feat(charts): Add helm charts for postgres

Author: kmala

charts/database/Chart.yaml

@@ -0,0 +1,10 @@
+name: database
+home: https://github.com/deis/postgres
+version: <Will be populated by the ci before publishing the chart>
+description: A PostgreSQL database used by Deis Workflow.
+keywords:
+  - database
+  - postgres
+maintainers:
+  - name: Deis Team
+    email: engineering@deis.com

charts/database/templates/database-deployment.yaml

@@ -0,0 +1,60 @@
+{{- if eq .Values.global.database_location "on-cluster" }}
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: deis-database
+  labels:
+    heritage: deis
+  annotations:
+    component.deis.io/version: {{ .Values.docker_tag }}
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: deis-database
+  template:
+    metadata:
+      labels:
+        app: deis-database
+    spec:
+      serviceAccount: deis-database
+      containers:
+        - name: deis-database
+          image: quay.io/{{.Values.org}}/postgres:{{.Values.docker_tag}}
+          imagePullPolicy: {{.Values.pull_policy}}
+          ports:
+            - containerPort: 5432
+{{- if or (.Values.limits_cpu) (.Values.limits_memory)}}
+          resources:
+            limits:
+{{- if (.Values.limits_cpu) }}
+              cpu: {{.Values.limits_cpu}}
+{{- end}}
+{{- if (.Values.limits_memory) }}
+              memory: {{.Values.limits_memory}}
+{{- end}}
+{{- end}}
+          env:
+            - name: DATABASE_STORAGE
+              value: "{{.Values.global.storage}}"
+          readinessProbe:
+            exec:
+              command:
+                - is_running
+            initialDelaySeconds: 30
+            timeoutSeconds: 1
+          volumeMounts:
+            - name: database-creds
+              mountPath: /var/run/secrets/deis/database/creds
+            - name: objectstore-creds
+              mountPath: /var/run/secrets/deis/objectstore/creds
+      volumes:
+        - name: database-creds
+          secret:
+            secretName: database-creds
+        - name: objectstore-creds
+          secret:
+            secretName: database-storage-keyfile
+{{- end }}

charts/database/templates/database-secret-creds.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: database-creds
+  labels:
+    app: deis-database
+    heritage: deis
+  annotations:
+    "helm.sh/hook": pre-install
+data: {{ if eq .Values.global.database_location "on-cluster"}}
+  user: {{ randAlphaNum 32 | b64enc }}
+  password: {{ randAlphaNum 32 | b64enc }}{{ else if eq .Values.global.database_location "off-cluster"}}
+  user: {{ .Values.postgres.username | b64enc }}
+  password: {{ .Values.postgres.password | b64enc }}
+  name: {{ .Values.postgres.name | b64enc }}
+  host: {{ .Values.postgres.host | b64enc }}
+  port: {{ .Values.postgres.port | b64enc }}{{ end }}

charts/database/templates/database-service-account.yaml

@@ -0,0 +1,8 @@
+{{- if eq .Values.global.database_location "on-cluster" }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: deis-database
+  labels:
+    heritage: deis
+{{- end }}

charts/database/templates/database-service.yaml

@@ -0,0 +1,14 @@
+{{- if eq .Values.global.database_location "on-cluster" }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: deis-database
+  labels:
+    heritage: deis
+spec:
+  ports:
+    - name: postgres
+      port: 5432
+  selector:
+    app: deis-database
+{{- end }}

charts/database/templates/database-storage-secret.yaml

@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: database-storage-keyfile
+  labels:
+    heritage: deis
+  annotations:
+    deis.io/objectstorage: "{{ .Values.global.storage }}"
+type: Opaque
+data: {{ if eq .Values.global.storage "gcs"}}
+  key.json: {{.Values.gcs.key_json | b64enc}}
+  database-bucket: {{.Values.gcs.database_bucket | b64enc }}{{ else if eq .Values.global.storage "azure"}}
+  accountname: {{.Values.azure.accountname | b64enc }}
+  accountkey: {{ .Values.azure.accountkey | b64enc }}
+  database-container: {{ .Values.azure.database_container | b64enc }}{{ else if eq .Values.global.storage "s3"}}
+  accesskey: {{ .Values.s3.accesskey | b64enc }}
+  secretkey: {{ .Values.s3.secretkey | b64enc }}
+  region: {{ .Values.s3.region | b64enc }}
+  database-bucket: {{ .Values.s3.database_bucket | b64enc }}{{ else if eq .Values.global.storage "swift"}}
+  username: {{ .swift.username | b64enc }}
+  password: {{ .swift.password | b64enc }}
+  authurl: {{ .swift.authurl | b64enc }}
+  tenant: {{ .swift.tenant | b64enc }}
+  authversion: {{ .swift.authversion | b64enc }}
+  database-container: {{ .swift.database_container | b64enc }}{{else if eq .Values.global.storage "minio"}}
+  accesskey: OFRaUlkySlJXTVBUNlVNWFI2STU=
+  secretkey: Z2JzdHJPdm90TU1jZzJzTWZHVWhBNWE2RXQvRUk1QUx0SUhzb2JZaw=={{ end }}

charts/database/values.yaml

@@ -0,0 +1,59 @@
+org: "deisci"
+pull_policy: "Always"
+docker_tag: canary
+# limits_cpu: "100m"
+# limits_memory: "50Mi"
+global:
+  # Set the storage backend
+  #
+  # Valid values are:
+  # - s3: Store persistent data in AWS S3 (configure in S3 section)
+  # - azure: Store persistent data in Azure's object storage
+  # - gcs: Store persistent data in Google Cloud Storage
+  # - minio: Store persistent data on in-cluster Minio server
+  storage: minio
+  # Set the location of Workflow's PostgreSQL database
+  #
+  # Valid values are:
+  # - on-cluster: Run PostgreSQL within the Kubernetes cluster (credentials are generated
+  #   automatically; backups are sent to object storage
+  #   configured above)
+  # - off-cluster: Run PostgreSQL outside the Kubernetes cluster (configure in database section)
+  database_location: "on-cluster"
+
+s3:
+  # Your AWS access key. Leave it empty if you want to use IAM credentials.
+  accesskey: ""
+  # Your AWS secret key. Leave it empty if you want to use IAM credentials.
+  secretkey: ""
+  # Any S3 region
+  region: "us-west-1"
+  # Your buckets.
+  database_bucket: "your-database-bucket-name"
+
+azure:
+  accountname: "YOUR ACCOUNT NAME"
+  accountkey: "YOUR ACCOUNT KEY"
+  database_container: "your-database-container-name"
+
+gcs:
+  # key_json is expanded into a JSON file on the remote server. It must be
+  # well-formatted JSON data.
+  key_json: ''
+  database_bucket: "your-database-bucket-name"
+
+swift:
+  username: "Your OpenStack Swift Username"
+  password: "Your OpenStack Swift Password"
+  authurl: "Swift auth URL for obtaining an auth token"
+  # Your OpenStack tenant name if you are using auth version 2 or 3.
+  tenant: ""
+  authversion: "Your OpenStack swift auth version"
+  database_container: "your-database-container-name"
+
+postgres:
+  name: "database name"
+  username: "database username"
+  password: "database password"
+  host: "database host"
+  port: "database port"