.image.tag }}" + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.metrics.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.metrics.customMetrics }} + args: ["--extend.query-path", "/conf/custom-metrics.yaml"] + {{- end }} + env: + - name: DATA_SOURCE_NAME + value: {{ printf "postgresql://tea_mon:password@127.0.0.1:5432/%s?sslmode=disable" $.Values.dataname.dbname }} + ports: + - name: http-metrics + containerPort: {{ .Values.metrics.containerPort }} + startupProbe: + initialDelaySeconds: 10 + tcpSocket: + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + livenessProbe: + initialDelaySeconds: 5 + httpGet: + path: / + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + readinessProbe: + initialDelaySeconds: 5 + httpGet: + path: / + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml index 430a6a8f..301216e1 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml @@ -15,4 +15,4 @@ spec: - name: postgresql port: 5432 targetPort: postgresql - protocol: TCP + protocol: TCP \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql/values.yaml index 679f4072..f9f86f8c 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/values.yaml @@ -1,4 +1,6 @@ replicaCount: 3 +diagnosticMode: + enable: false image: # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 @@ -46,6 +48,7 @@ preInitScript: | use_slots: true pg_hba: - local all all peer + - host all tea_mon 127.0.0.1/32 trust - host all all 0.0.0.0/0 scram-sha-256 - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 parameters: @@ -108,6 +111,39 @@ postInitScript: | echo "Skipping database creation" fi +## Postgresql Prometheus exporter parameters +## +metrics: + enabled: true + image: + repository: registry.drycc.cc/drycc-addons/postgres-exporter + tag: "0" + # IfNotPresent , Always + pullPolicy: 'IfNotPresent' + ## @param metrics.customMetrics Define additional custom metrics + ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file + ## customMetrics: + ## pg_database: + ## query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" + ## metrics: + ## - name: + ## usage: "LABEL" + ## description: "Name of the database" + ## - size_bytes: + ## usage: "GAUGE" + ## description: "Size of the database in bytes" + ## + customMetrics: {} + containerPort: 9187 + containerSecurityContext: + enabled: false + runAsUser: 1001 + runAsNonRoot: true + customLivenessProbe: {} + customReadinessProbe: + enabled: true + service: port + resources: {} walE: # Specifies whether Wal-E should be enabled enable: false @@ -189,11 +225,6 @@ serviceAccount: # The name of the ServiceAccount to use. # If not set and create is true, a name is generated using the fullname template name: - -## Postgresql Prometheus exporter parameters -## -metrics: - enabled: false ## Postgresql Nework Policy configuration ## networkPolicy: From 53f6af72ed236ad1e815870ad2ae7d69e0254741 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 10 Nov 2023 11:47:43 +0800 Subject: [PATCH 17/53] chore(postgresql-cluster): add metrics --- .../15/chart/postgresql/Chart.yaml | 3 +- .../postgresql/templates/metrics-svc.yaml | 31 +++++++++++++++++++ .../postgresql/templates/statefulset.yaml | 9 ++++-- .../15/chart/postgresql/values.yaml | 16 +++++++++- 4 files changed, 54 insertions(+), 5 deletions(-) create mode 100644 addons/postgresql-cluster/15/chart/postgresql/templates/metrics-svc.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml b/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml index f0397f67..375ae4fe 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml @@ -17,6 +17,7 @@ keywords: - sql - replication - cluster + - patroni maintainers: - email: zhang.eamon@hotmail.com name: zhangeamon @@ -24,4 +25,4 @@ name: postgresql sources: - https://github.com/drycc-addons/ - https://www.postgresql.org/ -version: 15.4.1 +version: 15.3.1 diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/metrics-svc.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/metrics-svc.yaml new file mode 100644 index 00000000..0cd24f48 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/metrics-svc.yaml @@ -0,0 +1,31 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-metrics" (include "patroni.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + sessionAffinity: {{ .Values.metrics.service.sessionAffinity }} + {{- if .Values.metrics.service.clusterIP }} + clusterIP: {{ .Values.metrics.service.clusterIP }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.metrics.service.ports.metrics }} + targetPort: http-metrics + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: patroni +{{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml index 630fd990..803b9702 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml @@ -3,7 +3,8 @@ kind: StatefulSet metadata: name: {{ template "patroni.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} - labels: + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni app: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} @@ -13,14 +14,16 @@ spec: serviceName: {{ template "patroni.fullname" . }} replicas: {{ .Values.replicaCount }} selector: - matchLabels: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: patroni app: {{ template "patroni.fullname" . }} release: {{ .Release.Name }} cluster-name: {{ template "patroni.fullname" . }} template: metadata: name: {{ template "patroni.fullname" . }} - labels: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: patroni app: {{ template "patroni.fullname" . }} release: {{ .Release.Name }} cluster-name: {{ template "patroni.fullname" . }} diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql/values.yaml index f9f86f8c..4d28d660 100644 --- a/addons/postgresql-cluster/15/chart/postgresql/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql/values.yaml @@ -133,6 +133,21 @@ metrics: ## usage: "GAUGE" ## description: "Size of the database in bytes" ## + service: + ports: + metrics: 9187 + clusterIP: "" + ## @param metrics.service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param metrics.service.annotations [object] Annotations for Prometheus to auto-discover the metrics endpoint + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}" + customMetrics: {} containerPort: 9187 containerSecurityContext: @@ -142,7 +157,6 @@ metrics: customLivenessProbe: {} customReadinessProbe: enabled: true - service: port resources: {} walE: # Specifies whether Wal-E should be enabled From c7969725b66e4bb86481c4514ef584f0fc1ec8d8 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 10 Nov 2023 11:51:19 +0800 Subject: [PATCH 18/53] chore(postgresql-cluster): rename postgresql to postgresql-cluster --- .../15/chart/{postgresql => postgresql-cluster}/Chart.yaml | 0 .../15/chart/{postgresql => postgresql-cluster}/README.md | 0 .../chart/{postgresql => postgresql-cluster}/templates/NOTES.txt | 0 .../{postgresql => postgresql-cluster}/templates/_helpers.tpl | 0 .../{postgresql => postgresql-cluster}/templates/configmap.yaml | 0 .../{postgresql => postgresql-cluster}/templates/metrics-svc.yaml | 0 .../templates/networkpolicy.yaml | 0 .../chart/{postgresql => postgresql-cluster}/templates/role.yaml | 0 .../{postgresql => postgresql-cluster}/templates/rolebinding.yaml | 0 .../chart/{postgresql => postgresql-cluster}/templates/sec.yaml | 0 .../templates/serviceaccount.yaml | 0 .../{postgresql => postgresql-cluster}/templates/statefulset.yaml | 0 .../{postgresql => postgresql-cluster}/templates/svc-config.yaml | 0 .../{postgresql => postgresql-cluster}/templates/svc-relp.yaml | 0 .../chart/{postgresql => postgresql-cluster}/templates/svc.yaml | 0 .../15/chart/{postgresql => postgresql-cluster}/values.yaml | 0 16 files changed, 0 insertions(+), 0 deletions(-) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/Chart.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/README.md (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/NOTES.txt (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/_helpers.tpl (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/configmap.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/metrics-svc.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/networkpolicy.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/role.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/rolebinding.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/sec.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/serviceaccount.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/statefulset.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/svc-config.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/svc-relp.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/templates/svc.yaml (100%) rename addons/postgresql-cluster/15/chart/{postgresql => postgresql-cluster}/values.yaml (100%) diff --git a/addons/postgresql-cluster/15/chart/postgresql/Chart.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/Chart.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/Chart.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/Chart.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/README.md rename to addons/postgresql-cluster/15/chart/postgresql-cluster/README.md diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/NOTES.txt b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/NOTES.txt similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/NOTES.txt rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/NOTES.txt diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/_helpers.tpl rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/configmap.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/configmap.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/configmap.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/metrics-svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/metrics-svc.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/metrics-svc.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/metrics-svc.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/networkpolicy.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/role.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/role.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/role.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/role.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/rolebinding.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/rolebinding.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/rolebinding.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/rolebinding.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/sec.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/serviceaccount.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/serviceaccount.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/serviceaccount.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/serviceaccount.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/statefulset.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc-config.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-config.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/svc-config.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-config.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc-relp.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/svc-relp.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/templates/svc.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml similarity index 100% rename from addons/postgresql-cluster/15/chart/postgresql/values.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml From f57e768f3e9c9b3843a3ab17e031958279745b24 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 15 Nov 2023 15:55:53 +0800 Subject: [PATCH 19/53] chore(postgresql-cluster) add wal-g for backup --- addons/postgresql-cluster/15/chart/cj.yaml | 605 ++++++++++++++++++ .../postgresql-cluster/templates/_helpers.tpl | 68 +- .../postgresql-cluster/templates/cronjob.yaml | 58 ++ .../templates/networkpolicy.yaml | 1 + .../postgresql-cluster/templates/role.yaml | 2 +- .../templates/rolebinding.yaml | 2 +- .../postgresql-cluster/templates/sec.yaml | 2 +- .../templates/serviceaccount.yaml | 2 +- .../templates/statefulset.yaml | 26 +- .../templates/svc-config.yaml | 2 +- .../templates/svc-master.yaml | 24 + .../{metrics-svc.yaml => svc-metrics.yaml} | 1 + .../templates/svc-relp.yaml | 9 +- .../postgresql-cluster/templates/svc.yaml | 14 +- .../15/chart/postgresql-cluster/values.yaml | 42 +- .../15/plans/standard-10/bind.yaml | 2 +- .../15/plans/standard-10/meta.yaml | 4 +- .../15/plans/standard-10/values.yaml | 130 ++-- .../15/plans/standard-20/values.yaml | 2 +- 19 files changed, 865 insertions(+), 131 deletions(-) create mode 100644 addons/postgresql-cluster/15/chart/cj.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml create mode 100644 addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml rename addons/postgresql-cluster/15/chart/postgresql-cluster/templates/{metrics-svc.yaml => svc-metrics.yaml} (96%) diff --git a/addons/postgresql-cluster/15/chart/cj.yaml b/addons/postgresql-cluster/15/chart/cj.yaml new file mode 100644 index 00000000..48880e1c --- /dev/null +++ b/addons/postgresql-cluster/15/chart/cj.yaml @@ -0,0 +1,605 @@ +--- +# Source: postgresql/templates/networkpolicy.yaml +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: patroni + cluster-name: release-name-postgresql +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: release-name + ingress: + # Allow inbound connections + - ports: + - port: 5432 + - port: 9187 + + from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: default +--- +# Source: postgresql/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm +--- +# Source: postgresql/templates/sec.yaml +apiVersion: v1 +kind: Secret +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm + cluster-name: release-name-postgresql +type: Opaque +data: + password-superuser: dGVh + password-rewind: Y29sYQ== + password-replication: cmVwcGFzc3dk + data-user: dXMx + data-name: ZGIx + data-password: MTExdw== +--- +# Source: postgresql/templates/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: release-name-postgresql-cm + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + cluster-name: release-name-postgresql +data: + pre_init.sh: |- + cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ + log: + level: DEBUG + bootstrap: + dcs: + postgresql: + use_pg_rewind: true + use_slots: true + pg_hba: + - local all all peer + - host all tea_mon 127.0.0.1/32 trust + - host all all 0.0.0.0/0 scram-sha-256 + - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 + parameters: + wal_level: hot_standby + hot_standby: "on" + max_connections: 1005 + max_worker_processes: 8 + wal_keep_segments: 8 + max_wal_senders: 10 + max_replication_slots: 10 + max_prepared_transactions: 0 + max_locks_per_transaction: 64 + wal_log_hints: "on" + track_commit_timestamp: "off" + archive_mode: "on" + archive_timeout: 1800s + archive_command: /bin/true + # timescaledb.license: 'timescale' + shared_preload_libraries: 'auto_explain,pg_stat_statements' + initdb: + - auth-host: scram-sha-256 + - auth-local: trust + - encoding: UTF8 + - locale: en_US.UTF-8 + - data-checksums + post_bootstrap: sh /opt/drycc/postgresql/scripts/post_init.sh + restapi: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:8008' + postgresql: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:5432' + authentication: + superuser: + username: postgres + password: '${PATRONI_SUPERUSER_PASSWORD}' + replication: + username: standby + password: '${PATRONI_REPLICATION_PASSWORD}' + rewind: # Has no effect on postgres 10 and lower + username: rewinder + password: '${PATRONI_REWIND_USERNAME}' + watchdog: + mode: off + __EOF__ + + post_init.sh: |- + #!/bin/bash + set -Eeu + # Create monitor user + psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor" + # Create init database & user + if [[( -n "$DATABASE_USER") && ( -n "$DATABASE_PASSWORD") && ( -n "$DATABASE_NAME")]]; then + echo "Creating user ${DATABASE_USER}" + psql -w -c "create user ${DATABASE_USER} WITH LOGIN ENCRYPTED PASSWORD '${DATABASE_PASSWORD}'" + echo "Creating database ${DATABASE_NAME} " + psql -w -c "CREATE DATABASE ${DATABASE_NAME} OWNER ${DATABASE_USER} CONNECTION LIMIT 1000" + psql -w -d ${DATABASE_NAME} -c "create extension postgis ; create extension pg_stat_statements ; create extension pg_buffercache ;" + psql -w -c "CHECKPOINT;CHECKPOINT;" + else + echo "Skipping user creation" + echo "Skipping database creation" + fi +--- +# Source: postgresql/templates/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm +rules: +- apiGroups: [""] + resources: ["configmaps"] + verbs: + - create + - get + - list + - patch + - update + - watch + # delete is required only for 'patronictl remove' + - delete +- apiGroups: [""] + resources: ["services"] + verbs: + - create +- apiGroups: [""] + resources: ["endpoints"] + verbs: + - create + - get + - patch + - update + # the following three privileges are necessary only when using endpoints + - list + - watch + # delete is required only for for 'patronictl remove' + - delete + - deletecollection +- apiGroups: [""] + resources: ["pods"] + verbs: + - get + - list + - patch + - update + - watch +--- +# Source: postgresql/templates/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm +subjects: + - kind: ServiceAccount + name: release-name-postgresql +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: release-name-postgresql +--- +# Source: postgresql/templates/svc-config.yaml +# headless service to avoid deletion of patronidemo-config endpoint +apiVersion: v1 +kind: Service +metadata: + name: release-name-postgresql-config + labels: + app: release-name-postgresql + release: release-name + cluster-name: release-name-postgresql +spec: + clusterIP: None +--- +# Source: postgresql/templates/svc-metrics.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-postgresql-metrics + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: patroni + app.kubernetes.io/component: metrics + annotations: + prometheus.io/port: '9187' + prometheus.io/scrape: "true" +spec: + type: ClusterIP + sessionAffinity: None + ports: + - name: http-metrics + port: 9187 + targetPort: http-metrics + selector: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: patroni +--- +# Source: postgresql/templates/svc-relp.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-postgresql-repl + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: patroni + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm + cluster-name: release-name-postgresql + role: replica +spec: + type: LoadBalancer + selector: + app: release-name-postgresql + cluster-name: release-name-postgresql + role: replica + ports: + - port: 5432 + targetPort: 5432 +--- +# Source: postgresql/templates/svc.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: patroni + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm + cluster-name: release-name-postgresql + role: master +spec: + type: LoadBalancer + ports: + - name: postgresql + port: 5432 + targetPort: 5432 + protocol: TCP +--- +# Source: postgresql/templates/statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: release-name-postgresql + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: patroni + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm + cluster-name: release-name-postgresql +spec: + serviceName: release-name-postgresql + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: patroni + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm + cluster-name: release-name-postgresql + template: + metadata: + name: release-name-postgresql + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: patroni + app: release-name-postgresql + chart: postgresql-15.3.1 + release: release-name + heritage: Helm + cluster-name: release-name-postgresql + spec: + serviceAccountName: release-name-postgresql + + # securityContext: + # runAsUser: postgres + # fsGroup: postgres + containers: + - name: postgresql + image: "registry.drycc.cc/drycc-addons/postgresql-patroni:15" + imagePullPolicy: IfNotPresent + # securityContext: + # runAsUser: postgres + # fsGroup: postgres + env: + - name: PATRONI_KUBERNETES_USE_ENDPOINTS + value: 'true' + - name: PATRONI_KUBERNETES_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: PATRONI_KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: PATRONI_KUBERNETES_BYPASS_API_SERVICE + value: 'true' + - name: PATRONI_KUBERNETES_LABELS + value: '{app: release-name-postgresql,release: release-name,cluster-name: release-name-postgresql}' + - name: PATRONI_SUPERUSER_USERNAME + value: postgres + - name: PATRONI_SUPERUSER_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: password-superuser + - name: PATRONI_REPLICATION_USERNAME + value: standby + - name: PATRONI_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: password-replication + - name: PATRONI_REWIND_USERNAME + value: rewinder + - name: PATRONI_REWIND_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: password-rewind + - name: PATRONI_SCOPE + value: release-name-postgresql + - name: PATRONI_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: PATRONI_POSTGRESQL_DATA_DIR + value: "/home/postgres/pgdata/data" + - name: PATRONI_POSTGRESQL_PGPASS + value: /tmp/pgpass + - name: PATRONI_POSTGRESQL_LISTEN + value: '0.0.0.0:5432' + - name: PATRONI_RESTAPI_LISTEN + value: '0.0.0.0:8008' + + - name: DATABASE_NAME + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: data-name + - name: DATABASE_USER + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: data-user + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: data-password + readinessProbe: + httpGet: + scheme: HTTP + path: /readiness + port: 8008 + initialDelaySeconds: 3 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /liveness + port: 8008 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + lifecycle: + preStop: + exec: + command: + - /usr/bin/env + - bash + - -c + - | + # switch leader pod if the current pod is the leader + if curl --fail http://localhost:8008/read-write; then + init-stack patronictl switchover --force + fi + ports: + - containerPort: 8008 + protocol: TCP + - containerPort: 5432 + protocol: TCP + volumeMounts: + - name: storage-volume + mountPath: "/home/postgres/pgdata" + - mountPath: "/opt/drycc/postgresql/scripts/" + name: patroni-config + # readOnly: true + resources: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + - name: metrics + image: "registry.drycc.cc/drycc-addons/postgres-exporter:0" + imagePullPolicy: "IfNotPresent" + env: + - name: DATA_SOURCE_NAME + value: postgresql://tea_mon:password@127.0.0.1:5432/db1?sslmode=disable + ports: + - name: http-metrics + containerPort: 9187 + startupProbe: + initialDelaySeconds: 10 + tcpSocket: + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + livenessProbe: + initialDelaySeconds: 5 + httpGet: + path: / + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + readinessProbe: + initialDelaySeconds: 5 + httpGet: + path: / + port: http-metrics + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + resources: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: "kubernetes.io/hostname" + labelSelector: + matchLabels: + app: postgresql + release: "release-name" + + volumes: + - name: patroni-config + configMap: + name: release-name-postgresql-cm + - name: storage-volume + emptyDir: {} +--- +# Source: postgresql/templates/cronjob.yaml +apiVersion: batch/v1 +kind: CronJob +metadata: + name: release-name-postgresql-backup + namespace: "default" + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-15.3.1 + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + cluster-name: release-name-postgresql + +spec: + schedule: "*/1 * * * *" + failedJobsHistoryLimit: 1 + successfulJobsHistoryLimit: 1 + jobTemplate: + spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: postgresql-backup + image: "registry.drycc.cc/drycc-addons/postgresql-patroni:15" + imagePullPolicy: Always + #imagePullPolicy: "IfNotPresent" + command: + - /usr/bin/env + - bash + - -c + - | + echo "sleeping ...." + sleep 10000 + echo "Successfull" + init-stack /opt/drycc/wal-g/bin/wal-g backup-push + init-stack /opt/drycc/wal-g/bin/wal-g delete + env: + - name: USE_WALG + value: "true" + - name: BACKUP_SCHEDULE + value: "eee" + - name: BACKUP_NUM_TO_RETAIN + value: "2" + - name: WALG_BACKUP_THRESHOLD_MEGABYTES + value: "1024" + - name: WALE_BACKUP_THRESHOLD_PERCENTAGE + value: "30" + - name: PGHOST + value: release-name-postgresql-repl + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: release-name-postgresql + key: password-replication + - name: PGUSER + value: standby + - name: PGPORT + value: "5432" diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl index 41b3a94d..c75c3b29 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl @@ -42,6 +42,16 @@ Create the name of the service account to use. {{- end -}} {{- end -}} +{{/* +Return true if a cronjob object should be created for Postgresql HA patroni +*/}} +{{- define "patroni.createCronJob" -}} +{{- if and .Values.walG.enable }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + {{/* Return true if a configmap object should be created for Postgresql HA patroni */}} @@ -75,7 +85,7 @@ Create patroni envs. - name: PATRONI_KUBERNETES_BYPASS_API_SERVICE value: 'true' - name: PATRONI_KUBERNETES_LABELS - value: '{app: {{ template "patroni.fullname" . }},release: {{ .Release.Name }},cluster-name: {{ template "patroni.fullname" . }}}' + value: '{application: {{ template "patroni.fullname" . }},release: {{ .Release.Name }},cluster-name: {{ template "patroni.fullname" . }}}' - name: PATRONI_SUPERUSER_USERNAME value: postgres - name: PATRONI_SUPERUSER_PASSWORD @@ -131,42 +141,44 @@ Create patroni envs. {{- end -}} {{/* -Create wale envs. +Create walg envs. */}} -{{- define "wale.envs" }} -{{- if .Values.walE.enable }} -- name: USE_WALE - value: {{ .Values.walE.enable | quote }} -{{- if .Values.walE.scheduleCronJob }} +{{- define "walg.envs" }} +{{- if .Values.walG.enable }} +- name: USE_WALG + value: {{ .Values.walG.enable | quote }} +{{- if .Values.walG.scheduleCronJob }} - name: BACKUP_SCHEDULE - value: {{ .Values.walE.scheduleCronJob | quote}} + value: {{ .Values.walG.scheduleCronJob | quote}} {{- end }} -{{- if .Values.walE.retainBackups }} +{{- if .Values.walG.retainBackups }} - name: BACKUP_NUM_TO_RETAIN - value: {{ .Values.walE.retainBackups | quote}} + value: {{ .Values.walG.retainBackups | quote}} {{- end }} -{{- if .Values.walE.s3Bucket }} -- name: WAL_S3_BUCKET - value: {{ .Values.walE.s3Bucket | quote }} -{{else if .Values.walE.gcsBucket }} -- name: WAL_GCS_BUCKET - value: {{ .Values.walE.gcsBucket | quote }} -{{- if .Values.walE.kubernetesSecret }} -- name: GOOGLE_APPLICATION_CREDENTIALS - value: "/etc/credentials/{{.Values.walE.kubernetesSecret}}.json" +{{- if .Values.walG.backupThresholdMegabytes }} +- name: WALG_BACKUP_THRESHOLD_MEGABYTES + value: {{ .Values.walG.backupThresholdMegabytes | quote }} {{- end }} - -{{- if .Values.walE.backupThresholdMegabytes }} -- name: WALE_BACKUP_THRESHOLD_MEGABYTES - value: {{ .Values.walE.backupThresholdMegabytes | quote }} -{{- end }} -{{- if .Values.walE.backupThresholdPercentage }} +{{- if .Values.walG.backupThresholdPercentage }} - name: WALE_BACKUP_THRESHOLD_PERCENTAGE - value: {{ .Values.walE.backupThresholdPercentage | quote }} + value: {{ .Values.walG.backupThresholdPercentage | quote }} +{{- end }} +{{- if .Values.walG.s3.used }} +- name: AWS_ACCESS_KEY_ID + value: {{ .Values.walG.s3.awsAccessKeyId | quote }} +- name: AWS_SECRET_ACCESS_KEY + value: {{ .Values.walG.s3.awsSecretAccessKey | quote }} +- name: WALG_S3_PREFIX + value: {{ .Values.walG.s3.walGS3Prefix | quote }} +- name: AWS_ENDPOINT + value: {{ .Values.walG.s3.awsEndpoint | quote }} +- name: AWS_S3_FORCE_PATH_STYLE + value: {{ .Values.walG.s3.awsS3ForcePathStyle | quote }} +- name: AWS_REGION + value: {{ .Values.walG.s3.awsRegion | quote }} {{- end }} {{- else }} -- name: USE_WALE +- name: USE_WALG value: "" {{- end }} {{- end }} -{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml new file mode 100644 index 00000000..0bfb4b40 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml @@ -0,0 +1,58 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} +{{- if (include "patroni.createCronJob" .) }} +apiVersion: {{ include "common.capabilities.cronjob.apiVersion" . }} +kind: CronJob +metadata: + name: {{ include "patroni.fullname" . }}-backup + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + application: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + +spec: + schedule: "*/1 * * * *" + failedJobsHistoryLimit: 1 + successfulJobsHistoryLimit: 1 + jobTemplate: + spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: {{ .Chart.Name }}-backup + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: Always + #imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + command: + - /usr/bin/env + - bash + - -c + - | + echo "sleeping ...." + sleep 10000 + echo "Successfull" + init-stack /opt/drycc/wal-g/bin/wal-g backup-push + init-stack /opt/drycc/wal-g/bin/wal-g delete + env: + {{- include "walg.envs" . | indent 14 }} + - name: PGHOST + value: {{ include "patroni.fullname" . }}-repl + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-replication + - name: PGUSER + value: standby + - name: PGPORT + value: "5432" +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml index 3b3baa56..dfad66c3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml @@ -8,6 +8,7 @@ metadata: {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} + app.kubernetes.io/component: patroni cluster-name: {{ template "patroni.fullname" . }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/role.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/role.yaml index c81b39a8..8dec5309 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/role.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/role.yaml @@ -5,7 +5,7 @@ metadata: name: {{ template "patroni.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/rolebinding.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/rolebinding.yaml index d09de1c8..5e15948f 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/rolebinding.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/rolebinding.yaml @@ -5,7 +5,7 @@ metadata: name: {{ template "patroni.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml index 89214502..306e93e7 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml @@ -4,7 +4,7 @@ metadata: name: {{ template "patroni.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/serviceaccount.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/serviceaccount.yaml index 819bb983..e1b2ebf6 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/serviceaccount.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/serviceaccount.yaml @@ -5,7 +5,7 @@ metadata: name: {{ template "patroni.serviceAccountName" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 803b9702..335ea342 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -5,7 +5,7 @@ metadata: namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} app.kubernetes.io/component: patroni - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} @@ -16,16 +16,20 @@ spec: selector: matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} app.kubernetes.io/component: patroni - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} + heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} template: metadata: name: {{ template "patroni.fullname" . }} labels: {{- include "common.labels.standard" . | nindent 8 }} app.kubernetes.io/component: patroni - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} + heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} spec: serviceAccountName: {{ template "patroni.serviceAccountName" . }} @@ -91,13 +95,6 @@ spec: - mountPath: "/opt/drycc/postgresql/scripts/" name: patroni-config # readOnly: true - {{- if .Values.walE.enable }} - {{- if .Values.walE.kubernetesSecret }} - - name: {{ .Values.walE.kubernetesSecret }} - mountPath: /etc/credentials - readOnly: true - {{- end }} - {{- end }} resources: {{ toYaml .Values.resources | indent 10 }} {{- if .Values.metrics.enabled }} @@ -171,13 +168,6 @@ spec: - name: patroni-config configMap: name: {{ template "common.names.fullname" . }}-cm - {{- if .Values.walE.enable }} - {{- if .Values.walE.kubernetesSecret }} - - name: {{ .Values.walE.kubernetesSecret }} - secret: - secretName: {{ .Values.walE.kubernetesSecret }} - {{- end }} - {{- end }} {{- if not .Values.persistentVolume.enabled }} - name: storage-volume emptyDir: {} @@ -191,7 +181,7 @@ spec: {{ toYaml .Values.persistentVolume.annotations | indent 8 }} {{- end }} labels: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-config.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-config.yaml index 442be2f3..5f7b0f60 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-config.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-config.yaml @@ -4,7 +4,7 @@ kind: Service metadata: name: {{ template "patroni.fullname" . }}-config labels: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} release: {{ .Release.Name }} cluster-name: {{ template "patroni.fullname" . }} spec: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml new file mode 100644 index 00000000..48dba13d --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "patroni.fullname" . }}-master + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} + chart: {{ template "patroni.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "patroni.fullname" . }} + role: master +spec: + type: LoadBalancer + selector: + application: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + role: master + ports: + - name: postgresql + port: 5432 + targetPort: 5432 + protocol: TCP \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/metrics-svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-metrics.yaml similarity index 96% rename from addons/postgresql-cluster/15/chart/postgresql-cluster/templates/metrics-svc.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-metrics.yaml index 0cd24f48..862c6a0c 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/metrics-svc.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-metrics.yaml @@ -5,6 +5,7 @@ metadata: name: {{ printf "%s-metrics" (include "patroni.fullname" .) }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni app.kubernetes.io/component: metrics {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml index cccaf8ce..c5861935 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml @@ -3,17 +3,18 @@ kind: Service metadata: name: {{ template "patroni.fullname" . }}-repl namespace: {{ include "common.names.namespace" . | quote }} - labels: - app: {{ template "patroni.fullname" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} role: replica spec: - type: ClusterIP + type: LoadBalancer selector: - app: {{ template "patroni.fullname" . }} + application: {{ template "patroni.fullname" . }} cluster-name: {{ template "patroni.fullname" . }} role: replica ports: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml index 301216e1..adc0ab69 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml @@ -3,16 +3,22 @@ kind: Service metadata: name: {{ template "patroni.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} - labels: - app: {{ template "patroni.fullname" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: patroni + application: {{ template "patroni.fullname" . }} chart: {{ template "patroni.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} + role: master spec: - type: ClusterIP + type: LoadBalancer + selector: + application: {{ template "patroni.fullname" . }} + cluster-name: {{ template "patroni.fullname" . }} + role: master ports: - name: postgresql port: 5432 - targetPort: postgresql + targetPort: 5432 protocol: TCP \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 4d28d660..43a38eb0 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -1,7 +1,10 @@ -replicaCount: 3 +replicaCount: 1 diagnosticMode: enable: false +service: + type: LoadBalancer + image: # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 # https://github.com/zalando/spilo/tree/master/postgres-appliance @@ -104,7 +107,7 @@ postInitScript: | psql -w -c "create user ${DATABASE_USER} WITH LOGIN ENCRYPTED PASSWORD '${DATABASE_PASSWORD}'" echo "Creating database ${DATABASE_NAME} " psql -w -c "CREATE DATABASE ${DATABASE_NAME} OWNER ${DATABASE_USER} CONNECTION LIMIT 1000" - psql -w -d ${DATABASE_NAME} -c "create extension postgis" + psql -w -d ${DATABASE_NAME} -c "create extension postgis ; create extension pg_stat_statements ; create extension pg_buffercache ;" psql -w -c "CHECKPOINT;CHECKPOINT;" else echo "Skipping user creation" @@ -114,7 +117,7 @@ postInitScript: | ## Postgresql Prometheus exporter parameters ## metrics: - enabled: true + enabled: false image: repository: registry.drycc.cc/drycc-addons/postgres-exporter tag: "0" @@ -157,17 +160,21 @@ metrics: customLivenessProbe: {} customReadinessProbe: enabled: true - resources: {} -walE: + resources: + limits: + cpu: 100m + memory: 512Mi + # hugepages-2Mi: 4Mi + requests: + cpu: 100m + memory: 512Mi +walG: # Specifies whether Wal-E should be enabled enable: false # Cron schedule for doing base backups scheduleCronJob: 00 01 * * * # Amount of base backups to retain retainBackups: 2 - # Path to the S3 or GCS bucket used for WAL-E base backups - s3Bucket: - gcsBucket: # Name of the secret that holds the credentials to the bucket kubernetesSecret: # Maximum size of the WAL segments accumulated after the base backup to @@ -176,6 +183,13 @@ walE: # Maximum ratio (in percents) of the accumulated WAL files to the base backup # to consider WAL-E restore instead of pg_basebackup backupThresholdPercentage: 30 + s3: + awsAccessKeyID: "xxx" + awsSecretAccessKey: "xx" + walGS3Prefix: "xxx" + awsEndpoint: "xxx" + awsS3ForcePathStyle: "true" + awsRegion: dx-1 persistentVolume: enabled: false @@ -198,12 +212,12 @@ resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: - cpu: 1000m - memory: 1Gi + cpu: 100m + memory: 512Mi # hugepages-2Mi: 4Mi requests: - cpu: 1000m - memory: 1Gi + cpu: 100m + memory: 512Mi # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} @@ -220,7 +234,7 @@ affinityTemplate: | topologyKey: "kubernetes.io/hostname" labelSelector: matchLabels: - app: {{ template "patroni.name" . }} + application: {{ template "patroni.name" . }} release: {{ .Release.Name | quote }} affinity: {} @@ -244,7 +258,7 @@ serviceAccount: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: true + enabled: false ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port MySQL is listening diff --git a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml index e5b14d98..cf57e76b 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml @@ -1,5 +1,5 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} + {{- if (eq .Values.service.type "LoadBalancer") }} - name: host valueFrom: secretKeyRef: diff --git a/addons/postgresql-cluster/15/plans/standard-10/meta.yaml b/addons/postgresql-cluster/15/plans/standard-10/meta.yaml index 6c738828..f5c2257b 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/meta.yaml @@ -1,6 +1,6 @@ name: "standard-10" -id: 2b455154-8725-482a-95b2-a193c180d9b5 -description: "Mysql Cluster standard-10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G , DB MAX Connection 600" +id: 83c3b52e-2685-4362-9ea1-42e170060c78 +description: "Postgresql Cluster standard-10 plan: Disk 10Gi ,vCPUs 1 , RAM 2G , DB MAX Connection 600" displayName: "standard-10" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-10/values.yaml b/addons/postgresql-cluster/15/plans/standard-10/values.yaml index f90075a8..2082d76c 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/values.yaml @@ -1,61 +1,83 @@ ## @param fullnameOverride String to fully override common.names.fullname template ## -fullnameOverride: hb-mysql-cluster-standard-10 +fullnameOverride: hb-postgresql-cluster-standard-10 -## MinIO® containers' resource requests and limits -## ref: https://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the MinIO® container -## @param resources.requests The requested resources for the MinIO® container -## -primary: - maxConnectionLimit: 600 - resources: +preInitScript: | + cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ + log: + level: DEBUG + bootstrap: + dcs: + postgresql: + use_pg_rewind: true + use_slots: true + pg_hba: + - local all all peer + - host all tea_mon 127.0.0.1/32 trust + - host all all 0.0.0.0/0 scram-sha-256 + - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 + parameters: + wal_level: hot_standby + hot_standby: "on" + max_connections: 1005 + max_worker_processes: 8 + wal_keep_segments: 8 + max_wal_senders: 10 + max_replication_slots: 10 + max_prepared_transactions: 0 + max_locks_per_transaction: 64 + wal_log_hints: "on" + track_commit_timestamp: "off" + archive_mode: "on" + archive_timeout: 1800s + archive_command: /bin/true + # timescaledb.license: 'timescale' + shared_preload_libraries: 'pg_stat_statements' + initdb: + - auth-host: scram-sha-256 + - auth-local: trust + - encoding: UTF8 + - locale: en_US.UTF-8 + - data-checksums + post_bootstrap: sh /opt/drycc/postgresql/scripts/post_init.sh + restapi: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:8008' + postgresql: + connect_address: '${PATRONI_KUBERNETES_POD_IP}:5432' + authentication: + superuser: + username: postgres + password: '${PATRONI_SUPERUSER_PASSWORD}' + replication: + username: standby + password: '${PATRONI_REPLICATION_PASSWORD}' + rewind: # Has no effect on postgres 10 and lower + username: rewinder + password: '${PATRONI_REWIND_USERNAME}' + watchdog: + mode: off + __EOF__ + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 1000m + memory: 1Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 1000m + memory: 1Gi + +persistentVolume: + enabled: true + size: 10G + +metrics: + resources: limits: cpu: 1000m - memory: 1024Mi + memory: 1Gi requests: cpu: 1000m - memory: 1024Mi - - -## @section Persistence parameters - -## Enable persistence using Persistent Volume Claims -## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ -## - persistence: - ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir - ## - enabled: true - ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas - ## NOTE: When it's set the rest of persistence parameters are ignored - ## - existingClaim: "" - ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations - ## - annotations: {} - ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes - ## - accessModes: - - ReadWriteOnce - ## @param primary.persistence.size MySQL primary persistent volume size - ## - size: 10Gi - ## @param primary.persistence.selector Selector to match an existing Persistent Volume - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} + memory: 1Gi diff --git a/addons/postgresql-cluster/15/plans/standard-20/values.yaml b/addons/postgresql-cluster/15/plans/standard-20/values.yaml index d9422e70..12db2471 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/values.yaml @@ -56,6 +56,6 @@ primary: ## @param primary.persistence.selector Selector to match an existing Persistent Volume ## selector: ## matchLabels: - ## app: my-app + ## application: my-app ## selector: {} From 56ce8454d8837add5343e505a9501b2384d5c2d6 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 17 Nov 2023 15:47:53 +0800 Subject: [PATCH 20/53] chore(postgresql-cluster): redirect postgresql log --- addons/postgresql-cluster/15/chart/cj.yaml | 605 ------------------ .../templates/networkpolicy.yaml | 2 +- .../templates/statefulset.yaml | 12 +- .../postgresql-cluster/templates/svc.yaml | 12 +- .../15/chart/postgresql-cluster/values.yaml | 60 +- 5 files changed, 71 insertions(+), 620 deletions(-) delete mode 100644 addons/postgresql-cluster/15/chart/cj.yaml diff --git a/addons/postgresql-cluster/15/chart/cj.yaml b/addons/postgresql-cluster/15/chart/cj.yaml deleted file mode 100644 index 48880e1c..00000000 --- a/addons/postgresql-cluster/15/chart/cj.yaml +++ /dev/null @@ -1,605 +0,0 @@ ---- -# Source: postgresql/templates/networkpolicy.yaml -kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: patroni - cluster-name: release-name-postgresql -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: postgresql - app.kubernetes.io/instance: release-name - ingress: - # Allow inbound connections - - ports: - - port: 5432 - - port: 9187 - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: default ---- -# Source: postgresql/templates/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm ---- -# Source: postgresql/templates/sec.yaml -apiVersion: v1 -kind: Secret -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm - cluster-name: release-name-postgresql -type: Opaque -data: - password-superuser: dGVh - password-rewind: Y29sYQ== - password-replication: cmVwcGFzc3dk - data-user: dXMx - data-name: ZGIx - data-password: MTExdw== ---- -# Source: postgresql/templates/configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: release-name-postgresql-cm - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - cluster-name: release-name-postgresql -data: - pre_init.sh: |- - cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ - log: - level: DEBUG - bootstrap: - dcs: - postgresql: - use_pg_rewind: true - use_slots: true - pg_hba: - - local all all peer - - host all tea_mon 127.0.0.1/32 trust - - host all all 0.0.0.0/0 scram-sha-256 - - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 - parameters: - wal_level: hot_standby - hot_standby: "on" - max_connections: 1005 - max_worker_processes: 8 - wal_keep_segments: 8 - max_wal_senders: 10 - max_replication_slots: 10 - max_prepared_transactions: 0 - max_locks_per_transaction: 64 - wal_log_hints: "on" - track_commit_timestamp: "off" - archive_mode: "on" - archive_timeout: 1800s - archive_command: /bin/true - # timescaledb.license: 'timescale' - shared_preload_libraries: 'auto_explain,pg_stat_statements' - initdb: - - auth-host: scram-sha-256 - - auth-local: trust - - encoding: UTF8 - - locale: en_US.UTF-8 - - data-checksums - post_bootstrap: sh /opt/drycc/postgresql/scripts/post_init.sh - restapi: - connect_address: '${PATRONI_KUBERNETES_POD_IP}:8008' - postgresql: - connect_address: '${PATRONI_KUBERNETES_POD_IP}:5432' - authentication: - superuser: - username: postgres - password: '${PATRONI_SUPERUSER_PASSWORD}' - replication: - username: standby - password: '${PATRONI_REPLICATION_PASSWORD}' - rewind: # Has no effect on postgres 10 and lower - username: rewinder - password: '${PATRONI_REWIND_USERNAME}' - watchdog: - mode: off - __EOF__ - - post_init.sh: |- - #!/bin/bash - set -Eeu - # Create monitor user - psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor" - # Create init database & user - if [[( -n "$DATABASE_USER") && ( -n "$DATABASE_PASSWORD") && ( -n "$DATABASE_NAME")]]; then - echo "Creating user ${DATABASE_USER}" - psql -w -c "create user ${DATABASE_USER} WITH LOGIN ENCRYPTED PASSWORD '${DATABASE_PASSWORD}'" - echo "Creating database ${DATABASE_NAME} " - psql -w -c "CREATE DATABASE ${DATABASE_NAME} OWNER ${DATABASE_USER} CONNECTION LIMIT 1000" - psql -w -d ${DATABASE_NAME} -c "create extension postgis ; create extension pg_stat_statements ; create extension pg_buffercache ;" - psql -w -c "CHECKPOINT;CHECKPOINT;" - else - echo "Skipping user creation" - echo "Skipping database creation" - fi ---- -# Source: postgresql/templates/role.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: - - create - - get - - list - - patch - - update - - watch - # delete is required only for 'patronictl remove' - - delete -- apiGroups: [""] - resources: ["services"] - verbs: - - create -- apiGroups: [""] - resources: ["endpoints"] - verbs: - - create - - get - - patch - - update - # the following three privileges are necessary only when using endpoints - - list - - watch - # delete is required only for for 'patronictl remove' - - delete - - deletecollection -- apiGroups: [""] - resources: ["pods"] - verbs: - - get - - list - - patch - - update - - watch ---- -# Source: postgresql/templates/rolebinding.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm -subjects: - - kind: ServiceAccount - name: release-name-postgresql -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: release-name-postgresql ---- -# Source: postgresql/templates/svc-config.yaml -# headless service to avoid deletion of patronidemo-config endpoint -apiVersion: v1 -kind: Service -metadata: - name: release-name-postgresql-config - labels: - app: release-name-postgresql - release: release-name - cluster-name: release-name-postgresql -spec: - clusterIP: None ---- -# Source: postgresql/templates/svc-metrics.yaml -apiVersion: v1 -kind: Service -metadata: - name: release-name-postgresql-metrics - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: patroni - app.kubernetes.io/component: metrics - annotations: - prometheus.io/port: '9187' - prometheus.io/scrape: "true" -spec: - type: ClusterIP - sessionAffinity: None - ports: - - name: http-metrics - port: 9187 - targetPort: http-metrics - selector: - app.kubernetes.io/name: postgresql - app.kubernetes.io/instance: release-name - app.kubernetes.io/component: patroni ---- -# Source: postgresql/templates/svc-relp.yaml -apiVersion: v1 -kind: Service -metadata: - name: release-name-postgresql-repl - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: patroni - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm - cluster-name: release-name-postgresql - role: replica -spec: - type: LoadBalancer - selector: - app: release-name-postgresql - cluster-name: release-name-postgresql - role: replica - ports: - - port: 5432 - targetPort: 5432 ---- -# Source: postgresql/templates/svc.yaml -apiVersion: v1 -kind: Service -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: patroni - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm - cluster-name: release-name-postgresql - role: master -spec: - type: LoadBalancer - ports: - - name: postgresql - port: 5432 - targetPort: 5432 - protocol: TCP ---- -# Source: postgresql/templates/statefulset.yaml -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: release-name-postgresql - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: patroni - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm - cluster-name: release-name-postgresql -spec: - serviceName: release-name-postgresql - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/name: postgresql - app.kubernetes.io/instance: release-name - app.kubernetes.io/component: patroni - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm - cluster-name: release-name-postgresql - template: - metadata: - name: release-name-postgresql - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: patroni - app: release-name-postgresql - chart: postgresql-15.3.1 - release: release-name - heritage: Helm - cluster-name: release-name-postgresql - spec: - serviceAccountName: release-name-postgresql - - # securityContext: - # runAsUser: postgres - # fsGroup: postgres - containers: - - name: postgresql - image: "registry.drycc.cc/drycc-addons/postgresql-patroni:15" - imagePullPolicy: IfNotPresent - # securityContext: - # runAsUser: postgres - # fsGroup: postgres - env: - - name: PATRONI_KUBERNETES_USE_ENDPOINTS - value: 'true' - - name: PATRONI_KUBERNETES_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: PATRONI_KUBERNETES_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: PATRONI_KUBERNETES_BYPASS_API_SERVICE - value: 'true' - - name: PATRONI_KUBERNETES_LABELS - value: '{app: release-name-postgresql,release: release-name,cluster-name: release-name-postgresql}' - - name: PATRONI_SUPERUSER_USERNAME - value: postgres - - name: PATRONI_SUPERUSER_PASSWORD - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: password-superuser - - name: PATRONI_REPLICATION_USERNAME - value: standby - - name: PATRONI_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: password-replication - - name: PATRONI_REWIND_USERNAME - value: rewinder - - name: PATRONI_REWIND_PASSWORD - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: password-rewind - - name: PATRONI_SCOPE - value: release-name-postgresql - - name: PATRONI_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: PATRONI_POSTGRESQL_DATA_DIR - value: "/home/postgres/pgdata/data" - - name: PATRONI_POSTGRESQL_PGPASS - value: /tmp/pgpass - - name: PATRONI_POSTGRESQL_LISTEN - value: '0.0.0.0:5432' - - name: PATRONI_RESTAPI_LISTEN - value: '0.0.0.0:8008' - - - name: DATABASE_NAME - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: data-name - - name: DATABASE_USER - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: data-user - - name: DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: data-password - readinessProbe: - httpGet: - scheme: HTTP - path: /readiness - port: 8008 - initialDelaySeconds: 3 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 3 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /liveness - port: 8008 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - lifecycle: - preStop: - exec: - command: - - /usr/bin/env - - bash - - -c - - | - # switch leader pod if the current pod is the leader - if curl --fail http://localhost:8008/read-write; then - init-stack patronictl switchover --force - fi - ports: - - containerPort: 8008 - protocol: TCP - - containerPort: 5432 - protocol: TCP - volumeMounts: - - name: storage-volume - mountPath: "/home/postgres/pgdata" - - mountPath: "/opt/drycc/postgresql/scripts/" - name: patroni-config - # readOnly: true - resources: - limits: - cpu: 100m - memory: 512Mi - requests: - cpu: 100m - memory: 512Mi - - name: metrics - image: "registry.drycc.cc/drycc-addons/postgres-exporter:0" - imagePullPolicy: "IfNotPresent" - env: - - name: DATA_SOURCE_NAME - value: postgresql://tea_mon:password@127.0.0.1:5432/db1?sslmode=disable - ports: - - name: http-metrics - containerPort: 9187 - startupProbe: - initialDelaySeconds: 10 - tcpSocket: - port: http-metrics - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 15 - successThreshold: 1 - livenessProbe: - initialDelaySeconds: 5 - httpGet: - path: / - port: http-metrics - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - readinessProbe: - initialDelaySeconds: 5 - httpGet: - path: / - port: http-metrics - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - resources: - limits: - cpu: 100m - memory: 512Mi - requests: - cpu: 100m - memory: 512Mi - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - topologyKey: "kubernetes.io/hostname" - labelSelector: - matchLabels: - app: postgresql - release: "release-name" - - volumes: - - name: patroni-config - configMap: - name: release-name-postgresql-cm - - name: storage-volume - emptyDir: {} ---- -# Source: postgresql/templates/cronjob.yaml -apiVersion: batch/v1 -kind: CronJob -metadata: - name: release-name-postgresql-backup - namespace: "default" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-15.3.1 - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - cluster-name: release-name-postgresql - -spec: - schedule: "*/1 * * * *" - failedJobsHistoryLimit: 1 - successfulJobsHistoryLimit: 1 - jobTemplate: - spec: - template: - spec: - restartPolicy: OnFailure - containers: - - name: postgresql-backup - image: "registry.drycc.cc/drycc-addons/postgresql-patroni:15" - imagePullPolicy: Always - #imagePullPolicy: "IfNotPresent" - command: - - /usr/bin/env - - bash - - -c - - | - echo "sleeping ...." - sleep 10000 - echo "Successfull" - init-stack /opt/drycc/wal-g/bin/wal-g backup-push - init-stack /opt/drycc/wal-g/bin/wal-g delete - env: - - name: USE_WALG - value: "true" - - name: BACKUP_SCHEDULE - value: "eee" - - name: BACKUP_NUM_TO_RETAIN - value: "2" - - name: WALG_BACKUP_THRESHOLD_MEGABYTES - value: "1024" - - name: WALE_BACKUP_THRESHOLD_PERCENTAGE - value: "30" - - name: PGHOST - value: release-name-postgresql-repl - - name: PGPASSWORD - valueFrom: - secretKeyRef: - name: release-name-postgresql - key: password-replication - - name: PGUSER - value: standby - - name: PGPORT - value: "5432" diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml index dfad66c3..8b429517 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml @@ -23,7 +23,7 @@ spec: - port: 5432 {{- if and .Values.metrics.enabled }} - port: {{ .Values.metrics.containerPort }} - {{ end }} + {{ end }} `` {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} from: {{- if .Values.networkPolicy.allowCurrentNamespace }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 335ea342..8e436be3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -32,8 +32,18 @@ spec: heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} spec: + {{- if .Values.patroni.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.patroni.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.patroni.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.patroni.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.patroni.nodeAffinityPreset.type "key" .Values.patroni.nodeAffinityPreset.key "values" .Values.patroni.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.patroni.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.patroni.nodeSelector "context" $) | nindent 8 }} + {{- end }} serviceAccountName: {{ template "patroni.serviceAccountName" . }} - # securityContext: # runAsUser: postgres # fsGroup: postgres diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml index adc0ab69..77ffd855 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml @@ -10,15 +10,9 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} - role: master spec: type: LoadBalancer - selector: - application: {{ template "patroni.fullname" . }} - cluster-name: {{ template "patroni.fullname" . }} - role: master ports: - - name: postgresql - port: 5432 - targetPort: 5432 - protocol: TCP \ No newline at end of file + - port: 5432 + targetPort: 5432 + protocol: TCP \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 43a38eb0..20d57dc3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -1,4 +1,4 @@ -replicaCount: 1 +replicaCount: 3 diagnosticMode: enable: false @@ -41,9 +41,11 @@ env: {} #custom patroni.yaml used by patroni boot # configuration: {} preInitScript: | + mkdir /home/postgres/pgdata/log + ln -sf /dev/stdout "/home/postgres/pgdata/log/postgresql.csv" cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ log: - level: DEBUG + level: INFO bootstrap: dcs: postgresql: @@ -71,6 +73,14 @@ preInitScript: | archive_command: /bin/true # timescaledb.license: 'timescale' shared_preload_libraries: 'auto_explain,pg_stat_statements' + log_destination: 'csvlog' + log_filename: postgresql.log + logging_collector: on + log_directory: /home/postgres/pgdata/log + log_min_messages: 'info' + log_min_duration_statement: 1000 + log_lock_waits: on + log_statement: 'ddl' initdb: - auth-host: scram-sha-256 - auth-local: trust @@ -114,6 +124,48 @@ postInitScript: | echo "Skipping database creation" fi +patroni: + ## @param patroni.podAnnotations Additional pod annotations for Postgresql patroni pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param patroni.podAffinityPreset Postgresql patroni pod affinity preset. Ignored if `patroni.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param patroni.podAntiAffinityPreset Postgresql patroni pod anti-affinity preset. Ignored if `patroni.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Postgresql Primary node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param patroni.nodeAffinityPreset.type Postgresql patroni node affinity preset type. Ignored if `patroni.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param patroni.nodeAffinityPreset.key Postgresql patroni node label key to match Ignored if `patroni.affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param patroni.nodeAffinityPreset.values Postgresql patroni node label values to match. Ignored if `patroni.affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param patroni.affinity Affinity for Postgresql patroni pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param patroni.nodeSelector Node labels for Postgresql patroni pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## Postgresql Prometheus exporter parameters ## metrics: @@ -261,8 +313,8 @@ networkPolicy: enabled: false ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct - ## client label will have network access to the port MySQL is listening - ## on. When true, MySQL will accept connections from any source + ## client label will have network access to the port Postgresql is listening + ## on. When true, Postgresql will accept connections from any source ## (with the correct destination port). ## allowCurrentNamespace: true From 5c95bf455b0c9cdbbc1ba83338422d88ee3baab2 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 22 Nov 2023 09:32:25 +0800 Subject: [PATCH 21/53] chore(postgresql-cluster): add pgbackup --- .../postgresql-cluster/templates/_helpers.tpl | 18 ++++---- .../postgresql-cluster/templates/cronjob.yaml | 25 +++-------- .../templates/statefulset.yaml | 41 ++++++++++++++++++- .../templates/svc-relp.yaml | 8 +++- .../15/chart/postgresql-cluster/values.yaml | 18 ++++---- 5 files changed, 68 insertions(+), 42 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl index c75c3b29..1e4e50bc 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl @@ -43,10 +43,10 @@ Create the name of the service account to use. {{- end -}} {{/* -Return true if a cronjob object should be created for Postgresql HA patroni +Return true if a cronjob object should be created for Postgresql HA patroni ## TODO feature */}} {{- define "patroni.createCronJob" -}} -{{- if and .Values.walG.enable }} +{{- if and .Values.walG.enabled }} {{- true -}} {{- else -}} {{- end -}} @@ -115,13 +115,14 @@ Create patroni envs. fieldPath: metadata.name - name: PATRONI_POSTGRESQL_DATA_DIR value: "{{ .Values.persistentVolume.mountPath }}/data" +- name: PGDATA + value: "{{ .Values.persistentVolume.mountPath }}/data" - name: PATRONI_POSTGRESQL_PGPASS value: /tmp/pgpass - name: PATRONI_POSTGRESQL_LISTEN value: '0.0.0.0:5432' - name: PATRONI_RESTAPI_LISTEN value: '0.0.0.0:8008' - - name: DATABASE_NAME valueFrom: secretKeyRef: @@ -137,20 +138,15 @@ Create patroni envs. secretKeyRef: name: {{ template "patroni.fullname" . }} key: data-password - {{- end -}} {{/* Create walg envs. */}} {{- define "walg.envs" }} -{{- if .Values.walG.enable }} +{{- if .Values.walG.enabled }} - name: USE_WALG - value: {{ .Values.walG.enable | quote }} -{{- if .Values.walG.scheduleCronJob }} -- name: BACKUP_SCHEDULE - value: {{ .Values.walG.scheduleCronJob | quote}} -{{- end }} + value: {{ .Values.walG.enabled | quote }} {{- if .Values.walG.retainBackups }} - name: BACKUP_NUM_TO_RETAIN value: {{ .Values.walG.retainBackups | quote}} @@ -165,7 +161,7 @@ Create walg envs. {{- end }} {{- if .Values.walG.s3.used }} - name: AWS_ACCESS_KEY_ID - value: {{ .Values.walG.s3.awsAccessKeyId | quote }} + value: {{ .Values.walG.s3.awsAccessKeyID | quote }} - name: AWS_SECRET_ACCESS_KEY value: {{ .Values.walG.s3.awsSecretAccessKey | quote }} - name: WALG_S3_PREFIX diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml index 0bfb4b40..39c08de3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml @@ -19,7 +19,7 @@ metadata: {{- end }} spec: - schedule: "*/1 * * * *" + schedule: "{{ .Values.walG.scheduleCronJob }}" failedJobsHistoryLimit: 1 successfulJobsHistoryLimit: 1 jobTemplate: @@ -30,29 +30,14 @@ spec: containers: - name: {{ .Chart.Name }}-backup image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: Always - #imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} command: - /usr/bin/env - bash - -c - | - echo "sleeping ...." - sleep 10000 - echo "Successfull" - init-stack /opt/drycc/wal-g/bin/wal-g backup-push - init-stack /opt/drycc/wal-g/bin/wal-g delete + curl "http://${REPLHOST}:9000/pg_backup" env: - {{- include "walg.envs" . | indent 14 }} - - name: PGHOST - value: {{ include "patroni.fullname" . }}-repl - - name: PGPASSWORD - valueFrom: - secretKeyRef: - name: {{ template "patroni.fullname" . }} - key: password-replication - - name: PGUSER - value: standby - - name: PGPORT - value: "5432" + - name: REPLHOST + value: {{ include "patroni.fullname" . }}-repl {{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 8e436be3..a14a3139 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -56,6 +56,9 @@ spec: # fsGroup: postgres env: {{- include "patroni.envs" . | indent 8 }} + {{- if .Values.walG.enabled }} + {{- include "walg.envs" . | indent 8 }} + {{- end }} {{- if .Values.env }} {{- range $key, $val := .Values.env }} - name: {{ $key | quote | upper }} @@ -156,7 +159,43 @@ spec: resources: {{- toYaml .Values.metrics.resources | nindent 12 }} {{- end }} {{- end }} - {{- with .Values.nodeSelector }} + {{- if .Values.walG.enabled }} + - name: {{ .Chart.Name }}-backup + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + # securityContext: + # runAsUser: postgres + # fsGroup: postgres + command: + - /usr/bin/env + - bash + - -c + - | + python3 /opt/drycc/postgresql/pgbackup.py 0.0.0.0 9000 + env: + {{- include "walg.envs" . | indent 8 }} + - name: PGHOST + value: localhost + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: password-superuser + - name: PGUSER + value: postgres + - name: PGDATABASE + value: postgres + - name: PGPORT + value: "5432" + - name: PGDATA + value: "{{ .Values.persistentVolume.mountPath }}/data" + ports: + - containerPort: 9000 + volumeMounts: + - name: storage-volume + mountPath: "{{ .Values.persistentVolume.mountPath }}" + {{- end }} + {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} {{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml index c5861935..ba50b3bd 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml @@ -18,5 +18,9 @@ spec: cluster-name: {{ template "patroni.fullname" . }} role: replica ports: - - port: 5432 - targetPort: 5432 \ No newline at end of file + - name: postgresql + port: 5432 + targetPort: 5432 + - name: pgbackup + port: 9000 + targetPort: 9000 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 20d57dc3..693681bf 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -56,6 +56,7 @@ preInitScript: | - host all tea_mon 127.0.0.1/32 trust - host all all 0.0.0.0/0 scram-sha-256 - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 + - host replication postgres 0.0.0.0/0 scram-sha-256 parameters: wal_level: hot_standby hot_standby: "on" @@ -69,8 +70,8 @@ preInitScript: | wal_log_hints: "on" track_commit_timestamp: "off" archive_mode: "on" - archive_timeout: 1800s - archive_command: /bin/true + archive_timeout: 300s + archive_command: sh /opt/drycc/postgresql/walbackup.sh %f # timescaledb.license: 'timescale' shared_preload_libraries: 'auto_explain,pg_stat_statements' log_destination: 'csvlog' @@ -222,9 +223,9 @@ metrics: memory: 512Mi walG: # Specifies whether Wal-E should be enabled - enable: false + enabled: true # Cron schedule for doing base backups - scheduleCronJob: 00 01 * * * + scheduleCronJob: "*/5 * * * *" # Amount of base backups to retain retainBackups: 2 # Name of the secret that holds the credentials to the bucket @@ -236,10 +237,11 @@ walG: # to consider WAL-E restore instead of pg_basebackup backupThresholdPercentage: 30 s3: - awsAccessKeyID: "xxx" - awsSecretAccessKey: "xx" - walGS3Prefix: "xxx" - awsEndpoint: "xxx" + used: true + awsAccessKeyID: "minioadmin" + awsSecretAccessKey: "minioadmin" + walGS3Prefix: "s3://pg1" + awsEndpoint: "http://10.10.2.11:9000" awsS3ForcePathStyle: "true" awsRegion: dx-1 From b940caa3e413a6986eb15feb41338df9ae6a7569 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 22 Nov 2023 14:27:30 +0800 Subject: [PATCH 22/53] chore(postgresql-cluster): add plans --- .../templates/cm -postgresql.yaml | 18 +++ .../{configmap.yaml => cm-patroni.yaml} | 2 +- .../templates/statefulset.yaml | 7 +- .../15/chart/postgresql-cluster/values.yaml | 28 +++- .../15/plans/standard-10/bind.yaml | 39 +++-- .../15/plans/standard-10/values.yaml | 123 ++++++++-------- .../15/plans/standard-100/bind.yaml | 30 ++++ .../standard-100/create-instance-schema.json | 12 ++ .../15/plans/standard-100/meta.yaml | 6 + .../15/plans/standard-100/values.yaml | 76 ++++++++++ .../15/plans/standard-20/bind.yaml | 40 +++--- .../15/plans/standard-20/meta.yaml | 2 +- .../15/plans/standard-20/values.yaml | 134 ++++++++++-------- .../15/plans/standard-200/bind.yaml | 30 ++++ .../standard-200/create-instance-schema.json | 12 ++ .../15/plans/standard-200/meta.yaml | 6 + .../15/plans/standard-200/values.yaml | 75 ++++++++++ .../15/plans/standard-400/bind.yaml | 30 ++++ .../standard-400/create-instance-schema.json | 12 ++ .../15/plans/standard-400/meta.yaml | 6 + .../15/plans/standard-400/values.yaml | 75 ++++++++++ .../15/plans/standard-50/bind.yaml | 30 ++++ .../standard-50/create-instance-schema.json | 12 ++ .../15/plans/standard-50/meta.yaml | 6 + .../15/plans/standard-50/values.yaml | 76 ++++++++++ .../15/plans/standard-800/bind.yaml | 30 ++++ .../standard-800/create-instance-schema.json | 12 ++ .../15/plans/standard-800/meta.yaml | 6 + .../15/plans/standard-800/values.yaml | 75 ++++++++++ 29 files changed, 837 insertions(+), 173 deletions(-) create mode 100644 addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm -postgresql.yaml rename addons/postgresql-cluster/15/chart/postgresql-cluster/templates/{configmap.yaml => cm-patroni.yaml} (93%) create mode 100644 addons/postgresql-cluster/15/plans/standard-100/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-100/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-100/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-100/values.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-200/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-200/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-200/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-200/values.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-400/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-400/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-400/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-400/values.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-50/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-50/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-50/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-50/values.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-800/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-800/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-800/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-800/values.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm -postgresql.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm -postgresql.yaml new file mode 100644 index 00000000..8aba698a --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm -postgresql.yaml @@ -0,0 +1,18 @@ +{{- if (include "patroni.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-postgresql + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + custom_conf.conf: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.postgresql.config "context" $ ) | nindent 4 }} +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/configmap.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-patroni.yaml similarity index 93% rename from addons/postgresql-cluster/15/chart/postgresql-cluster/templates/configmap.yaml rename to addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-patroni.yaml index 877d5879..ad4b5849 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/configmap.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-patroni.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "common.names.fullname" . }}-cm + name: {{ template "common.names.fullname" . }}-patroni namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index a14a3139..0d1ed21a 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -107,6 +107,8 @@ spec: mountPath: "{{ .Values.persistentVolume.mountPath }}" - mountPath: "/opt/drycc/postgresql/scripts/" name: patroni-config + - mountPath: "/opt/drycc/postgresql/config/" + name: postgresql-config # readOnly: true resources: {{ toYaml .Values.resources | indent 10 }} @@ -216,7 +218,10 @@ spec: volumes: - name: patroni-config configMap: - name: {{ template "common.names.fullname" . }}-cm + name: {{ template "common.names.fullname" . }}-patroni + - name: postgresql-config + configMap: + name: {{ template "common.names.fullname" . }}-postgresql {{- if not .Values.persistentVolume.enabled }} - name: storage-volume emptyDir: {} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 693681bf..451cb0ba 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -41,13 +41,23 @@ env: {} #custom patroni.yaml used by patroni boot # configuration: {} preInitScript: | - mkdir /home/postgres/pgdata/log + mkdir -p /home/postgres/pgdata/log ln -sf /dev/stdout "/home/postgres/pgdata/log/postgresql.csv" cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ log: level: INFO + restapi: + listen: 0.0.0.0:8008 + connect_address: 0.0.0.0:8008 + authentication: + username: NzUwNjg3MTEtMDgzOS00YTNkLWEyNjAt + password: YjJjMDNjYjQtMDA0Ny00NTgwLTgwYjMt bootstrap: dcs: + ttl: 30 + loop_wait: 10 + retry_timeout: 10 + maximum_lag_on_failover: 1048576 postgresql: use_pg_rewind: true use_slots: true @@ -57,12 +67,13 @@ preInitScript: | - host all all 0.0.0.0/0 scram-sha-256 - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 - host replication postgres 0.0.0.0/0 scram-sha-256 + custom_conf: '/opt/drycc/postgresql/config/custom_conf.conf' parameters: wal_level: hot_standby hot_standby: "on" max_connections: 1005 max_worker_processes: 8 - wal_keep_segments: 8 + wal_keep_segments: 1024 max_wal_senders: 10 max_replication_slots: 10 max_prepared_transactions: 0 @@ -71,7 +82,7 @@ preInitScript: | track_commit_timestamp: "off" archive_mode: "on" archive_timeout: 300s - archive_command: sh /opt/drycc/postgresql/walbackup.sh %f + archive_command: sh /opt/drycc/postgresql/walbackup.sh %p # timescaledb.license: 'timescale' shared_preload_libraries: 'auto_explain,pg_stat_statements' log_destination: 'csvlog' @@ -124,6 +135,17 @@ postInitScript: | echo "Skipping user creation" echo "Skipping database creation" fi +postgresql: + config: |- + log_min_duration_statement = 1008 + max_wal_size = 4GB + min_wal_size = 4GB + max_connections = 1005 + max_worker_processes = 8 + max_wal_senders = 10 + max_replication_slots = 10 + max_prepared_transactions = 0 + max_locks_per_transaction = 64 patroni: ## @param patroni.podAnnotations Additional pod annotations for Postgresql patroni pods diff --git a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml index cf57e76b..d48323b0 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml @@ -1,34 +1,31 @@ credential: - {{- if (eq .Values.service.type "LoadBalancer") }} +{{- if (eq .Values.service.type "LoadBalancer") }} - name: host valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' - name: database valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' - name: password valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.password }' + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' - name: username valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: portro - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portro }' - - name: portrw - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} diff --git a/addons/postgresql-cluster/15/plans/standard-10/values.yaml b/addons/postgresql-cluster/15/plans/standard-10/values.yaml index 2082d76c..b6037e16 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/values.yaml @@ -2,82 +2,75 @@ ## fullnameOverride: hb-postgresql-cluster-standard-10 -preInitScript: | - cat > /opt/drycc/postgresql/patroni.yml <<__EOF__ - log: - level: DEBUG - bootstrap: - dcs: - postgresql: - use_pg_rewind: true - use_slots: true - pg_hba: - - local all all peer - - host all tea_mon 127.0.0.1/32 trust - - host all all 0.0.0.0/0 scram-sha-256 - - host replication ${PATRONI_REPLICATION_USERNAME} 0.0.0.0/0 scram-sha-256 - parameters: - wal_level: hot_standby - hot_standby: "on" - max_connections: 1005 - max_worker_processes: 8 - wal_keep_segments: 8 - max_wal_senders: 10 - max_replication_slots: 10 - max_prepared_transactions: 0 - max_locks_per_transaction: 64 - wal_log_hints: "on" - track_commit_timestamp: "off" - archive_mode: "on" - archive_timeout: 1800s - archive_command: /bin/true - # timescaledb.license: 'timescale' - shared_preload_libraries: 'pg_stat_statements' - initdb: - - auth-host: scram-sha-256 - - auth-local: trust - - encoding: UTF8 - - locale: en_US.UTF-8 - - data-checksums - post_bootstrap: sh /opt/drycc/postgresql/scripts/post_init.sh - restapi: - connect_address: '${PATRONI_KUBERNETES_POD_IP}:8008' - postgresql: - connect_address: '${PATRONI_KUBERNETES_POD_IP}:5432' - authentication: - superuser: - username: postgres - password: '${PATRONI_SUPERUSER_PASSWORD}' - replication: - username: standby - password: '${PATRONI_REPLICATION_PASSWORD}' - rewind: # Has no effect on postgres 10 and lower - username: rewinder - password: '${PATRONI_REWIND_USERNAME}' - watchdog: - mode: off - __EOF__ +postgresql: + config: |- + # Connectivity + max_connections = 980 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '256 MB' + work_mem = '32 MB' + maintenance_work_mem = '320 MB' + huge_pages = off + effective_cache_size = '1 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '1024 MB' + min_wal_size = '512 MB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '3650 MB' + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 2 + max_parallel_workers_per_gather = 1 + max_parallel_maintenance_workers = 1 + max_parallel_workers = 2 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 resources: # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: cpu: 1000m - memory: 1Gi + memory: 2Gi # hugepages-2Mi: 4Mi requests: cpu: 1000m - memory: 1Gi + memory: 2Gi persistentVolume: enabled: true size: 10G -metrics: - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 1000m - memory: 1Gi diff --git a/addons/postgresql-cluster/15/plans/standard-100/bind.yaml b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml new file mode 100644 index 00000000..619e1429 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml @@ -0,0 +1,30 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-100/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-100/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-100/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-100/meta.yaml b/addons/postgresql-cluster/15/plans/standard-100/meta.yaml new file mode 100644 index 00000000..8b3352c9 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-100" +id: c44160a6-5ec4-49e5-af1e-a1c1676871cf +description: "Mysql Cluster standard-100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 2000" +displayName: "standard-100" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-100/values.yaml b/addons/postgresql-cluster/15/plans/standard-100/values.yaml new file mode 100644 index 00000000..c937e07a --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-100/values.yaml @@ -0,0 +1,76 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-100 + +postgresql: + config: |- + # Connectivity + max_connections = 2000 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '4096 MB' + work_mem = '32 MB' + maintenance_work_mem = '320 MB' + huge_pages = off + effective_cache_size = '11 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '1024 MB' + min_wal_size = '512 MB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '3650 MB' + + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 4 + max_parallel_workers_per_gather = 2 + max_parallel_maintenance_workers = 2 + max_parallel_workers = 4 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 4000m + memory: 16Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 4000m + memory: 16Gi + +persistentVolume: + enabled: true + size: 100G diff --git a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml index e8b99314..619e1429 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml @@ -1,34 +1,30 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} +{{- if (eq .Values.service.type "LoadBalancer") }} - name: host valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' - name: database valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' - name: password valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' - name: username valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: portro - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portro }' - - name: portrw - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} - + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-20/meta.yaml b/addons/postgresql-cluster/15/plans/standard-20/meta.yaml index e749a7db..e9580d73 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/meta.yaml @@ -1,5 +1,5 @@ name: "standard-20" -id: 95fd7cf2-f2fb-46c9-b3fc-9e7f48899dcc +id: edf8bdfe-b1dc-4f41-b042-801153794df7 description: "Mysql Cluster standard-20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" displayName: "standard-20" bindable: true diff --git a/addons/postgresql-cluster/15/plans/standard-20/values.yaml b/addons/postgresql-cluster/15/plans/standard-20/values.yaml index 12db2471..f460d01f 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/values.yaml @@ -1,61 +1,77 @@ ## @param fullnameOverride String to fully override common.names.fullname template ## -fullnameOverride: hb-mysql-cluster-standard-20 - -## MinIO® containers' resource requests and limits -## ref: https://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the MinIO® container -## @param resources.requests The requested resources for the MinIO® container -## -primary: - maxConnectionLimit: 1000 - resources: - limits: - cpu: 2000m - memory: 4Gi - requests: - cpu: 2000m - memory: 4Gi - - -## @section Persistence parameters - -## Enable persistence using Persistent Volume Claims -## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ -## - persistence: - ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir - ## - enabled: true - ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas - ## NOTE: When it's set the rest of persistence parameters are ignored - ## - existingClaim: "" - ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations - ## - annotations: {} - ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes - ## - accessModes: - - ReadWriteOnce - ## @param primary.persistence.size MySQL primary persistent volume size - ## - size: 20Gi - ## @param primary.persistence.selector Selector to match an existing Persistent Volume - ## selector: - ## matchLabels: - ## application: my-app - ## - selector: {} +fullnameOverride: hb-postgresql-cluster-standard-20 + +postgresql: + config: |- + # Connectivity + max_connections = 1000 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '1024 MB' + work_mem = '32 MB' + maintenance_work_mem = '320 MB' + huge_pages = off + effective_cache_size = '3 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '1024 MB' + min_wal_size = '512 MB' + + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '3650 MB' + + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 2 + max_parallel_workers_per_gather = 1 + max_parallel_maintenance_workers = 1 + max_parallel_workers = 2 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 2000m + memory: 4Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 2000m + memory: 4Gi + +persistentVolume: + enabled: true + size: 20G diff --git a/addons/postgresql-cluster/15/plans/standard-200/bind.yaml b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml new file mode 100644 index 00000000..619e1429 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml @@ -0,0 +1,30 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-200/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-200/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-200/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-200/meta.yaml b/addons/postgresql-cluster/15/plans/standard-200/meta.yaml new file mode 100644 index 00000000..89b4292b --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-200/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-200" +id: a2160ac2-6c35-4162-b8a2-8dfb2e01816f +description: "Mysql Cluster standard-200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 2000" +displayName: "standard-200" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-200/values.yaml b/addons/postgresql-cluster/15/plans/standard-200/values.yaml new file mode 100644 index 00000000..9db720e6 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-200/values.yaml @@ -0,0 +1,75 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-200 + +postgresql: + config: |- + # Connectivity + max_connections = 2000 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '8192 MB' + work_mem = '32 MB' + maintenance_work_mem = '420 MB' + huge_pages = try # NB! requires also activation of huge pages via kernel params, see here for more: https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES + effective_cache_size = '22 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '1024 MB' + min_wal_size = '512 MB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '3650 MB' + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 8 + max_parallel_workers_per_gather = 4 + max_parallel_maintenance_workers = 4 + max_parallel_workers = 8 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 8000m + memory: 32Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 8000m + memory: 32Gi + +persistentVolume: + enabled: true + size: 200G diff --git a/addons/postgresql-cluster/15/plans/standard-400/bind.yaml b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml new file mode 100644 index 00000000..619e1429 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml @@ -0,0 +1,30 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-400/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-400/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-400/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-400/meta.yaml b/addons/postgresql-cluster/15/plans/standard-400/meta.yaml new file mode 100644 index 00000000..b9472699 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-400/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-400" +id: 16bfd3a8-1080-4731-93d0-bd90e6ba6dad +description: "Mysql Cluster standard-400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 2000" +displayName: "standard-400" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-400/values.yaml b/addons/postgresql-cluster/15/plans/standard-400/values.yaml new file mode 100644 index 00000000..b1afad1d --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-400/values.yaml @@ -0,0 +1,75 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-400 + +postgresql: + config: |- + # Connectivity + max_connections = 2000 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '16384 MB' + work_mem = '32 MB' + maintenance_work_mem = '520 MB' + huge_pages = try # NB! requires also activation of huge pages via kernel params, see here for more: https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES + effective_cache_size = '45 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '1024 MB' + min_wal_size = '512 MB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '3650 MB' + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 16 + max_parallel_workers_per_gather = 8 + max_parallel_maintenance_workers = 8 + max_parallel_workers = 16 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 16000m + memory: 64Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 16000m + memory: 64Gi + +persistentVolume: + enabled: true + size: 400G diff --git a/addons/postgresql-cluster/15/plans/standard-50/bind.yaml b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml new file mode 100644 index 00000000..619e1429 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml @@ -0,0 +1,30 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-50/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-50/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-50/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml new file mode 100644 index 00000000..9fbb08f1 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-50" +id: 0542f411-4e7b-46af-966c-c9989e54873c +description: "Mysql Cluster standard-50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" +displayName: "standard-50" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-50/values.yaml b/addons/postgresql-cluster/15/plans/standard-50/values.yaml new file mode 100644 index 00000000..fbf8db1f --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-50/values.yaml @@ -0,0 +1,76 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-50 + +postgresql: + config: |- + # Connectivity + max_connections = 1000 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '2048 MB' + work_mem = '32 MB' + maintenance_work_mem = '320 MB' + huge_pages = off + effective_cache_size = '6 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '1024 MB' + min_wal_size = '512 MB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '3650 MB' + + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 2 + max_parallel_workers_per_gather = 1 + max_parallel_maintenance_workers = 1 + max_parallel_workers = 2 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 2000m + memory: 8Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 2000m + memory: 8Gi + +persistentVolume: + enabled: true + size: 50G diff --git a/addons/postgresql-cluster/15/plans/standard-800/bind.yaml b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml new file mode 100644 index 00000000..619e1429 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml @@ -0,0 +1,30 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: host + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-master + jsonpath: '{.spec.clusterIPs[*]}' + - name: hostrepl + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{.spec.clusterIPs[*]}' + - name: database + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-name }' + - name: password + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-password }' + - name: username + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.data-user }' + - name: port + value: 5432 +{{- end }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-800/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-800/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-800/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-800/meta.yaml b/addons/postgresql-cluster/15/plans/standard-800/meta.yaml new file mode 100644 index 00000000..1748ac9e --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-800/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-800" +id: 60f37e20-e69e-4f6f-9cce-e43caec34963 +description: "Mysql Cluster standard-800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 2000" +displayName: "standard-800" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-800/values.yaml b/addons/postgresql-cluster/15/plans/standard-800/values.yaml new file mode 100644 index 00000000..3e88193a --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-800/values.yaml @@ -0,0 +1,75 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-800 + +postgresql: + config: |- + # Connectivity + max_connections = 2000 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '32768 MB' + work_mem = '64 MB' + maintenance_work_mem = '720 MB' + huge_pages = try # NB! requires also activation of huge pages via kernel params, see here for more: https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES + effective_cache_size = '90 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '15 min' + checkpoint_completion_target = 0.9 + max_wal_size = '10240 MB' + min_wal_size = '5120 MB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '22080 MB' + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 32 + max_parallel_workers_per_gather = 16 + max_parallel_maintenance_workers = 16 + max_parallel_workers = 32 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 32000m + memory: 128Gi + # hugepages-2Mi: 4Mi + requests: + cpu: 32000m + memory: 128Gi + +persistentVolume: + enabled: true + size: 800G From 665deb48e500156f1629763fc103c7a6070a179d Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 30 Nov 2023 14:07:27 +0800 Subject: [PATCH 23/53] chore(addons): add cloudbeaver --- .../23/chart/cloudbeaver/Chart.yaml | 24 + .../23/chart/cloudbeaver/README.md | 0 .../23/chart/cloudbeaver/templates/NOTES.txt | 3 + .../chart/cloudbeaver/templates/_helpers.tpl | 28 + .../cloudbeaver/templates/deployment.yaml | 138 +++++ .../cloudbeaver/templates/extra-list.yaml | 4 + .../chart/cloudbeaver/templates/ingress.yaml | 63 +++ .../23/chart/cloudbeaver/templates/pvc.yaml | 32 ++ .../cloudbeaver/templates/serviceaccount.yaml | 21 + .../23/chart/cloudbeaver/templates/svc.yaml | 46 ++ .../cloudbeaver/templates/tls-secrets.yaml | 44 ++ .../23/chart/cloudbeaver/values.yaml | 516 ++++++++++++++++++ addons/cloudbeaver/23/meta.yaml | 20 + .../cloudbeaver/23/plans/standard-5/bind.yaml | 20 + .../standard-5/create-instance-schema.json | 12 + .../cloudbeaver/23/plans/standard-5/meta.yaml | 6 + .../23/plans/standard-5/values.yaml | 60 ++ 17 files changed, 1037 insertions(+) create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/Chart.yaml create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/README.md create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/NOTES.txt create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/_helpers.tpl create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/extra-list.yaml create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/ingress.yaml create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/pvc.yaml create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/serviceaccount.yaml create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/svc.yaml create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/templates/tls-secrets.yaml create mode 100644 addons/cloudbeaver/23/chart/cloudbeaver/values.yaml create mode 100644 addons/cloudbeaver/23/meta.yaml create mode 100644 addons/cloudbeaver/23/plans/standard-5/bind.yaml create mode 100644 addons/cloudbeaver/23/plans/standard-5/create-instance-schema.json create mode 100644 addons/cloudbeaver/23/plans/standard-5/meta.yaml create mode 100644 addons/cloudbeaver/23/plans/standard-5/values.yaml diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/Chart.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/Chart.yaml new file mode 100644 index 00000000..d5505574 --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/Chart.yaml @@ -0,0 +1,24 @@ +annotations: + category: Infrastructure +apiVersion: v2 +appVersion: 23.2.5 +dependencies: + - name: common + repository: oci://registry.drycc.cc/charts + tags: + - drycc-common + version: ~1.1.2 +description: Cloud Database Manager +engine: gotpl +home: https://github.com/drycc-addons/addons +icon: https://github.com/dbeaver/cloudbeaver/wiki/images/cloudbeaver-logo.png +keywords: + - cloudbeaver + - database +maintainers: + - name: drycc + url: https://github.com/drycc-addons/addons +name: cloudbeaver +sources: + - https://github.com/dbeaver/cloudbeaver +version: 23.2.5 diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/README.md b/addons/cloudbeaver/23/chart/cloudbeaver/README.md new file mode 100644 index 00000000..e69de29b diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/NOTES.txt b/addons/cloudbeaver/23/chart/cloudbeaver/templates/NOTES.txt new file mode 100644 index 00000000..3eed111b --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/NOTES.txt @@ -0,0 +1,3 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} \ No newline at end of file diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/_helpers.tpl b/addons/cloudbeaver/23/chart/cloudbeaver/templates/_helpers.tpl new file mode 100644 index 00000000..dda6955a --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/_helpers.tpl @@ -0,0 +1,28 @@ +{{/* vim: set filetype=mustache: */}} + + +{{/* +Return the proper cloudbeaver image name +*/}} +{{- define "cloudbeaver.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} +{{- end -}} + + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "cloudbeaver.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image) "global" .Values.global) -}} +{{- end -}} + +{{/* + Create the name of the service account to use + */}} +{{- define "cloudbeaver.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml new file mode 100644 index 00000000..c00c3656 --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml @@ -0,0 +1,138 @@ +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.updateStrategy }} + strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: + {{- if .Values.podAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "cloudbeaver.serviceAccountName" . }} + {{- include "cloudbeaver.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: cloudbeaver + image: {{ include "cloudbeaver.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + workingDir: /opt/drycc/cloudbeaver/ + ports: + - name: http + containerPort: {{ .Values.containerPorts.http }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit (omit .Values.livenessProbe "enabled") "path") "context" $) | nindent 12 }} + httpGet: + path: {{ .Values.livenessProbe.path }} + port: http + {{- end }} + {{- if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit (omit .Values.readinessProbe "enabled") "path") "context" $) | nindent 12 }} + httpGet: + path: {{ .Values.readinessProbe.path }} + port: http + {{- end }} + {{- if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit (omit .Values.startupProbe "enabled") "path") "context" $) | nindent 12 }} + httpGet: + path: {{ .Values.startupProbe.path }} + port: http + {{- end }} + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .Values.persistence.mountPath | quote }} + volumes: +{{- if not .Values.persistence.enabled }} + - name: data + emptyDir: {} +{{- end }} +{{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: data + annotations: + {{- if .Values.persistence.annotations }} +{{ toYaml .Values.persistence.annotations | indent 8 }} + {{- end }} + labels: + application: {{ template "cloudbeaver.fullname" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + spec: + accessModes: +{{ toYaml .Values.persistence.accessModes | indent 8 }} + resources: + requests: + storage: "{{ .Values.persistence.size }}" + {{- if .Values.persistence.storageClass }} + {{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" + {{- end }} + {{- end }} + {{- end }} + diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/extra-list.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/extra-list.yaml new file mode 100644 index 00000000..9ac65f9e --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/ingress.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/ingress.yaml new file mode 100644 index 00000000..a857fcea --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/ingress.yaml @@ -0,0 +1,63 @@ +{{- if .Values.ingress.enabled }} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.ingress.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} + ingressClassName: {{ .Values.ingress.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.ingress.hostname }} + - host: {{ .Values.ingress.hostname | quote }} + http: + paths: + {{- if .Values.ingress.extraPaths }} + {{- toYaml .Values.ingress.extraPaths | nindent 10 }} + {{- end }} + - path: {{ .Values.ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.ingress.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }} + {{- end }} + {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }} + tls: + {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }} + - hosts: + - {{ .Values.ingress.hostname | quote }} + {{- range .Values.ingress.extraHosts }} + - {{ .name }} + {{- end }} + secretName: {{ printf "%s-tls" .Values.ingress.hostname }} + {{- end }} + {{- if .Values.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/pvc.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/pvc.yaml new file mode 100644 index 00000000..7a36a217 --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/pvc.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ printf "%s-binding" (include "common.names.fullname" .) }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.persistence.annotations .Values.commonAnnotations .Values.persistence.resourcePolicy }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.persistence.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.persistence.resourcePolicy }} + helm.sh/resource-policy: {{ .Values.persistence.resourcePolicy | quote }} + {{- end }} + {{- end }} +spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} +{{- end }} diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/serviceaccount.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/serviceaccount.yaml new file mode 100644 index 00000000..341c96f8 --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/serviceaccount.yaml @@ -0,0 +1,21 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "node.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} + {{- end }} + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.serviceAccount.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.serviceAccount.annotations "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/svc.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/svc.yaml new file mode 100644 index 00000000..bb846a3a --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/svc.yaml @@ -0,0 +1,46 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.service.annotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + sessionAffinity: {{ default "None" .Values.service.sessionAffinity }} + {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- if .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + ports: + - name: http + port: {{ .Values.service.ports.http }} + targetPort: http + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http)) }} + nodePort: {{ .Values.service.nodePorts.http }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/tls-secrets.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/tls-secrets.yaml new file mode 100644 index 00000000..b2aafcc1 --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/tls-secrets.yaml @@ -0,0 +1,44 @@ +{{- if .Values.ingress.enabled }} +{{- if .Values.ingress.secrets }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ include "common.names.namespace" $ | quote }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + {{- if $.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.ingress.tls .Values.ingress.selfSigned }} +{{- $ca := genCA "node-ca" 365 }} +{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-tls" .Values.ingress.hostname }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ $cert.Cert | b64enc | quote }} + tls.key: {{ $cert.Key | b64enc | quote }} + ca.crt: {{ $ca.Cert | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml new file mode 100644 index 00000000..19515399 --- /dev/null +++ b/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml @@ -0,0 +1,516 @@ +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + imagePullSecrets: [] + storageClass: "" + +## @section Common parameters + +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: "" +## @param nameOverride String to partially override node.fullname template (will maintain the release name) +## +nameOverride: "" +## @param fullnameOverride String to fully override node.fullname template +## +fullnameOverride: "" +## @param namespaceOverride Override namespace for resources +## Useful when including Node as a chart dependency, so it can be released into a different namespace than the parent +## +namespaceOverride: "" +## @param commonLabels Add labels to all the deployed resources +## +commonLabels: {} +## @param commonAnnotations Add annotations to all the deployed resources +## +commonAnnotations: {} + +## @param command Override default container command (useful when using custom images) +## +command: "" +## @param args Override default container args (useful when using custom images) +## +args: [] +## @param hostAliases Deployment pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## @param extraEnvVars Extra environment variables to be set on Node container +## For example: +## - name: BEARER_AUTH +## value: true +## +extraEnvVars: [] +## @param extraEnvVarsCM Name of existing ConfigMap containing extra environment variables +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Name of existing Secret containing extra environment variables +## +extraEnvVarsSecret: "" +## MongoDB® chart configuration +## ref: https://github.com/bitnami/charts/blob/master/bitnami/mongodb/values.yaml +## + +## Bitnami node image version +## ref: https://hub.docker.com/r/bitnami/node/tags/ +## @param image.registry NodeJS image registry +## @param image.repository NodeJS image repository +## @param image.tag NodeJS image tag (immutable tags are recommended) +## @param image.digest NodeJS image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## @param image.pullPolicy NodeJS image pull policy +## @param image.pullSecrets Specify docker-registry secret names as an array +## @param image.debug Set to true if you would like to see extra information on logs +## +image: + registry: registry.drycc.cc + repository: drycc-addons/cloudbeaver + tag: 23 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Set to true if you would like to see extra information on logs + ## + debug: false +## @param replicaCount Specify the number of replicas for the application +## +replicaCount: 1 +## @param updateStrategy.type Strategy to use to replace existing pods. +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +## Example: +## updateStrategy: +## type: RollingUpdate +## rollingUpdate: +## maxSurge: 25% +## maxUnavailable: 25% +## +updateStrategy: + type: RollingUpdate +## @param containerPorts.http Specify the port where your application will be running +## +containerPorts: + http: 8978 +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity Affinity for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## @param nodeSelector Node labels for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## @param tolerations Tolerations for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## @param podAnnotations Additional pod annotations +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param podLabels Additional labels for Node pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template) +## +extraDeploy: [] +## Enable diagnostic mode in the deployment(s)/statefulset(s) +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the the deployment(s)/statefulset(s) + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the the deployment(s)/statefulset(s) + ## + args: + - infinity +## Configure extra options for liveness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +## @param livenessProbe.enabled Enable livenessProbe +## @param livenessProbe.path Request path for livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + path: '/' + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## Configure extra options for readiness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.path Request path for readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + path: '/' + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 3 + successThreshold: 1 +## Configure extra options for startup probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-startup-readiness-probes/#configure-probes +## @param startupProbe.enabled Enable startupProbe +## @param startupProbe.path Request path for startupProbe +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + path: '/' + initialDelaySeconds: 5 + periodSeconds: 3 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 +## @param customLivenessProbe Override default liveness probe +## +customLivenessProbe: {} +## @param customReadinessProbe Override default readiness probe +## +customReadinessProbe: {} +## @param customStartupProbe Override default startup probe +## +customStartupProbe: {} +## @param topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template +## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods +## +topologySpreadConstraints: [] +## @param priorityClassName Node priorityClassName +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +priorityClassName: "" +## @param schedulerName Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" +## @param terminationGracePeriodSeconds Seconds Airflow web pod needs to terminate gracefully +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +terminationGracePeriodSeconds: "" +## @param lifecycleHooks lifecycleHooks for the Node container to automate configuration before or after startup. +## +lifecycleHooks: {} +## @param sidecars Add sidecars to the Node pods +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +extraVolumes: [] +## @param extraVolumeMounts Extra volume mounts to add to the container +## +extraVolumeMounts: [] +## Pods Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + ## @param serviceAccount.create Enable creation of ServiceAccount for node pod + ## + create: false + ## @param serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the `common.names.fullname` template + name: "" + ## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. + ## Only used if `create` is `true`. + ## + annotations: {} + ## @param serviceAccount.automountServiceAccountToken Whether to auto mount the service account token + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server + ## + automountServiceAccountToken: false +## SecurityContext configuration +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## @param containerSecurityContext.enabled Node Container securityContext +## @param containerSecurityContext.runAsUser User ID for the Node container +## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot +## +containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true +## @param podSecurityContext.enabled Enable security context for Node pods +## @param podSecurityContext.fsGroup Group ID for the volumes of the pod +## +podSecurityContext: + enabled: true + fsGroup: 1001 +## Node conatiners' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the Node container +## @param resources.requests The requested resources for the Node container +## +resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + requests: {} + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## @param persistence.enabled Enable persistence using PVC + ## + enabled: true + ## @param persistence.mountPath Path where the volume will be mount at. + ## + mountPath: /opt/drycc/cloudbeaver/workspace/ + ## @param persistence.subPath Subdirectory of the volume to mount + ## + subPath: "" + ## @param persistence.existingClaim Name of an existing PVC to use + ## + existingClaim: "" + ## @param persistence.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted + resourcePolicy: "" + ## @param persistence.storageClass Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param persistence.accessModes PVC Access Modes + ## + accessModes: + - ReadWriteOnce + ## @param persistence.size PVC Storage Request + ## + size: 1Gi + ## @param persistence.annotations Annotations for the PVC + ## + annotations: {} + +## @section Traffic exposure parameters + +## Service parameters +## +service: + ## @param service.type Kubernetes Service type + ## + type: LoadBalancer + ## @param service.ports.http Kubernetes Service port + ## + ports: + http: 80 + ## @param service.clusterIP Service Cluster IP + ## + clusterIP: "" + ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: 'None' + ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## @param service.nodePorts.http NodePort if Service type is `LoadBalancer` or `NodePort` + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + http: "" + ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param service.loadBalancerIP LoadBalancer IP if Service type is `LoadBalancer` + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges In order to limit which client IP's can access the Network Load Balancer, specify loadBalancerSourceRanges + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#aws-nlb-support + ## + loadBalancerSourceRanges: [] + ## @param service.externalTrafficPolicy Enable client source IP preservation + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.annotations Annotations for the Service + ## This can be used to set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} +## Configure the ingress resource that allows you to access the +## Node.js installation. Set up the URL +## ref: https://kubernetes.io/docs/user-guide/ingress/ +## +ingress: + ## @param ingress.enabled Set to true to enable ingress record generation + ## + enabled: false + + ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param ingress.apiVersion Override API Version (automatically detected if not set) + ## + apiVersion: "" + ## @param ingress.hostname When the ingress is enabled, a host pointing to this will be created + ## + hostname: cloudbeaver.local + ## @param ingress.path The Path to Node.js. You may need to set this to '/*' in order to use this with ALB ingress controllers. + ## + path: / + ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter + ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} + ## You can use the ingress.secrets parameter to create this TLS secret or rely on cert-manager to create it + ## + tls: false + ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## extraHosts: + ## - name: node.local + ## path: / + ## + extraHosts: [] + ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. + ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## extraTls: + ## - hosts: + ## - node.local + ## secretName: node.local-tls + ## + extraTls: [] + ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## - name: node.local-tls + ## key: + ## certificate: + ## + secrets: [] + ## @param ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] diff --git a/addons/cloudbeaver/23/meta.yaml b/addons/cloudbeaver/23/meta.yaml new file mode 100644 index 00000000..4d740156 --- /dev/null +++ b/addons/cloudbeaver/23/meta.yaml @@ -0,0 +1,20 @@ +name: cloudbeaver +version: 7.0 +id: b7cb26a4-b258-445c-860b-a664239a67f8 +description: "cloudbeaver" +displayName: "cloudbeaver" +metadata: + displayName: "cloudbeaver" + provider: + name: drycc + supportURL: http://cloudbeaver.io/ + documentationURL: https://github.com/drycc-addons/drycc-docker-redis +tags: cloudbeaver +bindable: true +instances_retrievable: true +bindings_retrievable: true +plan_updateable: true +allow_parameters: +- name: "networkPolicy.allowNamespaces" + description: "networkPolicy allowNamespaces config for values.yaml" +archive: false diff --git a/addons/cloudbeaver/23/plans/standard-5/bind.yaml b/addons/cloudbeaver/23/plans/standard-5/bind.yaml new file mode 100644 index 00000000..5ee51e2a --- /dev/null +++ b/addons/cloudbeaver/23/plans/standard-5/bind.yaml @@ -0,0 +1,20 @@ +credential: + {{- if (eq .Values.service.type "LoadBalancer") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.service.type "ClusterIP") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: PORT + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .spec.ports[?(@.name=="http")].port }' + diff --git a/addons/cloudbeaver/23/plans/standard-5/create-instance-schema.json b/addons/cloudbeaver/23/plans/standard-5/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/cloudbeaver/23/plans/standard-5/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/cloudbeaver/23/plans/standard-5/meta.yaml b/addons/cloudbeaver/23/plans/standard-5/meta.yaml new file mode 100644 index 00000000..3c070e39 --- /dev/null +++ b/addons/cloudbeaver/23/plans/standard-5/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-5" +id: 9d92b94d-c63e-47a8-ac91-352f511ef0a9 +description: "Cloudbeaver standard-5 plan: Disk 5Gi ,vCPUs 1 , RAM 2G" +displayName: "standard-5" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/cloudbeaver/23/plans/standard-5/values.yaml b/addons/cloudbeaver/23/plans/standard-5/values.yaml new file mode 100644 index 00000000..920f16ca --- /dev/null +++ b/addons/cloudbeaver/23/plans/standard-5/values.yaml @@ -0,0 +1,60 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-cloudbeaver-standard-10 + +## MinIO® containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for the MinIO® container +## @param resources.requests The requested resources for the MinIO® container +## + +resources: + limits: + cpu: 1000m + memory: 1024Mi + requests: + cpu: 1000m + memory: 1024Mi + + +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + existingClaim: "" + ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations + ## + annotations: {} + ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size MySQL primary persistent volume size + ## + size: 5Gi + ## @param primary.persistence.selector Selector to match an existing Persistent Volume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} From b3e6351c760972192d8518e9d712a76ed931a92d Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 30 Nov 2023 17:18:09 +0800 Subject: [PATCH 24/53] chore(addons): fix plan binds --- .../23/chart/cloudbeaver/values.yaml | 2 +- addons/cloudbeaver/23/meta.yaml | 10 +++--- addons/grafana/10/chart/grafana/values.yaml | 2 +- addons/grafana/10/meta.yaml | 20 +++++++++++ .../grafana/10/plans/standard-1-2/values.yaml | 7 ---- .../{standard-1-2 => standard-5}/bind.yaml | 29 ++++++++-------- .../{standard-1-2 => standard-5}/meta.yaml | 4 +-- .../grafana/10/plans/standard-5/values.yaml | 14 ++++++++ .../8.0/chart/mysql-cluster/values.yaml | 2 +- addons/mysql-cluster/8.0/meta.yaml | 4 ++- .../8.0/plans/standard-10/bind.yaml | 31 +++++++++-------- .../8.0/plans/standard-100/bind.yaml | 31 +++++++++-------- .../8.0/plans/standard-20/bind.yaml | 31 +++++++++-------- .../8.0/plans/standard-200/bind.yaml | 31 +++++++++-------- .../8.0/plans/standard-400/bind.yaml | 31 +++++++++-------- .../8.0/plans/standard-50/bind.yaml | 31 +++++++++-------- .../8.0/plans/standard-800/bind.yaml | 31 +++++++++-------- .../templates/svc-master.yaml | 2 +- .../templates/svc-relp.yaml | 2 +- .../postgresql-cluster/templates/svc.yaml | 2 +- .../15/chart/postgresql-cluster/values.yaml | 4 +-- addons/postgresql-cluster/15/meta.yaml | 8 ++++- .../15/plans/standard-10/bind.yaml | 31 +++++++++++------ .../15/plans/standard-100/bind.yaml | 33 ++++++++++++------- .../15/plans/standard-20/bind.yaml | 33 ++++++++++++------- .../15/plans/standard-200/bind.yaml | 33 ++++++++++++------- .../15/plans/standard-400/bind.yaml | 33 ++++++++++++------- .../15/plans/standard-50/bind.yaml | 33 ++++++++++++------- .../15/plans/standard-800/bind.yaml | 33 ++++++++++++------- 29 files changed, 353 insertions(+), 205 deletions(-) create mode 100644 addons/grafana/10/meta.yaml delete mode 100644 addons/grafana/10/plans/standard-1-2/values.yaml rename addons/grafana/10/plans/{standard-1-2 => standard-5}/bind.yaml (58%) rename addons/grafana/10/plans/{standard-1-2 => standard-5}/meta.yaml (83%) create mode 100644 addons/grafana/10/plans/standard-5/values.yaml diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml index 19515399..149c69d3 100644 --- a/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml +++ b/addons/cloudbeaver/23/chart/cloudbeaver/values.yaml @@ -358,7 +358,7 @@ persistence: - ReadWriteOnce ## @param persistence.size PVC Storage Request ## - size: 1Gi + size: 10Gi ## @param persistence.annotations Annotations for the PVC ## annotations: {} diff --git a/addons/cloudbeaver/23/meta.yaml b/addons/cloudbeaver/23/meta.yaml index 4d740156..b74fe7f5 100644 --- a/addons/cloudbeaver/23/meta.yaml +++ b/addons/cloudbeaver/23/meta.yaml @@ -1,5 +1,5 @@ name: cloudbeaver -version: 7.0 +version: 23 id: b7cb26a4-b258-445c-860b-a664239a67f8 description: "cloudbeaver" displayName: "cloudbeaver" @@ -8,13 +8,13 @@ metadata: provider: name: drycc supportURL: http://cloudbeaver.io/ - documentationURL: https://github.com/drycc-addons/drycc-docker-redis + documentationURL: https://github.com/drycc-addons/ tags: cloudbeaver bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: true +plan_updateable: false allow_parameters: -- name: "networkPolicy.allowNamespaces" - description: "networkPolicy allowNamespaces config for values.yaml" +- name: "service.type" + description: "service type config for values.yaml" archive: false diff --git a/addons/grafana/10/chart/grafana/values.yaml b/addons/grafana/10/chart/grafana/values.yaml index 9b029425..f18c0343 100644 --- a/addons/grafana/10/chart/grafana/values.yaml +++ b/addons/grafana/10/chart/grafana/values.yaml @@ -575,7 +575,7 @@ serviceAccount: service: ## @param service.type Kubernetes Service type ## - type: LoadBalancer + type: ClusterIP ## @param service.clusterIP Grafana service Cluster IP ## e.g.: ## clusterIP: None diff --git a/addons/grafana/10/meta.yaml b/addons/grafana/10/meta.yaml new file mode 100644 index 00000000..224ca287 --- /dev/null +++ b/addons/grafana/10/meta.yaml @@ -0,0 +1,20 @@ +name: Grafana +version: 7.0 +id: fff5b6c7-ed85-429b-8265-493e40cc53c7 +description: "grafana" +displayName: "grafana" +metadata: + displayName: "grafana" + provider: + name: drycc + supportURL: http://grafana.io/ + documentationURL: https://github.com/drycc-addons/ +tags: cloudbeaver +bindable: true +instances_retrievable: true +bindings_retrievable: true +plan_updateable: false +allow_parameters: +- name: "service.type" + description: "service type config for values.yaml" +archive: false diff --git a/addons/grafana/10/plans/standard-1-2/values.yaml b/addons/grafana/10/plans/standard-1-2/values.yaml deleted file mode 100644 index 840b3303..00000000 --- a/addons/grafana/10/plans/standard-1-2/values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: hb-grafana-standard-10 - -server: - persistence: - size: 10Gi \ No newline at end of file diff --git a/addons/grafana/10/plans/standard-1-2/bind.yaml b/addons/grafana/10/plans/standard-5/bind.yaml similarity index 58% rename from addons/grafana/10/plans/standard-1-2/bind.yaml rename to addons/grafana/10/plans/standard-5/bind.yaml index 8b14d5a5..a41ae66e 100644 --- a/addons/grafana/10/plans/standard-1-2/bind.yaml +++ b/addons/grafana/10/plans/standard-5/bind.yaml @@ -1,29 +1,30 @@ credential: {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: host + - name: HOST valueFrom: serviceRef: name: {{ printf "%s-router" (include "common.names.fullname" .) }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: password + {{- else if (eq .Values.service.type "ClusterIP") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-admin jsonpath: '{ .data.GF_SECURITY_ADMIN_PASSWORD }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-admin jsonpath: '{ .data.GF_SECURITY_ADMIN_USER }' - - name: portrw - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - - name: portro - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portro }' - {{- end }} + - name: PORT + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .spec.ports[?(@.name=="http")].port }' diff --git a/addons/grafana/10/plans/standard-1-2/meta.yaml b/addons/grafana/10/plans/standard-5/meta.yaml similarity index 83% rename from addons/grafana/10/plans/standard-1-2/meta.yaml rename to addons/grafana/10/plans/standard-5/meta.yaml index 5facd66f..ae70fd93 100644 --- a/addons/grafana/10/plans/standard-1-2/meta.yaml +++ b/addons/grafana/10/plans/standard-5/meta.yaml @@ -1,6 +1,6 @@ -name: "standard-10" +name: "standard-5" id: 2b455154-8725-482a-95b2-a193c180d9b5 -description: "grafana plan which limit 1c1g ,default persistence size 10Gi." +description: "grafana plan which limit 1c1g ,default persistence size 5Gi." displayName: "1C2G" bindable: true maximum_polling_duration: 1800 diff --git a/addons/grafana/10/plans/standard-5/values.yaml b/addons/grafana/10/plans/standard-5/values.yaml new file mode 100644 index 00000000..ce943f14 --- /dev/null +++ b/addons/grafana/10/plans/standard-5/values.yaml @@ -0,0 +1,14 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-grafana-standard-5 + +resources: + limits: + cpu: 1000m + memory: 1024Mi + requests: + cpu: 1000m + memory: 1024Mi + +persistence: + size: 5Gi \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index a33e364c..2c70143b 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -858,7 +858,7 @@ router: service: ## @param secondary.service.type MySQL secondary Kubernetes service type ## - type: LoadBalancer + type: ClusterIP ## @param secondary.service.ports.mysql MySQL secondary Kubernetes service port ## portrw: 3306 diff --git a/addons/mysql-cluster/8.0/meta.yaml b/addons/mysql-cluster/8.0/meta.yaml index 9394d02a..4d54dd35 100644 --- a/addons/mysql-cluster/8.0/meta.yaml +++ b/addons/mysql-cluster/8.0/meta.yaml @@ -13,8 +13,10 @@ tags: mysql-cluster bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: true +plan_updateable: false allow_parameters: - name: "networkPolicy.allowNamespaces" description: "networkPolicy allowNamespaces config for values.yaml" +- name: "router.service.type" + description: "service type config for values.yaml" archive: false diff --git a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml index e8b99314..3ec3ed37 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml @@ -1,34 +1,39 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: host +{{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: HOST valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' - - name: database + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.router.service.type "ClusterIP") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.database }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: portro + - name: READONLY_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.portro }' - - name: portrw + - name: READWRITE_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} - + jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml index e8b99314..3ec3ed37 100644 --- a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml @@ -1,34 +1,39 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: host +{{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: HOST valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' - - name: database + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.router.service.type "ClusterIP") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.database }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: portro + - name: READONLY_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.portro }' - - name: portrw + - name: READWRITE_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} - + jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml index e8b99314..3ec3ed37 100644 --- a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml @@ -1,34 +1,39 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: host +{{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: HOST valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' - - name: database + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.router.service.type "ClusterIP") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.database }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: portro + - name: READONLY_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.portro }' - - name: portrw + - name: READWRITE_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} - + jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml index e8b99314..3ec3ed37 100644 --- a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml @@ -1,34 +1,39 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: host +{{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: HOST valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' - - name: database + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.router.service.type "ClusterIP") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.database }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: portro + - name: READONLY_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.portro }' - - name: portrw + - name: READWRITE_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} - + jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml index e8b99314..3ec3ed37 100644 --- a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml @@ -1,34 +1,39 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: host +{{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: HOST valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' - - name: database + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.router.service.type "ClusterIP") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.database }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: portro + - name: READONLY_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.portro }' - - name: portrw + - name: READWRITE_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} - + jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml index e8b99314..3ec3ed37 100644 --- a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml @@ -1,34 +1,39 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: host +{{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: HOST valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' - - name: database + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.router.service.type "ClusterIP") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.database }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: portro + - name: READONLY_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.portro }' - - name: portrw + - name: READWRITE_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} - + jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml index e8b99314..3ec3ed37 100644 --- a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml @@ -1,34 +1,39 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: host +{{- if (eq .Values.router.service.type "LoadBalancer") }} + - name: HOST valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.host }' - - name: database + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.router.service.type "ClusterIP") }} + - name: HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.database }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.username }' - - name: portro + - name: READONLY_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user jsonpath: '{ .data.portro }' - - name: portrw + - name: READWRITE_PORT valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - {{- end }} - + jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml index 48dba13d..e162dc3b 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml @@ -12,7 +12,7 @@ metadata: cluster-name: {{ template "patroni.fullname" . }} role: master spec: - type: LoadBalancer + type: {{ .Value.service.type }} selector: application: {{ template "patroni.fullname" . }} cluster-name: {{ template "patroni.fullname" . }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml index ba50b3bd..adc82d13 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml @@ -12,7 +12,7 @@ metadata: cluster-name: {{ template "patroni.fullname" . }} role: replica spec: - type: LoadBalancer + type: {{ .Value.service.type }} selector: application: {{ template "patroni.fullname" . }} cluster-name: {{ template "patroni.fullname" . }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml index 77ffd855..0922fb57 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml @@ -11,7 +11,7 @@ metadata: heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} spec: - type: LoadBalancer + type: {{ .Value.service.type }} ports: - port: 5432 targetPort: 5432 diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 451cb0ba..e3128f72 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -3,7 +3,7 @@ diagnosticMode: enable: false service: - type: LoadBalancer + type: ClusterIP image: # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 @@ -244,7 +244,7 @@ metrics: cpu: 100m memory: 512Mi walG: - # Specifies whether Wal-E should be enabled + # Specifies whether Wal-G should be enabled enabled: true # Cron schedule for doing base backups scheduleCronJob: "*/5 * * * *" diff --git a/addons/postgresql-cluster/15/meta.yaml b/addons/postgresql-cluster/15/meta.yaml index f7e21529..8a78429d 100644 --- a/addons/postgresql-cluster/15/meta.yaml +++ b/addons/postgresql-cluster/15/meta.yaml @@ -13,8 +13,14 @@ tags: postgresql-cluster bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: true +plan_updateable: false allow_parameters: - name: "networkPolicy.allowNamespaces" description: "networkPolicy allowNamespaces config for values.yaml" +- name: "service.type" + description: "service type config for values.yaml" +- name: "metrics.enabled" + description: "metrics enable or not config for values.yaml" +- name: "walG.enabled" + description: "backup enable or not config for values.yaml" archive: false \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml index d48323b0..41676f6e 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml @@ -1,31 +1,42 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: host + - name: MASTER_HOST valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }}-master - jsonpath: '{.spec.clusterIPs[*]}' - - name: hostrepl + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl - jsonpath: '{.spec.clusterIPs[*]}' - - name: database + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.service.type "ClusterIP") }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-name }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-password }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-user }' - - name: port + - name: PORT value: 5432 -{{- end }} diff --git a/addons/postgresql-cluster/15/plans/standard-100/bind.yaml b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml index 619e1429..5b215a03 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml @@ -1,30 +1,41 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: host + - name: MASTER_HOST valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }}-master - jsonpath: '{.spec.clusterIPs[*]}' - - name: hostrepl + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl - jsonpath: '{.spec.clusterIPs[*]}' - - name: database + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.service.type "ClusterIP") }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-name }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-password }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-user }' - - name: port - value: 5432 -{{- end }} \ No newline at end of file + - name: PORT + value: 5432 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml index 619e1429..5b215a03 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml @@ -1,30 +1,41 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: host + - name: MASTER_HOST valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }}-master - jsonpath: '{.spec.clusterIPs[*]}' - - name: hostrepl + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl - jsonpath: '{.spec.clusterIPs[*]}' - - name: database + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.service.type "ClusterIP") }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-name }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-password }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-user }' - - name: port - value: 5432 -{{- end }} \ No newline at end of file + - name: PORT + value: 5432 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-200/bind.yaml b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml index 619e1429..5b215a03 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml @@ -1,30 +1,41 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: host + - name: MASTER_HOST valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }}-master - jsonpath: '{.spec.clusterIPs[*]}' - - name: hostrepl + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl - jsonpath: '{.spec.clusterIPs[*]}' - - name: database + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.service.type "ClusterIP") }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-name }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-password }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-user }' - - name: port - value: 5432 -{{- end }} \ No newline at end of file + - name: PORT + value: 5432 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-400/bind.yaml b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml index 619e1429..a95ec5b2 100644 --- a/addons/postgresql-cluster/15/plans/standard-400/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml @@ -1,30 +1,41 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: host + - name: MASTER_HOST valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }}-master - jsonpath: '{.spec.clusterIPs[*]}' - - name: hostrepl + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl - jsonpath: '{.spec.clusterIPs[*]}' - - name: database + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.service.type "ClusterIP") }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DATABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-name }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-password }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-user }' - - name: port - value: 5432 -{{- end }} \ No newline at end of file + - name: PORT + value: 5432 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-50/bind.yaml b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml index 619e1429..5b215a03 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml @@ -1,30 +1,41 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: host + - name: MASTER_HOST valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }}-master - jsonpath: '{.spec.clusterIPs[*]}' - - name: hostrepl + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl - jsonpath: '{.spec.clusterIPs[*]}' - - name: database + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.service.type "ClusterIP") }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-name }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-password }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-user }' - - name: port - value: 5432 -{{- end }} \ No newline at end of file + - name: PORT + value: 5432 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-800/bind.yaml b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml index 619e1429..5b215a03 100644 --- a/addons/postgresql-cluster/15/plans/standard-800/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml @@ -1,30 +1,41 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: host + - name: MASTER_HOST valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }}-master - jsonpath: '{.spec.clusterIPs[*]}' - - name: hostrepl + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl - jsonpath: '{.spec.clusterIPs[*]}' - - name: database + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- else if (eq .Values.service.type "ClusterIP") }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + {{- end }} + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-name }' - - name: password + - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-password }' - - name: username + - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-user }' - - name: port - value: 5432 -{{- end }} \ No newline at end of file + - name: PORT + value: 5432 \ No newline at end of file From 657f6f459ff980432488029bca222af12f1dbc2d Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 4 Dec 2023 11:04:27 +0800 Subject: [PATCH 25/53] chore(prometheus): add auth --- addons/postgresql-cluster/15/meta.yaml | 4 +- .../2/chart/prometheus/templates/_helpers.tpl | 8 ++++ .../templates/server/configmap.yaml | 4 +- .../templates/server/deployment.yaml | 19 +++++++- .../prometheus/templates/server/sec.yaml | 14 ++++++ .../prometheus/2/chart/prometheus/values.yaml | 10 ++++- addons/prometheus/2/meta.yaml | 6 ++- .../prometheus/2/plans/standard-10/bind.yaml | 36 +++++++-------- .../2/plans/standard-10/values.yaml | 3 +- .../prometheus/2/plans/standard-50/bind.yaml | 44 +++++++------------ .../2/plans/standard-50/values.yaml | 3 +- 11 files changed, 94 insertions(+), 57 deletions(-) create mode 100644 addons/prometheus/2/chart/prometheus/templates/server/sec.yaml diff --git a/addons/postgresql-cluster/15/meta.yaml b/addons/postgresql-cluster/15/meta.yaml index 8a78429d..e870c5f5 100644 --- a/addons/postgresql-cluster/15/meta.yaml +++ b/addons/postgresql-cluster/15/meta.yaml @@ -20,7 +20,7 @@ allow_parameters: - name: "service.type" description: "service type config for values.yaml" - name: "metrics.enabled" - description: "metrics enable or not config for values.yaml" + description: "Whether to enable metrics. default true" - name: "walG.enabled" - description: "backup enable or not config for values.yaml" + description: "Whether to use S3 for backup your data. default true . ps: Make sure there is a available S3 " archive: false \ No newline at end of file diff --git a/addons/prometheus/2/chart/prometheus/templates/_helpers.tpl b/addons/prometheus/2/chart/prometheus/templates/_helpers.tpl index 9136398b..45a72ec7 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_helpers.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_helpers.tpl @@ -108,6 +108,14 @@ Get the Prometheus configuration configmap key. {{- end -}} {{- end -}} +{{/* +Get the Prometheus Alertmanager configuration configmap key. +*/}} +{{- define "prometheus.serever.web.configmapKey" -}} +{{- printf "web-config.yaml" -}} +{{- end -}} + + {{/* Get the Prometheus Alertmanager configuration configmap key. */}} diff --git a/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml b/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml index 36d64f70..3c9703e8 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml @@ -17,7 +17,9 @@ metadata: {{- end }} data: {{ include "prometheus.server.configmapKey" . }}: - {{- include "common.tplvalues.render" (dict "value" .Values.server.configuration "context" $) | toYaml | nindent 4 }} + {{- include "common.tplvalues.render" (dict "value" .Values.server.configuration "context" $) | toYaml | nindent 4 }} + {{ include "prometheus.serever.web.configmapKey" .}}: + {{- include "common.tplvalues.render" (dict "value" .Values.server.webconfig "context" $) | toYaml | nindent 4 }} rules.yaml: {{- include "common.tplvalues.render" (dict "value" .Values.server.alertingRules "context" $) | toYaml | nindent 4 }} {{- end }} diff --git a/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml b/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml index 8429060a..026b0139 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml @@ -114,13 +114,13 @@ spec: args: - "--config.file=/opt/drycc/prometheus/conf/{{ include "prometheus.server.configmapKey" . }}" - "--storage.tsdb.path={{ .Values.server.persistence.mountPath }}" - - "--storage.tsdb.retention.time={{ .Values.server.retention }}" - "--storage.tsdb.retention.size={{ .Values.server.retentionSize }}" - "--log.level={{ .Values.server.logLevel }}" - "--log.format={{ .Values.server.logFormat }}" - "--web.listen-address=:{{ .Values.server.containerPorts.http }}" - "--web.console.libraries=/opt/drycc/prometheus/conf/console_libraries" - "--web.console.templates=/opt/drycc/prometheus/conf/consoles" + - "--web.config.file=/opt/drycc/prometheus/conf/web-config.yaml" {{- if .Values.server.enableAdminAPI}} - "--web.enable-admin-api" {{- end }} @@ -141,6 +141,11 @@ spec: {{- if .Values.server.extraEnvVars }} {{- include "common.tplvalues.render" (dict "value" .Values.server.extraEnvVars "context" $) | nindent 12 }} {{- end }} + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "prometheus.server.fullname" . }} + key: PASSWORD envFrom: {{- if .Values.server.extraEnvVarsCM }} - configMapRef: @@ -164,6 +169,9 @@ spec: httpGet: path: /-/healthy port: http + httpHeaders: + - name: Authorization + value: Basic {{ printf "%s:%s" .Values.server.username .Values.server.password | b64enc }} {{- end }} {{- if .Values.server.customReadinessProbe }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.server.customReadinessProbe "context" $) | nindent 12 }} @@ -172,13 +180,20 @@ spec: httpGet: path: /-/ready port: http + httpHeaders: + - name: Authorization + value: Basic {{ printf "%s:%s" .Values.server.username .Values.server.password | b64enc }} {{- end }} {{- if .Values.server.customStartupProbe }} startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.server.customStartupProbe "context" $) | nindent 12 }} {{- else if .Values.server.startupProbe.enabled }} startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.server.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: + httpGet: + path: /-/ready port: http + httpHeaders: + - name: Authorization + value: Basic {{ printf "%s:%s" .Values.server.username .Values.server.password | b64enc }} {{- end }} {{- end }} {{- if .Values.server.lifecycleHooks }} diff --git a/addons/prometheus/2/chart/prometheus/templates/server/sec.yaml b/addons/prometheus/2/chart/prometheus/templates/server/sec.yaml new file mode 100644 index 00000000..fd0b368c --- /dev/null +++ b/addons/prometheus/2/chart/prometheus/templates/server/sec.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "prometheus.server.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: + application: {{ template "prometheus.server.fullname" . }} + chart: {{ template "prometheus.server.fullname" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster-name: {{ template "prometheus.server.fullname" . }} +type: Opaque +data: + PASSWORD: {{ if .Values.password | default "" | ne "" }} {{ .Values.service.password | b64enc }}{{ else }}{{ randAlphaNum 32 | b64enc }}{{ end }} diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index 21331135..f7f91f7e 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -80,7 +80,7 @@ ingress: ## @param alertmanager.image.pullSecrets Alertmanager image pull secrets ## alertmanager: - enabled: true + enabled: false image: registry: registry.drycc.cc repository: drycc-addons/alertmanager @@ -577,6 +577,8 @@ alertmanager: ## @param server.image.pullSecrets Prometheus image pull secrets ## server: + username: admin + password: admin image: registry: registry.drycc.cc repository: drycc-addons/prometheus @@ -599,6 +601,10 @@ server: ## @param server.configuration [string] Promethus configuration. This content will be stored in the the prometheus.yaml file and the content can be a template. ## ref: ## + webconfig : | + basic_auth_users: + {{ htpasswd .Values.server.username .Values.server.password | replace ":" ": "}} + configuration: | global: {{- if .Values.server.scrapeInterval }} @@ -703,7 +709,7 @@ server: ## @param server.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: - enabled: false + enabled: true initialDelaySeconds: 2 periodSeconds: 5 timeoutSeconds: 2 diff --git a/addons/prometheus/2/meta.yaml b/addons/prometheus/2/meta.yaml index ddf83945..7ac5e2af 100644 --- a/addons/prometheus/2/meta.yaml +++ b/addons/prometheus/2/meta.yaml @@ -13,8 +13,12 @@ tags: prometheus bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: true +plan_updateable: false allow_parameters: - name: "networkPolicy.allowNamespaces" description: "networkPolicy allowNamespaces config for values.yaml" +- name: "server.username" + description: "set username . default amdin" +- name: "server.username" + description: "set passsword . default amdin" archive: false diff --git a/addons/prometheus/2/plans/standard-10/bind.yaml b/addons/prometheus/2/plans/standard-10/bind.yaml index c6efaaba..e453fade 100644 --- a/addons/prometheus/2/plans/standard-10/bind.yaml +++ b/addons/prometheus/2/plans/standard-10/bind.yaml @@ -1,28 +1,24 @@ credential: - {{- if (eq .Values.server.service.type "LoadBalancer") }} - - name: host +{{- if (eq .Values.server.service.type "LoadBalancer") }} + - name: HOST valueFrom: serviceRef: - name: {{ printf "%s" (include "common.names.fullname" .) }} + name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: port - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .spec.ports.port }' - {{- end }} - -alertmanager - - {{- if (eq .Values.alertmanager.service.type "LoadBalancer") }} - - name: host +{{- else if (eq .Values.service.type "ClusterIP") }} + - name: HOST valueFrom: serviceRef: - name: {{ printf "%s" (include "common.names.fullname" .) }} - jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: port + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + - name: PORT valueFrom: - secretKeyRef: + serviceRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .spec.ports.port }' - {{- end }} \ No newline at end of file + jsonpath: ' { .spec.ports[?(@.name=="http")].port }' + - name: USER + valule: {{ .Values.server.username }} + - name: PASSWORD + valule: {{ .Values.server.password }} + {{- end }} diff --git a/addons/prometheus/2/plans/standard-10/values.yaml b/addons/prometheus/2/plans/standard-10/values.yaml index 3470d0d5..796ae97e 100644 --- a/addons/prometheus/2/plans/standard-10/values.yaml +++ b/addons/prometheus/2/plans/standard-10/values.yaml @@ -4,4 +4,5 @@ fullnameOverride: hb-prometheus-standard-10 server: persistence: - size: 10Gi \ No newline at end of file + size: 10Gi + retentionSize: 8Gi \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-50/bind.yaml b/addons/prometheus/2/plans/standard-50/bind.yaml index 3e652f1c..e453fade 100644 --- a/addons/prometheus/2/plans/standard-50/bind.yaml +++ b/addons/prometheus/2/plans/standard-50/bind.yaml @@ -1,34 +1,24 @@ credential: - {{- if (eq .Values.service.type "LoadBalancer") }} - - name: host +{{- if (eq .Values.server.service.type "LoadBalancer") }} + - name: HOST valueFrom: serviceRef: - name: {{ printf "%s" (include "common.names.fullname" .) }} + name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: database +{{- else if (eq .Values.service.type "ClusterIP") }} + - name: HOST valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - - name: password - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: username - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' - - name: portrw - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portrw }' - - name: portro + serviceRef: + name: {{ include "common.names.fullname" . }} + jsonpath: '{ .spec.clusterIP }' +{{- end }} + - name: PORT valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.portro }' + serviceRef: + name: {{ template "common.names.fullname" . }} + jsonpath: ' { .spec.ports[?(@.name=="http")].port }' + - name: USER + valule: {{ .Values.server.username }} + - name: PASSWORD + valule: {{ .Values.server.password }} {{- end }} - diff --git a/addons/prometheus/2/plans/standard-50/values.yaml b/addons/prometheus/2/plans/standard-50/values.yaml index 0dc80c4f..69caeefa 100644 --- a/addons/prometheus/2/plans/standard-50/values.yaml +++ b/addons/prometheus/2/plans/standard-50/values.yaml @@ -4,4 +4,5 @@ fullnameOverride: hb-prometheus-standard-50 server: persistence: - size: 50Gi \ No newline at end of file + size: 50Gi + retentionSize: 48Gi \ No newline at end of file From 96cc9a69fcb9c5f01914aa868cc7308bbc0a700d Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 4 Dec 2023 11:21:52 +0800 Subject: [PATCH 26/53] fix(postgresql-cluster): service type nil --- .../15/chart/postgresql-cluster/templates/svc-master.yaml | 2 +- .../15/chart/postgresql-cluster/templates/svc-relp.yaml | 2 +- .../15/chart/postgresql-cluster/templates/svc.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml index e162dc3b..f3d20fd2 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-master.yaml @@ -12,7 +12,7 @@ metadata: cluster-name: {{ template "patroni.fullname" . }} role: master spec: - type: {{ .Value.service.type }} + type: {{ .Values.service.type }} selector: application: {{ template "patroni.fullname" . }} cluster-name: {{ template "patroni.fullname" . }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml index adc82d13..252882b3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc-relp.yaml @@ -12,7 +12,7 @@ metadata: cluster-name: {{ template "patroni.fullname" . }} role: replica spec: - type: {{ .Value.service.type }} + type: {{ .Values.service.type }} selector: application: {{ template "patroni.fullname" . }} cluster-name: {{ template "patroni.fullname" . }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml index 0922fb57..3644db78 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/svc.yaml @@ -11,7 +11,7 @@ metadata: heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} spec: - type: {{ .Value.service.type }} + type: {{ .Values.service.type }} ports: - port: 5432 targetPort: 5432 From 510b272277191288ac5288cd7a1e01f085fa2762 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 4 Dec 2023 11:31:45 +0800 Subject: [PATCH 27/53] fix(cloudbeaver): labels application --- .../cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml index c00c3656..2b1fe314 100644 --- a/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml @@ -118,7 +118,7 @@ spec: {{ toYaml .Values.persistence.annotations | indent 8 }} {{- end }} labels: - application: {{ template "cloudbeaver.fullname" . }} + application: {{ include "common.names.fullname" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: From 735f5376937aa661b37206593f89a4731bfecde9 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 5 Dec 2023 11:31:10 +0800 Subject: [PATCH 28/53] fix(postgresql-cluster): plans describe typo --- addons/index.yaml | 3 +++ .../15/chart/postgresql-cluster/values.yaml | 6 +++++- addons/postgresql-cluster/15/meta.yaml | 6 ++++++ addons/postgresql-cluster/15/plans/standard-100/meta.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-20/meta.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-200/meta.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-400/meta.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-50/meta.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-800/meta.yaml | 2 +- 9 files changed, 20 insertions(+), 7 deletions(-) diff --git a/addons/index.yaml b/addons/index.yaml index 75ec5191..fb67bcb2 100644 --- a/addons/index.yaml +++ b/addons/index.yaml @@ -1,5 +1,8 @@ apiVersion: v1 entries: + cloudbeaver: + - version: 23 + description: "Cloud Database Manager." mysql-cluster: - version: 8.0 description: "The world's most popular open source database cluster." diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index e3128f72..960735da 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -82,7 +82,11 @@ preInitScript: | track_commit_timestamp: "off" archive_mode: "on" archive_timeout: 300s + {{- if .Values.walG.enabled }} archive_command: sh /opt/drycc/postgresql/walbackup.sh %p + {{- else }} + archive_command: /bin/true + {{- end }} # timescaledb.license: 'timescale' shared_preload_libraries: 'auto_explain,pg_stat_statements' log_destination: 'csvlog' @@ -245,7 +249,7 @@ metrics: memory: 512Mi walG: # Specifies whether Wal-G should be enabled - enabled: true + enabled: false # Cron schedule for doing base backups scheduleCronJob: "*/5 * * * *" # Amount of base backups to retain diff --git a/addons/postgresql-cluster/15/meta.yaml b/addons/postgresql-cluster/15/meta.yaml index 1b5450bc..a9bfe787 100644 --- a/addons/postgresql-cluster/15/meta.yaml +++ b/addons/postgresql-cluster/15/meta.yaml @@ -23,4 +23,10 @@ allow_parameters: description: "Whether to enable metrics. default true" - name: "walG.enabled" description: "Whether to use S3 for backup your data. default true . ps: Make sure there is a available S3 " +- name: "walG.s3.awsAccessKeyID" + description: "S3 awsAccessKeyID" +- name: "walG.s3.awsSecretAccessKey" + description: "S3 awsSecretAccessKey" +- name: "walG.s3.walGS3Prefix" + description: "S3 walGS3Prefix : etc . s3://bucket001" archive: false \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-100/meta.yaml b/addons/postgresql-cluster/15/plans/standard-100/meta.yaml index 8b3352c9..699f4aaa 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/meta.yaml @@ -1,6 +1,6 @@ name: "standard-100" id: c44160a6-5ec4-49e5-af1e-a1c1676871cf -description: "Mysql Cluster standard-100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 2000" +description: "PostgreSQL Cluster standard-100 plan: Disk 100Gi ,vCPUs 4 , RAM 16G , DB MAX Connection 2000" displayName: "standard-100" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-20/meta.yaml b/addons/postgresql-cluster/15/plans/standard-20/meta.yaml index e9580d73..0f67097a 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/meta.yaml @@ -1,6 +1,6 @@ name: "standard-20" id: edf8bdfe-b1dc-4f41-b042-801153794df7 -description: "Mysql Cluster standard-20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" +description: "PostgreSQL Cluster standard-20 plan: Disk 20Gi ,vCPUs 2 , RAM 4G , DB MAX Connection 1000" displayName: "standard-20" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-200/meta.yaml b/addons/postgresql-cluster/15/plans/standard-200/meta.yaml index 89b4292b..cbfb48ce 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/meta.yaml @@ -1,6 +1,6 @@ name: "standard-200" id: a2160ac2-6c35-4162-b8a2-8dfb2e01816f -description: "Mysql Cluster standard-200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 2000" +description: "PostgreSQL Cluster standard-200 plan: Disk 200Gi ,vCPUs 8 , RAM 32G , DB MAX Connection 2000" displayName: "standard-200" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-400/meta.yaml b/addons/postgresql-cluster/15/plans/standard-400/meta.yaml index b9472699..8ec2aacb 100644 --- a/addons/postgresql-cluster/15/plans/standard-400/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-400/meta.yaml @@ -1,6 +1,6 @@ name: "standard-400" id: 16bfd3a8-1080-4731-93d0-bd90e6ba6dad -description: "Mysql Cluster standard-400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 2000" +description: "PostgreSQL Cluster standard-400 plan: Disk 400Gi ,vCPUs 16 , RAM 64G , DB MAX Connection 2000" displayName: "standard-400" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml index 9fbb08f1..29e67ad5 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml @@ -1,6 +1,6 @@ name: "standard-50" id: 0542f411-4e7b-46af-966c-c9989e54873c -description: "Mysql Cluster standard-50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" +description: "PostgreSQL standard-50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" displayName: "standard-50" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-800/meta.yaml b/addons/postgresql-cluster/15/plans/standard-800/meta.yaml index 1748ac9e..72ab5126 100644 --- a/addons/postgresql-cluster/15/plans/standard-800/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-800/meta.yaml @@ -1,6 +1,6 @@ name: "standard-800" id: 60f37e20-e69e-4f6f-9cce-e43caec34963 -description: "Mysql Cluster standard-800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 2000" +description: "PostgreSQL Cluster standard-800 plan: Disk 800Gi ,vCPUs 32 , RAM 128G , DB MAX Connection 2000" displayName: "standard-800" bindable: true maximum_polling_duration: 1800 From 4efae114771740f61ff1c84642691ac9ee563879 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 8 Dec 2023 14:02:13 +0800 Subject: [PATCH 29/53] chore(postgresql-cluster): allow dyrcc params --- .../15/chart/postgresql-cluster/README.md | 164 ++---------------- .../postgresql-cluster/templates/_helpers.tpl | 34 ++-- .../postgresql-cluster/templates/cronjob.yaml | 2 +- .../templates/networkpolicy.yaml | 2 +- .../postgresql-cluster/templates/sec.yaml | 6 +- .../templates/statefulset.yaml | 10 +- .../15/chart/postgresql-cluster/values.yaml | 20 ++- addons/postgresql-cluster/15/meta.yaml | 10 +- .../15/plans/standard-10/values.yaml | 2 +- .../15/plans/standard-100/values.yaml | 1 - .../15/plans/standard-20/values.yaml | 2 +- .../15/plans/standard-200/values.yaml | 1 - .../15/plans/standard-50/values.yaml | 1 - 13 files changed, 61 insertions(+), 194 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md index 8d44fca1..3bab0f21 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md @@ -1,151 +1,17 @@ -# ⚠️ Repo Archive Notice -As of Nov 13, 2020, charts in this repo will no longer be updated. -For more information, see the Helm Charts [Deprecation and Archive Notice](https://github.com/helm/charts#%EF%B8%8F-deprecation-and-archive-notice), and [Update](https://helm.sh/blog/charts-repo-deprecation/). - -# Patroni Helm Chart - -This directory contains a Kubernetes chart to deploy a five node [Patroni](https://github.com/zalando/patroni/) cluster using a [Spilo](https://github.com/zalando/spilo) and a StatefulSet. - - -## Prerequisites Details -* Kubernetes 1.9+ -* PV support on the underlying infrastructure - -## StatefulSet Details -* https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ - -## StatefulSet Caveats -* https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#limitations - - -## Chart Details -This chart will do the following: - -* Implement a HA scalable PostgreSQL 10 cluster using a Kubernetes StatefulSet. - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm repo add -$ helm dependency update -$ helm install --name my-release postgresql-cluster -``` - -To install the chart with randomly generated passwords: - -```console -$ helm install --name my-release postgresql-cluster \ - --set credentials.superuser="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)",credentials.admin="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)",credentials.standby="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)" -``` - -## Connecting to PostgreSQL - -Your access point is a cluster IP. In order to access it spin up another pod: - -```console -$ kubectl run -i --tty --rm psql --image=postgres --restart=Never -- bash -il -``` - -Then, from inside the pod, connect to PostgreSQL: - -```console -$ psql -U admin -h my-release-patroni.default.svc.cluster.local postgres - -postgres=> -``` - -## Configuration - -The following table lists the configurable parameters of the patroni chart and their default values. - -| Parameter | Description | Default | -|-----------------------------------|---------------------------------------------|-----------------------------------------------------| -| `nameOverride` | Override the name of the chart | `nil` | -| `fullnameOverride` | Override the fullname of the chart | `nil` | -| `replicaCount` | Amount of pods to spawn | `5` | -| `image.repository` | The image to pull | `registry.opensource.zalan.do/acid/spilo-10` | -| `image.tag` | The version of the image to pull | `1.5-p5` | -| `image.pullPolicy` | The pull policy | `IfNotPresent` | -| `credentials.superuser` | Password of the superuser | `tea` | -| `credentials.admin` | Password of the admin | `cola` | -| `credentials.standby` | Password of the replication user | `pinacolada` | -| `kubernetes.dcs.enable` | Using Kubernetes as DCS | `true` | -| `kubernetes.configmaps.enable` | Using Kubernetes configmaps instead of endpoints | `false` | -| `etcd.enable` | Using etcd as DCS | `false` | -| `etcd.deployChart` | Deploy etcd chart | `false` | -| `etcd.host` | Host name of etcd cluster | `nil` | -| `etcd.discovery` | Domain name of etcd cluster | `nil` | -| `zookeeper.enable` | Using ZooKeeper as DCS | `false` | -| `zookeeper.deployChart` | Deploy ZooKeeper chart | `false` | -| `zookeeper.hosts` | List of ZooKeeper cluster members | `host1:port1,host2:port,etc...` | -| `consul.enable` | Using Consul as DCS | `false` | -| `consul.deployChart` | Deploy Consul chart | `false` | -| `consul.host` | Host name of consul cluster | `nil` | -| `env` | Extra custom environment variables | `{}` | -| `walE.enable` | Use of Wal-E tool for base backup/restore | `false` | -| `walE.scheduleCronJob` | Schedule of Wal-E backups | `00 01 * * *` | -| `walE.retainBackups` | Number of base backups to retain | `2` | -| `walE.s3Bucket:` | Amazon S3 bucket used for wal-e backups | `nil` | -| `walE.gcsBucket` | GCS storage used for Wal-E backups | `nil` | -| `walE.kubernetesSecret` | K8s secret name for provider bucket | `nil` | -| `walE.backupThresholdMegabytes` | Maximum size of the WAL segments accumulated after the base backup to consider WAL-E restore instead of pg_basebackup | `1024` | -| `walE.backupThresholdPercentage` | Maximum ratio (in percents) of the accumulated WAL files to the base backup to consider WAL-E restore instead of pg_basebackup | `30` | -| `resources` | Any resources you wish to assign to the pod | `{}` | -| `nodeSelector` | Node label to use for scheduling | `{}` | -| `tolerations` | List of node taints to tolerate | `[]` | -| `affinityTemplate` | A template string to use to generate the affinity settings | Anti-affinity preferred on hostname | -| `affinity` | Affinity settings. Overrides `affinityTemplate` if set. | `{}` | -| `schedulerName` | Alternate scheduler name | `nil` | -| `persistentVolume.accessModes` | Persistent Volume access modes | `[ReadWriteOnce]` | -| `persistentVolume.annotations` | Annotations for Persistent Volume Claim` | `{}` | -| `persistentVolume.mountPath` | Persistent Volume mount root path | `/home/postgres/pgdata` | -| `persistentVolume.size` | Persistent Volume size | `2Gi` | -| `persistentVolume.storageClass` | Persistent Volume Storage Class | `volume.alpha.kubernetes.io/storage-class: default` | -| `persistentVolume.subPath` | Subdirectory of Persistent Volume to mount | `""` | -| `rbac.create` | Create required role and rolebindings | `true` | -| `serviceAccount.create` | If true, create a new service account | `true` | -| `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template | `nil` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -$ helm install --name my-release -f values.yaml incubator/patroni -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Cleanup - -To remove the spawned pods you can run a simple `helm delete `. - -Helm will however preserve created persistent volume claims, -to also remove them execute the commands below. - -```console -$ release= -$ helm delete $release -$ kubectl delete pvc -l release=$release -``` - -## Internals - -Patroni is responsible for electing a PostgreSQL master pod by leveraging the -DCS of your choice. After election it adds a `spilo-role=master` label to the -elected master and set the label to `spilo-role=replica` for all replicas. -Simultaneously it will update the `-patroni` endpoint to let the -service route traffic to the elected master. - -```console -$ kubectl get pods -l spilo-role -L spilo-role -NAME READY STATUS RESTARTS AGE SPILO-ROLE -my-release-patroni-0 1/1 Running 0 9m replica -my-release-patroni-1 1/1 Running 0 9m master -my-release-patroni-2 1/1 Running 0 8m replica -my-release-patroni-3 1/1 Running 0 8m replica -my-release-patroni-4 1/1 Running 0 8m replica ``` +dataname: + dbname: dbn + username: admin + password: R3Dv0NEmwZkhhz +networkPolicy.allowNamespaces: + - mx-test1 +service.type: ClusterIP +metrics.enabled: true +backup: + enabled: true + s3: + awsAccessKeyID: DO9l771LqiwZkhhz + awsSecretAccessKey: R3Dv0NEmJBo8JFdn1q8jz49ArWwpDjFn + walGS3Prefix: mx-test +``` \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl index 1e4e50bc..feddfa57 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl @@ -46,7 +46,7 @@ Create the name of the service account to use. Return true if a cronjob object should be created for Postgresql HA patroni ## TODO feature */}} {{- define "patroni.createCronJob" -}} -{{- if and .Values.walG.enabled }} +{{- if and .Values.backup.enabled }} {{- true -}} {{- else -}} {{- end -}} @@ -143,35 +143,35 @@ Create patroni envs. {{/* Create walg envs. */}} -{{- define "walg.envs" }} -{{- if .Values.walG.enabled }} +{{- define "backup.envs" }} +{{- if .Values.backup.enabled }} - name: USE_WALG - value: {{ .Values.walG.enabled | quote }} -{{- if .Values.walG.retainBackups }} + value: {{ .Values.backup.enabled | quote }} +{{- if .Values.backup.retainBackups }} - name: BACKUP_NUM_TO_RETAIN - value: {{ .Values.walG.retainBackups | quote}} + value: {{ .Values.backup.retainBackups | quote}} {{- end }} -{{- if .Values.walG.backupThresholdMegabytes }} +{{- if .Values.backup.backupThresholdMegabytes }} - name: WALG_BACKUP_THRESHOLD_MEGABYTES - value: {{ .Values.walG.backupThresholdMegabytes | quote }} + value: {{ .Values.backup.backupThresholdMegabytes | quote }} {{- end }} -{{- if .Values.walG.backupThresholdPercentage }} +{{- if .Values.backup.backupThresholdPercentage }} - name: WALE_BACKUP_THRESHOLD_PERCENTAGE - value: {{ .Values.walG.backupThresholdPercentage | quote }} + value: {{ .Values.backup.backupThresholdPercentage | quote }} {{- end }} -{{- if .Values.walG.s3.used }} +{{- if .Values.backup.s3.used }} - name: AWS_ACCESS_KEY_ID - value: {{ .Values.walG.s3.awsAccessKeyID | quote }} + value: {{ .Values.backup.s3.awsAccessKeyID | quote }} - name: AWS_SECRET_ACCESS_KEY - value: {{ .Values.walG.s3.awsSecretAccessKey | quote }} + value: {{ .Values.backup.s3.awsSecretAccessKey | quote }} - name: WALG_S3_PREFIX - value: {{ .Values.walG.s3.walGS3Prefix | quote }} + value: {{ .Values.backup.s3.walGS3Prefix | quote }} - name: AWS_ENDPOINT - value: {{ .Values.walG.s3.awsEndpoint | quote }} + value: {{ .Values.backup.s3.awsEndpoint | quote }} - name: AWS_S3_FORCE_PATH_STYLE - value: {{ .Values.walG.s3.awsS3ForcePathStyle | quote }} + value: {{ .Values.backup.s3.awsS3ForcePathStyle | quote }} - name: AWS_REGION - value: {{ .Values.walG.s3.awsRegion | quote }} + value: {{ .Values.backup.s3.awsRegion | quote }} {{- end }} {{- else }} - name: USE_WALG diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml index 39c08de3..41e42886 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cronjob.yaml @@ -19,7 +19,7 @@ metadata: {{- end }} spec: - schedule: "{{ .Values.walG.scheduleCronJob }}" + schedule: "{{ .Values.backup.scheduleCronJob }}" failedJobsHistoryLimit: 1 successfulJobsHistoryLimit: 1 jobTemplate: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml index 8b429517..dfad66c3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml @@ -23,7 +23,7 @@ spec: - port: 5432 {{- if and .Values.metrics.enabled }} - port: {{ .Values.metrics.containerPort }} - {{ end }} `` + {{ end }} {{- if or .Values.networkPolicy.allowCurrentNamespace .Values.networkPolicy.allowNamespaces }} from: {{- if .Values.networkPolicy.allowCurrentNamespace }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml index 306e93e7..0a5ed63b 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml @@ -14,6 +14,6 @@ data: password-superuser: {{ .Values.credentials.superuser | b64enc }} password-rewind: {{ .Values.credentials.rewind | b64enc }} password-replication: {{ .Values.credentials.replication | b64enc }} - data-user: {{ .Values.dataname.username | b64enc }} - data-name: {{ .Values.dataname.dbname | b64enc }} - data-password: {{ .Values.dataname.password | b64enc }} + data-user: {{ .Values.database.username | b64enc }} + data-name: {{ .Values.database.dbname | b64enc }} + data-password: {{ .Values.database.password | b64enc }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 0d1ed21a..98ded996 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -56,8 +56,8 @@ spec: # fsGroup: postgres env: {{- include "patroni.envs" . | indent 8 }} - {{- if .Values.walG.enabled }} - {{- include "walg.envs" . | indent 8 }} + {{- if .Values.backup.enabled }} + {{- include "backup.envs" . | indent 8 }} {{- end }} {{- if .Values.env }} {{- range $key, $val := .Values.env }} @@ -127,7 +127,7 @@ spec: {{- end }} env: - name: DATA_SOURCE_NAME - value: {{ printf "postgresql://tea_mon:password@127.0.0.1:5432/%s?sslmode=disable" $.Values.dataname.dbname }} + value: {{ printf "postgresql://tea_mon:password@127.0.0.1:5432/%s?sslmode=disable" $.Values.database.dbname }} ports: - name: http-metrics containerPort: {{ .Values.metrics.containerPort }} @@ -161,7 +161,7 @@ spec: resources: {{- toYaml .Values.metrics.resources | nindent 12 }} {{- end }} {{- end }} - {{- if .Values.walG.enabled }} + {{- if .Values.backup.enabled }} - name: {{ .Chart.Name }}-backup image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -175,7 +175,7 @@ spec: - | python3 /opt/drycc/postgresql/pgbackup.py 0.0.0.0 9000 env: - {{- include "walg.envs" . | indent 8 }} + {{- include "backup.envs" . | indent 8 }} - name: PGHOST value: localhost - name: PGPASSWORD diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 960735da..d7b24deb 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -21,7 +21,7 @@ credentials: rewind: cola replication: reppasswd -dataname: +database: dbname: db1 username: us1 password: 111w @@ -82,7 +82,7 @@ preInitScript: | track_commit_timestamp: "off" archive_mode: "on" archive_timeout: 300s - {{- if .Values.walG.enabled }} + {{- if .Values.backup.enabled }} archive_command: sh /opt/drycc/postgresql/walbackup.sh %p {{- else }} archive_command: /bin/true @@ -243,15 +243,15 @@ metrics: limits: cpu: 100m memory: 512Mi - # hugepages-2Mi: 4Mi + hugepages-2Mi: 20Mi requests: cpu: 100m memory: 512Mi -walG: +backup: # Specifies whether Wal-G should be enabled - enabled: false + enabled: true # Cron schedule for doing base backups - scheduleCronJob: "*/5 * * * *" + scheduleCronJob: "20 0 * * 0" # Amount of base backups to retain retainBackups: 2 # Name of the secret that holds the credentials to the bucket @@ -271,8 +271,9 @@ walG: awsS3ForcePathStyle: "true" awsRegion: dx-1 + persistentVolume: - enabled: false + enabled: true size: 10G ## database data Persistent Volume Storage Class ## If defined, storageClassName: @@ -338,7 +339,7 @@ serviceAccount: networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## - enabled: false + enabled: true ## @param networkPolicy.allowExternal The Policy model to apply. ## When set to false, only pods with the correct ## client label will have network access to the port Postgresql is listening @@ -346,4 +347,5 @@ networkPolicy: ## (with the correct destination port). ## allowCurrentNamespace: true - allowNamespaces: [] \ No newline at end of file + allowNamespaces: + - mx-test1 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/meta.yaml b/addons/postgresql-cluster/15/meta.yaml index a9bfe787..28de1baf 100644 --- a/addons/postgresql-cluster/15/meta.yaml +++ b/addons/postgresql-cluster/15/meta.yaml @@ -15,18 +15,20 @@ instances_retrievable: true bindings_retrievable: true plan_updateable: false allow_parameters: +- name: "dataname" + description: "database config for values.yaml" - name: "networkPolicy.allowNamespaces" description: "networkPolicy allowNamespaces config for values.yaml" - name: "service.type" description: "service type config for values.yaml" - name: "metrics.enabled" description: "Whether to enable metrics. default true" -- name: "walG.enabled" +- name: "backup.enabled" description: "Whether to use S3 for backup your data. default true . ps: Make sure there is a available S3 " -- name: "walG.s3.awsAccessKeyID" +- name: "backup.s3.awsAccessKeyID" description: "S3 awsAccessKeyID" -- name: "walG.s3.awsSecretAccessKey" +- name: "backup.s3.awsSecretAccessKey" description: "S3 awsSecretAccessKey" -- name: "walG.s3.walGS3Prefix" +- name: "backup.s3.walGS3Prefix" description: "S3 walGS3Prefix : etc . s3://bucket001" archive: false \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-10/values.yaml b/addons/postgresql-cluster/15/plans/standard-10/values.yaml index b6037e16..94917aff 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/values.yaml @@ -65,7 +65,7 @@ resources: limits: cpu: 1000m memory: 2Gi - # hugepages-2Mi: 4Mi + hugepages-2Mi: 4Mi requests: cpu: 1000m memory: 2Gi diff --git a/addons/postgresql-cluster/15/plans/standard-100/values.yaml b/addons/postgresql-cluster/15/plans/standard-100/values.yaml index c937e07a..2f4c4841 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/values.yaml @@ -66,7 +66,6 @@ resources: limits: cpu: 4000m memory: 16Gi - # hugepages-2Mi: 4Mi requests: cpu: 4000m memory: 16Gi diff --git a/addons/postgresql-cluster/15/plans/standard-20/values.yaml b/addons/postgresql-cluster/15/plans/standard-20/values.yaml index f460d01f..3ef08abf 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/values.yaml @@ -67,7 +67,7 @@ resources: limits: cpu: 2000m memory: 4Gi - # hugepages-2Mi: 4Mi + hugepages-2Mi: 20Mi requests: cpu: 2000m memory: 4Gi diff --git a/addons/postgresql-cluster/15/plans/standard-200/values.yaml b/addons/postgresql-cluster/15/plans/standard-200/values.yaml index 9db720e6..5e9d641b 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/values.yaml @@ -65,7 +65,6 @@ resources: limits: cpu: 8000m memory: 32Gi - # hugepages-2Mi: 4Mi requests: cpu: 8000m memory: 32Gi diff --git a/addons/postgresql-cluster/15/plans/standard-50/values.yaml b/addons/postgresql-cluster/15/plans/standard-50/values.yaml index fbf8db1f..046e87ea 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/values.yaml @@ -66,7 +66,6 @@ resources: limits: cpu: 2000m memory: 8Gi - # hugepages-2Mi: 4Mi requests: cpu: 2000m memory: 8Gi From 76fff18415ba80187b22ee13195d5b192da77765 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 11 Dec 2023 11:46:05 +0800 Subject: [PATCH 30/53] chore(postgresql-cluster): generate password random --- .../15/chart/postgresql-cluster/README.md | 83 +++++++++++++++-- .../postgresql-cluster/templates/_helpers.tpl | 88 +++++++++++++++---- .../postgresql-cluster/templates/sec.yaml | 13 ++- .../15/chart/postgresql-cluster/values.yaml | 50 +++++------ addons/postgresql-cluster/15/meta.yaml | 14 +-- 5 files changed, 184 insertions(+), 64 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md index 3bab0f21..9bc0f18b 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md @@ -1,17 +1,90 @@ +## CREATE PG INSTANCE ``` -dataname: - dbname: dbn - username: admin - password: R3Dv0NEmwZkhhz +# create or update pg instance template yaml networkPolicy.allowNamespaces: - mx-test1 service.type: ClusterIP metrics.enabled: true backup: + # whether BackUP should be enabled enabled: true + # Cron schedule for doing base backups + scheduleCronJob: "20 0 * * 0" + Amount of base backups to retain + retainBackups: 2 s3: awsAccessKeyID: DO9l771LqiwZkhhz awsSecretAccessKey: R3Dv0NEmJBo8JFdn1q8jz49ArWwpDjFn walGS3Prefix: mx-test -``` \ No newline at end of file +``` + +## Create app user and database + +- Login PG with admin user & password + +- CREATE APP USER +``` +CREATE USER `my_user` WITH CONNECTION LIMIT `conn_limit` LOGIN ENCRYPTED PASSWORD 'password'; +``` +- CREATE APP DATABASE +``` +CREATE DATABASE `my_db` OWNER `my_user`; +``` +- CREATE EXTENSIONS +``` +CREATE EXTENSION pg_buffercache; +``` + +## Network Access + +Default access allow policy: only namespace scope. + +- allow `mx-test1` namespace access +``` +networkPolicy.allowNamespaces: + - mx-test1 +``` + + - Assign external network IP address +``` + service.type: LoadBlance +``` + + ## Manger backup your data `Very important` + +`Strongly recommend enabling this feature.` +`Strongly recommend enabling this feature.` +`Strongly recommend enabling this feature.` + +PG data backup use S3 as backenp store. Choose an independent storage space `outside of the current environment` as your backup space. +``` +backup: + # whether BackUP should be enabled + enabled: true + # Cron schedule for doing base backups + scheduleCronJob: "20 0 * * 0" + Amount of base backups to retain + retainBackups: 2 + s3: + awsAccessKeyID: DO9l771LqiwZkhhz + awsSecretAccessKey: R3Dv0NEmJBo8JFdn1q8jz49ArWwpDjFn + walGS3Prefix: mx-test +``` + +You can modify multiple content at once, there is no need to modify part of it each time. + +# Plans + +| Resource Specification | Cores | MEMORY | Storage SIZE | +| :---: | :---: | :---: | :---: | +| standard-10 | 1C | 2G | 10G | +| standard-20 | 2C | 4G | 20G | +| standard-50 | 2C | 8G | 50G | +| standard-100 | 4C | 16G | 100G | +| standard-200 | 8C | 32G | 200G | +| standard-400 | 16C | 64G | 400G | +| standard-800 | 32C | 128G | 800G | + +In order to obtain a better experience, it is recommended not to exceed 80% usage of resource utilization for a long period of time. If there is a need for larger resource scale, please apply for private customization. + diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl index feddfa57..b11ff28e 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl @@ -107,6 +107,16 @@ Create patroni envs. secretKeyRef: name: {{ template "patroni.fullname" . }} key: password-rewind +- name: ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: admin-user +- name: ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "patroni.fullname" . }} + key: admin-password - name: PATRONI_SCOPE value: {{ template "patroni.fullname" . }} - name: PATRONI_NAME @@ -123,21 +133,6 @@ Create patroni envs. value: '0.0.0.0:5432' - name: PATRONI_RESTAPI_LISTEN value: '0.0.0.0:8008' -- name: DATABASE_NAME - valueFrom: - secretKeyRef: - name: {{ template "patroni.fullname" . }} - key: data-name -- name: DATABASE_USER - valueFrom: - secretKeyRef: - name: {{ template "patroni.fullname" . }} - key: data-user -- name: DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "patroni.fullname" . }} - key: data-password {{- end -}} {{/* @@ -178,3 +173,66 @@ Create walg envs. value: "" {{- end }} {{- end }} + +{{/* +Generate random password +*/}} + +{{/* +Get the super user password ; +*/}} +{{- define "credentials.superuserValue" }} +{{- if .Values.credentials.superuser }} + {{- .Values.credentials.superuser -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-superuser") -}} +{{- end -}} +{{- end }} + +{{/* +Get the rewind password ; +*/}} +{{- define "credentials.rewindValue" }} +{{- if .Values.credentials.rewind }} + {{- .Values.credentials.rewind -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-rewind") -}} +{{- end -}} +{{- end }} + +{{/* +Get the replication password ; +*/}} +{{- define "credentials.replicationValue" }} +{{- if .Values.credentials.replication }} + {{- .Values.credentials.replication -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-replication") -}} +{{- end -}} +{{- end }} + +{{/* +Get the administrator password ; +*/}} +{{- define "adminRole.passwordValue" }} +{{- if .Values.adminRole.password }} + {{- .Values.adminRole.password -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-replication") -}} +{{- end -}} +{{- end }} + +{{/* +Returns the available value for certain key in an existing secret (if it exists), +otherwise it generates a random value. +*/}} +{{- define "getValueFromSecret" }} +{{- $len := (default 16 .Length) | int -}} +{{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} +{{- if $obj }} +{{- index $obj .Key | b64dec -}} +{{- else -}} +{{- randAlphaNum $len -}} +{{- end -}} +{{- end }} + diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml index 0a5ed63b..8c94ae26 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml @@ -10,10 +10,9 @@ metadata: heritage: {{ .Release.Service }} cluster-name: {{ template "patroni.fullname" . }} type: Opaque -data: - password-superuser: {{ .Values.credentials.superuser | b64enc }} - password-rewind: {{ .Values.credentials.rewind | b64enc }} - password-replication: {{ .Values.credentials.replication | b64enc }} - data-user: {{ .Values.database.username | b64enc }} - data-name: {{ .Values.database.dbname | b64enc }} - data-password: {{ .Values.database.password | b64enc }} +data: + password-superuser: {{ include "credentials.superuserValue" . | b64enc | quote }} + password-rewind: {{ include "credentials.rewindValue" . | b64enc | quote }} + password-replication: {{ include "credentials.replicationValue" . | b64enc | quote }} + admin-user: {{ .Values.adminRole.username | b64enc }} + admin-password: {{ .Values.adminRole.password | b64enc }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index d7b24deb..389451ec 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -17,14 +17,13 @@ image: # https://github.com/zalando/patroni/blob/master/docs/SETTINGS.rst#postgresql # https://github.com/zalando/spilo/blob/master/ENVIRONMENT.rst credentials: - superuser: tea - rewind: cola - replication: reppasswd + superuser: "" + rewind: "" + replication: "" -database: - dbname: db1 - username: us1 - password: 111w +adminRole: + username: administrator + password: "" # Distribution Configuration stores # Please note that only one of the following stores should be enabled. @@ -126,22 +125,21 @@ postInitScript: | #!/bin/bash set -Eeu # Create monitor user - psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor" - # Create init database & user - if [[( -n "$DATABASE_USER") && ( -n "$DATABASE_PASSWORD") && ( -n "$DATABASE_NAME")]]; then - echo "Creating user ${DATABASE_USER}" - psql -w -c "create user ${DATABASE_USER} WITH LOGIN ENCRYPTED PASSWORD '${DATABASE_PASSWORD}'" - echo "Creating database ${DATABASE_NAME} " - psql -w -c "CREATE DATABASE ${DATABASE_NAME} OWNER ${DATABASE_USER} CONNECTION LIMIT 1000" - psql -w -d ${DATABASE_NAME} -c "create extension postgis ; create extension pg_stat_statements ; create extension pg_buffercache ;" - psql -w -c "CHECKPOINT;CHECKPOINT;" + psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor;create extension pg_stat_statements;create extension pg_buffercache ;" + # Create admin user + if [[( -n "$ADMIN_USER") && ( -n "$ADMIN_PASSWORD")]]; then + echo "Creating user ${ADMIN_USER}" + # psql -w -c "CREATE USER ${ADMIN_USER} WITH NOSUPERUSER CREATEDB CREATEROLE REPLICATION CONNECTION LIMIT 10 LOGIN ENCRYPTED PASSWORD '${ADMIN_PASSWORD}'" else - echo "Skipping user creation" - echo "Skipping database creation" + echo "Skipping create admin user" fi + psql -w -c "CHECKPOINT;CHECKPOINT;" + #norm user + # + # postgresql: config: |- - log_min_duration_statement = 1008 + log_min_duration_statement = 1000 max_wal_size = 4GB min_wal_size = 4GB max_connections = 1005 @@ -249,7 +247,7 @@ metrics: memory: 512Mi backup: # Specifies whether Wal-G should be enabled - enabled: true + enabled: false # Cron schedule for doing base backups scheduleCronJob: "20 0 * * 0" # Amount of base backups to retain @@ -257,17 +255,17 @@ backup: # Name of the secret that holds the credentials to the bucket kubernetesSecret: # Maximum size of the WAL segments accumulated after the base backup to - # consider WAL-E restore instead of pg_basebackup + # consider WAL-G restore instead of pg_basebackup backupThresholdMegabytes: 1024 # Maximum ratio (in percents) of the accumulated WAL files to the base backup - # to consider WAL-E restore instead of pg_basebackup + # to consider WAL-G restore instead of pg_basebackup backupThresholdPercentage: 30 s3: used: true - awsAccessKeyID: "minioadmin" - awsSecretAccessKey: "minioadmin" - walGS3Prefix: "s3://pg1" - awsEndpoint: "http://10.10.2.11:9000" + awsAccessKeyID: "" + awsSecretAccessKey: "" + walGS3Prefix: "s3://xx" + awsEndpoint: "http://xxxx:9000" awsS3ForcePathStyle: "true" awsRegion: dx-1 diff --git a/addons/postgresql-cluster/15/meta.yaml b/addons/postgresql-cluster/15/meta.yaml index 28de1baf..5185d109 100644 --- a/addons/postgresql-cluster/15/meta.yaml +++ b/addons/postgresql-cluster/15/meta.yaml @@ -13,22 +13,14 @@ tags: postgresql-cluster bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: false +plan_updateable: true allow_parameters: -- name: "dataname" - description: "database config for values.yaml" - name: "networkPolicy.allowNamespaces" description: "networkPolicy allowNamespaces config for values.yaml" - name: "service.type" description: "service type config for values.yaml" - name: "metrics.enabled" description: "Whether to enable metrics. default true" -- name: "backup.enabled" - description: "Whether to use S3 for backup your data. default true . ps: Make sure there is a available S3 " -- name: "backup.s3.awsAccessKeyID" - description: "S3 awsAccessKeyID" -- name: "backup.s3.awsSecretAccessKey" - description: "S3 awsSecretAccessKey" -- name: "backup.s3.walGS3Prefix" - description: "S3 walGS3Prefix : etc . s3://bucket001" +- name: "backup" + description: "Whether to use S3 for backup your data. default false . ps: Make sure there is a available S3 " archive: false \ No newline at end of file From 2e6b61a3680b9454a899c15d0361f03876f4e8e2 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 11 Dec 2023 14:46:51 +0800 Subject: [PATCH 31/53] chore(postgresql-cluster): Adjust backup strategy --- .../15/chart/postgresql-cluster/README.md | 2 +- .../postgresql-cluster/templates/_helpers.tpl | 43 +++---------------- .../templates/cm-backup.yaml | 22 ++++++++++ .../templates/statefulset.yaml | 10 +++-- .../15/chart/postgresql-cluster/values.yaml | 24 +++++++---- 5 files changed, 51 insertions(+), 50 deletions(-) create mode 100644 addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md index 9bc0f18b..70d31e0c 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md @@ -74,7 +74,7 @@ backup: You can modify multiple content at once, there is no need to modify part of it each time. -# Plans +## Plans | Resource Specification | Cores | MEMORY | Storage SIZE | | :---: | :---: | :---: | :---: | diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl index b11ff28e..e3bedca5 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl @@ -136,43 +136,14 @@ Create patroni envs. {{- end -}} {{/* -Create walg envs. +Return true if a configmap object should be created for PG backup. */}} -{{- define "backup.envs" }} -{{- if .Values.backup.enabled }} -- name: USE_WALG - value: {{ .Values.backup.enabled | quote }} -{{- if .Values.backup.retainBackups }} -- name: BACKUP_NUM_TO_RETAIN - value: {{ .Values.backup.retainBackups | quote}} -{{- end }} -{{- if .Values.backup.backupThresholdMegabytes }} -- name: WALG_BACKUP_THRESHOLD_MEGABYTES - value: {{ .Values.backup.backupThresholdMegabytes | quote }} -{{- end }} -{{- if .Values.backup.backupThresholdPercentage }} -- name: WALE_BACKUP_THRESHOLD_PERCENTAGE - value: {{ .Values.backup.backupThresholdPercentage | quote }} -{{- end }} -{{- if .Values.backup.s3.used }} -- name: AWS_ACCESS_KEY_ID - value: {{ .Values.backup.s3.awsAccessKeyID | quote }} -- name: AWS_SECRET_ACCESS_KEY - value: {{ .Values.backup.s3.awsSecretAccessKey | quote }} -- name: WALG_S3_PREFIX - value: {{ .Values.backup.s3.walGS3Prefix | quote }} -- name: AWS_ENDPOINT - value: {{ .Values.backup.s3.awsEndpoint | quote }} -- name: AWS_S3_FORCE_PATH_STYLE - value: {{ .Values.backup.s3.awsS3ForcePathStyle | quote }} -- name: AWS_REGION - value: {{ .Values.backup.s3.awsRegion | quote }} -{{- end }} -{{- else }} -- name: USE_WALG - value: "" -{{- end }} -{{- end }} +{{- define "backup.createConfigmap" -}} +{{- if and .Values.backup.enabled }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} {{/* Generate random password diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml new file mode 100644 index 00000000..b7eb7331 --- /dev/null +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml @@ -0,0 +1,22 @@ +{{- if (include "backup.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-backup + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + cluster-name: {{ template "patroni.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + backup.env: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.backupEnv "context" $ ) | nindent 4 }} + # archive_command.sh: | - + # #/bin/bash + # source backup.env + # [ $USE_WALG ] ? sh /opt/drycc/postgresql/walbackup.sh %p : /bin/true +{{- end -}} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 98ded996..036f8b80 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -56,9 +56,6 @@ spec: # fsGroup: postgres env: {{- include "patroni.envs" . | indent 8 }} - {{- if .Values.backup.enabled }} - {{- include "backup.envs" . | indent 8 }} - {{- end }} {{- if .Values.env }} {{- range $key, $val := .Values.env }} - name: {{ $key | quote | upper }} @@ -110,6 +107,9 @@ spec: - mountPath: "/opt/drycc/postgresql/config/" name: postgresql-config # readOnly: true + - mountPath: "/opt/drycc/postgresql/backup/" + name: postgresql-backup + # readOnly: true resources: {{ toYaml .Values.resources | indent 10 }} {{- if .Values.metrics.enabled }} @@ -175,7 +175,6 @@ spec: - | python3 /opt/drycc/postgresql/pgbackup.py 0.0.0.0 9000 env: - {{- include "backup.envs" . | indent 8 }} - name: PGHOST value: localhost - name: PGPASSWORD @@ -222,6 +221,9 @@ spec: - name: postgresql-config configMap: name: {{ template "common.names.fullname" . }}-postgresql + - name: archive-config + configMap: + name: {{ template "common.names.fullname" . }}-backup {{- if not .Values.persistentVolume.enabled }} - name: storage-volume emptyDir: {} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 389451ec..effc9e1d 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -81,11 +81,7 @@ preInitScript: | track_commit_timestamp: "off" archive_mode: "on" archive_timeout: 300s - {{- if .Values.backup.enabled }} - archive_command: sh /opt/drycc/postgresql/walbackup.sh %p - {{- else }} - archive_command: /bin/true - {{- end }} + archive_command: sh /opt/drycc/postgresql/walbackup.sh %p %p # timescaledb.license: 'timescale' shared_preload_libraries: 'auto_explain,pg_stat_statements' log_destination: 'csvlog' @@ -134,9 +130,20 @@ postInitScript: | echo "Skipping create admin user" fi psql -w -c "CHECKPOINT;CHECKPOINT;" - #norm user - # - # + +backupEnv: | + #!/bin/bash + export USE_WALG={{ .Values.backup.enabled | quote }} + export BACKUP_NUM_TO_RETAIN={{ .Values.backup.retainBackups | quote}} + export WALG_BACKUP_THRESHOLD_MEGABYTES={{ .Values.backup.backupThresholdMegabytes | quote }} + export WALE_BACKUP_THRESHOLD_PERCENTAGE={{ .Values.backup.backupThresholdPercentage | quote }} + export AWS_ACCESS_KEY_ID={{ .Values.backup.s3.awsAccessKeyID | quote }} + export AWS_SECRET_ACCESS_KEY={{ .Values.backup.s3.awsSecretAccessKey | quote }} + export WALG_S3_PREFIX={{ .Values.backup.s3.walGS3Prefix | quote }} + export AWS_ENDPOINT={{ .Values.backup.s3.awsEndpoint | quote }} + export AWS_S3_FORCE_PATH_STYLE={{ .Values.backup.s3.awsS3ForcePathStyle | quote }} + export AWS_REGION={{ .Values.backup.s3.awsRegion | quote }} + postgresql: config: |- log_min_duration_statement = 1000 @@ -269,7 +276,6 @@ backup: awsS3ForcePathStyle: "true" awsRegion: dx-1 - persistentVolume: enabled: true size: 10G From 9e6a085f6dd74ad080b6ba18ac62bec52793b0c6 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 12 Dec 2023 09:52:18 +0800 Subject: [PATCH 32/53] chore(postgresql-cluster): bind info --- .../15/chart/postgresql-cluster/README.md | 110 ++++++++++++++---- .../templates/statefulset.yaml | 6 +- .../15/chart/postgresql-cluster/values.yaml | 16 +-- .../15/plans/standard-10/bind.yaml | 10 +- .../15/plans/standard-100/bind.yaml | 7 +- .../15/plans/standard-20/bind.yaml | 7 +- .../15/plans/standard-200/bind.yaml | 7 +- .../15/plans/standard-400/bind.yaml | 9 +- .../15/plans/standard-50/bind.yaml | 7 +- .../15/plans/standard-800/bind.yaml | 7 +- 10 files changed, 121 insertions(+), 65 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md index 70d31e0c..0b3f8a3d 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md @@ -1,5 +1,46 @@ -## CREATE PG INSTANCE +# Postgresql cluster addons +## Plans + +View and choose the service resource specifications you need. +``` + # drycc resources:plans postgresql-cluster +``` +### Resource specification list +| Resource Specification | Cores | MEMORY | Storage SIZE | +| :---: | :---: | :---: | :---: | +| standard-10 | 1C | 2G | 10G | +| standard-20 | 2C | 4G | 20G | +| standard-50 | 2C | 8G | 50G | +| standard-100 | 4C | 16G | 100G | +| standard-200 | 8C | 32G | 200G | +| standard-400 | 16C | 64G | 400G | +| standard-800 | 32C | 128G | 800G | + +In order to obtain a better experience, it is recommended not to exceed 80% usage of resource utilization for a long period of time. If there is a need for larger resource scale, please apply for private customization. + +## Create Postgresql Cluster Service instance + +- Create Postgresql service +``` +# drycc resources:create postgresql-cluster:standard-10 `my_pg_001` +``` +- View service status +``` +# drycc resources:descript `my_pg_001` +``` +- Bind service +``` +# drycc resources:bind `my_pg_001` +``` +- View resource status +``` +# drycc resources:descript `my_pg_001` +``` + +## Create Service with parameters + +`vim value.yaml` ``` # create or update pg instance template yaml networkPolicy.allowNamespaces: @@ -14,14 +55,21 @@ backup: Amount of base backups to retain retainBackups: 2 s3: - awsAccessKeyID: DO9l771LqiwZkhhz - awsSecretAccessKey: R3Dv0NEmJBo8JFdn1q8jz49ArWwpDjFn - walGS3Prefix: mx-test + awsAccessKeyID: "" + awsSecretAccessKey: "" + walGS3Prefix: "s3://xx" + awsEndpoint: "http://xxxx:9000" + awsS3ForcePathStyle: "true" + awsRegion: dx-1 +``` +``` + drycc resources:create postgresql-cluster:standard-10 `my_pg_001` -f ./value.yaml ``` -## Create app user and database +## Update Service +### Create app user and database -- Login PG with admin user & password +- Login database web with admin user & password - CREATE APP USER ``` @@ -36,28 +84,44 @@ CREATE DATABASE `my_db` OWNER `my_user`; CREATE EXTENSION pg_buffercache; ``` -## Network Access +### Network Access Default access allow policy: only namespace scope. - allow `mx-test1` namespace access + +`vim value.yaml ` ``` networkPolicy.allowNamespaces: - mx-test1 ``` +``` +drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./value.yaml +``` + + - Assign external network IP address - - Assign external network IP address +`vim value.yaml` +``` + service.type: LoadBlancer ``` - service.type: LoadBlance ``` +drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./value.yaml +``` +- View resource status +``` +# drycc resources:describe `my_pg_001` +``` - ## Manger backup your data `Very important` + ### Manger backup your data `Very important` `Strongly recommend enabling this feature.` `Strongly recommend enabling this feature.` `Strongly recommend enabling this feature.` PG data backup use S3 as backenp store. Choose an independent storage space `outside of the current environment` as your backup space. + +`vim value.yaml` ``` backup: # whether BackUP should be enabled @@ -71,20 +135,20 @@ backup: awsSecretAccessKey: R3Dv0NEmJBo8JFdn1q8jz49ArWwpDjFn walGS3Prefix: mx-test ``` +``` +drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./value.yaml +``` -You can modify multiple content at once, there is no need to modify part of it each time. +You can modify multiple content at once, there is no need to modify part of it each time. -## Plans -| Resource Specification | Cores | MEMORY | Storage SIZE | -| :---: | :---: | :---: | :---: | -| standard-10 | 1C | 2G | 10G | -| standard-20 | 2C | 4G | 20G | -| standard-50 | 2C | 8G | 50G | -| standard-100 | 4C | 16G | 100G | -| standard-200 | 8C | 32G | 200G | -| standard-400 | 16C | 64G | 400G | -| standard-800 | 32C | 128G | 800G | - -In order to obtain a better experience, it is recommended not to exceed 80% usage of resource utilization for a long period of time. If there is a need for larger resource scale, please apply for private customization. +## Destroy Service +- Unbind service first +``` +# drycc resources:unbind `my_pg_001` +``` +- Destroy service +``` +# drycc resources:destroy `my_pg_001` +``` \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 036f8b80..3aa16bdb 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -108,7 +108,7 @@ spec: name: postgresql-config # readOnly: true - mountPath: "/opt/drycc/postgresql/backup/" - name: postgresql-backup + name: backup-config # readOnly: true resources: {{ toYaml .Values.resources | indent 10 }} @@ -127,7 +127,7 @@ spec: {{- end }} env: - name: DATA_SOURCE_NAME - value: {{ printf "postgresql://tea_mon:password@127.0.0.1:5432/%s?sslmode=disable" $.Values.database.dbname }} + value: {{ printf "postgresql://tea_mon:password@127.0.0.1:5432/postgres?sslmode=disable" }} ports: - name: http-metrics containerPort: {{ .Values.metrics.containerPort }} @@ -221,7 +221,7 @@ spec: - name: postgresql-config configMap: name: {{ template "common.names.fullname" . }}-postgresql - - name: archive-config + - name: backup-config configMap: name: {{ template "common.names.fullname" . }}-backup {{- if not .Values.persistentVolume.enabled }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index effc9e1d..08560996 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -3,7 +3,8 @@ diagnosticMode: enable: false service: - type: ClusterIP + # ClusterIP LoadBalancer + type: LoadBalancer image: # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 @@ -81,7 +82,7 @@ preInitScript: | track_commit_timestamp: "off" archive_mode: "on" archive_timeout: 300s - archive_command: sh /opt/drycc/postgresql/walbackup.sh %p %p + archive_command: sh /opt/drycc/postgresql/walbackup.sh %p # timescaledb.license: 'timescale' shared_preload_libraries: 'auto_explain,pg_stat_statements' log_destination: 'csvlog' @@ -201,7 +202,7 @@ patroni: ## Postgresql Prometheus exporter parameters ## metrics: - enabled: false + enabled: true image: repository: registry.drycc.cc/drycc-addons/postgres-exporter tag: "0" @@ -248,15 +249,15 @@ metrics: limits: cpu: 100m memory: 512Mi - hugepages-2Mi: 20Mi + # hugepages-2Mi: 20Mi requests: cpu: 100m memory: 512Mi backup: # Specifies whether Wal-G should be enabled - enabled: false + enabled: true # Cron schedule for doing base backups - scheduleCronJob: "20 0 * * 0" + scheduleCronJob: "22 0 * * 0" # Amount of base backups to retain retainBackups: 2 # Name of the secret that holds the credentials to the bucket @@ -351,5 +352,4 @@ networkPolicy: ## (with the correct destination port). ## allowCurrentNamespace: true - allowNamespaces: - - mx-test1 \ No newline at end of file + allowNamespaces: \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml index 41676f6e..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,7 +21,6 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: DADABASE valueFrom: secretKeyRef: @@ -38,5 +37,4 @@ credential: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.data-user }' - name: PORT - value: 5432 - + value: 5432 \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-100/bind.yaml b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml index 5b215a03..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,7 +21,6 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: DADABASE valueFrom: secretKeyRef: diff --git a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml index 5b215a03..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,7 +21,6 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: DADABASE valueFrom: secretKeyRef: diff --git a/addons/postgresql-cluster/15/plans/standard-200/bind.yaml b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml index 5b215a03..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,7 +21,6 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: DADABASE valueFrom: secretKeyRef: diff --git a/addons/postgresql-cluster/15/plans/standard-400/bind.yaml b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml index a95ec5b2..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-400/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,8 +21,7 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - - name: DATABASE + - name: DADABASE valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} diff --git a/addons/postgresql-cluster/15/plans/standard-50/bind.yaml b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml index 5b215a03..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,7 +21,6 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: DADABASE valueFrom: secretKeyRef: diff --git a/addons/postgresql-cluster/15/plans/standard-800/bind.yaml b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml index 5b215a03..12acc0c6 100644 --- a/addons/postgresql-cluster/15/plans/standard-800/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml @@ -1,16 +1,16 @@ credential: {{- if (eq .Values.service.type "LoadBalancer") }} - - name: MASTER_HOST + - name: EXTRANET_MASTER_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-master jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - - name: REPL_HOST + - name: EXTRANET_REPL_HOST valueFrom: serviceRef: name: {{ template "common.names.fullname" . }}-repl jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: MASTER_HOST valueFrom: serviceRef: @@ -21,7 +21,6 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: DADABASE valueFrom: secretKeyRef: From ca4ef628084a769ea9e9f8fabaf38e6244b417bd Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 12 Dec 2023 10:04:07 +0800 Subject: [PATCH 33/53] chore(postgresql-cluster): fix typo --- .../15/chart/postgresql-cluster/README.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md index 0b3f8a3d..5fe50e3b 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md @@ -27,7 +27,7 @@ In order to obtain a better experience, it is recommended not to exceed 80% usag ``` - View service status ``` -# drycc resources:descript `my_pg_001` +# drycc resources:describe `my_pg_001` ``` - Bind service ``` @@ -35,12 +35,12 @@ In order to obtain a better experience, it is recommended not to exceed 80% usag ``` - View resource status ``` -# drycc resources:descript `my_pg_001` +# drycc resources:describe `my_pg_001` ``` -## Create Service with parameters +## Create Service with values file -`vim value.yaml` +`vim values.yaml` ``` # create or update pg instance template yaml networkPolicy.allowNamespaces: @@ -63,7 +63,7 @@ backup: awsRegion: dx-1 ``` ``` - drycc resources:create postgresql-cluster:standard-10 `my_pg_001` -f ./value.yaml + drycc resources:create postgresql-cluster:standard-10 `my_pg_001` -f ./values.yaml ``` ## Update Service @@ -90,23 +90,23 @@ Default access allow policy: only namespace scope. - allow `mx-test1` namespace access -`vim value.yaml ` +`vim values.yaml ` ``` networkPolicy.allowNamespaces: - mx-test1 ``` ``` -drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./value.yaml +drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./values.yaml ``` - Assign external network IP address -`vim value.yaml` +`vim values.yaml` ``` service.type: LoadBlancer ``` ``` -drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./value.yaml +drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./values.yaml ``` - View resource status ``` @@ -121,7 +121,7 @@ drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./value.yam PG data backup use S3 as backenp store. Choose an independent storage space `outside of the current environment` as your backup space. -`vim value.yaml` +`vim values.yaml` ``` backup: # whether BackUP should be enabled @@ -136,7 +136,7 @@ backup: walGS3Prefix: mx-test ``` ``` -drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./value.yaml +drycc resources:update postgresql-cluster:standard-10 `my_pg_001` -f ./values.yaml ``` You can modify multiple content at once, there is no need to modify part of it each time. From ae73604818bab5d4afc5134222b770ad0764d5c9 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 12 Dec 2023 11:33:29 +0800 Subject: [PATCH 34/53] chore(postgresql-cluster): megre --- .../15/chart/postgresql-cluster/values.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 52157896..97d35e84 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -3,12 +3,7 @@ diagnosticMode: enable: false service: -<<<<<<< HEAD - # ClusterIP LoadBalancer - type: LoadBalancer -======= type: ClusterIP ->>>>>>> c98da89fd38c2acf5b6cc3043a3a4faa17fb9acd image: # Image was built from registry.drycc.cc/drycc-addons/patroni:3.2 From bdc049f5203e8dce49b079527e866562fb1fde02 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 12 Dec 2023 11:47:04 +0800 Subject: [PATCH 35/53] chore(postgresql-cluster): megre --- .../15/chart/postgresql-cluster/values.yaml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 97d35e84..deb83746 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -248,17 +248,13 @@ metrics: limits: cpu: 100m memory: 512Mi - # hugepages-2Mi: 20Mi + hugepages-2Mi: 20Mi requests: cpu: 100m memory: 512Mi -<<<<<<< HEAD backup: -======= -walG: ->>>>>>> c98da89fd38c2acf5b6cc3043a3a4faa17fb9acd # Specifies whether Wal-G should be enabled - enabled: true + enabled: false # Cron schedule for doing base backups scheduleCronJob: "22 0 * * 0" # Amount of base backups to retain From 78e1350f1b0ff1fa759d90351963580ead240491 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 13 Dec 2023 09:01:33 +0800 Subject: [PATCH 36/53] chore(cloudbeaver): modify storage method --- .../cloudbeaver/templates/deployment.yaml | 31 +++---------------- .../23/chart/cloudbeaver/templates/pvc.yaml | 2 +- 2 files changed, 5 insertions(+), 28 deletions(-) diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml index 2b1fe314..be9271b3 100644 --- a/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/deployment.yaml @@ -105,34 +105,11 @@ spec: - name: data mountPath: {{ .Values.persistence.mountPath | quote }} volumes: -{{- if not .Values.persistence.enabled }} - name: data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "common.names.fullname" .) }} + {{- else }} emptyDir: {} -{{- end }} -{{- if .Values.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: data - annotations: - {{- if .Values.persistence.annotations }} -{{ toYaml .Values.persistence.annotations | indent 8 }} {{- end }} - labels: - application: {{ include "common.names.fullname" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - spec: - accessModes: -{{ toYaml .Values.persistence.accessModes | indent 8 }} - resources: - requests: - storage: "{{ .Values.persistence.size }}" - {{- if .Values.persistence.storageClass }} - {{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" - {{- end }} - {{- end }} - {{- end }} diff --git a/addons/cloudbeaver/23/chart/cloudbeaver/templates/pvc.yaml b/addons/cloudbeaver/23/chart/cloudbeaver/templates/pvc.yaml index 7a36a217..ee8ed038 100644 --- a/addons/cloudbeaver/23/chart/cloudbeaver/templates/pvc.yaml +++ b/addons/cloudbeaver/23/chart/cloudbeaver/templates/pvc.yaml @@ -2,7 +2,7 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: - name: {{ printf "%s-binding" (include "common.names.fullname" .) }} + name: {{ include "common.names.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} From b7494c28b2a1b1f24c69aba94bf643c159c453c2 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 14 Dec 2023 16:28:08 +0800 Subject: [PATCH 37/53] chore(postgresql-cluster): adjust --- .../15/chart/postgresql-cluster/README.md | 13 +++++++++++-- .../postgresql-cluster/templates/cm-backup.yaml | 8 +------- .../15/chart/postgresql-cluster/templates/sec.yaml | 4 ++-- .../postgresql-cluster/templates/statefulset.yaml | 4 ++-- .../15/chart/postgresql-cluster/values.yaml | 4 ++-- addons/postgresql-cluster/15/meta.yaml | 4 +--- .../15/plans/standard-10/bind.yaml | 13 +++++-------- .../15/plans/standard-100/bind.yaml | 13 +++++-------- .../15/plans/standard-20/bind.yaml | 13 +++++-------- .../15/plans/standard-200/bind.yaml | 13 +++++-------- .../15/plans/standard-400/bind.yaml | 13 +++++-------- .../15/plans/standard-50/bind.yaml | 13 +++++-------- .../15/plans/standard-50/meta.yaml | 2 +- .../15/plans/standard-800/bind.yaml | 13 +++++-------- 14 files changed, 55 insertions(+), 75 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md index 5fe50e3b..22da4bd3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md @@ -71,13 +71,22 @@ backup: - Login database web with admin user & password +- Change administrator initial password +``` +ALTER USER administrator WITH ENCRYPTED PASSWORD 'newpassword'; +``` +- View total connections number in postgresql cluster; +``` +show max_connections ; +``` - CREATE APP USER ``` -CREATE USER `my_user` WITH CONNECTION LIMIT `conn_limit` LOGIN ENCRYPTED PASSWORD 'password'; +CREATE USER `myuser` WITH CONNECTION LIMIT `conn limit` LOGIN ENCRYPTED PASSWORD 'password'; +GRANT `myuser` to administrator ; ``` - CREATE APP DATABASE ``` -CREATE DATABASE `my_db` OWNER `my_user`; +CREATE DATABASE `mydb` OWNER `myuser`; ``` - CREATE EXTENSIONS ``` diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml index b7eb7331..1ebb88ab 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml @@ -1,4 +1,3 @@ -{{- if (include "backup.createConfigmap" .) }} apiVersion: v1 kind: ConfigMap metadata: @@ -14,9 +13,4 @@ metadata: {{- end }} data: backup.env: |- - {{- include "common.tplvalues.render" ( dict "value" .Values.backupEnv "context" $ ) | nindent 4 }} - # archive_command.sh: | - - # #/bin/bash - # source backup.env - # [ $USE_WALG ] ? sh /opt/drycc/postgresql/walbackup.sh %p : /bin/true -{{- end -}} \ No newline at end of file + {{- include "common.tplvalues.render" ( dict "value" .Values.backupEnv "context" $ ) | nindent 4 }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml index 8c94ae26..e01a715c 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml @@ -14,5 +14,5 @@ data: password-superuser: {{ include "credentials.superuserValue" . | b64enc | quote }} password-rewind: {{ include "credentials.rewindValue" . | b64enc | quote }} password-replication: {{ include "credentials.replicationValue" . | b64enc | quote }} - admin-user: {{ .Values.adminRole.username | b64enc }} - admin-password: {{ .Values.adminRole.password | b64enc }} + admin-user: {{ .Values.adminRole.username | b64enc | quote }} + admin-password: {{ include "adminRole.passwordValue" . | b64enc | quote }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 3aa16bdb..d56c34e3 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -161,7 +161,7 @@ spec: resources: {{- toYaml .Values.metrics.resources | nindent 12 }} {{- end }} {{- end }} - {{- if .Values.backup.enabled }} + - name: {{ .Chart.Name }}-backup image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -195,7 +195,7 @@ spec: volumeMounts: - name: storage-volume mountPath: "{{ .Values.persistentVolume.mountPath }}" - {{- end }} + {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index deb83746..a648e096 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -124,8 +124,8 @@ postInitScript: | psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor;create extension pg_stat_statements;create extension pg_buffercache ;" # Create admin user if [[( -n "$ADMIN_USER") && ( -n "$ADMIN_PASSWORD")]]; then - echo "Creating user ${ADMIN_USER}" - # psql -w -c "CREATE USER ${ADMIN_USER} WITH NOSUPERUSER CREATEDB CREATEROLE REPLICATION CONNECTION LIMIT 10 LOGIN ENCRYPTED PASSWORD '${ADMIN_PASSWORD}'" + echo "Creating user ${ADMIN_USER}" + psql -w -c "CREATE USER ${ADMIN_USER} WITH SUPERUSER CREATEDB CREATEROLE CONNECTION LIMIT 10 LOGIN ENCRYPTED PASSWORD '${ADMIN_PASSWORD}'" else echo "Skipping create admin user" fi diff --git a/addons/postgresql-cluster/15/meta.yaml b/addons/postgresql-cluster/15/meta.yaml index baa53c9e..cded881f 100644 --- a/addons/postgresql-cluster/15/meta.yaml +++ b/addons/postgresql-cluster/15/meta.yaml @@ -13,14 +13,12 @@ tags: postgresql-cluster bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: false +plan_updateable: true allow_parameters: - name: "networkPolicy.allowNamespaces" description: "networkPolicy allowNamespaces config for values.yaml" - name: "service.type" description: "service type config for values.yaml" -- name: "metrics.enabled" - description: "Whether to enable metrics. default true" - name: "backup" description: "Whether to use S3 for backup your data. default false . ps: Make sure there is a available S3 " archive: false \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml index 12acc0c6..0283dff3 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml @@ -21,20 +21,17 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-name }' - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-password }' + jsonpath: '{ .data.admin-password }' - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-user }' + jsonpath: '{ .data.admin-user }' - name: PORT - value: 5432 \ No newline at end of file + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-100/bind.yaml b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml index 12acc0c6..0283dff3 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/bind.yaml @@ -21,20 +21,17 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-name }' - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-password }' + jsonpath: '{ .data.admin-password }' - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-user }' + jsonpath: '{ .data.admin-user }' - name: PORT - value: 5432 \ No newline at end of file + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml index 12acc0c6..0283dff3 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/bind.yaml @@ -21,20 +21,17 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-name }' - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-password }' + jsonpath: '{ .data.admin-password }' - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-user }' + jsonpath: '{ .data.admin-user }' - name: PORT - value: 5432 \ No newline at end of file + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-200/bind.yaml b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml index 12acc0c6..0283dff3 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/bind.yaml @@ -21,20 +21,17 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-name }' - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-password }' + jsonpath: '{ .data.admin-password }' - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-user }' + jsonpath: '{ .data.admin-user }' - name: PORT - value: 5432 \ No newline at end of file + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-400/bind.yaml b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml index 12acc0c6..0283dff3 100644 --- a/addons/postgresql-cluster/15/plans/standard-400/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-400/bind.yaml @@ -21,20 +21,17 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-name }' - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-password }' + jsonpath: '{ .data.admin-password }' - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-user }' + jsonpath: '{ .data.admin-user }' - name: PORT - value: 5432 \ No newline at end of file + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-50/bind.yaml b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml index 12acc0c6..0283dff3 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/bind.yaml @@ -21,20 +21,17 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-name }' - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-password }' + jsonpath: '{ .data.admin-password }' - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-user }' + jsonpath: '{ .data.admin-user }' - name: PORT - value: 5432 \ No newline at end of file + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml index 29e67ad5..a194f7ef 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml @@ -1,6 +1,6 @@ name: "standard-50" id: 0542f411-4e7b-46af-966c-c9989e54873c -description: "PostgreSQL standard-50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" +description: "PostgreSQL Cluster standard-50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" displayName: "standard-50" bindable: true maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-800/bind.yaml b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml index 12acc0c6..0283dff3 100644 --- a/addons/postgresql-cluster/15/plans/standard-800/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-800/bind.yaml @@ -21,20 +21,17 @@ credential: serviceRef: name: {{ include "common.names.fullname" . }}-repl jsonpath: '{ .spec.clusterIP }' - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-name }' - name: PASSWORD valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-password }' + jsonpath: '{ .data.admin-password }' - name: USERNAME valueFrom: secretKeyRef: name: {{ template "common.names.fullname" . }} - jsonpath: '{ .data.data-user }' + jsonpath: '{ .data.admin-user }' - name: PORT - value: 5432 \ No newline at end of file + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file From 5a4f70f44c91573ea20df2e81589a6400e86d333 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 15 Dec 2023 11:33:58 +0800 Subject: [PATCH 38/53] chore(postgresql-cluster): fix password & netpolicy --- .../15/chart/postgresql-cluster/templates/_helpers.tpl | 2 +- .../15/chart/postgresql-cluster/templates/networkpolicy.yaml | 1 + .../15/chart/postgresql-cluster/templates/statefulset.yaml | 2 ++ .../postgresql-cluster/15/chart/postgresql-cluster/values.yaml | 2 +- 4 files changed, 5 insertions(+), 2 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl index e3bedca5..bb67a496 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl @@ -189,7 +189,7 @@ Get the administrator password ; {{- if .Values.adminRole.password }} {{- .Values.adminRole.password -}} {{- else -}} - {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-replication") -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "admin-password") -}} {{- end -}} {{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml index dfad66c3..92fdc9a7 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/networkpolicy.yaml @@ -21,6 +21,7 @@ spec: # Allow inbound connections - ports: - port: 5432 + - port: 9000 {{- if and .Values.metrics.enabled }} - port: {{ .Values.metrics.containerPort }} {{ end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index d56c34e3..790854dd 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -195,6 +195,8 @@ spec: volumeMounts: - name: storage-volume mountPath: "{{ .Values.persistentVolume.mountPath }}" + - mountPath: "/opt/drycc/postgresql/backup/" + name: backup-config {{- with .Values.nodeSelector }} nodeSelector: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index a648e096..a0d90cb4 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -112,7 +112,7 @@ preInitScript: | password: '${PATRONI_REPLICATION_PASSWORD}' rewind: # Has no effect on postgres 10 and lower username: rewinder - password: '${PATRONI_REWIND_USERNAME}' + password: '${PATRONI_REWIND_PASSWORD}' watchdog: mode: off __EOF__ From d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd Mon Sep 17 00:00:00 2001 From: lijianguo Date: Thu, 21 Dec 2023 17:45:39 +0800 Subject: [PATCH 39/53] chore(addons): add persistentVolumeClaimRetentionPolicy --- .../templates/distributed/statefulset.yaml | 5 ++++ addons/minio/2023/chart/minio/values.yaml | 9 ++++++ .../templates/data/statefulset.yaml | 5 ++++ .../templates/master/statefulset.yaml | 5 ++++ .../chart/rabbitmq/templates/statefulset.yaml | 5 ++++ .../rabbitmq/3.12/chart/rabbitmq/values.yaml | 13 ++++++++ .../templates/redis-statefulset.yaml | 5 ++++ .../7.0/chart/redis-cluster/values.yaml | 9 ++++++ .../redis/templates/master/application.yaml | 5 ++++ .../redis/templates/replicas/statefulset.yaml | 5 ++++ .../redis/templates/sentinel/statefulset.yaml | 5 ++++ addons/redis/7.0/chart/redis/values.yaml | 30 +++++++++++++++++++ .../templates/filer/statefulset.yaml | 5 ++++ .../templates/master/statefulset.yaml | 5 ++++ .../templates/volume/statefulset.yaml | 5 ++++ .../seaweedfs/3/chart/seaweedfs/values.yaml | 27 +++++++++++++++++ addons/spark/3.4/meta.yaml | 4 +++ .../zookeeper/templates/statefulset.yaml | 5 ++++ .../zookeeper/3.9/chart/zookeeper/values.yaml | 10 ++++++- 19 files changed, 161 insertions(+), 1 deletion(-) diff --git a/addons/minio/2023/chart/minio/templates/distributed/statefulset.yaml b/addons/minio/2023/chart/minio/templates/distributed/statefulset.yaml index 467e66e2..65275fee 100644 --- a/addons/minio/2023/chart/minio/templates/distributed/statefulset.yaml +++ b/addons/minio/2023/chart/minio/templates/distributed/statefulset.yaml @@ -298,6 +298,11 @@ spec: - name: data emptyDir: {} {{- else }} + {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: {{- if gt $drivesPerNode 1 }} {{- range $diskId := until $drivesPerNode }} diff --git a/addons/minio/2023/chart/minio/values.yaml b/addons/minio/2023/chart/minio/values.yaml index f5260b4e..1772a858 100644 --- a/addons/minio/2023/chart/minio/values.yaml +++ b/addons/minio/2023/chart/minio/values.yaml @@ -887,6 +887,15 @@ persistence: ## existingClaim: "" +## persistentVolumeClaimRetentionPolicy +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention +## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet +## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced +## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted +persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Deleted + whenDeleted: Deleted ## @section Volume Permissions parameters ## Init containers parameters: diff --git a/addons/opensearch/2.10/chart/opensearch/templates/data/statefulset.yaml b/addons/opensearch/2.10/chart/opensearch/templates/data/statefulset.yaml index c8c6c1c7..527bc948 100644 --- a/addons/opensearch/2.10/chart/opensearch/templates/data/statefulset.yaml +++ b/addons/opensearch/2.10/chart/opensearch/templates/data/statefulset.yaml @@ -327,6 +327,11 @@ spec: persistentVolumeClaim: claimName: {{ .Values.data.persistence.existingClaim }} {{- else }} + {{- if .Values.data.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.data.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.data.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: "data" diff --git a/addons/opensearch/2.10/chart/opensearch/templates/master/statefulset.yaml b/addons/opensearch/2.10/chart/opensearch/templates/master/statefulset.yaml index 3fb19060..e4b18de2 100644 --- a/addons/opensearch/2.10/chart/opensearch/templates/master/statefulset.yaml +++ b/addons/opensearch/2.10/chart/opensearch/templates/master/statefulset.yaml @@ -339,6 +339,11 @@ spec: persistentVolumeClaim: claimName: {{ .Values.master.persistence.existingClaim }} {{- else }} + {{- if .Values.master.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.master.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.master.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: "data" diff --git a/addons/rabbitmq/3.12/chart/rabbitmq/templates/statefulset.yaml b/addons/rabbitmq/3.12/chart/rabbitmq/templates/statefulset.yaml index c928ee6a..0f94407c 100644 --- a/addons/rabbitmq/3.12/chart/rabbitmq/templates/statefulset.yaml +++ b/addons/rabbitmq/3.12/chart/rabbitmq/templates/statefulset.yaml @@ -406,6 +406,11 @@ spec: claimName: {{ tpl . $ }} {{- end }} {{- else }} + {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: data diff --git a/addons/rabbitmq/3.12/chart/rabbitmq/values.yaml b/addons/rabbitmq/3.12/chart/rabbitmq/values.yaml index 3eca3af5..966b792e 100644 --- a/addons/rabbitmq/3.12/chart/rabbitmq/values.yaml +++ b/addons/rabbitmq/3.12/chart/rabbitmq/values.yaml @@ -835,6 +835,19 @@ persistence: ## example.io/disk-volume-type: SSD ## annotations: {} +## Persistent Volume Claim Retention Policy +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention +## +persistentVolumeClaimRetentionPolicy: + ## @param persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for rabbitmq Statefulset + ## + enabled: true + ## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## + whenScaled: Delete + ## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + ## + whenDeleted: Delete ## @section Exposure parameters ## diff --git a/addons/redis-cluster/7.0/chart/redis-cluster/templates/redis-statefulset.yaml b/addons/redis-cluster/7.0/chart/redis-cluster/templates/redis-statefulset.yaml index fe2a8545..031566ce 100644 --- a/addons/redis-cluster/7.0/chart/redis-cluster/templates/redis-statefulset.yaml +++ b/addons/redis-cluster/7.0/chart/redis-cluster/templates/redis-statefulset.yaml @@ -425,6 +425,11 @@ spec: secretName: {{ include "redis-cluster.tlsSecretName" . }} defaultMode: 256 {{- end }} + {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: redis-data diff --git a/addons/redis-cluster/7.0/chart/redis-cluster/values.yaml b/addons/redis-cluster/7.0/chart/redis-cluster/values.yaml index edae7c6f..ff0953d7 100644 --- a/addons/redis-cluster/7.0/chart/redis-cluster/values.yaml +++ b/addons/redis-cluster/7.0/chart/redis-cluster/values.yaml @@ -322,6 +322,15 @@ persistence: ## matchExpressions: {} +## persistentVolumeClaimRetentionPolicy +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention +## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet +## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced +## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted +persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Deleted + whenDeleted: Deleted ## Init containers parameters: ## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup ## diff --git a/addons/redis/7.0/chart/redis/templates/master/application.yaml b/addons/redis/7.0/chart/redis/templates/master/application.yaml index c5da3282..4d1b220b 100644 --- a/addons/redis/7.0/chart/redis/templates/master/application.yaml +++ b/addons/redis/7.0/chart/redis/templates/master/application.yaml @@ -449,6 +449,11 @@ spec: persistentVolumeClaim: claimName: {{ printf "redis-data-%s-master" (include "common.names.fullname" .) }} {{- else }} + {{- if .Values.master.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.master.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.master.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: redis-data diff --git a/addons/redis/7.0/chart/redis/templates/replicas/statefulset.yaml b/addons/redis/7.0/chart/redis/templates/replicas/statefulset.yaml index d7bf8be0..df2d130c 100644 --- a/addons/redis/7.0/chart/redis/templates/replicas/statefulset.yaml +++ b/addons/redis/7.0/chart/redis/templates/replicas/statefulset.yaml @@ -437,6 +437,11 @@ spec: emptyDir: {} {{- end }} {{- else }} + {{- if .Values.replica.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.replica.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.replica.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: redis-data diff --git a/addons/redis/7.0/chart/redis/templates/sentinel/statefulset.yaml b/addons/redis/7.0/chart/redis/templates/sentinel/statefulset.yaml index 5d54e525..fa2ab677 100644 --- a/addons/redis/7.0/chart/redis/templates/sentinel/statefulset.yaml +++ b/addons/redis/7.0/chart/redis/templates/sentinel/statefulset.yaml @@ -637,6 +637,11 @@ spec: emptyDir: {} {{- end }} {{- else }} + {{- if .Values.sentinel.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.sentinel.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.sentinel.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: redis-data diff --git a/addons/redis/7.0/chart/redis/values.yaml b/addons/redis/7.0/chart/redis/values.yaml index c877ea98..526428d2 100644 --- a/addons/redis/7.0/chart/redis/values.yaml +++ b/addons/redis/7.0/chart/redis/values.yaml @@ -445,6 +445,16 @@ master: ## NOTE: requires master.persistence.enabled: true ## existingClaim: "" + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param master.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param master.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param master.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + ## + persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Delete + whenDeleted: Delete ## Redis™ master service parameters ## service: @@ -805,6 +815,16 @@ replica: ## @param replica.persistence.dataSource Custom PVC data source ## dataSource: {} + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param replica.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param replica.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param replica.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + ## + persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Delete + whenDeleted: Delete ## Redis™ replicas service parameters ## service: @@ -1053,6 +1073,16 @@ sentinel: ## @param sentinel.persistence.dataSource Custom PVC data source ## dataSource: {} + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param sentinel.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param sentinel.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param sentinel.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + ## + persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Delete + whenDeleted: Delete ## Redis™ Sentinel resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param sentinel.resources.limits The resources limits for the Redis™ Sentinel containers diff --git a/addons/seaweedfs/3/chart/seaweedfs/templates/filer/statefulset.yaml b/addons/seaweedfs/3/chart/seaweedfs/templates/filer/statefulset.yaml index b22cc244..a5b9640d 100644 --- a/addons/seaweedfs/3/chart/seaweedfs/templates/filer/statefulset.yaml +++ b/addons/seaweedfs/3/chart/seaweedfs/templates/filer/statefulset.yaml @@ -124,6 +124,11 @@ spec: runAsGroup: 1001 runAsUser: 1001 {{- if .Values.filer.persistence.enabled }} + {{- if .Values.filer.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.filer.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.filer.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: datadir diff --git a/addons/seaweedfs/3/chart/seaweedfs/templates/master/statefulset.yaml b/addons/seaweedfs/3/chart/seaweedfs/templates/master/statefulset.yaml index 6acdbe0f..6a7b375c 100644 --- a/addons/seaweedfs/3/chart/seaweedfs/templates/master/statefulset.yaml +++ b/addons/seaweedfs/3/chart/seaweedfs/templates/master/statefulset.yaml @@ -109,6 +109,11 @@ spec: runAsGroup: 1001 runAsUser: 1001 {{- if .Values.master.persistence.enabled }} + {{- if .Values.master.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.master.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.master.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: datadir diff --git a/addons/seaweedfs/3/chart/seaweedfs/templates/volume/statefulset.yaml b/addons/seaweedfs/3/chart/seaweedfs/templates/volume/statefulset.yaml index f1489f6a..5e52e693 100644 --- a/addons/seaweedfs/3/chart/seaweedfs/templates/volume/statefulset.yaml +++ b/addons/seaweedfs/3/chart/seaweedfs/templates/volume/statefulset.yaml @@ -134,6 +134,11 @@ spec: runAsGroup: 1001 runAsUser: 1001 {{- if or (.Values.volume.persistence.meta.enabled) (.Values.volume.persistence.data.enabled) }} + {{- if .Values.volume.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.volume.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.volume.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: {{- if .Values.volume.persistence.meta.enabled }} - metadata: diff --git a/addons/seaweedfs/3/chart/seaweedfs/values.yaml b/addons/seaweedfs/3/chart/seaweedfs/values.yaml index bd5b274b..4e32b559 100644 --- a/addons/seaweedfs/3/chart/seaweedfs/values.yaml +++ b/addons/seaweedfs/3/chart/seaweedfs/values.yaml @@ -195,6 +195,15 @@ master: storageClass: "" garbageThreshold: 0.3 defaultReplication: "001" + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Deleted + whenDeleted: Deleted filer: replicas: 3 @@ -272,6 +281,15 @@ filer: enabled: false size: 5Gi storageClass: "" + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Deleted + whenDeleted: Deleted volume: replicas: 4 @@ -351,6 +369,15 @@ volume: size: 5Gi storageClass: "" compactionMBps: 50 + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Deleted + whenDeleted: Deleted cronjob: scripts: | diff --git a/addons/spark/3.4/meta.yaml b/addons/spark/3.4/meta.yaml index 922087c7..89ed9270 100644 --- a/addons/spark/3.4/meta.yaml +++ b/addons/spark/3.4/meta.yaml @@ -19,6 +19,10 @@ allow_parameters: description: "networkPolicy allowNamespaces config for values.yaml" - name: "service.type" description: "service type config for values.yaml" +- name: "master.configOptions" + description: "master configOptions config for values.yaml" +- name: "worker.configOptions" + description: "worker configOptions config for values.yaml" - name: "metrics.enable" description: "metrics enable or not config for values.yaml" archive: false diff --git a/addons/zookeeper/3.9/chart/zookeeper/templates/statefulset.yaml b/addons/zookeeper/3.9/chart/zookeeper/templates/statefulset.yaml index eb2680b7..fcd5ad0b 100644 --- a/addons/zookeeper/3.9/chart/zookeeper/templates/statefulset.yaml +++ b/addons/zookeeper/3.9/chart/zookeeper/templates/statefulset.yaml @@ -485,6 +485,11 @@ spec: {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} {{- end }} {{- if and .Values.persistence.enabled (not (and .Values.persistence.existingClaim .Values.persistence.dataLogDir.existingClaim) ) }} + {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: {{- if not .Values.persistence.existingClaim }} - metadata: diff --git a/addons/zookeeper/3.9/chart/zookeeper/values.yaml b/addons/zookeeper/3.9/chart/zookeeper/values.yaml index 0a74af78..81e1b734 100644 --- a/addons/zookeeper/3.9/chart/zookeeper/values.yaml +++ b/addons/zookeeper/3.9/chart/zookeeper/values.yaml @@ -637,7 +637,15 @@ persistence: ## app: my-app ## selector: {} - +## persistentVolumeClaimRetentionPolicy +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention +## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet +## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced +## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted +persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Deleted + whenDeleted: Deleted ## @section Volume Permissions parameters ## From 8ecd90270e791666c47919b6d7005e81ba34b9e2 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 22 Dec 2023 13:37:27 +0800 Subject: [PATCH 40/53] chore(addons): update support --- .../10/chart/grafana/templates/_helpers.tpl | 22 +++ .../10/chart/grafana/templates/secret.yaml | 2 +- addons/grafana/10/chart/grafana/values.yaml | 2 +- addons/grafana/10/meta.yaml | 10 +- addons/grafana/10/plans/standard-5/bind.yaml | 15 +- .../15/chart/postgresql-cluster/Chart.yaml | 2 +- .../15/plans/standard-10/values.yaml | 2 +- .../15/plans/standard-100/values.yaml | 2 +- .../15/plans/standard-20/values.yaml | 2 +- .../15/plans/standard-200/values.yaml | 2 +- .../15/plans/standard-400/values.yaml | 2 +- .../15/plans/standard-800/values.yaml | 2 +- .../2/chart/prometheus/templates/_helpers.tpl | 24 ++- .../templates/server/configmap.yaml | 5 +- .../templates/server/deployment.yaml | 1 + .../prometheus/templates/server/sec.yaml | 2 +- .../prometheus/2/chart/prometheus/values.yaml | 40 +++-- addons/prometheus/2/meta.yaml | 16 +- .../prometheus/2/plans/standard-10/bind.yaml | 19 +-- .../2/plans/standard-10/values.yaml | 2 +- .../prometheus/2/plans/standard-100/bind.yaml | 23 +++ .../standard-100/create-instance-schema.json | 12 ++ .../prometheus/2/plans/standard-100/meta.yaml | 6 + .../2/plans/standard-100/values.yaml | 8 + .../prometheus/2/plans/standard-200/bind.yaml | 23 +++ .../standard-200/create-instance-schema.json | 12 ++ .../prometheus/2/plans/standard-200/meta.yaml | 6 + .../2/plans/standard-200/values.yaml | 8 + .../prometheus/2/plans/standard-50/bind.yaml | 19 +-- .../2/plans/standard-50/values.yaml | 2 +- .../prometheus/2/plans/standard-500/bind.yaml | 23 +++ .../standard-500/create-instance-schema.json | 12 ++ .../prometheus/2/plans/standard-500/meta.yaml | 6 + .../2/plans/standard-500/values.yaml | 8 + addons/prometheus/rules.yaml | 159 ++++++++++++++++++ 35 files changed, 438 insertions(+), 63 deletions(-) create mode 100644 addons/prometheus/2/plans/standard-100/bind.yaml create mode 100644 addons/prometheus/2/plans/standard-100/create-instance-schema.json create mode 100644 addons/prometheus/2/plans/standard-100/meta.yaml create mode 100644 addons/prometheus/2/plans/standard-100/values.yaml create mode 100644 addons/prometheus/2/plans/standard-200/bind.yaml create mode 100644 addons/prometheus/2/plans/standard-200/create-instance-schema.json create mode 100644 addons/prometheus/2/plans/standard-200/meta.yaml create mode 100644 addons/prometheus/2/plans/standard-200/values.yaml create mode 100644 addons/prometheus/2/plans/standard-500/bind.yaml create mode 100644 addons/prometheus/2/plans/standard-500/create-instance-schema.json create mode 100644 addons/prometheus/2/plans/standard-500/meta.yaml create mode 100644 addons/prometheus/2/plans/standard-500/values.yaml create mode 100644 addons/prometheus/rules.yaml diff --git a/addons/grafana/10/chart/grafana/templates/_helpers.tpl b/addons/grafana/10/chart/grafana/templates/_helpers.tpl index 011ba817..ba7f9a04 100644 --- a/addons/grafana/10/chart/grafana/templates/_helpers.tpl +++ b/addons/grafana/10/chart/grafana/templates/_helpers.tpl @@ -57,6 +57,14 @@ Return the Grafana admin password key {{- end -}} {{- end -}} +{{- define "admin.passwordValue" -}} +{{- if .Values.admin.password }} + {{- .Values.admin.password -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "GF_SECURITY_ADMIN_PASSWORD") -}} +{{- end -}} +{{- end }} + {{/* Return true if a secret object should be created */}} @@ -67,6 +75,20 @@ Return true if a secret object should be created {{- end -}} {{- end -}} +{{/* +Returns the available value for certain key in an existing secret (if it exists), +otherwise it generates a random value. +*/}} +{{- define "getValueFromSecret" }} +{{- $len := (default 16 .Length) | int -}} +{{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} +{{- if $obj }} +{{- index $obj .Key | b64dec -}} +{{- else -}} +{{- randAlphaNum $len -}} +{{- end -}} +{{- end }} + {{/* Return the Grafana SMTP credentials secret */}} diff --git a/addons/grafana/10/chart/grafana/templates/secret.yaml b/addons/grafana/10/chart/grafana/templates/secret.yaml index bbe05846..645ebb05 100644 --- a/addons/grafana/10/chart/grafana/templates/secret.yaml +++ b/addons/grafana/10/chart/grafana/templates/secret.yaml @@ -11,6 +11,6 @@ metadata: app.kubernetes.io/component: grafana type: Opaque data: - GF_SECURITY_ADMIN_PASSWORD: {{ ternary (randAlphaNum 10) .Values.admin.password (empty .Values.admin.password) | b64enc | quote }} + GF_SECURITY_ADMIN_PASSWORD: {{ include "admin.passwordValue" . | b64enc | quote }} GF_SECURITY_ADMIN_USER: {{ .Values.admin.user | b64enc |quote }} {{- end }} diff --git a/addons/grafana/10/chart/grafana/values.yaml b/addons/grafana/10/chart/grafana/values.yaml index f18c0343..9b029425 100644 --- a/addons/grafana/10/chart/grafana/values.yaml +++ b/addons/grafana/10/chart/grafana/values.yaml @@ -575,7 +575,7 @@ serviceAccount: service: ## @param service.type Kubernetes Service type ## - type: ClusterIP + type: LoadBalancer ## @param service.clusterIP Grafana service Cluster IP ## e.g.: ## clusterIP: None diff --git a/addons/grafana/10/meta.yaml b/addons/grafana/10/meta.yaml index 224ca287..53031a14 100644 --- a/addons/grafana/10/meta.yaml +++ b/addons/grafana/10/meta.yaml @@ -1,5 +1,5 @@ -name: Grafana -version: 7.0 +name: grafana +version: "10" id: fff5b6c7-ed85-429b-8265-493e40cc53c7 description: "grafana" displayName: "grafana" @@ -9,12 +9,14 @@ metadata: name: drycc supportURL: http://grafana.io/ documentationURL: https://github.com/drycc-addons/ -tags: cloudbeaver +tags: grafana bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: false +plan_updateable: true allow_parameters: +- name: "networkPolicy.allowNamespaces" + description: "networkPolicy allowNamespaces config for values.yaml" - name: "service.type" description: "service type config for values.yaml" archive: false diff --git a/addons/grafana/10/plans/standard-5/bind.yaml b/addons/grafana/10/plans/standard-5/bind.yaml index a41ae66e..ba4641b9 100644 --- a/addons/grafana/10/plans/standard-5/bind.yaml +++ b/addons/grafana/10/plans/standard-5/bind.yaml @@ -1,30 +1,29 @@ credential: - {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: HOST + {{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_HOST valueFrom: serviceRef: - name: {{ printf "%s-router" (include "common.names.fullname" .) }} + name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.service.type "ClusterIP") }} + {{- end }} - name: HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: PASSWORD valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-admin + name: {{ include "common.names.fullname" . }}-admin jsonpath: '{ .data.GF_SECURITY_ADMIN_PASSWORD }' - name: USERNAME valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-admin + name: {{ include "common.names.fullname" . }}-admin jsonpath: '{ .data.GF_SECURITY_ADMIN_USER }' - name: PORT valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }} jsonpath: '{ .spec.ports[?(@.name=="http")].port }' diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/Chart.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/Chart.yaml index 375ae4fe..da518fb1 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/Chart.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/Chart.yaml @@ -25,4 +25,4 @@ name: postgresql sources: - https://github.com/drycc-addons/ - https://www.postgresql.org/ -version: 15.3.1 +version: 15.4.1 diff --git a/addons/postgresql-cluster/15/plans/standard-10/values.yaml b/addons/postgresql-cluster/15/plans/standard-10/values.yaml index 94917aff..fd8fd98f 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/values.yaml @@ -72,5 +72,5 @@ resources: persistentVolume: enabled: true - size: 10G + size: 10Gi diff --git a/addons/postgresql-cluster/15/plans/standard-100/values.yaml b/addons/postgresql-cluster/15/plans/standard-100/values.yaml index 2f4c4841..90625a5d 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/values.yaml @@ -72,4 +72,4 @@ resources: persistentVolume: enabled: true - size: 100G + size: 100Gi diff --git a/addons/postgresql-cluster/15/plans/standard-20/values.yaml b/addons/postgresql-cluster/15/plans/standard-20/values.yaml index 3ef08abf..fed1e2da 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/values.yaml @@ -74,4 +74,4 @@ resources: persistentVolume: enabled: true - size: 20G + size: 20Gi diff --git a/addons/postgresql-cluster/15/plans/standard-200/values.yaml b/addons/postgresql-cluster/15/plans/standard-200/values.yaml index 5e9d641b..a0427d92 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/values.yaml @@ -71,4 +71,4 @@ resources: persistentVolume: enabled: true - size: 200G + size: 200Gi diff --git a/addons/postgresql-cluster/15/plans/standard-400/values.yaml b/addons/postgresql-cluster/15/plans/standard-400/values.yaml index b1afad1d..062ee7cb 100644 --- a/addons/postgresql-cluster/15/plans/standard-400/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-400/values.yaml @@ -72,4 +72,4 @@ resources: persistentVolume: enabled: true - size: 400G + size: 400Gi diff --git a/addons/postgresql-cluster/15/plans/standard-800/values.yaml b/addons/postgresql-cluster/15/plans/standard-800/values.yaml index 3e88193a..c6efbfa0 100644 --- a/addons/postgresql-cluster/15/plans/standard-800/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-800/values.yaml @@ -72,4 +72,4 @@ resources: persistentVolume: enabled: true - size: 800G + size: 800Gi diff --git a/addons/prometheus/2/chart/prometheus/templates/_helpers.tpl b/addons/prometheus/2/chart/prometheus/templates/_helpers.tpl index 45a72ec7..9027a2ff 100644 --- a/addons/prometheus/2/chart/prometheus/templates/_helpers.tpl +++ b/addons/prometheus/2/chart/prometheus/templates/_helpers.tpl @@ -161,4 +161,26 @@ Get the Alertmanager configuration configmap. {{- else }} {{- include "prometheus.alertmanager.fullname" . -}} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} + +{{- define "server.passwordValue" -}} +{{- if .Values.server.password }} + {{- .Values.server.password -}} +{{- else -}} + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "PASSWORD") -}} +{{- end -}} +{{- end }} + +{{/* +Returns the available value for certain key in an existing secret (if it exists), +otherwise it generates a random value. +*/}} +{{- define "getValueFromSecret" }} +{{- $len := (default 16 .Length) | int -}} +{{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} +{{- if $obj }} +{{- index $obj .Key | b64dec -}} +{{- else -}} +{{- randAlphaNum $len -}} +{{- end -}} +{{- end }} \ No newline at end of file diff --git a/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml b/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml index 3c9703e8..cbd54657 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/configmap.yaml @@ -20,6 +20,7 @@ data: {{- include "common.tplvalues.render" (dict "value" .Values.server.configuration "context" $) | toYaml | nindent 4 }} {{ include "prometheus.serever.web.configmapKey" .}}: {{- include "common.tplvalues.render" (dict "value" .Values.server.webconfig "context" $) | toYaml | nindent 4 }} - rules.yaml: - {{- include "common.tplvalues.render" (dict "value" .Values.server.alertingRules "context" $) | toYaml | nindent 4 }} + rules.yaml: + {{- include "common.tplvalues.render" (dict "value" .Values.server.rules "context" $) | toYaml | nindent 4 }} + {{- end }} diff --git a/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml b/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml index 026b0139..1d5bd7a2 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml @@ -114,6 +114,7 @@ spec: args: - "--config.file=/opt/drycc/prometheus/conf/{{ include "prometheus.server.configmapKey" . }}" - "--storage.tsdb.path={{ .Values.server.persistence.mountPath }}" + - "--storage.tsdb.retention.time={{ .Values.server.retentionDays }}" - "--storage.tsdb.retention.size={{ .Values.server.retentionSize }}" - "--log.level={{ .Values.server.logLevel }}" - "--log.format={{ .Values.server.logFormat }}" diff --git a/addons/prometheus/2/chart/prometheus/templates/server/sec.yaml b/addons/prometheus/2/chart/prometheus/templates/server/sec.yaml index fd0b368c..c538a98a 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/sec.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/sec.yaml @@ -11,4 +11,4 @@ metadata: cluster-name: {{ template "prometheus.server.fullname" . }} type: Opaque data: - PASSWORD: {{ if .Values.password | default "" | ne "" }} {{ .Values.service.password | b64enc }}{{ else }}{{ randAlphaNum 32 | b64enc }}{{ end }} + PASSWORD: {{ include "server.passwordValue" . | b64enc | quote }} diff --git a/addons/prometheus/2/chart/prometheus/values.yaml b/addons/prometheus/2/chart/prometheus/values.yaml index f7f91f7e..a148e230 100644 --- a/addons/prometheus/2/chart/prometheus/values.yaml +++ b/addons/prometheus/2/chart/prometheus/values.yaml @@ -360,7 +360,7 @@ alertmanager: ingress: ## @param alertmanager.ingress.enabled Enable ingress record generation for Alertmanager ## - enabled: true + enabled: false ## @param alertmanager.ingress.pathType Ingress path type ## pathType: ImplementationSpecific @@ -479,7 +479,7 @@ alertmanager: service: ## @param alertmanager.service.type Alertmanager service type ## - type: LoadBalancer + type: ClusterIP ## @param alertmanager.service.ports.http Alertmanager service HTTP port ## @param alertmanager.service.ports.cluster Alertmanager cluster HA port ## @@ -578,7 +578,7 @@ alertmanager: ## server: username: admin - password: admin + password: To6EJBHPUo image: registry: registry.drycc.cc repository: drycc-addons/prometheus @@ -626,6 +626,9 @@ server: {{- end }} scrape_configs: - job_name: prometheus + basic_auth: + username: {{ .Values.server.username }} + password: {{ .Values.server.password }} {{- include "prometheus.scrape_config" (dict "component" "server" "context" $) | nindent 4 }} {{- if .Values.alertmanager.enabled }} - job_name: alertmanager @@ -650,15 +653,29 @@ server: - scheme: HTTP static_configs: - targets: [ "{{ printf "%s.%s.svc.%s:%d" (include "prometheus.alertmanager.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain (int .Values.alertmanager.service.ports.http) }}" ] + {{- end }} rule_files: - rules.yaml - {{- end }} - - + ## @param server.alertingRules Prometheus alerting rules. This content will be stored in the the rules.yaml file and the content can be a template. ## ref: - ## - alertingRules: {} + ## + rules: | + {{` + groups: + - name: PG数据库-监控告警 + rules: + - alert: PostgresqlDown + expr: pg_up == 0 + for: 0m + labels: + severity: critical + annotations: + summary: Postgresql down (instance {{ $labels.instance }}) + description: "Postgresql instance is down\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + `}} + ## @param server.extraScrapeConfigs Promethus configuration, useful to declare new scrape_configs. This content will be merged with the 'server.configuration' value and stored in the the prometheus.yaml file. ## ref: ## @@ -932,7 +949,7 @@ server: logFormat: logfmt ## @param server.retention Metrics retention days ## - retention: 10d + retentionDays: 15d ## @param server.retentionSize Maximum size of metrics ## retentionSize: "0" @@ -1239,7 +1256,7 @@ server: ingress: ## @param server.ingress.enabled Enable ingress record generation for Prometheus ## - enabled: true + enabled: false ## @param server.ingress.pathType Ingress path type ## pathType: ImplementationSpecific @@ -1357,7 +1374,7 @@ server: service: ## @param server.service.type Prometheus service type ## - type: LoadBalancer + type: ClusterIP ## @param server.service.ports.http Prometheus service HTTP port ## ports: @@ -1412,6 +1429,7 @@ server: ## Enable persistence using Persistent Volume Claims ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ ## + persistence: ## @param server.persistence.enabled Enable persistence using Persistent Volume Claims. If you have multiple instances (server.repicacount > 1), please considere using an external storage service like Thanos or Grafana Mimir ## diff --git a/addons/prometheus/2/meta.yaml b/addons/prometheus/2/meta.yaml index 7ac5e2af..4f7d7ef2 100644 --- a/addons/prometheus/2/meta.yaml +++ b/addons/prometheus/2/meta.yaml @@ -13,12 +13,18 @@ tags: prometheus bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: false +plan_updateable: true allow_parameters: - name: "networkPolicy.allowNamespaces" description: "networkPolicy allowNamespaces config for values.yaml" -- name: "server.username" - description: "set username . default amdin" -- name: "server.username" - description: "set passsword . default amdin" +- name: "server.service.type" + description: "service type config for values.yaml" +- name: "alertmanager.enabled" + description: "alertmanager config for values.yaml" +- name: "server.retentionDays" + description: "retentionDays config for values.yaml default 15d" +- name: "server.retentionSize" + description: "retentionSize config for values.yaml default 0, unit MB, GB, TB" +- name: "server.rules" + description: "rules config for values.yaml" archive: false diff --git a/addons/prometheus/2/plans/standard-10/bind.yaml b/addons/prometheus/2/plans/standard-10/bind.yaml index e453fade..dd543b83 100644 --- a/addons/prometheus/2/plans/standard-10/bind.yaml +++ b/addons/prometheus/2/plans/standard-10/bind.yaml @@ -1,24 +1,23 @@ credential: {{- if (eq .Values.server.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: - serviceRef: - name: {{ include "common.names.fullname" . }} + serviceRef: + name: {{ template "prometheus.server.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' -{{- else if (eq .Values.service.type "ClusterIP") }} +{{- end }} - name: HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ template "prometheus.server.fullname" . }} jsonpath: '{ .spec.clusterIP }' -{{- end }} - name: PORT valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }} + name: {{ template "prometheus.server.fullname" . }} jsonpath: ' { .spec.ports[?(@.name=="http")].port }' - name: USER - valule: {{ .Values.server.username }} + value: {{ .Values.server.username }} - name: PASSWORD - valule: {{ .Values.server.password }} - {{- end }} + value: {{ .Values.server.password }} + diff --git a/addons/prometheus/2/plans/standard-10/values.yaml b/addons/prometheus/2/plans/standard-10/values.yaml index 796ae97e..06e89f6a 100644 --- a/addons/prometheus/2/plans/standard-10/values.yaml +++ b/addons/prometheus/2/plans/standard-10/values.yaml @@ -5,4 +5,4 @@ fullnameOverride: hb-prometheus-standard-10 server: persistence: size: 10Gi - retentionSize: 8Gi \ No newline at end of file + # retentionSize: 8GBi \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-100/bind.yaml b/addons/prometheus/2/plans/standard-100/bind.yaml new file mode 100644 index 00000000..668c5cdf --- /dev/null +++ b/addons/prometheus/2/plans/standard-100/bind.yaml @@ -0,0 +1,23 @@ +credential: +{{- if (eq .Values.server.service.type "LoadBalancer") }} + - name: EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ template "prometheus.server.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: HOST + valueFrom: + serviceRef: + name: {{ template "prometheus.server.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PORT + valueFrom: + serviceRef: + name: {{ template "prometheus.server.fullname" . }} + jsonpath: ' { .spec.ports[?(@.name=="http")].port }' + - name: USER + value: {{ .Values.server.username }} + - name: PASSWORD + value: {{ .Values.server.password }} + diff --git a/addons/prometheus/2/plans/standard-100/create-instance-schema.json b/addons/prometheus/2/plans/standard-100/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/prometheus/2/plans/standard-100/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-100/meta.yaml b/addons/prometheus/2/plans/standard-100/meta.yaml new file mode 100644 index 00000000..fdc3185e --- /dev/null +++ b/addons/prometheus/2/plans/standard-100/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-100" +id: 118aada0-4826-4dba-83d8-989fbf47c55a +description: "Prometheus Cluster standard-100 plan persistence size 100Gi." +displayName: "100Gi" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/prometheus/2/plans/standard-100/values.yaml b/addons/prometheus/2/plans/standard-100/values.yaml new file mode 100644 index 00000000..7e8b3d46 --- /dev/null +++ b/addons/prometheus/2/plans/standard-100/values.yaml @@ -0,0 +1,8 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-prometheus-standard-100 + +server: + persistence: + size: 100Gi + # retentionSize: 48GBi \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-200/bind.yaml b/addons/prometheus/2/plans/standard-200/bind.yaml new file mode 100644 index 00000000..668c5cdf --- /dev/null +++ b/addons/prometheus/2/plans/standard-200/bind.yaml @@ -0,0 +1,23 @@ +credential: +{{- if (eq .Values.server.service.type "LoadBalancer") }} + - name: EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ template "prometheus.server.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: HOST + valueFrom: + serviceRef: + name: {{ template "prometheus.server.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PORT + valueFrom: + serviceRef: + name: {{ template "prometheus.server.fullname" . }} + jsonpath: ' { .spec.ports[?(@.name=="http")].port }' + - name: USER + value: {{ .Values.server.username }} + - name: PASSWORD + value: {{ .Values.server.password }} + diff --git a/addons/prometheus/2/plans/standard-200/create-instance-schema.json b/addons/prometheus/2/plans/standard-200/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/prometheus/2/plans/standard-200/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-200/meta.yaml b/addons/prometheus/2/plans/standard-200/meta.yaml new file mode 100644 index 00000000..ddc6523c --- /dev/null +++ b/addons/prometheus/2/plans/standard-200/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-200" +id: be99a35d-dbb4-4e17-8b27-1f00c5bca057 +description: "Prometheus Cluster standard-200 plan persistence size 200Gi." +displayName: "200Gi" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/prometheus/2/plans/standard-200/values.yaml b/addons/prometheus/2/plans/standard-200/values.yaml new file mode 100644 index 00000000..c5f2a7e5 --- /dev/null +++ b/addons/prometheus/2/plans/standard-200/values.yaml @@ -0,0 +1,8 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-prometheus-standard-200 + +server: + persistence: + size: 200Gi + # retentionSize: 48GBi \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-50/bind.yaml b/addons/prometheus/2/plans/standard-50/bind.yaml index e453fade..668c5cdf 100644 --- a/addons/prometheus/2/plans/standard-50/bind.yaml +++ b/addons/prometheus/2/plans/standard-50/bind.yaml @@ -1,24 +1,23 @@ credential: {{- if (eq .Values.server.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: - serviceRef: - name: {{ include "common.names.fullname" . }} + serviceRef: + name: {{ template "prometheus.server.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' -{{- else if (eq .Values.service.type "ClusterIP") }} +{{- end }} - name: HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ template "prometheus.server.fullname" . }} jsonpath: '{ .spec.clusterIP }' -{{- end }} - name: PORT valueFrom: serviceRef: - name: {{ template "common.names.fullname" . }} + name: {{ template "prometheus.server.fullname" . }} jsonpath: ' { .spec.ports[?(@.name=="http")].port }' - name: USER - valule: {{ .Values.server.username }} + value: {{ .Values.server.username }} - name: PASSWORD - valule: {{ .Values.server.password }} - {{- end }} + value: {{ .Values.server.password }} + diff --git a/addons/prometheus/2/plans/standard-50/values.yaml b/addons/prometheus/2/plans/standard-50/values.yaml index 69caeefa..b59af0aa 100644 --- a/addons/prometheus/2/plans/standard-50/values.yaml +++ b/addons/prometheus/2/plans/standard-50/values.yaml @@ -5,4 +5,4 @@ fullnameOverride: hb-prometheus-standard-50 server: persistence: size: 50Gi - retentionSize: 48Gi \ No newline at end of file + # retentionSize: 48GBi \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-500/bind.yaml b/addons/prometheus/2/plans/standard-500/bind.yaml new file mode 100644 index 00000000..668c5cdf --- /dev/null +++ b/addons/prometheus/2/plans/standard-500/bind.yaml @@ -0,0 +1,23 @@ +credential: +{{- if (eq .Values.server.service.type "LoadBalancer") }} + - name: EXTRANET_HOST + valueFrom: + serviceRef: + name: {{ template "prometheus.server.fullname" . }} + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' +{{- end }} + - name: HOST + valueFrom: + serviceRef: + name: {{ template "prometheus.server.fullname" . }} + jsonpath: '{ .spec.clusterIP }' + - name: PORT + valueFrom: + serviceRef: + name: {{ template "prometheus.server.fullname" . }} + jsonpath: ' { .spec.ports[?(@.name=="http")].port }' + - name: USER + value: {{ .Values.server.username }} + - name: PASSWORD + value: {{ .Values.server.password }} + diff --git a/addons/prometheus/2/plans/standard-500/create-instance-schema.json b/addons/prometheus/2/plans/standard-500/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/prometheus/2/plans/standard-500/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/prometheus/2/plans/standard-500/meta.yaml b/addons/prometheus/2/plans/standard-500/meta.yaml new file mode 100644 index 00000000..d58ee8e0 --- /dev/null +++ b/addons/prometheus/2/plans/standard-500/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-500" +id: c28dc645-f17d-4304-a3f9-5dcaabad2a49 +description: "Prometheus Cluster standard-500 plan persistence size 500Gi." +displayName: "500Gi" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/prometheus/2/plans/standard-500/values.yaml b/addons/prometheus/2/plans/standard-500/values.yaml new file mode 100644 index 00000000..2b8e6318 --- /dev/null +++ b/addons/prometheus/2/plans/standard-500/values.yaml @@ -0,0 +1,8 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-prometheus-standard-500 + +server: + persistence: + size: 500Gi + # retentionSize: 48GBi \ No newline at end of file diff --git a/addons/prometheus/rules.yaml b/addons/prometheus/rules.yaml new file mode 100644 index 00000000..fe3d5a18 --- /dev/null +++ b/addons/prometheus/rules.yaml @@ -0,0 +1,159 @@ +server: + rules: |- + {{` + groups: + - name: PG数据库-监控告警 + rules: + - alert: PostgresqlDown + expr: pg_up == 0 + for: 0m + labels: + severity: critical + annotations: + summary: Postgresql down (instance {{ $labels.instance }}) + description: "Postgresql instance is down\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlRestarted + expr: time() - pg_postmaster_start_time_seconds < 60 + for: 0m + labels: + severity: critical + annotations: + summary: Postgresql restarted (instance {{ $labels.instance }}) + description: "Postgresql restarted\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlExporterError + expr: pg_exporter_last_scrape_error > 0 + for: 0m + labels: + severity: critical + annotations: + summary: Postgresql exporter error (instance {{ $labels.instance }}) + description: "Postgresql exporter is showing errors. A query may be buggy in query.yaml\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlTableNotAutoVacuumed + expr: (pg_stat_user_tables_last_autovacuum > 0) and (time() - pg_stat_user_tables_last_autovacuum) > 60 * 60 * 24 * 10 + for: 0m + labels: + severity: warning + annotations: + summary: Postgresql table not auto vacuumed (instance {{ $labels.instance }}) + description: "Table {{ $labels.relname }} has not been auto vacuumed for 10 days\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlTableNotAutoAnalyzed + expr: (pg_stat_user_tables_last_autoanalyze > 0) and (time() - pg_stat_user_tables_last_autoanalyze) > 24 * 60 * 60 * 10 + for: 0m + labels: + severity: warning + annotations: + summary: Postgresql table not auto analyzed (instance {{ $labels.instance }}) + description: "Table {{ $labels.relname }} has not been auto analyzed for 10 days\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlTooManyConnections + expr: sum by (datname) (pg_stat_activity_count{datname!~"template.*|postgres"}) > pg_settings_max_connections * 0.8 + for: 2m + labels: + severity: warning + annotations: + summary: Postgresql too many connections (instance {{ $labels.instance }}) + description: "PostgreSQL instance has too many connections (> 80%).\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlNotEnoughConnections + expr: sum by (datname) (pg_stat_activity_count{datname!~"template.*|postgres"}) < 5 + for: 2m + labels: + severity: warning + annotations: + summary: Postgresql not enough connections (instance {{ $labels.instance }}) + description: "PostgreSQL instance should have more connections (> 5)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlDeadLocks + expr: increase(pg_stat_database_deadlocks{datname!~"template.*|postgres"}[1m]) > 5 + for: 0m + labels: + severity: warning + annotations: + summary: Postgresql dead locks (instance {{ $labels.instance }}) + description: "PostgreSQL has dead-locks\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlHighRollbackRate + expr: sum by (namespace,datname) ((rate(pg_stat_database_xact_rollback{datname!~"template.*|postgres",datid!="0"}[3m])) / ((rate(pg_stat_database_xact_rollback{datname!~"template.*|postgres",datid!="0"}[3m])) + (rate(pg_stat_database_xact_commit{datname!~"template.*|postgres",datid!="0"}[3m])))) > 0.02 + for: 0m + labels: + severity: warning + annotations: + summary: Postgresql high rollback rate (instance {{ $labels.instance }}) + description: "Ratio of transactions being aborted compared to committed is > 2 %\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlCommitRateLow + expr: rate(pg_stat_database_xact_commit[1m]) < 10 + for: 2m + labels: + severity: critical + annotations: + summary: Postgresql commit rate low (instance {{ $labels.instance }}) + description: "Postgresql seems to be processing very few transactions\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlLowXidConsumption + expr: rate(pg_txid_current[1m]) < 5 + for: 2m + labels: + severity: warning + annotations: + summary: Postgresql low XID consumption (instance {{ $labels.instance }}) + description: "Postgresql seems to be consuming transaction IDs very slowly\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlHighRateStatementTimeout + expr: rate(postgresql_errors_total{type="statement_timeout"}[1m]) > 3 + for: 0m + labels: + severity: critical + annotations: + summary: Postgresql high rate statement timeout (instance {{ $labels.instance }}) + description: "Postgres transactions showing high rate of statement timeouts\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlHighRateDeadlock + expr: increase(postgresql_errors_total{type="deadlock_detected"}[1m]) > 1 + for: 0m + labels: + severity: critical + annotations: + summary: Postgresql high rate deadlock (instance {{ $labels.instance }}) + description: "Postgres detected deadlocks\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlUnusedReplicationSlot + expr: pg_replication_slots_active == 0 + for: 1m + labels: + severity: warning + annotations: + summary: Postgresql unused replication slot (instance {{ $labels.instance }}) + description: "Unused Replication Slots\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlTooManyDeadTuples + expr: ((pg_stat_user_tables_n_dead_tup > 10000) / (pg_stat_user_tables_n_live_tup + pg_stat_user_tables_n_dead_tup)) >= 0.1 + for: 2m + labels: + severity: warning + annotations: + summary: Postgresql too many dead tuples (instance {{ $labels.instance }}) + description: "PostgreSQL dead tuples is too large\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlConfigurationChanged + expr: '{__name__=~"pg_settings_.*"} != ON(__name__) {__name__=~"pg_settings_([^t]|t[^r]|tr[^a]|tra[^n]|tran[^s]|trans[^a]|transa[^c]|transac[^t]|transact[^i]|transacti[^o]|transactio[^n]|transaction[^_]|transaction_[^r]|transaction_r[^e]|transaction_re[^a]|transaction_rea[^d]|transaction_read[^_]|transaction_read_[^o]|transaction_read_o[^n]|transaction_read_on[^l]|transaction_read_onl[^y]).* "} OFFSET 5m' + for: 0m + labels: + severity: info + annotations: + summary: Postgresql configuration changed (instance {{ $labels.instance }}) + description: "Postgres Database configuration change has occurred\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + - alert: PostgresqlSslCompressionActive + expr: sum(pg_stat_ssl_compression) > 0 + for: 0m + labels: + severity: critical + annotations: + summary: Postgresql SSL compression active (instance {{ $labels.instance }}) + description: "Database connections with SSL compression enabled. This may add significant jitter in replication delay. in recovery.conf.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + `}} \ No newline at end of file From 55d5e3307aafca4d86b0813310ab43973252bbc8 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Fri, 22 Dec 2023 14:00:13 +0800 Subject: [PATCH 41/53] megre(addons): megre from upstream --- .../15/chart/postgresql-cluster/README.md | 11 +---------- .../postgresql-cluster/templates/_helpers.tpl | 4 ---- .../postgresql-cluster/templates/cm-backup.yaml | 14 +------------- .../15/chart/postgresql-cluster/templates/sec.yaml | 7 +------ .../postgresql-cluster/templates/statefulset.yaml | 5 ----- .../15/chart/postgresql-cluster/values.yaml | 7 ++----- .../15/plans/standard-10/bind.yaml | 5 +---- .../15/plans/standard-50/meta.yaml | 4 ---- 8 files changed, 6 insertions(+), 51 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md index 59cf8250..4dd6522d 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/README.md @@ -71,7 +71,6 @@ backup: - Login database web with admin user & password -<<<<<<< HEAD - Change administrator initial password ``` ALTER USER administrator WITH ENCRYPTED PASSWORD 'newpassword'; @@ -88,15 +87,7 @@ GRANT `myuser` to administrator ; - CREATE APP DATABASE ``` CREATE DATABASE `mydb` OWNER `myuser`; -======= -- CREATE APP USER -``` -CREATE USER `my_user` WITH CONNECTION LIMIT `conn_limit` LOGIN ENCRYPTED PASSWORD 'password'; -``` -- CREATE APP DATABASE -``` -CREATE DATABASE `my_db` OWNER `my_user`; ->>>>>>> d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd + ``` - CREATE EXTENSIONS ``` diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl index ad84a3b0..bb67a496 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/_helpers.tpl @@ -189,11 +189,7 @@ Get the administrator password ; {{- if .Values.adminRole.password }} {{- .Values.adminRole.password -}} {{- else -}} -<<<<<<< HEAD {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "admin-password") -}} -======= - {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "password-replication") -}} ->>>>>>> d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd {{- end -}} {{- end }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml index 601a4f03..62cb7596 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/cm-backup.yaml @@ -1,7 +1,3 @@ -<<<<<<< HEAD -======= -{{- if (include "backup.createConfigmap" .) }} ->>>>>>> d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd apiVersion: v1 kind: ConfigMap metadata: @@ -17,13 +13,5 @@ metadata: {{- end }} data: backup.env: |- -<<<<<<< HEAD {{- include "common.tplvalues.render" ( dict "value" .Values.backupEnv "context" $ ) | nindent 4 }} -======= - {{- include "common.tplvalues.render" ( dict "value" .Values.backupEnv "context" $ ) | nindent 4 }} - # archive_command.sh: | - - # #/bin/bash - # source backup.env - # [ $USE_WALG ] ? sh /opt/drycc/postgresql/walbackup.sh %p : /bin/true -{{- end -}} ->>>>>>> d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd + diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml index 9bd002e3..c2e13055 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/sec.yaml @@ -14,10 +14,5 @@ data: password-superuser: {{ include "credentials.superuserValue" . | b64enc | quote }} password-rewind: {{ include "credentials.rewindValue" . | b64enc | quote }} password-replication: {{ include "credentials.replicationValue" . | b64enc | quote }} -<<<<<<< HEAD admin-user: {{ .Values.adminRole.username | b64enc | quote }} - admin-password: {{ include "adminRole.passwordValue" . | b64enc | quote }} -======= - admin-user: {{ .Values.adminRole.username | b64enc }} - admin-password: {{ .Values.adminRole.password | b64enc }} ->>>>>>> d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd + admin-password: {{ include "adminRole.passwordValue" . | b64enc | quote }} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 66c979cd..0dad1437 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -161,11 +161,6 @@ spec: resources: {{- toYaml .Values.metrics.resources | nindent 12 }} {{- end }} {{- end }} -<<<<<<< HEAD - -======= - {{- if .Values.backup.enabled }} ->>>>>>> d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd - name: {{ .Chart.Name }}-backup image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index cd40d29a..d15aa52a 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -124,13 +124,10 @@ postInitScript: | psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor;create extension pg_stat_statements;create extension pg_buffercache ;" # Create admin user if [[( -n "$ADMIN_USER") && ( -n "$ADMIN_PASSWORD")]]; then -<<<<<<< HEAD + echo "Creating user ${ADMIN_USER}" psql -w -c "CREATE USER ${ADMIN_USER} WITH SUPERUSER CREATEDB CREATEROLE CONNECTION LIMIT 10 LOGIN ENCRYPTED PASSWORD '${ADMIN_PASSWORD}'" -======= - echo "Creating user ${ADMIN_USER}" - # psql -w -c "CREATE USER ${ADMIN_USER} WITH NOSUPERUSER CREATEDB CREATEROLE REPLICATION CONNECTION LIMIT 10 LOGIN ENCRYPTED PASSWORD '${ADMIN_PASSWORD}'" ->>>>>>> d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd + else echo "Skipping create admin user" fi diff --git a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml index 11bbb4e1..e41b7b31 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/bind.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/bind.yaml @@ -32,10 +32,7 @@ credential: name: {{ template "common.names.fullname" . }} jsonpath: '{ .data.admin-user }' - name: PORT -<<<<<<< HEAD value: 5432 - name: DADABASE value: postgres -======= - value: 5432 ->>>>>>> d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd + diff --git a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml index 7586884a..a194f7ef 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/meta.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/meta.yaml @@ -1,10 +1,6 @@ name: "standard-50" id: 0542f411-4e7b-46af-966c-c9989e54873c -<<<<<<< HEAD description: "PostgreSQL Cluster standard-50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" -======= -description: "PostgreSQL standard-50 plan: Disk 50Gi ,vCPUs 2 , RAM 8G , DB MAX Connection 2000" ->>>>>>> d9ed1063e1d4d34d5a535bf86bacd2c9d2a31dfd displayName: "standard-50" bindable: true maximum_polling_duration: 1800 From 1965e9b4f4a5d27ea539445d1e17d3b1cb0464d2 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 2 Jan 2024 14:33:56 +0800 Subject: [PATCH 42/53] chore(postgresql-cluster): reset wal retain size --- .../15/chart/postgresql-cluster/values.yaml | 1 - .../postgresql-cluster/15/plans/standard-10/values.yaml | 4 ++-- .../postgresql-cluster/15/plans/standard-100/values.yaml | 8 ++++---- .../postgresql-cluster/15/plans/standard-20/values.yaml | 4 ++-- .../postgresql-cluster/15/plans/standard-200/values.yaml | 8 ++++---- .../postgresql-cluster/15/plans/standard-400/values.yaml | 8 ++++---- .../postgresql-cluster/15/plans/standard-50/values.yaml | 4 ++-- .../postgresql-cluster/15/plans/standard-800/values.yaml | 8 ++++---- 8 files changed, 22 insertions(+), 23 deletions(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index d15aa52a..b32ab391 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -72,7 +72,6 @@ preInitScript: | hot_standby: "on" max_connections: 1005 max_worker_processes: 8 - wal_keep_segments: 1024 max_wal_senders: 10 max_replication_slots: 10 max_prepared_transactions: 0 diff --git a/addons/postgresql-cluster/15/plans/standard-10/values.yaml b/addons/postgresql-cluster/15/plans/standard-10/values.yaml index fd8fd98f..adf735cd 100644 --- a/addons/postgresql-cluster/15/plans/standard-10/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-10/values.yaml @@ -28,7 +28,7 @@ postgresql: # Checkpointing: checkpoint_timeout = '15 min' checkpoint_completion_target = 0.9 - max_wal_size = '1024 MB' + max_wal_size = '1 GB' min_wal_size = '512 MB' # WAL writing @@ -36,7 +36,7 @@ postgresql: wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '3650 MB' + wal_keep_size = '1 GB' # Background writer bgwriter_delay = 200ms diff --git a/addons/postgresql-cluster/15/plans/standard-100/values.yaml b/addons/postgresql-cluster/15/plans/standard-100/values.yaml index 90625a5d..97b6efe0 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/values.yaml @@ -26,17 +26,17 @@ postgresql: synchronous_commit = on # Checkpointing: - checkpoint_timeout = '15 min' + checkpoint_timeout = '25 min' checkpoint_completion_target = 0.9 - max_wal_size = '1024 MB' - min_wal_size = '512 MB' + max_wal_size = '4 GB' + min_wal_size = '2 GB' # WAL writing wal_compression = on wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '3650 MB' + wal_keep_size = '4 GB' # Background writer diff --git a/addons/postgresql-cluster/15/plans/standard-20/values.yaml b/addons/postgresql-cluster/15/plans/standard-20/values.yaml index fed1e2da..b0f465d2 100644 --- a/addons/postgresql-cluster/15/plans/standard-20/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-20/values.yaml @@ -28,7 +28,7 @@ postgresql: # Checkpointing: checkpoint_timeout = '15 min' checkpoint_completion_target = 0.9 - max_wal_size = '1024 MB' + max_wal_size = '2 GB' min_wal_size = '512 MB' @@ -37,7 +37,7 @@ postgresql: wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '3650 MB' + wal_keep_size = '1 GB' # Background writer diff --git a/addons/postgresql-cluster/15/plans/standard-200/values.yaml b/addons/postgresql-cluster/15/plans/standard-200/values.yaml index a0427d92..24ca6659 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/values.yaml @@ -26,17 +26,17 @@ postgresql: synchronous_commit = on # Checkpointing: - checkpoint_timeout = '15 min' + checkpoint_timeout = '25 min' checkpoint_completion_target = 0.9 - max_wal_size = '1024 MB' - min_wal_size = '512 MB' + max_wal_size = '5 GB' + min_wal_size = '3 GB' # WAL writing wal_compression = on wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '3650 MB' + wal_keep_size = '5 GB' # Background writer bgwriter_delay = 200ms diff --git a/addons/postgresql-cluster/15/plans/standard-400/values.yaml b/addons/postgresql-cluster/15/plans/standard-400/values.yaml index 062ee7cb..44d572d8 100644 --- a/addons/postgresql-cluster/15/plans/standard-400/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-400/values.yaml @@ -26,17 +26,17 @@ postgresql: synchronous_commit = on # Checkpointing: - checkpoint_timeout = '15 min' + checkpoint_timeout = '30 min' checkpoint_completion_target = 0.9 - max_wal_size = '1024 MB' - min_wal_size = '512 MB' + max_wal_size = '6 GB' + min_wal_size = '2 GB' # WAL writing wal_compression = on wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '3650 MB' + wal_keep_size = '10 GB' # Background writer bgwriter_delay = 200ms diff --git a/addons/postgresql-cluster/15/plans/standard-50/values.yaml b/addons/postgresql-cluster/15/plans/standard-50/values.yaml index 046e87ea..c911400d 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/values.yaml @@ -28,7 +28,7 @@ postgresql: # Checkpointing: checkpoint_timeout = '15 min' checkpoint_completion_target = 0.9 - max_wal_size = '1024 MB' + max_wal_size = '2 GB' min_wal_size = '512 MB' # WAL writing @@ -36,7 +36,7 @@ postgresql: wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '3650 MB' + wal_keep_size = '3 GB' # Background writer diff --git a/addons/postgresql-cluster/15/plans/standard-800/values.yaml b/addons/postgresql-cluster/15/plans/standard-800/values.yaml index c6efbfa0..4c62936e 100644 --- a/addons/postgresql-cluster/15/plans/standard-800/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-800/values.yaml @@ -26,17 +26,17 @@ postgresql: synchronous_commit = on # Checkpointing: - checkpoint_timeout = '15 min' + checkpoint_timeout = '30 min' checkpoint_completion_target = 0.9 - max_wal_size = '10240 MB' - min_wal_size = '5120 MB' + max_wal_size = '8 GB' + min_wal_size = '4 GB' # WAL writing wal_compression = on wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) wal_writer_delay = 200ms wal_writer_flush_after = 1MB - wal_keep_size = '22080 MB' + wal_keep_size = '10 GB' # Background writer bgwriter_delay = 200ms From a3e38686bd3a356614065b1484e11c5dae06d064 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 11 Jan 2024 09:35:37 +0800 Subject: [PATCH 43/53] chore(postgresql-cluster):add hugepages-2Mi limit in plans --- addons/postgresql-cluster/15/plans/standard-100/values.yaml | 1 + addons/postgresql-cluster/15/plans/standard-200/values.yaml | 1 + addons/postgresql-cluster/15/plans/standard-400/values.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-50/values.yaml | 3 ++- addons/postgresql-cluster/15/plans/standard-800/values.yaml | 2 +- 5 files changed, 6 insertions(+), 3 deletions(-) diff --git a/addons/postgresql-cluster/15/plans/standard-100/values.yaml b/addons/postgresql-cluster/15/plans/standard-100/values.yaml index 97b6efe0..fff5cf6a 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/values.yaml @@ -66,6 +66,7 @@ resources: limits: cpu: 4000m memory: 16Gi + hugepages-2Mi: 50Mi requests: cpu: 4000m memory: 16Gi diff --git a/addons/postgresql-cluster/15/plans/standard-200/values.yaml b/addons/postgresql-cluster/15/plans/standard-200/values.yaml index 24ca6659..097a65b6 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/values.yaml @@ -65,6 +65,7 @@ resources: limits: cpu: 8000m memory: 32Gi + hugepages-2Mi: 60Mi requests: cpu: 8000m memory: 32Gi diff --git a/addons/postgresql-cluster/15/plans/standard-400/values.yaml b/addons/postgresql-cluster/15/plans/standard-400/values.yaml index 44d572d8..3dd25a18 100644 --- a/addons/postgresql-cluster/15/plans/standard-400/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-400/values.yaml @@ -65,7 +65,7 @@ resources: limits: cpu: 16000m memory: 64Gi - # hugepages-2Mi: 4Mi + hugepages-2Mi: 40Mi requests: cpu: 16000m memory: 64Gi diff --git a/addons/postgresql-cluster/15/plans/standard-50/values.yaml b/addons/postgresql-cluster/15/plans/standard-50/values.yaml index c911400d..4712cacb 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/values.yaml @@ -66,10 +66,11 @@ resources: limits: cpu: 2000m memory: 8Gi + hugepages-2Mi: 20Mi requests: cpu: 2000m memory: 8Gi persistentVolume: enabled: true - size: 50G + size: 50Gi diff --git a/addons/postgresql-cluster/15/plans/standard-800/values.yaml b/addons/postgresql-cluster/15/plans/standard-800/values.yaml index 4c62936e..a91fe646 100644 --- a/addons/postgresql-cluster/15/plans/standard-800/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-800/values.yaml @@ -65,7 +65,7 @@ resources: limits: cpu: 32000m memory: 128Gi - # hugepages-2Mi: 4Mi + hugepages-2Mi: 80Mi requests: cpu: 32000m memory: 128Gi From 6e6c35485120be392059b32f127dae01e7dc6313 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Thu, 18 Jan 2024 09:56:36 +0800 Subject: [PATCH 44/53] chore(addons): alter cloudbeaver plan to 10, prometheus add hotupdate param --- .../23/plans/{standard-5 => standard-10}/bind.yaml | 0 .../create-instance-schema.json | 0 .../23/plans/{standard-5 => standard-10}/meta.yaml | 0 .../23/plans/{standard-5 => standard-10}/values.yaml | 2 +- .../chart/postgresql-cluster/templates/statefulset.yaml | 5 +++++ .../15/chart/postgresql-cluster/values.yaml | 9 +++++++++ .../2/chart/prometheus/templates/server/deployment.yaml | 1 + 7 files changed, 16 insertions(+), 1 deletion(-) rename addons/cloudbeaver/23/plans/{standard-5 => standard-10}/bind.yaml (100%) rename addons/cloudbeaver/23/plans/{standard-5 => standard-10}/create-instance-schema.json (100%) rename addons/cloudbeaver/23/plans/{standard-5 => standard-10}/meta.yaml (100%) rename addons/cloudbeaver/23/plans/{standard-5 => standard-10}/values.yaml (99%) diff --git a/addons/cloudbeaver/23/plans/standard-5/bind.yaml b/addons/cloudbeaver/23/plans/standard-10/bind.yaml similarity index 100% rename from addons/cloudbeaver/23/plans/standard-5/bind.yaml rename to addons/cloudbeaver/23/plans/standard-10/bind.yaml diff --git a/addons/cloudbeaver/23/plans/standard-5/create-instance-schema.json b/addons/cloudbeaver/23/plans/standard-10/create-instance-schema.json similarity index 100% rename from addons/cloudbeaver/23/plans/standard-5/create-instance-schema.json rename to addons/cloudbeaver/23/plans/standard-10/create-instance-schema.json diff --git a/addons/cloudbeaver/23/plans/standard-5/meta.yaml b/addons/cloudbeaver/23/plans/standard-10/meta.yaml similarity index 100% rename from addons/cloudbeaver/23/plans/standard-5/meta.yaml rename to addons/cloudbeaver/23/plans/standard-10/meta.yaml diff --git a/addons/cloudbeaver/23/plans/standard-5/values.yaml b/addons/cloudbeaver/23/plans/standard-10/values.yaml similarity index 99% rename from addons/cloudbeaver/23/plans/standard-5/values.yaml rename to addons/cloudbeaver/23/plans/standard-10/values.yaml index 920f16ca..dee9c848 100644 --- a/addons/cloudbeaver/23/plans/standard-5/values.yaml +++ b/addons/cloudbeaver/23/plans/standard-10/values.yaml @@ -51,7 +51,7 @@ persistence: - ReadWriteOnce ## @param primary.persistence.size MySQL primary persistent volume size ## - size: 5Gi + size: 10Gi ## @param primary.persistence.selector Selector to match an existing Persistent Volume ## selector: ## matchLabels: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml index 0dad1437..61881313 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/templates/statefulset.yaml @@ -229,6 +229,11 @@ spec: - name: storage-volume emptyDir: {} {{- end }} + {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} {{- if .Values.persistentVolume.enabled }} volumeClaimTemplates: - metadata: diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index b32ab391..857ee44d 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -277,6 +277,15 @@ backup: awsS3ForcePathStyle: "true" awsRegion: dx-1 +## persistentVolumeClaimRetentionPolicy +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention +## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet +## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced +## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted +persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Delete + whenDeleted: Delete persistentVolume: enabled: true size: 10G diff --git a/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml b/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml index 12480ad1..d8ecaa9f 100644 --- a/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml +++ b/addons/prometheus/2/chart/prometheus/templates/server/deployment.yaml @@ -122,6 +122,7 @@ spec: - "--web.console.libraries=/opt/drycc/prometheus/conf/console_libraries" - "--web.console.templates=/opt/drycc/prometheus/conf/consoles" - "--web.config.file=/opt/drycc/prometheus/conf/web-config.yaml" + - "--web.enable-lifecycle" {{- if .Values.server.enableAdminAPI}} - "--web.enable-admin-api" {{- end }} From 739675b98b85952772d460b43b790b6841200319 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 23 Jan 2024 10:28:41 +0800 Subject: [PATCH 45/53] chore(mysql-cluster): adjust bind params --- .../8.0/chart/mysql-cluster/Chart.yaml | 4 +- .../templates/cluster/deployments.yaml | 41 +++++++++++++++++++ .../mysql-cluster/templates/cluster/job.yaml | 3 +- .../mysql-cluster/templates/secrets.yaml | 4 +- .../8.0/chart/mysql-cluster/values.yaml | 8 ++-- addons/mysql-cluster/8.0/meta.yaml | 4 +- .../8.0/plans/standard-10/bind.yaml | 17 +++----- .../8.0/plans/standard-10/values.yaml | 4 +- .../8.0/plans/standard-100/bind.yaml | 19 ++++----- .../8.0/plans/standard-20/bind.yaml | 17 +++----- .../8.0/plans/standard-200/bind.yaml | 17 +++----- .../8.0/plans/standard-400/bind.yaml | 17 +++----- .../8.0/plans/standard-50/bind.yaml | 17 +++----- .../8.0/plans/standard-800/bind.yaml | 17 +++----- 14 files changed, 99 insertions(+), 90 deletions(-) create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/deployments.yaml diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/Chart.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/Chart.yaml index 634f9453..8b3d99c5 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/Chart.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/Chart.yaml @@ -1,7 +1,7 @@ annotations: category: Database apiVersion: v2 -appVersion: 8.0.30 +appVersion: 8.0.35 dependencies: - name: common repository: oci://registry.drycc.cc/charts @@ -25,4 +25,4 @@ name: mysql sources: - https://github.com/drycc/containers/tree/main/drycc/mysql - https://mysql.com -version: 9.3.5 +version: 8.0.35 diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/deployments.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/deployments.yaml new file mode 100644 index 00000000..ef626420 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/deployments.yaml @@ -0,0 +1,41 @@ +{{- /* +Copyright Drycc Community. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "mysql.cluster.fullname" . }}-tools + namespace: {{ include "common.names.namespace" . | quote }} +spec: + replicas: 1 + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: mysql-cluster-tools + + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: mysql-cluster-tools + + spec: + containers: + - name: cluster-tools + image: {{ include "cluster.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + command: + - /bin/bash + - -ec + - | + sleep infinity + env: + - name: MYSQL_MASTER_PORT_NUMBER + value: {{ .Values.primary.service.ports.mysql | quote }} + - name: MYSQL_MASTER_ROOT_USER + value: "root" + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mysql.secretName" . }} + key: mysql-root-password diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml index a922a4c4..88365d71 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml @@ -67,7 +67,8 @@ spec: " > /tmp/slave.sql mysql -h${HOST_1} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} < /tmp/slave.sql mysql -h${HOST_2} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} < /tmp/slave.sql - + mysql -h${HOST_0} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} -e "GRANT ALL PRIVILEGES ON *.* TO administrator@'%' WITH GRANT OPTION;flush privileges;" + env: - name: DRYCC_DEBUG value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/secrets.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/secrets.yaml index c51cfb39..75c6bf5e 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/secrets.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/secrets.yaml @@ -46,7 +46,7 @@ metadata: {{- end }} type: servicebinding.io/mysql data: - provider: {{ print "bitnami" | b64enc | quote }} + provider: {{ print "drycc" | b64enc | quote }} type: {{ print "mysql" | b64enc | quote }} host: {{ print $host | b64enc | quote }} port: {{ print $port | b64enc | quote }} @@ -60,7 +60,7 @@ data: apiVersion: v1 kind: Secret metadata: - name: {{ include "common.names.fullname" . }}-svcbind-custom-user + name: {{ include "common.names.fullname" . }}-svcbind-administrator-user namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index 2c70143b..031cbe43 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -113,11 +113,11 @@ auth: ## @param auth.database Name for a custom database to create ## ref: https://github.com/drycc/containers/tree/main/drycc/mysql#creating-a-database-on-first-run ## - database: "mx_database" + database: "mondb" ## @param auth.username Name for a custom user to create ## ref: https://github.com/drycc/containers/tree/main/drycc/mysql#creating-a-database-user-on-first-run ## - username: "mx111" + username: "administrator" ## @param auth.password Password for the new user. Ignored if existing secret is provided ## password: "" @@ -127,7 +127,7 @@ auth: replicationUser: replicator ## @param auth.replicationPassword MySQL replication user password. Ignored if existing secret is provided ## - replicationPassword: "user4_repUU" + replicationPassword: "" ## @param auth.existingSecret Use existing secret for password details. The secret has to contain the keys `mysql-root-password`, `mysql-replication-password` and `mysql-password` ## NOTE: When it's set the auth.rootPassword, auth.password, auth.replicationPassword are ignored. ## @@ -244,6 +244,7 @@ primary: disabled_storage_engines="MyISAM,BLACKHOLE,FEDERATED,ARCHIVE,MEMORY" sql_require_primary_key=ON log_error_suppression_list='MY-013360' + binlog_transaction_dependency_tracking=WRITESET # Replication log_bin=mysql-bin @@ -603,6 +604,7 @@ cluster: digest: "" pullPolicy: IfNotPresent + router: ## @param router.name Name of the router ## diff --git a/addons/mysql-cluster/8.0/meta.yaml b/addons/mysql-cluster/8.0/meta.yaml index 5af39a4c..273e3a55 100644 --- a/addons/mysql-cluster/8.0/meta.yaml +++ b/addons/mysql-cluster/8.0/meta.yaml @@ -13,7 +13,7 @@ tags: mysql-cluster bindable: true instances_retrievable: true bindings_retrievable: true -plan_updateable: false +plan_updateable: true allow_parameters: - name: "networkPolicy.allowNamespaces" required: false @@ -21,4 +21,4 @@ allow_parameters: - name: "router.service.type" required: false description: "service type config for values.yaml" -archive: false +archive: false \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml index 3ec3ed37..4dffea55 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml @@ -9,31 +9,26 @@ credential: - name: HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' {{- end }} - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - name: PASSWORD valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user + jsonpath: '{ .data.password }' - name: USERNAME valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.username }' - name: READONLY_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portro }' - name: READWRITE_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml index f90075a8..5e2e6f5d 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml @@ -16,10 +16,10 @@ primary: resources: limits: cpu: 1000m - memory: 1024Mi + memory: 2048Mi requests: cpu: 1000m - memory: 1024Mi + memory: 2048Mi ## @section Persistence parameters diff --git a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml index 3ec3ed37..1bb7d8b5 100644 --- a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml @@ -9,31 +9,26 @@ credential: - name: HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' - {{- end }} - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' + {{- end }} - name: PASSWORD valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user + jsonpath: '{ .data.password }' - name: USERNAME valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.username }' - name: READONLY_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portro }' - name: READWRITE_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml index 3ec3ed37..4dffea55 100644 --- a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml @@ -9,31 +9,26 @@ credential: - name: HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' {{- end }} - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - name: PASSWORD valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user + jsonpath: '{ .data.password }' - name: USERNAME valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.username }' - name: READONLY_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portro }' - name: READWRITE_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml index 3ec3ed37..4dffea55 100644 --- a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml @@ -9,31 +9,26 @@ credential: - name: HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' {{- end }} - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - name: PASSWORD valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user + jsonpath: '{ .data.password }' - name: USERNAME valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.username }' - name: READONLY_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portro }' - name: READWRITE_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml index 3ec3ed37..4dffea55 100644 --- a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml @@ -9,31 +9,26 @@ credential: - name: HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' {{- end }} - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - name: PASSWORD valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user + jsonpath: '{ .data.password }' - name: USERNAME valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.username }' - name: READONLY_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portro }' - name: READWRITE_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml index 3ec3ed37..4dffea55 100644 --- a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml @@ -9,31 +9,26 @@ credential: - name: HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' {{- end }} - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - name: PASSWORD valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user + jsonpath: '{ .data.password }' - name: USERNAME valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.username }' - name: READONLY_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portro }' - name: READWRITE_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portrw }' \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml index 3ec3ed37..4dffea55 100644 --- a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml @@ -9,31 +9,26 @@ credential: - name: HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' {{- end }} - - name: DADABASE - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.database }' - name: PASSWORD valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user - jsonpath: '{ .data.username }' + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user + jsonpath: '{ .data.password }' - name: USERNAME valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.username }' - name: READONLY_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portro }' - name: READWRITE_PORT valueFrom: secretKeyRef: - name: {{ template "common.names.fullname" . }}-svcbind-custom-user + name: {{ template "common.names.fullname" . }}-svcbind-administrator-user jsonpath: '{ .data.portrw }' \ No newline at end of file From d120aa803377aeaa74a296d0e66009c69306bb1b Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Tue, 23 Jan 2024 15:45:30 +0800 Subject: [PATCH 46/53] chore(postgresql-cluster): add plan 4t --- .../15/plans/standard-4t/bind.yaml | 37 +++++++++ .../standard-4t/create-instance-schema.json | 12 +++ .../15/plans/standard-4t/meta.yaml | 6 ++ .../15/plans/standard-4t/values.yaml | 75 +++++++++++++++++++ 4 files changed, 130 insertions(+) create mode 100644 addons/postgresql-cluster/15/plans/standard-4t/bind.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-4t/create-instance-schema.json create mode 100644 addons/postgresql-cluster/15/plans/standard-4t/meta.yaml create mode 100644 addons/postgresql-cluster/15/plans/standard-4t/values.yaml diff --git a/addons/postgresql-cluster/15/plans/standard-4t/bind.yaml b/addons/postgresql-cluster/15/plans/standard-4t/bind.yaml new file mode 100644 index 00000000..0283dff3 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-4t/bind.yaml @@ -0,0 +1,37 @@ +credential: +{{- if (eq .Values.service.type "LoadBalancer") }} + - name: EXTRANET_MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + - name: EXTRANET_REPL_HOST + valueFrom: + serviceRef: + name: {{ template "common.names.fullname" . }}-repl + jsonpath: '{ .status.loadBalancer.ingress[*].ip }' + {{- end }} + - name: MASTER_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-master + jsonpath: '{ .spec.clusterIP }' + - name: REPL_HOST + valueFrom: + serviceRef: + name: {{ include "common.names.fullname" . }}-repl + jsonpath: '{ .spec.clusterIP }' + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-password }' + - name: USERNAME + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + jsonpath: '{ .data.admin-user }' + - name: PORT + value: 5432 + - name: DADABASE + value: postgres \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-4t/create-instance-schema.json b/addons/postgresql-cluster/15/plans/standard-4t/create-instance-schema.json new file mode 100644 index 00000000..66ebbaa0 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-4t/create-instance-schema.json @@ -0,0 +1,12 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy" + } + } +} \ No newline at end of file diff --git a/addons/postgresql-cluster/15/plans/standard-4t/meta.yaml b/addons/postgresql-cluster/15/plans/standard-4t/meta.yaml new file mode 100644 index 00000000..208f253c --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-4t/meta.yaml @@ -0,0 +1,6 @@ +name: "standard-4t" +id: 138f8059-a3f6-4efe-a210-09d9ff00f9a9 +description: "PostgreSQL Cluster standard-4t plan: Disk 4Ti ,vCPUs 32 , RAM 64G , DB MAX Connection 2000" +displayName: "standard-4t" +bindable: true +maximum_polling_duration: 1800 diff --git a/addons/postgresql-cluster/15/plans/standard-4t/values.yaml b/addons/postgresql-cluster/15/plans/standard-4t/values.yaml new file mode 100644 index 00000000..d4046150 --- /dev/null +++ b/addons/postgresql-cluster/15/plans/standard-4t/values.yaml @@ -0,0 +1,75 @@ +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: hb-postgresql-cluster-standard-800 + +postgresql: + config: |- + # Connectivity + max_connections = 2000 + superuser_reserved_connections = 3 + + # Memory Settings + shared_buffers = '16384 MB' + work_mem = '256 MB' + maintenance_work_mem = '2048 MB' + huge_pages = try # NB! requires also activation of huge pages via kernel params, see here for more: https://www.postgresql.org/docs/current/static/kernel-resources.html#LINUX-HUGE-PAGES + effective_cache_size = '45 GB' + effective_io_concurrency = 100 # concurrent IO only really activated if OS supports posix_fadvise function + random_page_cost = 1.25 # speed of random disk access relative to sequential access (1.0) + + # Monitoring + track_io_timing=on # measure exact block IO times + track_functions=pl # track execution times of pl-language procedures if any + + # Replication + max_wal_senders = 10 + synchronous_commit = on + + # Checkpointing: + checkpoint_timeout = '30 min' + checkpoint_completion_target = 0.9 + max_wal_size = '32 GB' + min_wal_size = '16 GB' + + # WAL writing + wal_compression = on + wal_buffers = -1 # auto-tuned by Postgres till maximum of segment size (16MB by default) + wal_writer_delay = 200ms + wal_writer_flush_after = 1MB + wal_keep_size = '60 GB' + + # Background writer + bgwriter_delay = 200ms + bgwriter_lru_maxpages = 100 + bgwriter_lru_multiplier = 2.0 + bgwriter_flush_after = 0 + + # Parallel queries: + max_worker_processes = 32 + max_parallel_workers_per_gather = 16 + max_parallel_maintenance_workers = 16 + max_parallel_workers = 32 + parallel_leader_participation = on + + # Advanced features + enable_partitionwise_join = on + enable_partitionwise_aggregate = on + jit = on + max_slot_wal_keep_size = '1000 MB' + track_wal_io_timing = on + maintenance_io_concurrency = 100 + +resources: + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 32000m + memory: 64Gi + hugepages-2Mi: 80Mi + requests: + cpu: 32000m + memory: 64Gi + +persistentVolume: + enabled: true + size: 4Ti From b573f917c03baf7e1b56d398f4b3270e8235d06c Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 21 Feb 2024 11:56:51 +0800 Subject: [PATCH 47/53] chore(postgresql-cluster): adjust pg params & monitor user privilege --- .../15/chart/postgresql-cluster/values.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml index 857ee44d..02f9bdfa 100644 --- a/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml +++ b/addons/postgresql-cluster/15/chart/postgresql-cluster/values.yaml @@ -57,6 +57,7 @@ preInitScript: | loop_wait: 10 retry_timeout: 10 maximum_lag_on_failover: 1048576 + failsafe_mode: true postgresql: use_pg_rewind: true use_slots: true @@ -74,6 +75,7 @@ preInitScript: | max_worker_processes: 8 max_wal_senders: 10 max_replication_slots: 10 + hot_standby_feedback: on max_prepared_transactions: 0 max_locks_per_transaction: 64 wal_log_hints: "on" @@ -120,7 +122,7 @@ postInitScript: | #!/bin/bash set -Eeu # Create monitor user - psql -w -c "CREATE USER tea_mon WITH ROLE pg_monitor;create extension pg_stat_statements;create extension pg_buffercache ;" + psql -w -c "CREATE USER tea_mon ;GRANT pg_monitor TO tea_mon ;create extension pg_stat_statements;create extension pg_buffercache ;" # Create admin user if [[( -n "$ADMIN_USER") && ( -n "$ADMIN_PASSWORD")]]; then From d00010ff498085e5df4a5d5cd657b9f097423546 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Wed, 21 Feb 2024 14:44:26 +0800 Subject: [PATCH 48/53] chore(mysql-cluster): set persistentVolumeClaimRetentionPolicy deleted --- .../chart/mysql-cluster/templates/primary/statefulset.yaml | 5 +++++ addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml | 4 ++++ addons/mysql-cluster/8.0/plans/standard-10/bind.yaml | 5 ++--- addons/mysql-cluster/8.0/plans/standard-10/values.yaml | 6 +++--- addons/mysql-cluster/8.0/plans/standard-100/bind.yaml | 5 ++--- addons/mysql-cluster/8.0/plans/standard-20/bind.yaml | 5 ++--- addons/mysql-cluster/8.0/plans/standard-200/bind.yaml | 5 ++--- addons/mysql-cluster/8.0/plans/standard-400/bind.yaml | 5 ++--- addons/mysql-cluster/8.0/plans/standard-50/bind.yaml | 5 ++--- addons/mysql-cluster/8.0/plans/standard-800/bind.yaml | 5 ++--- 10 files changed, 26 insertions(+), 24 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml index 24302e10..a5ffa045 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml @@ -369,6 +369,11 @@ spec: - name: data emptyDir: {} {{- else if and .Values.primary.persistence.enabled (not .Values.primary.persistence.existingClaim) }} + {{- if .Values.primary.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.primary.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.primary.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - metadata: name: data diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index 031cbe43..1f460ecf 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -474,6 +474,10 @@ primary: ## Enable persistence using Persistent Volume Claims ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ ## + persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Delete + whenDeleted: Delete persistence: ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir ## diff --git a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml index 4dffea55..9b49f3f5 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml @@ -1,17 +1,16 @@ credential: {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.router.service.type "ClusterIP") }} +{{- end }} - name: HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: PASSWORD valueFrom: secretKeyRef: diff --git a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml index 5e2e6f5d..198b5253 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/values.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/values.yaml @@ -16,11 +16,11 @@ primary: resources: limits: cpu: 1000m - memory: 2048Mi + memory: 4Gi requests: cpu: 1000m - memory: 2048Mi - + memory: 4Gi + ## @section Persistence parameters diff --git a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml index 1bb7d8b5..9b49f3f5 100644 --- a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml @@ -1,17 +1,16 @@ credential: {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.router.service.type "ClusterIP") }} +{{- end }} - name: HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: PASSWORD valueFrom: secretKeyRef: diff --git a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml index 4dffea55..9b49f3f5 100644 --- a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml @@ -1,17 +1,16 @@ credential: {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.router.service.type "ClusterIP") }} +{{- end }} - name: HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: PASSWORD valueFrom: secretKeyRef: diff --git a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml index 4dffea55..9b49f3f5 100644 --- a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml @@ -1,17 +1,16 @@ credential: {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.router.service.type "ClusterIP") }} +{{- end }} - name: HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: PASSWORD valueFrom: secretKeyRef: diff --git a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml index 4dffea55..9b49f3f5 100644 --- a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml @@ -1,17 +1,16 @@ credential: {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.router.service.type "ClusterIP") }} +{{- end }} - name: HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: PASSWORD valueFrom: secretKeyRef: diff --git a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml index 4dffea55..9b49f3f5 100644 --- a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml @@ -1,17 +1,16 @@ credential: {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.router.service.type "ClusterIP") }} +{{- end }} - name: HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: PASSWORD valueFrom: secretKeyRef: diff --git a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml index 4dffea55..9b49f3f5 100644 --- a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml @@ -1,17 +1,16 @@ credential: {{- if (eq .Values.router.service.type "LoadBalancer") }} - - name: HOST + - name: EXTRANET_HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }} jsonpath: '{ .status.loadBalancer.ingress[*].ip }' - {{- else if (eq .Values.router.service.type "ClusterIP") }} +{{- end }} - name: HOST valueFrom: serviceRef: name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .spec.clusterIP }' - {{- end }} - name: PASSWORD valueFrom: secretKeyRef: From 104fec2249bdf7aa74e0d8747464c523d09c705f Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 26 Feb 2024 17:17:23 +0800 Subject: [PATCH 49/53] chore(mysql-cluster): persistence group_replication_group_name after greate new cluster --- .../mysql-cluster/charts/common/.helmignore | 22 +++ .../mysql-cluster/charts/common/Chart.yaml | 9 + .../charts/common/templates/_affinities.tpl | 139 +++++++++++++ .../charts/common/templates/_capabilities.tpl | 185 ++++++++++++++++++ .../charts/common/templates/_errors.tpl | 28 +++ .../charts/common/templates/_images.tpl | 101 ++++++++++ .../charts/common/templates/_ingress.tpl | 73 +++++++ .../charts/common/templates/_labels.tpl | 39 ++++ .../charts/common/templates/_names.tpl | 71 +++++++ .../charts/common/templates/_secrets.tpl | 172 ++++++++++++++++ .../charts/common/templates/_storage.tpl | 28 +++ .../charts/common/templates/_tplvalues.tpl | 38 ++++ .../charts/common/templates/_utils.tpl | 67 +++++++ .../charts/common/templates/_warnings.tpl | 19 ++ .../templates/validations/_cassandra.tpl | 77 ++++++++ .../common/templates/validations/_mariadb.tpl | 108 ++++++++++ .../common/templates/validations/_mongodb.tpl | 113 +++++++++++ .../common/templates/validations/_mysql.tpl | 108 ++++++++++ .../templates/validations/_postgresql.tpl | 134 +++++++++++++ .../common/templates/validations/_redis.tpl | 81 ++++++++ .../templates/validations/_validations.tpl | 51 +++++ .../mysql-cluster/charts/common/values.yaml | 2 + .../mysql-cluster/templates/cluster/job.yaml | 7 +- .../templates/networkpolicy.yaml | 1 + .../templates/router/statefulset.yaml | 18 +- .../8.0/chart/mysql-cluster/values.yaml | 16 +- 26 files changed, 1683 insertions(+), 24 deletions(-) create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/.helmignore create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/Chart.yaml create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_affinities.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_capabilities.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_errors.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_images.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_ingress.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_labels.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_names.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_secrets.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_storage.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_tplvalues.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_utils.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_warnings.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_cassandra.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mariadb.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mongodb.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mysql.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_postgresql.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_redis.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_validations.tpl create mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/values.yaml diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/.helmignore b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/Chart.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/Chart.yaml new file mode 100644 index 00000000..424bb6ae --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v2 +description: Drycc Common +home: https://github.com/drycc/common +maintainers: +- email: team@drycc.cc + name: Team Drycc +name: common +type: library +version: 1.1.3 diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_affinities.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_affinities.tpl new file mode 100644 index 00000000..e85b1df4 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_affinities.tpl @@ -0,0 +1,139 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a topologyKey definition +{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}} +*/}} +{{- define "common.affinities.topologyKey" -}} +{{ .topologyKey | default "kubernetes.io/hostname" -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +{{- $customLabels := default (dict) .customLabels -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + weight: 1 + {{- range $extraPodAffinityTerms }} + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := .extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + weight: {{ .weight | default 1 -}} + {{- end -}} +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +{{- $customLabels := default (dict) .customLabels -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + {{- range $extraPodAffinityTerms }} + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := .extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + {{- end -}} +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_capabilities.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_capabilities.tpl new file mode 100644 index 00000000..c6d115fe --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_capabilities.tpl @@ -0,0 +1,185 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- if .Values.global }} + {{- if .Values.global.kubeVersion }} + {{- .Values.global.kubeVersion -}} + {{- else }} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} + {{- end -}} +{{- else }} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for poddisruptionbudget. +*/}} +{{- define "common.capabilities.policy.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "policy/v1beta1" -}} +{{- else -}} +{{- print "policy/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "common.capabilities.networkPolicy.apiVersion" -}} +{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for cronjob. +*/}} +{{- define "common.capabilities.cronjob.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "batch/v1beta1" -}} +{{- else -}} +{{- print "batch/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for daemonset. +*/}} +{{- define "common.capabilities.daemonset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for APIService. +*/}} +{{- define "common.capabilities.apiService.apiVersion" -}} +{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiregistration.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiregistration.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for Horizontal Pod Autoscaler. +*/}} +{{- define "common.capabilities.hpa.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for Vertical Pod Autoscaler. +*/}} +{{- define "common.capabilities.vpa.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_errors.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_errors.tpl new file mode 100644 index 00000000..07ded6f6 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_errors.tpl @@ -0,0 +1,28 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} + {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} + {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} + {{- $errorString = print $errorString "\n%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_images.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_images.tpl new file mode 100644 index 00000000..e248d6d0 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_images.tpl @@ -0,0 +1,101 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $separator := ":" -}} +{{- $termination := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- if .imageRoot.digest }} + {{- $separator = "@" -}} + {{- $termination = .imageRoot.digest | toString -}} +{{- end -}} +{{- if $registryName }} + {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} +{{- else -}} + {{- printf "%s%s%s" $repositoryName $separator $termination -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- if .global }} + {{- range .global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets | uniq }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names evaluating values as templates +{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} +*/}} +{{- define "common.images.renderPullSecrets" -}} + {{- $pullSecrets := list }} + {{- $context := .context }} + + {{- if $context.Values.global }} + {{- range $context.Values.global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets | uniq }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper image version (ingores image revision/prerelease info & fallbacks to chart appVersion) +{{ include "common.images.version" ( dict "imageRoot" .Values.path.to.the.image "chart" .Chart ) }} +*/}} +{{- define "common.images.version" -}} +{{- $imageTag := .imageRoot.tag | toString -}} +{{/* regexp from https://github.com/Masterminds/semver/blob/23f51de38a0866c5ef0bfc42b3f735c73107b700/version.go#L41-L44 */}} +{{- if regexMatch `^([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$` $imageTag -}} + {{- $version := semver $imageTag -}} + {{- printf "%d.%d.%d" $version.Major $version.Minor $version.Patch -}} +{{- else -}} + {{- print .chart.AppVersion -}} +{{- end -}} +{{- end -}} + diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_ingress.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_ingress.tpl new file mode 100644 index 00000000..efa5b85c --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_ingress.tpl @@ -0,0 +1,73 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} + number: {{ .servicePort | int }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the ingressClassname field is supported +Usage: +{{ include "common.ingress.supportsIngressClassname" . }} +*/}} +{{- define "common.ingress.supportsIngressClassname" -}} +{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if cert-manager required annotations for TLS signed +certificates are set in the Ingress annotations +Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations +Usage: +{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} +*/}} +{{- define "common.ingress.certManagerRequest" -}} +{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") (hasKey .annotations "kubernetes.io/tls-acme") }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_labels.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_labels.tpl new file mode 100644 index 00000000..a0534f7f --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_labels.tpl @@ -0,0 +1,39 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Kubernetes standard labels +{{ include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) -}} +*/}} +{{- define "common.labels.standard" -}} +{{- if and (hasKey . "customLabels") (hasKey . "context") -}} +{{ merge (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) (dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service) | toYaml }} +{{- else -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} +{{- end -}} + +{{/* +Labels used on immutable fields such as deploy.spec.selector.matchLabels or svc.spec.selector +{{ include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) -}} + +We don't want to loop over custom labels appending them to the selector +since it's very likely that it will break deployments, services, etc. +However, it's important to overwrite the standard labels if the user +overwrote them on metadata.labels fields. +*/}} +{{- define "common.labels.matchLabels" -}} +{{- if and (hasKey . "customLabels") (hasKey . "context") -}} +{{ merge (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") (dict "app.kubernetes.io/name" (include "common.names.name" .context) "app.kubernetes.io/instance" .context.Release.Name ) | toYaml }} +{{- else -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_names.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_names.tpl new file mode 100644 index 00000000..a222924f --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_names.tpl @@ -0,0 +1,71 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified dependency name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +Usage: +{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} +*/}} +{{- define "common.names.dependency.fullname" -}} +{{- if .chartValues.fullnameOverride -}} +{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .chartName .chartValues.nameOverride -}} +{{- if contains $name .context.Release.Name -}} +{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts. +*/}} +{{- define "common.names.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a fully qualified app name adding the installation's namespace. +*/}} +{{- define "common.names.fullname.namespace" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_secrets.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_secrets.tpl new file mode 100644 index 00000000..a193c46b --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_secrets.tpl @@ -0,0 +1,172 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. + - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets. +The order in which this function returns a secret password: + 1. Already existing 'Secret' resource + (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) + 2. Password provided via the values.yaml + (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) + 3. Randomly generated secret password + (A new random secret password with the length specified in the 'length' parameter will be generated and returned) + +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $failOnNew := default true .failOnNew }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }} +{{- if $secretData }} + {{- if hasKey $secretData .key }} + {{- $password = index $secretData .key | quote }} + {{- else if $failOnNew }} + {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} + {{- end -}} +{{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString | b64enc | quote }} +{{- else }} + + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} + {{- else }} + {{- $password = randAlphaNum $passwordLength | b64enc | quote }} + {{- end }} +{{- end -}} +{{- printf "%s" $password -}} +{{- end -}} + +{{/* +Reuses the value from an existing secret, otherwise sets its value to a default value. + +Usage: +{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - context - Context - Required - Parent context. + +*/}} +{{- define "common.secrets.lookup" -}} +{{- $value := "" -}} +{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}} +{{- if and $secretData (hasKey $secretData .key) -}} + {{- $value = index $secretData .key -}} +{{- else if .defaultValue -}} + {{- $value = .defaultValue | toString | b64enc -}} +{{- end -}} +{{- if $value -}} +{{- printf "%s" $value -}} +{{- end -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_storage.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_storage.tpl new file mode 100644 index 00000000..16405a0f --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_storage.tpl @@ -0,0 +1,28 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_tplvalues.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_tplvalues.tpl new file mode 100644 index 00000000..a8ed7637 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,38 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template perhaps with scope if the scope is present. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} +*/}} +{{- define "common.tplvalues.render" -}} +{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} +{{- if contains "{{" (toJson .value) }} + {{- if .scope }} + {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- else }} + {{- tpl $value .context }} + {{- end }} +{{- else }} + {{- $value }} +{{- end }} +{{- end -}} + +{{/* +Merge a list of values that contains template after rendering them. +Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge +Usage: +{{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} +*/}} +{{- define "common.tplvalues.merge" -}} +{{- $dst := dict -}} +{{- range .values -}} +{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} +{{- end -}} +{{ $dst | toYaml }} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_utils.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_utils.tpl new file mode 100644 index 00000000..c87040cd --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_utils.tpl @@ -0,0 +1,67 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ include "common.names.namespace" .context | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_warnings.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_warnings.tpl new file mode 100644 index 00000000..66dffc1f --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_warnings.tpl @@ -0,0 +1,19 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end }} + +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_cassandra.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_cassandra.tpl new file mode 100644 index 00000000..eda9aada --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_cassandra.tpl @@ -0,0 +1,77 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Cassandra required passwords are not empty. + +Usage: +{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.cassandra.passwords" -}} + {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} + {{- $enabled := include "common.cassandra.values.enabled" . -}} + {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} + {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mariadb.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mariadb.tpl new file mode 100644 index 00000000..17d83a2f --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mariadb.tpl @@ -0,0 +1,108 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mongodb.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mongodb.tpl new file mode 100644 index 00000000..bbb445b8 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mongodb.tpl @@ -0,0 +1,113 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MongoDB® required passwords are not empty. + +Usage: +{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mongodb.passwords" -}} + {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mongodb.values.enabled" . -}} + {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} + {{- $architecture := include "common.mongodb.values.architecture" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} + {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} + + {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} + {{- if and $valueUsername $valueDatabase -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replicaset") -}} + {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mysql.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mysql.tpl new file mode 100644 index 00000000..ca3953f8 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mysql.tpl @@ -0,0 +1,108 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MySQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mysql.passwords" -}} + {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mysql.values.enabled" . -}} + {{- $architecture := include "common.mysql.values.architecture" . -}} + {{- $authPrefix := include "common.mysql.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mysql. + +Usage: +{{ include "common.mysql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mysql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mysql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.key.auth" -}} + {{- if .subchart -}} + mysql.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_postgresql.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_postgresql.tpl new file mode 100644 index 00000000..8c9aa570 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_postgresql.tpl @@ -0,0 +1,134 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate PostgreSQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- if (eq $enabledReplication "true") -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_redis.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_redis.tpl new file mode 100644 index 00000000..fc0d208d --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_redis.tpl @@ -0,0 +1,81 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Redis® required passwords are not empty. + +Usage: +{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.redis.passwords" -}} + {{- $enabled := include "common.redis.values.enabled" . -}} + {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} + {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} + + {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} + {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} + + {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} + {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} + {{- if eq $useAuth "true" -}} + {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} + +{{/* +Checks whether the redis chart's includes the standarizations (version >= 14) + +Usage: +{{ include "common.redis.values.standarized.version" (dict "context" $) }} +*/}} +{{- define "common.redis.values.standarized.version" -}} + + {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} + {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} + + {{- if $standarizedAuthValues -}} + {{- true -}} + {{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_validations.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_validations.tpl new file mode 100644 index 00000000..31ceda87 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_validations.tpl @@ -0,0 +1,51 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/values.yaml new file mode 100644 index 00000000..79ba8424 --- /dev/null +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/values.yaml @@ -0,0 +1,2 @@ +## drycc/common +## It is required by CI/CD tools and processes. \ No newline at end of file diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml index 88365d71..d2efbfc6 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml @@ -103,8 +103,13 @@ spec: - -ec - | export HOST_0=${MYSQL_MASTER_HOST}-0.${MYSQL_MASTER_HOST} - echo 'Y' | mysqlsh --uri=${MYSQL_MASTER_ROOT_USER}@${HOST_0}:${MYSQL_MASTER_PORT_NUMBER} -p${MYSQL_ROOT_PASSWORD} -e'var c=dba.createCluster("MXMGR");' + export HOST_1=${MYSQL_MASTER_HOST}-1.${MYSQL_MASTER_HOST} + export HOST_2=${MYSQL_MASTER_HOST}-2.${MYSQL_MASTER_HOST} + echo 'Y' | mysqlsh --uri=${MYSQL_MASTER_ROOT_USER}@${HOST_0}:${MYSQL_MASTER_PORT_NUMBER} -p${MYSQL_ROOT_PASSWORD} -e'var c=dba.createCluster("MXMGR");' + mysql -h${HOST_0} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} -e "select @group_replication_group_name:= attributes -> '$.group_replication_group_name' from mysql_innodb_cluster_metadata.clusters; SET @sql = CONCAT('SET GLOBAL group_replication_group_name = "', @group_replication_group_name, '"');"; + mysql -h${HOST_1} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} -e "select @group_replication_group_name:= attributes -> '$.group_replication_group_name' from mysql_innodb_cluster_metadata.clusters; SET @sql = CONCAT('SET GLOBAL group_replication_group_name = "', @group_replication_group_name, '"');"; + mysql -h${HOST_2} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} -e "select @group_replication_group_name:= attributes -> '$.group_replication_group_name' from mysql_innodb_cluster_metadata.clusters; SET @sql = CONCAT('SET GLOBAL group_replication_group_name = "', @group_replication_group_name, '"');"; env: - name: MYSQL_MASTER_HOST value: {{ include "mysql.primary.fullname" . }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml index 40a5c22d..b792b024 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/networkpolicy.yaml @@ -26,6 +26,7 @@ spec: - port: {{ .Values.router.service.portrw }} - port: {{ .Values.router.service.portro }} - port: 24901 + - port: 33061 {{- if and .Values.metrics.enabled }} - port: {{ .Values.metrics.service.port }} {{ end }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml index dd5365fa..28722c28 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml @@ -186,11 +186,7 @@ spec: - /bin/bash - -ec - | - password_aux="${MYSQL_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") - fi - mysqladmin status -uroot -h127.0.0.1 -P6446 -p"${password_aux}" + mysqladmin ping -uroot -h127.0.0.1 -P6446 -p"${MYSQL_ROOT_PASSWORD}" {{- end }} {{- if .Values.router.customReadinessProbe }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.router.customReadinessProbe "context" $) | nindent 12 }} @@ -201,11 +197,7 @@ spec: - /bin/bash - -ec - | - password_aux="${MYSQL_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") - fi - mysqladmin status -uroot -h127.0.0.1 -P6446 -p"${password_aux}" + mysqladmin ping -uroot -h127.0.0.1 -P6446 -p"${MYSQL_ROOT_PASSWORD}" {{- end }} {{- if .Values.router.customStartupProbe }} startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.router.customStartupProbe "context" $) | nindent 12 }} @@ -216,11 +208,7 @@ spec: - /bin/bash - -ec - | - password_aux="${MYSQL_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") - fi - mysqladmin status -uroot -h127.0.0.1 -P6446 -p"${password_aux}" + mysqladmin ping -uroot -h127.0.0.1 -P6446 -p"${MYSQL_ROOT_PASSWORD}" {{- end }} {{- end }} {{- if .Values.router.resources }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index 1f460ecf..6915cd65 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -408,7 +408,7 @@ primary: enabled: true initialDelaySeconds: 5 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 10 failureThreshold: 3 successThreshold: 1 ## Configure extra options for readiness probe @@ -424,7 +424,7 @@ primary: enabled: true initialDelaySeconds: 5 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 10 failureThreshold: 3 successThreshold: 1 ## Configure extra options for startupProbe probe @@ -440,7 +440,7 @@ primary: enabled: true initialDelaySeconds: 15 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 10 failureThreshold: 10 successThreshold: 1 ## @param primary.customLivenessProbe Override default liveness probe for MySQL primary containers @@ -743,7 +743,7 @@ router: enabled: true initialDelaySeconds: 5 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 10 failureThreshold: 3 successThreshold: 1 ## Configure extra options for readiness probe @@ -759,7 +759,7 @@ router: enabled: true initialDelaySeconds: 5 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 10 failureThreshold: 3 successThreshold: 1 ## Configure extra options for startupProbe probe @@ -775,7 +775,7 @@ router: enabled: true initialDelaySeconds: 15 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 10 failureThreshold: 15 successThreshold: 1 ## @param secondary.customLivenessProbe Override default liveness probe for MySQL secondary containers @@ -1154,7 +1154,7 @@ metrics: enabled: true initialDelaySeconds: 120 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 10 successThreshold: 1 failureThreshold: 3 ## Mysqld Prometheus exporter readiness probe @@ -1170,7 +1170,7 @@ metrics: enabled: true initialDelaySeconds: 30 periodSeconds: 10 - timeoutSeconds: 1 + timeoutSeconds: 10 successThreshold: 1 failureThreshold: 3 ## Prometheus Service Monitor From e48239d5e644030ca14e5b3e372787ef1bc2aa8b Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 26 Feb 2024 17:19:22 +0800 Subject: [PATCH 50/53] chore(mysql-cluster): delete charts common --- .../mysql-cluster/charts/common/.helmignore | 22 --- .../mysql-cluster/charts/common/Chart.yaml | 9 - .../charts/common/templates/_affinities.tpl | 139 ------------- .../charts/common/templates/_capabilities.tpl | 185 ------------------ .../charts/common/templates/_errors.tpl | 28 --- .../charts/common/templates/_images.tpl | 101 ---------- .../charts/common/templates/_ingress.tpl | 73 ------- .../charts/common/templates/_labels.tpl | 39 ---- .../charts/common/templates/_names.tpl | 71 ------- .../charts/common/templates/_secrets.tpl | 172 ---------------- .../charts/common/templates/_storage.tpl | 28 --- .../charts/common/templates/_tplvalues.tpl | 38 ---- .../charts/common/templates/_utils.tpl | 67 ------- .../charts/common/templates/_warnings.tpl | 19 -- .../templates/validations/_cassandra.tpl | 77 -------- .../common/templates/validations/_mariadb.tpl | 108 ---------- .../common/templates/validations/_mongodb.tpl | 113 ----------- .../common/templates/validations/_mysql.tpl | 108 ---------- .../templates/validations/_postgresql.tpl | 134 ------------- .../common/templates/validations/_redis.tpl | 81 -------- .../templates/validations/_validations.tpl | 51 ----- .../mysql-cluster/charts/common/values.yaml | 2 - 22 files changed, 1665 deletions(-) delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/.helmignore delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/Chart.yaml delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_affinities.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_capabilities.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_errors.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_images.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_ingress.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_labels.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_names.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_secrets.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_storage.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_tplvalues.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_utils.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_warnings.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_cassandra.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mariadb.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mongodb.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mysql.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_postgresql.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_redis.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_validations.tpl delete mode 100644 addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/values.yaml diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/.helmignore b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/.helmignore deleted file mode 100644 index 50af0317..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/Chart.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/Chart.yaml deleted file mode 100644 index 424bb6ae..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/Chart.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v2 -description: Drycc Common -home: https://github.com/drycc/common -maintainers: -- email: team@drycc.cc - name: Team Drycc -name: common -type: library -version: 1.1.3 diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_affinities.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_affinities.tpl deleted file mode 100644 index e85b1df4..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_affinities.tpl +++ /dev/null @@ -1,139 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return a soft nodeAffinity definition -{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.soft" -}} -preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} - weight: 1 -{{- end -}} - -{{/* -Return a hard nodeAffinity definition -{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.hard" -}} -requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} -{{- end -}} - -{{/* -Return a nodeAffinity definition -{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.nodes.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.nodes.hard" . -}} - {{- end -}} -{{- end -}} - -{{/* -Return a topologyKey definition -{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}} -*/}} -{{- define "common.affinities.topologyKey" -}} -{{ .topologyKey | default "kubernetes.io/hostname" -}} -{{- end -}} - -{{/* -Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} -*/}} -{{- define "common.affinities.pods.soft" -}} -{{- $component := default "" .component -}} -{{- $customLabels := default (dict) .customLabels -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} -preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - weight: 1 - {{- range $extraPodAffinityTerms }} - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := .extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - weight: {{ .weight | default 1 -}} - {{- end -}} -{{- end -}} - -{{/* -Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} -*/}} -{{- define "common.affinities.pods.hard" -}} -{{- $component := default "" .component -}} -{{- $customLabels := default (dict) .customLabels -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} -requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - {{- range $extraPodAffinityTerms }} - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := .extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - {{- end -}} -{{- end -}} - -{{/* -Return a podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.pods" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.pods.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.pods.hard" . -}} - {{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_capabilities.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_capabilities.tpl deleted file mode 100644 index c6d115fe..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_capabilities.tpl +++ /dev/null @@ -1,185 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the target Kubernetes version -*/}} -{{- define "common.capabilities.kubeVersion" -}} -{{- if .Values.global }} - {{- if .Values.global.kubeVersion }} - {{- .Values.global.kubeVersion -}} - {{- else }} - {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} - {{- end -}} -{{- else }} -{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for poddisruptionbudget. -*/}} -{{- define "common.capabilities.policy.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "policy/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "common.capabilities.networkPolicy.apiVersion" -}} -{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for cronjob. -*/}} -{{- define "common.capabilities.cronjob.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "batch/v1beta1" -}} -{{- else -}} -{{- print "batch/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for daemonset. -*/}} -{{- define "common.capabilities.daemonset.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "common.capabilities.deployment.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "common.capabilities.statefulset.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apps/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "common.capabilities.ingress.apiVersion" -}} -{{- if .Values.ingress -}} -{{- if .Values.ingress.apiVersion -}} -{{- .Values.ingress.apiVersion -}} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end }} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for RBAC resources. -*/}} -{{- define "common.capabilities.rbac.apiVersion" -}} -{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "rbac.authorization.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "rbac.authorization.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for CRDs. -*/}} -{{- define "common.capabilities.crd.apiVersion" -}} -{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiextensions.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiextensions.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for APIService. -*/}} -{{- define "common.capabilities.apiService.apiVersion" -}} -{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiregistration.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiregistration.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for Horizontal Pod Autoscaler. -*/}} -{{- define "common.capabilities.hpa.apiVersion" -}} -{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} -{{- if .beta2 -}} -{{- print "autoscaling/v2beta2" -}} -{{- else -}} -{{- print "autoscaling/v2beta1" -}} -{{- end -}} -{{- else -}} -{{- print "autoscaling/v2" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for Vertical Pod Autoscaler. -*/}} -{{- define "common.capabilities.vpa.apiVersion" -}} -{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} -{{- if .beta2 -}} -{{- print "autoscaling/v2beta2" -}} -{{- else -}} -{{- print "autoscaling/v2beta1" -}} -{{- end -}} -{{- else -}} -{{- print "autoscaling/v2" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the used Helm version is 3.3+. -A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. -This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. -**To be removed when the catalog's minimun Helm version is 3.3** -*/}} -{{- define "common.capabilities.supportsHelmVersion" -}} -{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_errors.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_errors.tpl deleted file mode 100644 index 07ded6f6..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_errors.tpl +++ /dev/null @@ -1,28 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Through error when upgrading using empty passwords values that must not be empty. - -Usage: -{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} -{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} -{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} - -Required password params: - - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. - - context - Context - Required. Parent context. -*/}} -{{- define "common.errors.upgrade.passwords.empty" -}} - {{- $validationErrors := join "" .validationErrors -}} - {{- if and $validationErrors .context.Release.IsUpgrade -}} - {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} - {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} - {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} - {{- $errorString = print $errorString "\n%s" -}} - {{- printf $errorString $validationErrors | fail -}} - {{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_images.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_images.tpl deleted file mode 100644 index e248d6d0..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_images.tpl +++ /dev/null @@ -1,101 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} -*/}} -{{- define "common.images.image" -}} -{{- $registryName := .imageRoot.registry -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- $separator := ":" -}} -{{- $termination := .imageRoot.tag | toString -}} -{{- if .global }} - {{- if .global.imageRegistry }} - {{- $registryName = .global.imageRegistry -}} - {{- end -}} -{{- end -}} -{{- if .imageRoot.digest }} - {{- $separator = "@" -}} - {{- $termination = .imageRoot.digest | toString -}} -{{- end -}} -{{- if $registryName }} - {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} -{{- else -}} - {{- printf "%s%s%s" $repositoryName $separator $termination -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) -{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} -*/}} -{{- define "common.images.pullSecrets" -}} - {{- $pullSecrets := list }} - - {{- if .global }} - {{- range .global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "common.images.renderPullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Return the proper image version (ingores image revision/prerelease info & fallbacks to chart appVersion) -{{ include "common.images.version" ( dict "imageRoot" .Values.path.to.the.image "chart" .Chart ) }} -*/}} -{{- define "common.images.version" -}} -{{- $imageTag := .imageRoot.tag | toString -}} -{{/* regexp from https://github.com/Masterminds/semver/blob/23f51de38a0866c5ef0bfc42b3f735c73107b700/version.go#L41-L44 */}} -{{- if regexMatch `^([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$` $imageTag -}} - {{- $version := semver $imageTag -}} - {{- printf "%d.%d.%d" $version.Major $version.Minor $version.Patch -}} -{{- else -}} - {{- print .chart.AppVersion -}} -{{- end -}} -{{- end -}} - diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_ingress.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_ingress.tpl deleted file mode 100644 index efa5b85c..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_ingress.tpl +++ /dev/null @@ -1,73 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Generate backend entry that is compatible with all Kubernetes API versions. - -Usage: -{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} - -Params: - - serviceName - String. Name of an existing service backend - - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.ingress.backend" -}} -{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} -{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} -serviceName: {{ .serviceName }} -servicePort: {{ .servicePort }} -{{- else -}} -service: - name: {{ .serviceName }} - port: - {{- if typeIs "string" .servicePort }} - name: {{ .servicePort }} - {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} - number: {{ .servicePort | int }} - {{- end }} -{{- end -}} -{{- end -}} - -{{/* -Print "true" if the API pathType field is supported -Usage: -{{ include "common.ingress.supportsPathType" . }} -*/}} -{{- define "common.ingress.supportsPathType" -}} -{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the ingressClassname field is supported -Usage: -{{ include "common.ingress.supportsIngressClassname" . }} -*/}} -{{- define "common.ingress.supportsIngressClassname" -}} -{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if cert-manager required annotations for TLS signed -certificates are set in the Ingress annotations -Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations -Usage: -{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} -*/}} -{{- define "common.ingress.certManagerRequest" -}} -{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") (hasKey .annotations "kubernetes.io/tls-acme") }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_labels.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_labels.tpl deleted file mode 100644 index a0534f7f..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_labels.tpl +++ /dev/null @@ -1,39 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Kubernetes standard labels -{{ include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) -}} -*/}} -{{- define "common.labels.standard" -}} -{{- if and (hasKey . "customLabels") (hasKey . "context") -}} -{{ merge (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) (dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service) | toYaml }} -{{- else -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -helm.sh/chart: {{ include "common.names.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} -{{- end -}} - -{{/* -Labels used on immutable fields such as deploy.spec.selector.matchLabels or svc.spec.selector -{{ include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) -}} - -We don't want to loop over custom labels appending them to the selector -since it's very likely that it will break deployments, services, etc. -However, it's important to overwrite the standard labels if the user -overwrote them on metadata.labels fields. -*/}} -{{- define "common.labels.matchLabels" -}} -{{- if and (hasKey . "customLabels") (hasKey . "context") -}} -{{ merge (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") (dict "app.kubernetes.io/name" (include "common.names.name" .context) "app.kubernetes.io/instance" .context.Release.Name ) | toYaml }} -{{- else -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_names.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_names.tpl deleted file mode 100644 index a222924f..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_names.tpl +++ /dev/null @@ -1,71 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "common.names.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "common.names.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "common.names.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified dependency name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -Usage: -{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} -*/}} -{{- define "common.names.dependency.fullname" -}} -{{- if .chartValues.fullnameOverride -}} -{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .chartName .chartValues.nameOverride -}} -{{- if contains $name .context.Release.Name -}} -{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts. -*/}} -{{- define "common.names.namespace" -}} -{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a fully qualified app name adding the installation's namespace. -*/}} -{{- define "common.names.fullname.namespace" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_secrets.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_secrets.tpl deleted file mode 100644 index a193c46b..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_secrets.tpl +++ /dev/null @@ -1,172 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Generate secret name. - -Usage: -{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret - - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.secrets.name" -}} -{{- $name := (include "common.names.fullname" .context) -}} - -{{- if .defaultNameSuffix -}} -{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- with .existingSecret -}} -{{- if not (typeIs "string" .) -}} -{{- with .name -}} -{{- $name = . -}} -{{- end -}} -{{- else -}} -{{- $name = . -}} -{{- end -}} -{{- end -}} - -{{- printf "%s" $name -}} -{{- end -}} - -{{/* -Generate secret key. - -Usage: -{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret - - key - String - Required. Name of the key in the secret. -*/}} -{{- define "common.secrets.key" -}} -{{- $key := .key -}} - -{{- if .existingSecret -}} - {{- if not (typeIs "string" .existingSecret) -}} - {{- if .existingSecret.keyMapping -}} - {{- $key = index .existingSecret.keyMapping $.key -}} - {{- end -}} - {{- end }} -{{- end -}} - -{{- printf "%s" $key -}} -{{- end -}} - -{{/* -Generate secret password or retrieve one if already created. - -Usage: -{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - length - int - Optional - Length of the generated random password. - - strong - Boolean - Optional - Whether to add symbols to the generated random password. - - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. - - context - Context - Required - Parent context. - - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets. -The order in which this function returns a secret password: - 1. Already existing 'Secret' resource - (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) - 2. Password provided via the values.yaml - (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) - 3. Randomly generated secret password - (A new random secret password with the length specified in the 'length' parameter will be generated and returned) - -*/}} -{{- define "common.secrets.passwords.manage" -}} - -{{- $password := "" }} -{{- $subchart := "" }} -{{- $failOnNew := default true .failOnNew }} -{{- $chartName := default "" .chartName }} -{{- $passwordLength := default 10 .length }} -{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} -{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} -{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }} -{{- if $secretData }} - {{- if hasKey $secretData .key }} - {{- $password = index $secretData .key | quote }} - {{- else if $failOnNew }} - {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} - {{- end -}} -{{- else if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString | b64enc | quote }} -{{- else }} - - {{- if .context.Values.enabled }} - {{- $subchart = $chartName }} - {{- end -}} - - {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} - {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} - {{- $passwordValidationErrors := list $requiredPasswordError -}} - {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} - - {{- if .strong }} - {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} - {{- $password = randAscii $passwordLength }} - {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} - {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} - {{- else }} - {{- $password = randAlphaNum $passwordLength | b64enc | quote }} - {{- end }} -{{- end -}} -{{- printf "%s" $password -}} -{{- end -}} - -{{/* -Reuses the value from an existing secret, otherwise sets its value to a default value. - -Usage: -{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - context - Context - Required - Parent context. - -*/}} -{{- define "common.secrets.lookup" -}} -{{- $value := "" -}} -{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}} -{{- if and $secretData (hasKey $secretData .key) -}} - {{- $value = index $secretData .key -}} -{{- else if .defaultValue -}} - {{- $value = .defaultValue | toString | b64enc -}} -{{- end -}} -{{- if $value -}} -{{- printf "%s" $value -}} -{{- end -}} -{{- end -}} - -{{/* -Returns whether a previous generated secret already exists - -Usage: -{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - context - Context - Required - Parent context. -*/}} -{{- define "common.secrets.exists" -}} -{{- $secret := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret) }} -{{- if $secret }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_storage.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_storage.tpl deleted file mode 100644 index 16405a0f..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_storage.tpl +++ /dev/null @@ -1,28 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper Storage Class -{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} -*/}} -{{- define "common.storage.class" -}} - -{{- $storageClass := .persistence.storageClass -}} -{{- if .global -}} - {{- if .global.storageClass -}} - {{- $storageClass = .global.storageClass -}} - {{- end -}} -{{- end -}} - -{{- if $storageClass -}} - {{- if (eq "-" $storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" $storageClass -}} - {{- end -}} -{{- end -}} - -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_tplvalues.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_tplvalues.tpl deleted file mode 100644 index a8ed7637..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_tplvalues.tpl +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template perhaps with scope if the scope is present. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} -*/}} -{{- define "common.tplvalues.render" -}} -{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} -{{- if contains "{{" (toJson .value) }} - {{- if .scope }} - {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} - {{- else }} - {{- tpl $value .context }} - {{- end }} -{{- else }} - {{- $value }} -{{- end }} -{{- end -}} - -{{/* -Merge a list of values that contains template after rendering them. -Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge -Usage: -{{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} -*/}} -{{- define "common.tplvalues.merge" -}} -{{- $dst := dict -}} -{{- range .values -}} -{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} -{{- end -}} -{{ $dst | toYaml }} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_utils.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_utils.tpl deleted file mode 100644 index c87040cd..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_utils.tpl +++ /dev/null @@ -1,67 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Print instructions to get a secret value. -Usage: -{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} -*/}} -{{- define "common.utils.secret.getvalue" -}} -{{- $varname := include "common.utils.fieldToEnvVar" . -}} -export {{ $varname }}=$(kubectl get secret --namespace {{ include "common.names.namespace" .context | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d) -{{- end -}} - -{{/* -Build env var name given a field -Usage: -{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} -*/}} -{{- define "common.utils.fieldToEnvVar" -}} - {{- $fieldNameSplit := splitList "-" .field -}} - {{- $upperCaseFieldNameSplit := list -}} - - {{- range $fieldNameSplit -}} - {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} - {{- end -}} - - {{ join "_" $upperCaseFieldNameSplit }} -{{- end -}} - -{{/* -Gets a value from .Values given -Usage: -{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} -*/}} -{{- define "common.utils.getValueFromKey" -}} -{{- $splitKey := splitList "." .key -}} -{{- $value := "" -}} -{{- $latestObj := $.context.Values -}} -{{- range $splitKey -}} - {{- if not $latestObj -}} - {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} - {{- end -}} - {{- $value = ( index $latestObj . ) -}} - {{- $latestObj = $value -}} -{{- end -}} -{{- printf "%v" (default "" $value) -}} -{{- end -}} - -{{/* -Returns first .Values key with a defined value or first of the list if all non-defined -Usage: -{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} -*/}} -{{- define "common.utils.getKeyFromList" -}} -{{- $key := first .keys -}} -{{- $reverseKeys := reverse .keys }} -{{- range $reverseKeys }} - {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} - {{- if $value -}} - {{- $key = . }} - {{- end -}} -{{- end -}} -{{- printf "%s" $key -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_warnings.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_warnings.tpl deleted file mode 100644 index 66dffc1f..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/_warnings.tpl +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Warning about using rolling tag. -Usage: -{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} -*/}} -{{- define "common.warnings.rollingTag" -}} - -{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ -{{- end }} - -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_cassandra.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_cassandra.tpl deleted file mode 100644 index eda9aada..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_cassandra.tpl +++ /dev/null @@ -1,77 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Cassandra required passwords are not empty. - -Usage: -{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.cassandra.passwords" -}} - {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} - {{- $enabled := include "common.cassandra.values.enabled" . -}} - {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} - {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.dbUser.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled cassandra. - -Usage: -{{ include "common.cassandra.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.cassandra.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.cassandra.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key dbUser - -Usage: -{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.key.dbUser" -}} - {{- if .subchart -}} - cassandra.dbUser - {{- else -}} - dbUser - {{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mariadb.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mariadb.tpl deleted file mode 100644 index 17d83a2f..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mariadb.tpl +++ /dev/null @@ -1,108 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MariaDB required passwords are not empty. - -Usage: -{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mariadb.passwords" -}} - {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mariadb.values.enabled" . -}} - {{- $architecture := include "common.mariadb.values.architecture" . -}} - {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mariadb. - -Usage: -{{ include "common.mariadb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mariadb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mariadb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.key.auth" -}} - {{- if .subchart -}} - mariadb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mongodb.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mongodb.tpl deleted file mode 100644 index bbb445b8..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mongodb.tpl +++ /dev/null @@ -1,113 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MongoDB® required passwords are not empty. - -Usage: -{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mongodb.passwords" -}} - {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mongodb.values.enabled" . -}} - {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} - {{- $architecture := include "common.mongodb.values.architecture" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} - {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} - - {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} - {{- if and $valueUsername $valueDatabase -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replicaset") -}} - {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mongodb. - -Usage: -{{ include "common.mongodb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mongodb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mongodb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.key.auth" -}} - {{- if .subchart -}} - mongodb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mysql.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mysql.tpl deleted file mode 100644 index ca3953f8..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_mysql.tpl +++ /dev/null @@ -1,108 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MySQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mysql.passwords" -}} - {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mysql.values.enabled" . -}} - {{- $architecture := include "common.mysql.values.architecture" . -}} - {{- $authPrefix := include "common.mysql.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mysql. - -Usage: -{{ include "common.mysql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mysql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mysql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.key.auth" -}} - {{- if .subchart -}} - mysql.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_postgresql.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_postgresql.tpl deleted file mode 100644 index 8c9aa570..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_postgresql.tpl +++ /dev/null @@ -1,134 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate PostgreSQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.postgresql.passwords" -}} - {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} - {{- $enabled := include "common.postgresql.values.enabled" . -}} - {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} - {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} - - {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} - {{- if (eq $enabledReplication "true") -}} - {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to decide whether evaluate global values. - -Usage: -{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} -Params: - - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" -*/}} -{{- define "common.postgresql.values.use.global" -}} - {{- if .context.Values.global -}} - {{- if .context.Values.global.postgresql -}} - {{- index .context.Values.global.postgresql .key | quote -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.existingSecret" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} - - {{- if .subchart -}} - {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} - {{- else -}} - {{- default (.context.Values.existingSecret | quote) $globalValue -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled postgresql. - -Usage: -{{ include "common.postgresql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key postgressPassword. - -Usage: -{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.postgressPassword" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} - - {{- if not $globalValue -}} - {{- if .subchart -}} - postgresql.postgresqlPassword - {{- else -}} - postgresqlPassword - {{- end -}} - {{- else -}} - global.postgresql.postgresqlPassword - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled.replication. - -Usage: -{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.enabled.replication" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.replication.enabled -}} - {{- else -}} - {{- printf "%v" .context.Values.replication.enabled -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key replication.password. - -Usage: -{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.replicationPassword" -}} - {{- if .subchart -}} - postgresql.replication.password - {{- else -}} - replication.password - {{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_redis.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_redis.tpl deleted file mode 100644 index fc0d208d..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_redis.tpl +++ /dev/null @@ -1,81 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Redis® required passwords are not empty. - -Usage: -{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.redis.passwords" -}} - {{- $enabled := include "common.redis.values.enabled" . -}} - {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} - {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} - - {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} - {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} - - {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} - {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} - {{- if eq $useAuth "true" -}} - {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled redis. - -Usage: -{{ include "common.redis.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.redis.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.redis.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right prefix path for the values - -Usage: -{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.redis.values.keys.prefix" -}} - {{- if .subchart -}}redis.{{- else -}}{{- end -}} -{{- end -}} - -{{/* -Checks whether the redis chart's includes the standarizations (version >= 14) - -Usage: -{{ include "common.redis.values.standarized.version" (dict "context" $) }} -*/}} -{{- define "common.redis.values.standarized.version" -}} - - {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} - {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} - - {{- if $standarizedAuthValues -}} - {{- true -}} - {{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_validations.tpl b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_validations.tpl deleted file mode 100644 index 31ceda87..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/templates/validations/_validations.tpl +++ /dev/null @@ -1,51 +0,0 @@ -{{/* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate values must not be empty. - -Usage: -{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} -{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.multiple.empty" -}} - {{- range .required -}} - {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a value must not be empty. - -Usage: -{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" - - subchart - String - Optional - Name of the subchart that the validated password is part of. -*/}} -{{- define "common.validations.values.single.empty" -}} - {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} - {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} - - {{- if not $value -}} - {{- $varname := "my-value" -}} - {{- $getCurrentValue := "" -}} - {{- if and .secret .field -}} - {{- $varname = include "common.utils.fieldToEnvVar" . -}} - {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} - {{- end -}} - {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} - {{- end -}} -{{- end -}} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/values.yaml deleted file mode 100644 index 79ba8424..00000000 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/charts/common/values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -## drycc/common -## It is required by CI/CD tools and processes. \ No newline at end of file From 3892256048f495b54dccd1e65e816a26c61227a0 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 26 Feb 2024 17:26:44 +0800 Subject: [PATCH 51/53] chore(postgresql-cluster): reset max_slot_wal_keep_size --- addons/postgresql-cluster/15/plans/standard-100/values.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-200/values.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-400/values.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-4t/values.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-50/values.yaml | 2 +- addons/postgresql-cluster/15/plans/standard-800/values.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/addons/postgresql-cluster/15/plans/standard-100/values.yaml b/addons/postgresql-cluster/15/plans/standard-100/values.yaml index fff5cf6a..29e30b2e 100644 --- a/addons/postgresql-cluster/15/plans/standard-100/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-100/values.yaml @@ -56,7 +56,7 @@ postgresql: enable_partitionwise_join = on enable_partitionwise_aggregate = on jit = on - max_slot_wal_keep_size = '1000 MB' + max_slot_wal_keep_size = 10GB track_wal_io_timing = on maintenance_io_concurrency = 100 diff --git a/addons/postgresql-cluster/15/plans/standard-200/values.yaml b/addons/postgresql-cluster/15/plans/standard-200/values.yaml index 097a65b6..255f68a5 100644 --- a/addons/postgresql-cluster/15/plans/standard-200/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-200/values.yaml @@ -55,7 +55,7 @@ postgresql: enable_partitionwise_join = on enable_partitionwise_aggregate = on jit = on - max_slot_wal_keep_size = '1000 MB' + max_slot_wal_keep_size = 20GB track_wal_io_timing = on maintenance_io_concurrency = 100 diff --git a/addons/postgresql-cluster/15/plans/standard-400/values.yaml b/addons/postgresql-cluster/15/plans/standard-400/values.yaml index 3dd25a18..0ead38b4 100644 --- a/addons/postgresql-cluster/15/plans/standard-400/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-400/values.yaml @@ -55,7 +55,7 @@ postgresql: enable_partitionwise_join = on enable_partitionwise_aggregate = on jit = on - max_slot_wal_keep_size = '1000 MB' + max_slot_wal_keep_size = 40GB track_wal_io_timing = on maintenance_io_concurrency = 100 diff --git a/addons/postgresql-cluster/15/plans/standard-4t/values.yaml b/addons/postgresql-cluster/15/plans/standard-4t/values.yaml index d4046150..ff1aab00 100644 --- a/addons/postgresql-cluster/15/plans/standard-4t/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-4t/values.yaml @@ -55,7 +55,7 @@ postgresql: enable_partitionwise_join = on enable_partitionwise_aggregate = on jit = on - max_slot_wal_keep_size = '1000 MB' + max_slot_wal_keep_size = 100GB track_wal_io_timing = on maintenance_io_concurrency = 100 diff --git a/addons/postgresql-cluster/15/plans/standard-50/values.yaml b/addons/postgresql-cluster/15/plans/standard-50/values.yaml index 4712cacb..5d12b83a 100644 --- a/addons/postgresql-cluster/15/plans/standard-50/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-50/values.yaml @@ -56,7 +56,7 @@ postgresql: enable_partitionwise_join = on enable_partitionwise_aggregate = on jit = on - max_slot_wal_keep_size = '1000 MB' + max_slot_wal_keep_size = 5GB track_wal_io_timing = on maintenance_io_concurrency = 100 diff --git a/addons/postgresql-cluster/15/plans/standard-800/values.yaml b/addons/postgresql-cluster/15/plans/standard-800/values.yaml index a91fe646..9ef5bde1 100644 --- a/addons/postgresql-cluster/15/plans/standard-800/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-800/values.yaml @@ -55,7 +55,7 @@ postgresql: enable_partitionwise_join = on enable_partitionwise_aggregate = on jit = on - max_slot_wal_keep_size = '1000 MB' + max_slot_wal_keep_size = 80GB track_wal_io_timing = on maintenance_io_concurrency = 100 From 6c7dec7f8b9c33f7e252a0965497308f292879ff Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 4 Mar 2024 15:39:29 +0800 Subject: [PATCH 52/53] chore(mysql): Re-implementing the cluster implementation --- .../templates/cluster/deployments.yaml | 12 ++- .../mysql-cluster/templates/cluster/job.yaml | 100 ++++++------------ .../templates/primary/statefulset.yaml | 10 +- .../templates/router/statefulset.yaml | 4 + .../8.0/chart/mysql-cluster/values.yaml | 23 ++-- .../8.0/plans/standard-10/bind.yaml | 2 +- .../8.0/plans/standard-100/bind.yaml | 2 +- .../8.0/plans/standard-20/bind.yaml | 2 +- .../8.0/plans/standard-200/bind.yaml | 2 +- .../8.0/plans/standard-400/bind.yaml | 2 +- .../8.0/plans/standard-50/bind.yaml | 2 +- .../8.0/plans/standard-800/bind.yaml | 2 +- 12 files changed, 65 insertions(+), 98 deletions(-) diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/deployments.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/deployments.yaml index ef626420..3f0deb99 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/deployments.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/deployments.yaml @@ -6,20 +6,22 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "mysql.cluster.fullname" . }}-tools + name: {{ include "mysql.cluster.fullname" . }}-manager namespace: {{ include "common.names.namespace" . | quote }} spec: replicas: 1 selector: matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} app.kubernetes.io/component: mysql-cluster-tools - template: metadata: labels: {{- include "common.labels.standard" . | nindent 8 }} app.kubernetes.io/component: mysql-cluster-tools - spec: + subdomain: {{ include "mysql.primary.fullname" . }} + dnsConfig: + searches: + - {{ include "mysql.primary.fullname" . }}.{{ include "common.names.namespace" . }}.svc.cluster.local containers: - name: cluster-tools image: {{ include "cluster.image" . }} @@ -30,9 +32,11 @@ spec: - | sleep infinity env: + - name: MYSQL_HOST + value: {{ include "mysql.primary.fullname" . }} - name: MYSQL_MASTER_PORT_NUMBER value: {{ .Values.primary.service.ports.mysql | quote }} - - name: MYSQL_MASTER_ROOT_USER + - name: MYSQL_ROOT_USER value: "root" - name: MYSQL_ROOT_PASSWORD valueFrom: diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml index d2efbfc6..aa9ecfed 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/cluster/job.yaml @@ -6,7 +6,7 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.cronjob.apiVersion" . }} kind: Job metadata: - name: {{ include "mysql.cluster.fullname" . }} + name: {{ include "mysql.cluster.fullname" . }}-init namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} app.kubernetes.io/component: primary @@ -21,6 +21,10 @@ spec: template: spec: restartPolicy: Never + subdomain: {{ include "mysql.primary.fullname" . }} + dnsConfig: + searches: + - {{ include "mysql.primary.fullname" . }}.{{ include "common.names.namespace" . }}.svc.cluster.local initContainers: - name: init-wait image: registry.uucin.com/drycc/python-dev:latest @@ -29,70 +33,16 @@ spec: - netcat - -v - -u - - mysql://$(MYSQL_MASTER_HOST)-0.$(MYSQL_MASTER_HOST):$(MYSQL_MASTER_PORT_NUMBER),mysql://$(MYSQL_MASTER_HOST)-1.$(MYSQL_MASTER_HOST):$(MYSQL_MASTER_PORT_NUMBER),mysql://$(MYSQL_MASTER_HOST)-2.$(MYSQL_MASTER_HOST):$(MYSQL_MASTER_PORT_NUMBER) + - mysql://$(MYSQL_HOST)-2:$(MYSQL_PORT_NUMBER) env: - - name: MYSQL_MASTER_HOST + - name: MYSQL_HOST value: {{ include "mysql.primary.fullname" . }} - - name: MYSQL_MASTER_PORT_NUMBER + - name: MYSQL_PORT_NUMBER value: {{ .Values.primary.service.ports.mysql | quote }} - - - name: mgr - image: {{ include "mysql.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.primary.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.primary.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - command: - - /bin/bash - - -ec - - | - export HOST_0=${MYSQL_MASTER_HOST}-0.${MYSQL_MASTER_HOST} - export HOST_1=${MYSQL_MASTER_HOST}-1.${MYSQL_MASTER_HOST} - export HOST_2=${MYSQL_MASTER_HOST}-2.${MYSQL_MASTER_HOST} - - echo " - set global group_replication_bootstrap_group=on; - start group_replication; - select * from performance_schema.replication_group_members; - set global group_replication_bootstrap_group=off; - " > /tmp/master.sql - mysql -h${HOST_0} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} < /tmp/master.sql - - echo " - reset master; - change master to master_user='$(MYSQL_REPLICATION_USER)',master_password='$(MYSQL_REPLICATION_PASSWORD)' for channel 'group_replication_recovery'; - start group_replication; - select * from performance_schema.replication_group_members; - " > /tmp/slave.sql - mysql -h${HOST_1} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} < /tmp/slave.sql - mysql -h${HOST_2} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} < /tmp/slave.sql - mysql -h${HOST_0} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} -e "GRANT ALL PRIVILEGES ON *.* TO administrator@'%' WITH GRANT OPTION;flush privileges;" - - env: - - name: DRYCC_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: MYSQL_MASTER_HOST - value: {{ include "mysql.primary.fullname" . }} - - name: MYSQL_MASTER_PORT_NUMBER - value: {{ .Values.primary.service.ports.mysql | quote }} - - name: MYSQL_MASTER_ROOT_USER - value: "root" - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mysql.secretName" . }} - key: mysql-root-password - - name: MYSQL_REPLICATION_USER - value: {{ .Values.auth.replicationUser | quote }} - - name: MYSQL_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mysql.secretName" . }} - key: mysql-replication-password containers: - - name: cluster + - name: init-cluster image: {{ include "cluster.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy | quote }} {{- if .Values.primary.containerSecurityContext.enabled }} @@ -102,20 +52,32 @@ spec: - /bin/bash - -ec - | - export HOST_0=${MYSQL_MASTER_HOST}-0.${MYSQL_MASTER_HOST} - export HOST_1=${MYSQL_MASTER_HOST}-1.${MYSQL_MASTER_HOST} - export HOST_2=${MYSQL_MASTER_HOST}-2.${MYSQL_MASTER_HOST} - echo 'Y' | mysqlsh --uri=${MYSQL_MASTER_ROOT_USER}@${HOST_0}:${MYSQL_MASTER_PORT_NUMBER} -p${MYSQL_ROOT_PASSWORD} -e'var c=dba.createCluster("MXMGR");' - mysql -h${HOST_0} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} -e "select @group_replication_group_name:= attributes -> '$.group_replication_group_name' from mysql_innodb_cluster_metadata.clusters; SET @sql = CONCAT('SET GLOBAL group_replication_group_name = "', @group_replication_group_name, '"');"; - mysql -h${HOST_1} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} -e "select @group_replication_group_name:= attributes -> '$.group_replication_group_name' from mysql_innodb_cluster_metadata.clusters; SET @sql = CONCAT('SET GLOBAL group_replication_group_name = "', @group_replication_group_name, '"');"; - mysql -h${HOST_2} -P${MYSQL_MASTER_PORT_NUMBER} -uroot -p${MYSQL_ROOT_PASSWORD} -e "select @group_replication_group_name:= attributes -> '$.group_replication_group_name' from mysql_innodb_cluster_metadata.clusters; SET @sql = CONCAT('SET GLOBAL group_replication_group_name = "', @group_replication_group_name, '"');"; + export HOST_0=${MYSQL_HOST}-0 + export HOST_1=${MYSQL_HOST}-1 + export HOST_2=${MYSQL_HOST}-2 + + # create mysql cluster --file + echo " + shell.options['dba.restartWaitTimeout']=300; + dba.createCluster('MXMGR',{disableClone:false}); + dba.getCluster().addInstance('root@${HOST_1}',{recoveryMethod:'clone'}); + dba.getCluster().addInstance('root@${HOST_2}',{recoveryMethod:'clone'}); + dba.getCluster().status(); + " > /tmp/create_cluster.js + mysqlsh --uri=${MYSQL_ROOT_USER}@${HOST_0}:${MYSQL_PORT_NUMBER} -p${MYSQL_ROOT_PASSWORD} -f /tmp/create_cluster.js + + # init sql --sql + echo " + GRANT ALL PRIVILEGES ON *.* TO administrator@'%' WITH GRANT OPTION;flush privileges; + " > /tmp/init.sql + mysqlsh --uri=${MYSQL_ROOT_USER}@${HOST_0}:${MYSQL_PORT_NUMBER} -p${MYSQL_ROOT_PASSWORD} --sql -f /tmp/init.sql env: - - name: MYSQL_MASTER_HOST + - name: MYSQL_HOST value: {{ include "mysql.primary.fullname" . }} - - name: MYSQL_MASTER_PORT_NUMBER + - name: MYSQL_PORT_NUMBER value: {{ .Values.primary.service.ports.mysql | quote }} - - name: MYSQL_MASTER_ROOT_USER + - name: MYSQL_ROOT_USER value: "root" - name: MYSQL_ROOT_PASSWORD valueFrom: diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml index a5ffa045..822a407b 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/primary/statefulset.yaml @@ -46,6 +46,10 @@ spec: {{- if .Values.primary.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.primary.hostAliases "context" $) | nindent 8 }} {{- end }} + subdomain: {{ include "mysql.primary.fullname" . }} + dnsConfig: + searches: + - {{ include "mysql.primary.fullname" . }}.{{ include "common.names.namespace" . }}.svc.cluster.local {{- if .Values.primary.affinity }} affinity: {{- include "common.tplvalues.render" (dict "value" .Values.primary.affinity "context" $) | nindent 8 }} {{- else }} @@ -214,7 +218,7 @@ spec: if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") fi - mysqladmin status -uroot -h127.0.0.1 -p"${password_aux}" + mysqladmin ping -uroot -h127.0.0.1 -p"${password_aux}" {{- end }} {{- if .Values.primary.customReadinessProbe }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customReadinessProbe "context" $) | nindent 12 }} @@ -229,7 +233,7 @@ spec: if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") fi - mysqladmin status -uroot -h127.0.0.1 -p"${password_aux}" + mysqladmin ping -uroot -h127.0.0.1 -p"${password_aux}" {{- end }} {{- if .Values.primary.customStartupProbe }} startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customStartupProbe "context" $) | nindent 12 }} @@ -244,7 +248,7 @@ spec: if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") fi - mysqladmin status -uroot -h127.0.0.1 -p"${password_aux}" + mysqladmin ping -uroot -h127.0.0.1 -p"${password_aux}" {{- end }} {{- end }} {{- if .Values.primary.resources }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml index 28722c28..9134cbfe 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/templates/router/statefulset.yaml @@ -43,6 +43,10 @@ spec: {{- if .Values.router.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.router.hostAliases "context" $) | nindent 8 }} {{- end }} + subdomain: {{ include "mysql.primary.fullname" . }} + dnsConfig: + searches: + - {{ include "mysql.primary.fullname" . }}.{{ include "common.names.namespace" . }}.svc.cluster.local {{- if .Values.router.affinity }} affinity: {{- include "common.tplvalues.render" (dict "value" .Values.router.affinity "context" $) | nindent 8 }} {{- else }} diff --git a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml index 6915cd65..ce87fd76 100644 --- a/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml +++ b/addons/mysql-cluster/8.0/chart/mysql-cluster/values.yaml @@ -176,9 +176,9 @@ initdbScripts: # Add an offset to avoid reserved server-id=0 value. echo server-id=$((100 + $ordinal)) >> $base_conf_file # Copy appropriate conf.d files from config-map to emptyDir. - echo loose-group_replication_local_address=$mgr_host.$svc_mgr_host:24901 >> $base_conf_file - echo report_host=$mgr_host.$svc_mgr_host >> $base_conf_file - echo loose-group_replication_group_seeds="$svc_mgr_host-0.$svc_mgr_host:24901,$svc_mgr_host-1.$svc_mgr_host:24901,$svc_mgr_host-2.$svc_mgr_host:24901" >> $base_conf_file + echo loose-group_replication_local_address=$mgr_host:24901 >> $base_conf_file + echo report_host=$mgr_host >> $base_conf_file + echo loose-group_replication_group_seeds="$svc_mgr_host-0:24901,$svc_mgr_host-1:24901,$svc_mgr_host-2:24901" >> $base_conf_file echo plugin_load_add='group_replication.so' >> $base_conf_file @@ -204,7 +204,7 @@ primary: ## args: [] ## @param primary.lifecycleHooks for the MySQL Primary container(s) to automate configuration before or after startup - ## + ##configuration lifecycleHooks: {} ## @param primary.hostAliases Deployment pod host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ @@ -259,18 +259,11 @@ primary: # Multi-threaded Replication replica_preserve_commit_order=ON - replica_parallel_workers=4 + replica_parallel_workers=8 + replica_parallel_type=LOGICAL_CLOCK # Group Replication Settings - #plugin_load_add="group_replication.so" - loose-group_replication_recovery_get_public_key=ON - loose-group_replication_recovery_use_ssl=on - loose-group_replication_group_name="{{uuidv4}}" - loose-group_replication_ip_allowlist="0.0.0.0/0" - - loose-group_replication_bootstrap_group=OFF - loose-group_replication_start_on_boot=OFF - + [client] port=3306 socket=/opt/drycc/mysql/tmp/mysql.sock @@ -689,7 +682,7 @@ router: ## @param secondary.podManagementPolicy podManagementPolicy to manage scaling operation of MySQL secondary pods ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies ## - podManagementPolicy: "" + podManagementPolicy: "Parallel" ## MySQL secondary Pod security context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param secondary.podSecurityContext.enabled Enable security context for MySQL secondary pods diff --git a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml index 9b49f3f5..6a7147c9 100644 --- a/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-10/bind.yaml @@ -3,7 +3,7 @@ credential: - name: EXTRANET_HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} - name: HOST diff --git a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml index 9b49f3f5..6a7147c9 100644 --- a/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-100/bind.yaml @@ -3,7 +3,7 @@ credential: - name: EXTRANET_HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} - name: HOST diff --git a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml index 9b49f3f5..6a7147c9 100644 --- a/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-20/bind.yaml @@ -3,7 +3,7 @@ credential: - name: EXTRANET_HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} - name: HOST diff --git a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml index 9b49f3f5..6a7147c9 100644 --- a/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-200/bind.yaml @@ -3,7 +3,7 @@ credential: - name: EXTRANET_HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} - name: HOST diff --git a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml index 9b49f3f5..6a7147c9 100644 --- a/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-400/bind.yaml @@ -3,7 +3,7 @@ credential: - name: EXTRANET_HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} - name: HOST diff --git a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml index 9b49f3f5..6a7147c9 100644 --- a/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-50/bind.yaml @@ -3,7 +3,7 @@ credential: - name: EXTRANET_HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} - name: HOST diff --git a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml index 9b49f3f5..6a7147c9 100644 --- a/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml +++ b/addons/mysql-cluster/8.0/plans/standard-800/bind.yaml @@ -3,7 +3,7 @@ credential: - name: EXTRANET_HOST valueFrom: serviceRef: - name: {{ include "common.names.fullname" . }} + name: {{ include "common.names.fullname" . }}-router jsonpath: '{ .status.loadBalancer.ingress[*].ip }' {{- end }} - name: HOST From 713ae7484eb6f733ecedf70706db1d66b72a7d99 Mon Sep 17 00:00:00 2001 From: EamonZhang Date: Mon, 4 Mar 2024 16:04:37 +0800 Subject: [PATCH 53/53] chore(postgresql-cluster): fix 4t plan --- addons/pmm/2.41/chart/pmm /.helmignore | 23 -- addons/pmm/2.41/chart/pmm /Chart.yaml | 18 -- addons/pmm/2.41/chart/pmm /README.md | 205 ------------- .../pmm/2.41/chart/pmm /templates/NOTES.txt | 32 -- .../2.41/chart/pmm /templates/_helpers.tpl | 79 ----- .../chart/pmm /templates/clusterrole.yaml | 28 -- .../pmm /templates/clusterrolebinding.yaml | 29 -- .../2.41/chart/pmm /templates/configmap.yaml | 13 - .../2.41/chart/pmm /templates/ingress.yaml | 148 ---------- .../chart/pmm /templates/secret-certs.yaml | 18 -- .../pmm/2.41/chart/pmm /templates/secret.yaml | 24 -- .../2.41/chart/pmm /templates/service.yaml | 49 ---- .../chart/pmm /templates/serviceaccount.yaml | 22 -- .../chart/pmm /templates/statefulset.yaml | 149 ---------- addons/pmm/2.41/chart/pmm /values.yaml | 276 ------------------ .../15/plans/standard-4t/values.yaml | 4 - 16 files changed, 1117 deletions(-) delete mode 100644 addons/pmm/2.41/chart/pmm /.helmignore delete mode 100644 addons/pmm/2.41/chart/pmm /Chart.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /README.md delete mode 100644 addons/pmm/2.41/chart/pmm /templates/NOTES.txt delete mode 100644 addons/pmm/2.41/chart/pmm /templates/_helpers.tpl delete mode 100644 addons/pmm/2.41/chart/pmm /templates/clusterrole.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /templates/clusterrolebinding.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /templates/configmap.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /templates/ingress.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /templates/secret-certs.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /templates/secret.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /templates/service.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /templates/serviceaccount.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /templates/statefulset.yaml delete mode 100644 addons/pmm/2.41/chart/pmm /values.yaml diff --git a/addons/pmm/2.41/chart/pmm /.helmignore b/addons/pmm/2.41/chart/pmm /.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/addons/pmm/2.41/chart/pmm /.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/addons/pmm/2.41/chart/pmm /Chart.yaml b/addons/pmm/2.41/chart/pmm /Chart.yaml deleted file mode 100644 index 7353e99f..00000000 --- a/addons/pmm/2.41/chart/pmm /Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v2 -name: pmm -description: A Helm chart for Percona Monitoring and Management (PMM) -type: application -version: 1.3.11 -appVersion: "2.41.1" -home: https://github.com/percona/pmm -maintainers: - - name: tplavcic - email: tomislav.plavcic@percona.com - - name: bupychuk - email: nurlan.moldomurov@percona.com - - name: spron-in - email: sergey.pronin@percona.com -keywords: - - PMM - - Monitoring -icon: https://www.percona.com/sites/default/files/pmm-logo.png diff --git a/addons/pmm/2.41/chart/pmm /README.md b/addons/pmm/2.41/chart/pmm /README.md deleted file mode 100644 index 3f8a3a4b..00000000 --- a/addons/pmm/2.41/chart/pmm /README.md +++ /dev/null @@ -1,205 +0,0 @@ -# Percona Monitoring and Management (PMM) - -## Introduction - -PMM is an open source database monitoring, observability and management tool. - -Check more info here: https://docs.percona.com/percona-monitoring-and-management/index.html - -## Prerequisites - -- Kubernetes 1.22+ -- Helm 3.2.0+ -- PV provisioner support in the underlying infrastructure - -## Installing the Chart - -To install the chart with the release name `pmm`: - -```sh -helm repo add percona https://percona.github.io/percona-helm-charts/ -helm install pmm percona/pmm -``` - -The command deploys PMM on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall `pmm` deployment: - -```sh -helm uninstall pmm -``` - -This command takes a release name and uninstalls the release. - -It removes all of the resources associated with the last release of the chart as well as the release history. - -## Parameters - -### Percona Monitoring and Management (PMM) parameters - -| Name | Description | Value | -| ------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |----------------------| -| `image.repository` | PMM image repository | `percona/pmm-server` | -| `image.pullPolicy` | PMM image pull policy | `IfNotPresent` | -| `image.tag` | PMM image tag (immutable tags are recommended) | `2.41.1` | -| `image.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `pmmEnv.DISABLE_UPDATES` | Disables a periodic check for new PMM versions as well as ability to apply upgrades using the UI (need to be disabled in k8s environment as updates rolled with helm/container update) | `1` | -| `pmmResources` | optional [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) requested for [PMM container](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/index.html#set-up-pmm-server) | `{}` | -| `readyProbeConf.initialDelaySeconds` | Number of seconds after the container has started before readiness probes is initiated | `1` | -| `readyProbeConf.periodSeconds` | How often (in seconds) to perform the probe | `5` | -| `readyProbeConf.failureThreshold` | When a probe fails, Kubernetes will try failureThreshold times before giving up | `6` | - - -### PMM secrets - -| Name | Description | Value | -| --------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -| `secret.name` | Defines the name of the k8s secret that holds passwords and other secrets | `pmm-secret` | -| `secret.annotations` | Defines the annotations of the k8s secret that holds passwords and other secrets | `{}` | -| `secret.create` | If true then secret will be generated by Helm chart. Otherwise it is expected to be created by user. | `true` | -| `secret.pmm_password` | Initial PMM password - it changes only on the first deployment, ignored if PMM was already provisioned and just restarted. If PMM admin password is not set, it will be generated. | `""` | -| `certs` | Optional certificates, if not provided PMM would use generated self-signed certificates, | `{}` | - - -### PMM network configuration - -| Name | Description | Value | -| --------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | -| `service.name` | Service name that is dns name monitoring services would send data to. `monitoring-service` used by default by pmm-client in Percona operators. | `monitoring-service` | -| `service.type` | Kubernetes Service type | `NodePort` | -| `service.ports[0].port` | https port number | `443` | -| `service.ports[0].targetPort` | target port to map for statefulset and ingress | `https` | -| `service.ports[0].protocol` | protocol for https | `TCP` | -| `service.ports[0].name` | port name | `https` | -| `service.ports[1].port` | http port number | `80` | -| `service.ports[1].targetPort` | target port to map for statefulset and ingress | `http` | -| `service.ports[1].protocol` | protocol for http | `TCP` | -| `service.ports[1].name` | port name | `http` | -| `ingress.enabled` | -- Enable ingress controller resource | `false` | -| `ingress.nginxInc` | -- Using ingress controller from NGINX Inc | `false` | -| `ingress.annotations` | -- Ingress annotations configuration | `{}` | -| `ingress.community.annotations` | -- Ingress annotations configuration for community managed ingress (nginxInc = false) | `{}` | -| `ingress.ingressClassName` | -- Sets the ingress controller class name to use. | `""` | -| `ingress.hosts[0].host` | hostname | `chart-example.local` | -| `ingress.hosts[0].paths` | path mapping | `[]` | -| `ingress.pathType` | -- How ingress paths should be treated. | `Prefix` | -| `ingress.tls` | -- Ingress TLS configuration | `[]` | - - -### PMM storage configuration - -| Name | Description | Value | -| -------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | -| `storage.name` | name of PVC | `pmm-storage` | -| `storage.storageClassName` | optional PMM data Persistent Volume Storage Class | `""` | -| `storage.size` | size of storage [depends](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/index.html#set-up-pmm-server) on number of monitored services and data retention | `10Gi` | -| `storage.dataSource` | VolumeSnapshot to start from | `{}` | -| `storage.selector` | select existing PersistentVolume | `{}` | - - -### PMM kubernetes configurations - -| Name | Description | Value | -| ---------------------------- | ------------------------------------------------------------------------------------------------------------------- | --------------------- | -| `nameOverride` | String to partially override common.names.fullname template with a string (will prepend the release name) | `""` | -| `extraLabels` | Labels to add to all deployed objects | `{}` | -| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | -| `serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `pmm-service-account` | -| `podAnnotations` | Pod annotations | `{}` | -| `podSecurityContext` | Configure Pods Security Context | `{}` | -| `securityContext` | Configure Container Security Context | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | - - -Specify each parameter using the `--set key=value[,key=value]` or `--set-string key=value[,key=value]` arguments to `helm install`. For example, - -```sh -helm install pmm \ - --set service.type="NodePort" \ - --set storage.storageClassName="linode-block-storage-retain" \ - percona/pmm -``` - -The above command installs PMM with the Service network type set to `NodePort` and storage class to `linode-block-storage-retain` for persistence storage on LKE. - -> NOTE: Once this chart is deployed, it is impossible to change the application's access credentials, such as password, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example: - -```sh -helm install pmm -f values.yaml percona/pmm -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) or get them from chart definition: `helm show values percona/pmm > values.yaml` - -## Configuration and installation details - -### [Image tags](https://kubernetes.io/docs/concepts/containers/images/#updating-images) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Percona will release a new chart updating its containers if a new version of the main container is available, there are any significant changes, or critical vulnerabilities exist. - -### PMM admin password - -PMM admin password would be set only on the first deployment. That setting is ignored if PMM was already provisioned and just restarted and/or updated. In real-life situations it is recommended to create the `pmm-secret` secret manually before the release and set `secret.create` to false. The chart then won't overwrite secret during install or upgrade and values.yaml won't contain any secret. - -If PMM admin password is not set explicitly (default), it will be generated. - -To get admin password execute: - -```sh -kubectl get secret pmm-secret -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode -``` - -### PMM SSL certificates - -PMM ships with self signed SSL certificates to provide secure connection between client and server ([check here](https://docs.percona.com/percona-monitoring-and-management/how-to/secure.html#ssl-encryption)). -You could see the warning when connecting to PMM. To further increase security, you could provide your certificates and add values of credentials to the fields of the `cert` section: - -```yaml -certs: - name: pmm-certs - files: - certificate.crt: - certificate.key: - ca-certs.pem: - dhparam.pem: -``` - -### PMM updates - -By default UI update feature is disabled and should not be enabled. Do not modify that parameter or add it while modifying the custom `values.yaml` file: - -```yaml -pmmEnv: - DISABLE_UPDATES: "1" -``` - -Before updating the helm chart, it is recommended to pre-pull the image on the node where PMM is running, as the PMM images could be large and could take time to download - -PMM updates should happen in a standard way: - -```sh -helm repo update percona -helm upgrade pmm -f values.yaml percona/pmm -``` - -This will check updates in the repo and upgrade deployment if the updates are available. - -### [PMM environment variables](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/docker.html#environment-variables) - -In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `pmmEnv` property. - -```yaml -pmmEnv: - DISABLE_UPDATES: "1" - DATA_RETENTION: "2160h" # 90 days -``` diff --git a/addons/pmm/2.41/chart/pmm /templates/NOTES.txt b/addons/pmm/2.41/chart/pmm /templates/NOTES.txt deleted file mode 100644 index 5901a351..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/NOTES.txt +++ /dev/null @@ -1,32 +0,0 @@ - -Percona Monitoring and Management (PMM) - -An open source database monitoring, observability and management tool -Check more info here: https://docs.percona.com/percona-monitoring-and-management/index.html - -Get the application URL: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ .Values.service.name }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo https://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ .Values.service.name }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ .Values.service.name }} -o jsonpath="{.status.loadBalancer.ingress[0].ip}") - echo https://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "pmm.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[1].containerPort}") - echo "Visit https://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} - -Get password for the "admin" user: - export ADMIN_PASS=$(kubectl get secret pmm-secret --namespace {{ .Release.Namespace }} -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode) - echo $ADMIN_PASS diff --git a/addons/pmm/2.41/chart/pmm /templates/_helpers.tpl b/addons/pmm/2.41/chart/pmm /templates/_helpers.tpl deleted file mode 100644 index 232b94b9..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/_helpers.tpl +++ /dev/null @@ -1,79 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "pmm.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "pmm.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "pmm.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "pmm.labels" -}} -helm.sh/chart: {{ include "pmm.chart" . }} -{{ include "pmm.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "pmm.selectorLabels" -}} -app.kubernetes.io/name: {{ include "pmm.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/component: pmm-server -app.kubernetes.io/part-of: percona-platform -{{- if .Values.extraLabels }} -{{ toYaml .Values.extraLabels }} -{{- end }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "pmm.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "pmm.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Pod annotation -*/}} -{{- define "pmm.podAnnotations" -}} -app.kubernetes.io/managed-by: {{ .Release.Service }} -helm.sh/chart: {{ include "pmm.chart" . }} -checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} -{{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations }} -{{- end }} -{{- end }} diff --git a/addons/pmm/2.41/chart/pmm /templates/clusterrole.yaml b/addons/pmm/2.41/chart/pmm /templates/clusterrole.yaml deleted file mode 100644 index 0a0350b6..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/clusterrole.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "pmm.fullname" . }} - labels: - {{- include "pmm.labels" . | nindent 4 }} -rules: -# standard RBAC -- apiGroups: [""] # "" indicates the core API group - resources: - - namespaces - - endpoints - - services - - nodes - - pods - - secrets - - serviceaccounts - verbs: - - get - - watch - - list -- nonResourceURLs: - - /metrics - - /metrics/resources - verbs: - - get -{{- end }} diff --git a/addons/pmm/2.41/chart/pmm /templates/clusterrolebinding.yaml b/addons/pmm/2.41/chart/pmm /templates/clusterrolebinding.yaml deleted file mode 100644 index dd3ee52d..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/clusterrolebinding.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -{{- if .Values.pmmEnv.ENABLE_CLUSTER_ROLE_ADMIN -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "pmm.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: {{ include "pmm.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "pmm.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "pmm.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ include "pmm.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} diff --git a/addons/pmm/2.41/chart/pmm /templates/configmap.yaml b/addons/pmm/2.41/chart/pmm /templates/configmap.yaml deleted file mode 100644 index cda6b950..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.pmmEnv -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "pmm.fullname" . }} - labels: - {{- include "pmm.labels" . | nindent 4 }} -data: -# environment passed to the PMM - {{- with .Values.pmmEnv }} - {{- . | toYaml | nindent 6 }} - {{- end }} -{{- end }} diff --git a/addons/pmm/2.41/chart/pmm /templates/ingress.yaml b/addons/pmm/2.41/chart/pmm /templates/ingress.yaml deleted file mode 100644 index 5af7679f..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/ingress.yaml +++ /dev/null @@ -1,148 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $serviceName := .Values.service.name -}} -{{- $grpcPort := (index $.Values.service.ports 0).port -}} -{{- $servicePort := (index $.Values.service.ports 1).port -}} -{{- $ingressPathType := .Values.ingress.pathType -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "pmm.fullname" . }} - labels: - {{- include "pmm.labels" . | nindent 4 }} -{{- if or .Values.ingress.annotations .Values.ingress.nginxInc }} - annotations: - {{- toYaml .Values.ingress.annotations | nindent 4 }} - {{- if .Values.ingress.nginxInc }} - nginx.org/ssl-services: {{ $serviceName }}-grpc - nginx.org/grpc-services: {{ $serviceName }}-grpc - {{- end }} -{{- end }} -spec: -{{- if .Values.ingress.ingressClassName }} - ingressClassName: {{ .Values.ingress.ingressClassName | quote }} -{{- end }} -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ . }} - pathType: {{ $ingressPathType }} - backend: - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{- if $.Values.ingress.nginxInc }} - # gRPC paths - - path: {{ printf "%s/agent." . | replace "//" "/" }} - pathType: {{ $ingressPathType }} - backend: - service: - name: {{ $serviceName }}-grpc - port: - number: {{ $grpcPort }} # MUST proxy to HTTPS - - path: {{ printf "%s/inventory." . | replace "//" "/" }} - pathType: {{ $ingressPathType }} - backend: - service: - name: {{ $serviceName }}-grpc - port: - number: {{ $grpcPort }} # MUST proxy to HTTPS - - path: {{ printf "%s/management." . | replace "//" "/" }} - pathType: {{ $ingressPathType }} - backend: - service: - name: {{ $serviceName }}-grpc - port: - number: {{ $grpcPort }} # MUST proxy to HTTPS - - path: {{ printf "%s/server." . | replace "//" "/" }} - pathType: {{ $ingressPathType }} - backend: - service: - name: {{ $serviceName }}-grpc - port: - number: {{ $grpcPort }} # MUST proxy to HTTPS - {{- end }} - {{- end }} - {{- end }} -{{- if not .Values.ingress.nginxInc }} ---- -# Community version of ingress-nginx requires second Ingress for gRPC -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "pmm.fullname" . }}-grpc - labels: - {{- include "pmm.labels" . | nindent 4 }} - annotations: - {{- with .Values.ingress.community.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - nginx.ingress.kubernetes.io/backend-protocol: "GRPCS" - nginx.ingress.kubernetes.io/use-regex: "true" -spec: -{{- if .Values.ingress.ingressClassName }} - ingressClassName: {{ .Values.ingress.ingressClassName | quote }} -{{- end }} -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - # gRPC paths - - path: {{ printf "%s/agent." . | replace "//" "/" }} - pathType: {{ $ingressPathType }} - backend: - service: - name: {{ $serviceName }}-grpc - port: - number: {{ $grpcPort }} # MUST proxy to HTTPS - - path: {{ printf "%s/inventory." . | replace "//" "/" }} - pathType: {{ $ingressPathType }} - backend: - service: - name: {{ $serviceName }}-grpc - port: - number: {{ $grpcPort }} # MUST proxy to HTTPS - - path: {{ printf "%s/management." . | replace "//" "/" }} - pathType: {{ $ingressPathType }} - backend: - service: - name: {{ $serviceName }}-grpc - port: - number: {{ $grpcPort }} # MUST proxy to HTTPS - - path: {{ printf "%s/server." . | replace "//" "/" }} - pathType: {{ $ingressPathType }} - backend: - service: - name: {{ $serviceName }}-grpc - port: - number: {{ $grpcPort }} # MUST proxy to HTTPS - {{- end }} - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/addons/pmm/2.41/chart/pmm /templates/secret-certs.yaml b/addons/pmm/2.41/chart/pmm /templates/secret-certs.yaml deleted file mode 100644 index f05117df..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/secret-certs.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.certs.name -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.certs.name }} - labels: - {{- include "pmm.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -type: Opaque -data: -# ngnix ssl certificates - {{- with .Values.certs.files }} - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/addons/pmm/2.41/chart/pmm /templates/secret.yaml b/addons/pmm/2.41/chart/pmm /templates/secret.yaml deleted file mode 100644 index 040235f4..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/secret.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.secret.create -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.secret.name }} - labels: - {{- include "pmm.labels" . | nindent 4 }} - {{- with .Values.secret.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -type: Opaque -data: -# base64 encoded password -# encode some password: `echo -n "admin" | base64` -# to get the password on deployed cluster: `kubectl get secret pmm-secret -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode` - PMM_ADMIN_PASSWORD: {{ .Values.secret.pmm_password | default (randAscii 16) | b64enc | quote }} - {{- if .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_ID -}} - GF_AUTH_GENERIC_OAUTH_CLIENT_ID: {{ .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_ID }} - {{- end }} - {{- if .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET -}} - GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: {{ .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET }} - {{- end }} -{{- end }} diff --git a/addons/pmm/2.41/chart/pmm /templates/service.yaml b/addons/pmm/2.41/chart/pmm /templates/service.yaml deleted file mode 100644 index 655b06a7..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/service.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- $serviceType := .Values.service.type -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - labels: - {{- include "pmm.labels" . | nindent 4 }} - {{- with .Values.service.annotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.service.finalizers }} - finalizers: - {{- toYaml . | nindent 8 }} - {{- end }} -spec: - type: {{ $serviceType | default "ClusterIP" }} - {{- with .Values.service.ports }} - ports: - {{- toYaml . | nindent 8 }} - {{- end }} - selector: - {{- include "pmm.selectorLabels" . | nindent 4 }} -{{- if .Values.ingress.enabled }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }}-grpc - labels: - {{- include "pmm.labels" . | nindent 4 }} - {{- with .Values.service.annotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.service.finalizers }} - finalizers: - {{- toYaml . | nindent 8 }} - {{- end }} -spec: - type: {{ $serviceType | default "ClusterIP" }} - {{- with .Values.service.ports }} - ports: - {{- toYaml . | nindent 8 }} - {{- end }} - selector: - {{- include "pmm.selectorLabels" . | nindent 4 }} ---- -{{- end }} diff --git a/addons/pmm/2.41/chart/pmm /templates/serviceaccount.yaml b/addons/pmm/2.41/chart/pmm /templates/serviceaccount.yaml deleted file mode 100644 index 655f844c..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/serviceaccount.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "pmm.serviceAccountName" . }} - labels: - {{- include "pmm.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -secrets: - - name: {{ include "pmm.serviceAccountName" . }}-token ---- -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ include "pmm.serviceAccountName" . }}-token - annotations: - kubernetes.io/service-account.name: {{ include "pmm.serviceAccountName" . }} -{{- end }} diff --git a/addons/pmm/2.41/chart/pmm /templates/statefulset.yaml b/addons/pmm/2.41/chart/pmm /templates/statefulset.yaml deleted file mode 100644 index a310cfee..00000000 --- a/addons/pmm/2.41/chart/pmm /templates/statefulset.yaml +++ /dev/null @@ -1,149 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "pmm.fullname" . }} - labels: - {{- include "pmm.labels" . | nindent 4 }} -spec: - serviceName: {{ .Values.service.name }} - replicas: 1 - selector: - matchLabels: - {{- include "pmm.selectorLabels" . | nindent 6 }} - updateStrategy: - type: RollingUpdate - template: - metadata: - annotations: - {{- include "pmm.podAnnotations" . | nindent 8 }} - labels: - {{- include "pmm.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.image.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.serviceAccount.create }} - serviceAccountName: {{ include "pmm.serviceAccountName" . }} - {{- end }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - {{- if .Values.pmmResources }} - resources: - {{- toYaml .Values.pmmResources | nindent 12 }} - {{- end }} - - # environment passed to PMM, defined in configMap - envFrom: - - configMapRef: - name: {{ include "pmm.fullname" . }} - optional: true - - # additional secrets that could be used for Grafana iDP - env: - - name: GF_AUTH_GENERIC_OAUTH_CLIENT_ID - valueFrom: - secretKeyRef: - name: {{ .Values.secret.name }} - key: GF_AUTH_GENERIC_OAUTH_CLIENT_ID - optional: true - - name: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ .Values.secret.name }} - key: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET - optional: true - - name: GF_SECURITY_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.secret.name }} - key: PMM_ADMIN_PASSWORD - optional: true - - name: PMM_INSTALL_METHOD - valueFrom: - fieldRef: - fieldPath: metadata.annotations['app.kubernetes.io/managed-by'] - ports: - - name: http - containerPort: 80 - - name: https - containerPort: 443 - readinessProbe: - httpGet: - path: /v1/readyz - port: http - {{- if .Values.readyProbeConf }} - {{- toYaml .Values.readyProbeConf | nindent 12 }} - {{- end }} - volumeMounts: - - name: {{ .Values.storage.name }} - mountPath: /srv - - name: annotations - mountPath: "/var/run/pmm/annotations" - readOnly: true - {{- if .Values.certs.name }} - - name: {{ .Values.certs.name }} - mountPath: /srv/nginx - readOnly: true - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- toYaml .Values.extraVolumeMounts | nindent 12 }} - {{- end }} - volumes: - - name: annotations - projected: - sources: - - downwardAPI: - items: - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - {{- if .Values.certs.name }} - - name: {{ .Values.certs.name }} - secret: - secretName: {{ .Values.certs.name }} - optional: false - {{- end }} - {{- if .Values.extraVolumes }} - {{- toYaml .Values.extraVolumes | nindent 8 }} - {{- end }} - volumeClaimTemplates: - - metadata: - name: {{ .Values.storage.name }} - spec: - {{- if .Values.storage.selector }} - selector: - {{- toYaml .Values.storage.selector | nindent 10 }} - {{- end }} - {{ if .Values.storage.storageClassName }} - storageClassName: {{ .Values.storage.storageClassName }} - {{ end }} - {{- if .Values.storage.dataSource }} - dataSource: - {{- toYaml .Values.storage.dataSource | nindent 10 }} - {{- end }} - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.storage.size }} diff --git a/addons/pmm/2.41/chart/pmm /values.yaml b/addons/pmm/2.41/chart/pmm /values.yaml deleted file mode 100644 index 2c02d351..00000000 --- a/addons/pmm/2.41/chart/pmm /values.yaml +++ /dev/null @@ -1,276 +0,0 @@ -## @section Percona Monitoring and Management (PMM) parameters -## Default values for PMM. -## This is a YAML-formatted file. -## Declare variables to be passed into your templates. - -## PMM image version -## ref: https://hub.docker.com/r/percona/pmm-server/tags -## @param image.repository PMM image repository -## @param image.pullPolicy PMM image pull policy -## @param image.tag PMM image tag (immutable tags are recommended) -## @param image.imagePullSecrets Global Docker registry secret names as an array -## -image: - repository: percona/pmm-server - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "2.41.1" - imagePullSecrets: [] - -## PMM environment variables -## ref: https://docs.percona.com/percona-monitoring-and-management/setting-up/server/docker.html#environment-variables -## -pmmEnv: - ## @param pmmEnv.DISABLE_UPDATES Disables a periodic check for new PMM versions as well as ability to apply upgrades using the UI (need to be disabled in k8s environment as updates rolled with helm/container update) - ## - DISABLE_UPDATES: "1" -# optional variables to integrate Grafana with internal iDP, see also secret part -# GF_AUTH_GENERIC_OAUTH_ENABLED: 'true' -# GF_AUTH_GENERIC_OAUTH_SCOPES: '' -# GF_AUTH_GENERIC_OAUTH_AUTH_URL: '' -# GF_AUTH_GENERIC_OAUTH_TOKEN_URL: '' -# GF_AUTH_GENERIC_OAUTH_API_URL: '' -# GF_AUTH_GENERIC_OAUTH_ALLOWED_DOMAINS: '' - -## @param pmmResources optional [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) requested for [PMM container](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/index.html#set-up-pmm-server) - ## pmmResources: - ## requests: - ## memory: "32Gi" - ## cpu: "8" - ## limits: - ## memory: "64Gi" - ## cpu: "32" -#pmmResources: {} -pmmResources: - requests: - memory: "4Gi" - cpu: "4" - hugepages-2Mi: 4Mi - limits: - memory: "4Gi" - cpu: "4" - - -## Readiness probe Config -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes -## @param readyProbeConf.initialDelaySeconds Number of seconds after the container has started before readiness probes is initiated -## @param readyProbeConf.periodSeconds How often (in seconds) to perform the probe -## @param readyProbeConf.failureThreshold When a probe fails, Kubernetes will try failureThreshold times before giving up -## -readyProbeConf: - initialDelaySeconds: 1 - periodSeconds: 5 - failureThreshold: 6 - -## @section PMM secrets -## -secret: - ## @param secret.name Defines the name of the k8s secret that holds passwords and other secrets - ## - name: pmm-secret - ## @param secret.annotations -- Secret annotations configuration - annotations: {} - ## @param secret.create If true then secret will be generated by Helm chart. Otherwise it is expected to be created by user. - ## - create: true - ## @param secret.pmm_password Initial PMM password - it changes only on the first deployment, ignored if PMM was already provisioned and just restarted. If PMM admin password is not set, it will be generated. - ## E.g. - ## pmm_password: admin - ## - ## To get password execute `kubectl get secret pmm-secret -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode` - ## - pmm_password: "" - ## - # GF_AUTH_GENERIC_OAUTH_CLIENT_ID optional client ID to integrate Grafana with internal iDP, requires other env defined as well under pmmEnv - # GF_AUTH_GENERIC_OAUTH_CLIENT_ID: - # GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET optional secret to integrate Grafana with internal iDP, requires other env defined as well under pmmEnv - # GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: - -## @param certs Optional certificates, if not provided PMM would use generated self-signed certificates, -## please provide your own signed ssl certificates like this in base 64 format: -## certs: - ## name: pmm-certs - ## files: - ## certificate.crt: - ## certificate.key: - ## ca-certs.pem: - ## dhparam.pem: - ## certificate.conf: -certs: {} - -## @section PMM network configuration -## Service configuration -## -service: - ## @param service.name Service name that is dns name monitoring services would send data to. `monitoring-service` used by default by pmm-client in Percona operators. - ## - name: monitoring-service - ## @param service.type Kubernetes Service type - ## - type: LoadBalancer - - ## Ports 443 and/or 80 - ## - ports: - ## @param service.ports[0].port https port number - - port: 443 - ## @param service.ports[0].targetPort target port to map for statefulset and ingress - targetPort: https - ## @param service.ports[0].protocol protocol for https - protocol: TCP - ## @param service.ports[0].name port name - name: https - ## @param service.ports[1].port http port number - - port: 80 - ## @param service.ports[1].targetPort target port to map for statefulset and ingress - targetPort: http - ## @param service.ports[1].protocol protocol for http - protocol: TCP - ## @param service.ports[1].name port name - name: http - -## Ingress controller configuration -## -ingress: - ## @param ingress.enabled -- Enable ingress controller resource - enabled: false - ## @param ingress.nginxInc -- Using ingress controller from NGINX Inc - nginxInc: false - ## @param ingress.annotations -- Ingress annotations configuration - annotations: {} - ## kubernetes.io/ingress.class: nginx - ## kubernetes.io/tls-acme: "true" - ### nginx proxy to https - ## nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - ## @param ingress.community.annotations -- Ingress annotations configuration for community managed ingress (nginxInc = false) - community: - annotations: {} - ## kubernetes.io/ingress.class: nginx - ## kubernetes.io/tls-acme: "true" - ## @param ingress.ingressClassName -- Sets the ingress controller class name to use. - ingressClassName: "" - - ## Ingress resource hostnames and path mappings - hosts: - ## @param ingress.hosts[0].host hostname - - host: chart-example.local - ## @param ingress.hosts[0].paths path mapping - paths: [] - - ## @param ingress.pathType -- How ingress paths should be treated. - pathType: Prefix - - ## @param ingress.tls -- Ingress TLS configuration - tls: [] - ## - secretName: chart-example-tls - ## hosts: - ## - chart-example.local - -## @section PMM storage configuration -## Claiming storage for PMM using Persistent Volume Claims (PVC) -## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ -## -storage: - ## @param storage.name name of PVC - name: pmm-storage - ## @param storage.storageClassName optional PMM data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClassName: "" - ## - ## @param storage.size size of storage [depends](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/index.html#set-up-pmm-server) on number of monitored services and data retention - ## - size: 10Gi - ## - ## @param storage.dataSource VolumeSnapshot to start from - ## - dataSource: {} - ## name: before-vX.Y.Z-upgrade - ## kind: VolumeSnapshot - ## apiGroup: snapshot.storage.k8s.io - ## - ## @param storage.selector select existing PersistentVolume - ## - selector: {} - ## matchLabels: - ## release: "stable" - ## matchExpressions: - ## - key: environment - ## operator: In - ## values: - ## - dev - -## @section PMM kubernetes configurations -## @param nameOverride String to partially override common.names.fullname template with a string (will prepend the release name) -## -nameOverride: "" - -## @param extraLabels Labels to add to all deployed objects -## -extraLabels: {} - -## Pods Service Account -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## @param serviceAccount.create Specifies whether a ServiceAccount should be created -## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. -## @param serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. -## -serviceAccount: - create: true - annotations: {} - name: "pmm-service-account" - -## @param podAnnotations Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} - -## @param podSecurityContext Configure Pods Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## E.g -## podSecurityContext: - ## fsGroup: 2000 -## -podSecurityContext: {} - -## @param securityContext Configure Container Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## securityContext.capabilities The capabilities to add/drop when running containers -## securityContext.runAsUser Set pmm containers' Security Context runAsUser -## securityContext.runAsNonRoot Set pmm container's Security Context runAsNonRoot -## E.g. -## securityContext: - ## capabilities: - ## drop: - ## - ALL - ## readOnlyRootFilesystem: true - ## runAsNonRoot: true - ## runAsUser: 1000 -securityContext: {} - - -## @param nodeSelector Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## @param tolerations Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts -## -extraVolumeMounts: [] -## @param extraVolumes Optionally specify extra list of additional volumes -## -extraVolumes: [] diff --git a/addons/postgresql-cluster/15/plans/standard-4t/values.yaml b/addons/postgresql-cluster/15/plans/standard-4t/values.yaml index b305d3f2..ff1aab00 100644 --- a/addons/postgresql-cluster/15/plans/standard-4t/values.yaml +++ b/addons/postgresql-cluster/15/plans/standard-4t/values.yaml @@ -55,11 +55,7 @@ postgresql: enable_partitionwise_join = on enable_partitionwise_aggregate = on jit = on -<<<<<<< HEAD max_slot_wal_keep_size = 100GB -======= - max_slot_wal_keep_size = '1000 MB' ->>>>>>> 13b64985573dbeb3604907bf1fa5e72ce6e4c14c track_wal_io_timing = on maintenance_io_concurrency = 100