Add postgres-operator and basic common postgres-manifest (#303)

* Add postgres-operator and basic common postgres-manifest

* move postgres to dev train
This commit is contained in:
Kjeld Schouten-Lebbing
2021-04-10 16:33:51 +02:00
committed by GitHub
parent 54f70c4fae
commit 67ead0cdfb
26 changed files with 749 additions and 2 deletions

View File

@@ -5,3 +5,5 @@ excluded-charts: common
chart-yaml-schema: .github/chart_schema.yaml
chart-repos:
- truecharts=https://truecharts.org
- postgres-operator-ui=https://raw.githubusercontent.com/zalando/postgres-operator/master/charts/postgres-operator-ui/
- postgres-operator=https://raw.githubusercontent.com/zalando/postgres-operator/master/charts/postgres-operator/

View File

@@ -4,3 +4,5 @@ helm-extra-args: --timeout 600s
chart-yaml-schema: .github/chart_schema.yaml
chart-repos:
- truecharts=https://truecharts.org
- postgres-operator-ui=https://raw.githubusercontent.com/zalando/postgres-operator/master/charts/postgres-operator-ui/
- postgres-operator=https://raw.githubusercontent.com/zalando/postgres-operator/master/charts/postgres-operator/

View File

@@ -0,0 +1,24 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
# OWNERS file for Kubernetes
OWNERS

View File

@@ -0,0 +1,9 @@
# Configuration Options
##### Connecting to other apps
If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our "Linking Apps Together" guide:
https://truecharts.org/manual/linking/
##### Available config options
In the future this page is going to contain an automated list of options available in the installation/edit UI.

View File

@@ -0,0 +1,12 @@
dependencies:
- name: common
repository: https://truecharts.org/
version: 2.0.2
- name: postgres-operator-ui
repository: https://raw.githubusercontent.com/zalando/postgres-operator/master/charts/postgres-operator-ui/
version: 1.6.2
- name: postgres-operator
repository: https://raw.githubusercontent.com/zalando/postgres-operator/master/charts/postgres-operator/
version: 1.6.2
digest: sha256:b0769cce163a0786257b00dd3a19e7406b56ccba4724666c8819e2af186ce1e4
generated: "2021-04-09T21:00:02.3236431+02:00"

View File

@@ -0,0 +1,44 @@
apiVersion: v2
kubeVersion: ">=1.16.0-0"
name: postgres-operator
version: 0.0.1
upstream_version: 1.6.2
appVersion: "auto"
description: Postgres Operator creates and manages PostgreSQL clusters running in Kubernetes
type: application
deprecated: false
home: https://github.com/truecharts/apps/tree/master/incubator/postgres-operator
icon: https://truecharts.org/_static/img/postgres-operator-icon.png
keywords:
- database
- HA
- postgresql
- SQL
- postgres
- operator
- cloud-native
- patroni
- spilo
sources:
- https://github.com/zalando/postgres-operator
dependencies:
- name: common
repository: https://truecharts.org/
version: 2.0.2
# condition:
- name: postgres-operator-ui
repository: https://raw.githubusercontent.com/zalando/postgres-operator/master/charts/postgres-operator-ui/
version: 1.6.2
# condition:
- name: postgres-operator
repository: https://raw.githubusercontent.com/zalando/postgres-operator/master/charts/postgres-operator/
version: 1.6.2
# condition:
maintainers:
- name: TrueCharts
email: info@truecharts.org
url: truecharts.org
- name: Ornias1993
email: kjeld@schouten-lebbing.nl
url: truecharts.org
# annotations:

View File

@@ -0,0 +1,56 @@
# Introduction
![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: auto](https://img.shields.io/badge/AppVersion-auto-informational?style=flat-square)
Postgres Operator creates and manages PostgreSQL clusters running in Kubernetes
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
## Source Code
* <https://github.com/zalando/postgres-operator>
## Requirements
Kubernetes: `>=1.16.0-0`
## Dependencies
| Repository | Name | Version |
|------------|------|---------|
| https://raw.githubusercontent.com/zalando/postgres-operator/master/charts/postgres-operator-ui/ | postgres-operator-ui | 1.6.2 |
| https://raw.githubusercontent.com/zalando/postgres-operator/master/charts/postgres-operator/ | postgres-operator | 1.6.2 |
| https://truecharts.org/ | common | 2.0.0 |
## Installing the Chart
To install the chart with the release name `postgresql`
- Open TrueNAS SCALE
- Go to Apps
- Click "Install" for this specific Apps
- Fill out the configuration form
## Uninstalling the Chart
To uninstall the `postgresql` deployment
- Open TrueNAS SCALE
- Go to Apps
- Go to "Installed Apps"
- Expand the menu in the top-right corner of this App
- Click "Remove" for this specific Apps
The command removes all the Kubernetes components associated with the chart **including storage volumes** _(Except hostPath Storage)_ and deletes the release.
## Support
- See the [Wiki](https://truecharts.org)
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
- Ask a [question](https://github.com/truecharts/apps/discussions)
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0)
All Rights Reserved - The TrueCharts Project

View File

@@ -0,0 +1,2 @@
Postgres Operator creates and manages PostgreSQL clusters running in Kubernetes
This App is supplied by TrueCharts, for more information please visit https://truecharts.org

Binary file not shown.

View File

@@ -0,0 +1,12 @@
image:
registry: registry.opensource.zalan.do
repository: acid/postgres-operator
tag: v1.6.2
pullPolicy: "IfNotPresent"
postgres-operator-ui:
# configure UI ENVs
envs:
targetNamespace: "*"
teams:
- "apps"

View File

@@ -0,0 +1,317 @@
groups:
- name: "Container Image"
description: "Image to be used for container"
- name: "Workload Configuration"
description: "Configure workload deployment"
- name: "Configuration"
description: "additional container configuration"
- name: "Networking"
description: "Configure / service for container"
- name: "Storage and Devices"
description: "Persist and share data that is separate from the lifecycle of the container"
- name: "Resource Reservation"
description: "Specify resources to be allocated to workload"
- name: "Reverse Proxy Configuration"
description: "Reverse Proxy configuration"
- name: "Advanced"
description: "Advanced Configuration"
- name: "WARNING"
description: "WARNING"
portals:
web_portal:
protocols:
- "$kubernetes-resource_configmap_portal_protocol"
host:
- "$kubernetes-resource_configmap_portal_host"
ports:
- "$kubernetes-resource_configmap_portal_port"
questions:
- variable: portal
group: "Container Image"
label: "Configure Portal Button"
schema:
type: dict
hidden: true
attrs:
- variable: enabled
label: "Enable"
description: "enable the portal button"
schema:
hidden: true
editable: false
type: boolean
default: true
# Update Policy
- variable: strategyType
group: "Container Image"
label: "Update Strategy"
schema:
type: string
default: "Recreate"
enum:
- value: "RollingUpdate"
description: "Create new pods and then kill old ones"
- value: "Recreate"
description: "Kill existing pods before creating new ones"
# Configure Time Zone
# Configure Time Zone
- variable: timezone
group: "Container Image"
label: "Timezone"
schema:
type: string
default: "Etc/UTC"
$ref:
- "definitions/timezone"
- variable: postgres-operator
label: "Postgres-Operator Settings"
description: "These settings can be used to customise the postgres-operator"
group: "Configuration"
schema:
type: dict
attrs:
- variable: fullnameOverride
label: "fullnameOverride"
schema:
hidden: true
type: string
default: "postgres-operator"
- variable: configUsers
label: ""
schema:
hidden: true
type: dict
attrs:
- variable: replication_username
label: "replication_username"
schema:
hidden: true
type: string
default: "postgres"
- variable: configMajorVersionUpgrade
label: ""
schema:
hidden: true
type: dict
attrs:
- variable: major_version_upgrade_mode
label: "major_version_upgrade_mode"
schema:
hidden: true
type: string
default: "full"
- variable: configKubernetes
label: ""
schema:
hidden: true
type: dict
attrs:
- variable: watched_namespace
label: "watched_namespace"
schema:
hidden: true
type: string
default: "*"
- variable: inherited_labels
label: "inherited_labels"
schema:
hidden: true
type: string
default: "application, environment"
- variable: pod_environment_configmap
label: "pod_environment_configmap"
schema:
hidden: true
type: string
default: "default/envconfig"
- variable: configGeneral
label: ""
schema:
hidden: true
type: dict
attrs:
- variable: kubernetes_use_configmaps
label: "kubernetes_use_configmaps"
schema:
hidden: false
type: string
default: "false"
- variable: securityContext
label: ""
schema:
type: dict
attrs:
- variable: runAsUser
label: "runAsUser"
description: "The UserID of the user running the application"
schema:
type: int
default: 568
- variable: configLogicalBackup
label: "Setup Logical Backup (s3)"
schema:
type: dict
attrs:
- variable: logical_backup_s3_access_key_id
label: "S3 Access Key ID"
schema:
type: string
default: ""
- variable: logical_backup_s3_bucket
label: "S3 bucket"
schema:
type: string
default: "my-bucket-url"
- variable: logical_backup_s3_endpoint
label: "S3 Endpoint"
schema:
type: string
default: ""
- variable: logical_backup_s3_region
label: "S3 Region"
schema:
type: string
default: ""
- variable: logical_backup_s3_secret_access_key
label: "S3 Secret Access Key"
schema:
type: string
default: ""
- variable: logical_backup_s3_sse
label: "S3 SSE"
schema:
type: string
default: "AES256"
- variable: logical_backup_schedule
label: "Cron format Schedule"
schema:
type: string
default: "30 00 * * *"
# Configure Enviroment Variables
- variable: environmentVariables
label: "Image environment"
group: "Configuration"
schema:
type: list
default: []
items:
- variable: environmentVariable
label: "Environment Variable"
schema:
type: dict
attrs:
- variable: name
label: "Name"
schema:
type: string
- variable: value
label: "Value"
schema:
type: string
## TrueCharts Specific
- variable: ingress
label: ""
group: "Reverse Proxy Configuration"
schema:
type: dict
attrs:
- variable: main
label: "WebUI"
schema:
type: dict
attrs:
- variable: enabled
label: "Enable Web Reverse Proxy"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: type
label: "Reverse Proxy Type"
schema:
type: string
default: "HTTP"
hidden: true
editable: false
required: true
- variable: dynamicServiceName
label: "Service name to proxy to"
schema:
hidden: true
editable: false
type: string
default: "postgres-operator-ui"
- variable: servicePort
label: "Service port to proxy to"
schema:
hidden: true
editable: false
type: int
default: 80
- variable: entrypoint
label: "Select Entrypoint"
schema:
type: string
default: "websecure"
required: true
enum:
- value: "websecure"
description: "Websecure: HTTPS/TLS port 443"
- variable: hosts
label: "Hosts"
schema:
type: list
default: []
items:
- variable: host
label: "Host"
schema:
type: dict
attrs:
- variable: host
label: "Domain Name"
required: true
schema:
type: string
- variable: path
label: "path"
schema:
type: string
required: true
hidden: true
default: "/"
- variable: certType
label: "Select Certificate Type"
schema:
type: string
default: "selfsigned"
enum:
- value: ""
description: "No Encryption/TLS/Certificates"
- value: "selfsigned"
description: "Self-Signed Certificate"
- value: "ixcert"
description: "TrueNAS SCALE Certificate"
- variable: certificate
label: "Select TrueNAS SCALE Certificate"
schema:
type: int
show_if: [["certType", "=", "ixcert"]]
$ref:
- "definitions/certificate"
- variable: authForwardURL
label: "Forward Authentication URL"
schema:
type: string
default: ""

View File

@@ -0,0 +1,2 @@
{{ include "common.ingress" . }}
{{ include "common.resources.portal" . }}

View File

@@ -0,0 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: envconfig
namespace: default
data:
KUBERNETES_BYPASS_API_SERVICE: "false"

View File

@@ -0,0 +1,37 @@
image:
registry: registry.opensource.zalan.do
repository: acid/postgres-operator
tag: v1.6.2
pullPolicy: "IfNotPresent"
postgres-operator:
fullnameOverride: "postgres-operator"
configUsers:
# postgres username used for replication between instances
replication_username: postgres
configMajorVersionUpgrade:
# "off": no upgrade, "manual": manifest triggers action, "full": minimal version violation triggers too
major_version_upgrade_mode: "full"
configKubernetes:
# enable_pod_antiaffinity: true
# pod_environment_configmap: "postgres-pod-config"
watched_namespace: "*"
# list of labels that can be inherited from the cluster manifest
inherited_labels: application, environment
ingress:
main:
enabled: true
type: "HTTP"
entrypoint: "websecure"
certType: "selfsigned"
dynamicServiceName: "postgres-operator-ui"
servicePort: 8081
annotations: {}
labels: {}
hosts:
- host: chart-example.local
paths:
- path: /
# Ignored if not kubeVersion >= 1.14-0
pathType: Prefix

View File

@@ -0,0 +1 @@
# This file is empty on purpose, as it should not be used with TrueNAS SCALE

View File

@@ -0,0 +1,3 @@
categories:
- media
icon_url: https://truecharts.org/_static/img/postgres-operator-icon.png

Binary file not shown.

After

Width:  |  Height:  |  Size: 23 KiB

View File

@@ -1,7 +1,7 @@
apiVersion: v2
kubeVersion: ">=1.16.0-0"
name: common
version: 2.0.3
version: 2.1.0
# upstream_version:
appVersion: none
description: Function library for TrueCharts

View File

@@ -42,4 +42,6 @@ Main entrypoint for the common library chart. It will render all underlying temp
{{ include "common.ingress" . | nindent 0 }}
{{ include "common.resources.portal" . | nindent 0 }}
{{ include "common.storage.permissions" . | nindent 0 }}
{{ include "common.resources.postgres" . | nindent 0 }}
{{- end -}}

View File

@@ -33,4 +33,19 @@ of all the entries of the persistence key.
{{- include "common.classes.pvc" $ -}}
{{- end }}
{{- end }}
{{/*
This is kept seperate, to enable us ot add "persistence" to questions.yaml and keep this out of it
*/}}
{{- range $index, $PVC := .Values.backupPersistence }}
{{- if and $PVC.enabled (not (or $PVC.emptyDir $PVC.existingClaim)) -}}
{{- $persistenceValues := $PVC -}}
{{- if not $persistenceValues.nameSuffix -}}
{{- $_ := set $persistenceValues "nameSuffix" "buildinBackup" -}}
{{- end -}}
{{- $_ := set $ "ObjectValues" (dict "persistence" $persistenceValues) -}}
{{- print ("---") | nindent 0 -}}
{{- include "common.classes.pvc" $ -}}
{{- end }}
{{- end }}
{{- end }}

View File

@@ -28,7 +28,9 @@ within the common library.
{{- end -}}
{{ end -}}
{{- $pvcName := include "common.names.fullname" . -}}
{{- if hasKey $values "nameSuffix" -}}
{{- if hasKey $values "nameOverride" -}}
{{- $pvcName = $values.nameOverride -}}
{{- else if hasKey $values "nameSuffix" -}}
{{- $pvcName = printf "%v-%v" $pvcName $values.nameSuffix -}}
{{ end -}}
kind: PersistentVolumeClaim
@@ -54,5 +56,7 @@ spec:
storage: {{ required (printf "size is required for PVC %v" $pvcName) $values.size | quote }}
{{- if $values.storageClass }}
storageClassName: {{ include "common.storage.class" . }}
{{- else }}
storageClassName: {{ ( printf "%v-%v" "ix-storage-class" .Release.Name ) }}
{{- end }}
{{- end -}}

View File

@@ -28,6 +28,11 @@ within the common library.
{{- $svcName := $values.serviceName | default $ingressName -}}
{{- if $values.dynamicServiceName }}
{{- $dynamicServiceName := printf "%v-%v" .Release.Name $values.dynamicServiceName -}}
{{- $svcName = $dynamicServiceName -}}
{{- end }}
{{- if $values.servicePort }}
{{- $svcPort = $values.servicePort -}}
{{- end }}

View File

@@ -0,0 +1,112 @@
{{- define "common.resources.postgres" -}}
{{- if .Values.enableDB -}}
{{- $instanceName := ( printf "%v%v" ( include "common.names.fullname" .|lower ) "-postgres" ) -}}
{{- $superuser := ( default (keys .Values.postgresql.users | first ) .Values.dbsuperuser.user ) -}}
{{- $secretName := ( printf "%s.%s.credentials.postgresql.acid.zalan.do" ( $superuser ) ( $instanceName ) ) -}}
{{- $backupPVCSubpath := ( default (printf "%s/%s" .Values.dbBackup.subpathPrefix (include "common.names.fullname" .)) .Values.dbBackup.subpath ) -}}
{{- $storageClass := ( printf "%v-%v" "ix-storage-class" .Release.Name ) -}}
{{- if not .Values.postgresql.teamId -}}
{{- $_ := set .Values.postgresql "teamId" (include "common.names.fullname" .) }}
{{- end}}
---
apiVersion: v1
kind: Secret
metadata:
labels:
{{- include "common.labels" . | nindent 4 }}
application: spilo
team: {{ include "common.names.fullname" . }}
"helm.sh/hook": "pre-install"
"helm.sh/hook-delete-policy": "pre-delete"
name: {{ $secretName }}
stringData:
username: {{ $superuser }}
password: {{ default (randAlphaNum 50) .Values.dbsuperuser.password }}
type: Opaque
---
{{/*
CRD that requiests postgres-operator to spin-up a postgresql instance (or multiple in HA)
*/}}
apiVersion: "acid.zalan.do/v1"
kind: postgresql
metadata:
name: {{ $instanceName }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
volume:
size: "100Gi"
storageClass: {{ $storageClass | quote }}
{{- .Values.postgresql | toYaml | nindent 2 }}
{{/*
Special magic cronjob that does a extra backup in addition to postgres-operator to a PVC of your choice.
*/}}
{{- if .Values.dbBackup.existingClaim -}}
---
# ------------------- CronJob ------------------- #
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: {{ include "common.names.fullname" . }}-backup
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
schedule: {{ .Values.dbBackup.schedule | quote }}
concurrencyPolicy: Replace
jobTemplate:
spec:
template:
metadata:
name: {{ include "common.names.fullname" . }}-backup
labels:
{{- include "common.labels.selectorLabels" . | nindent 12 }}
spec:
containers:
- name: backup
image: "{{ .Values.dbBackup.image.repository}}:{{ .Values.dbBackup.image.tag}}"
imagePullPolicy: {{ .Values.dbBackup.image.imagePullPolicy}}
command:
- /bin/sh
- -ce
- |
echo "$(date) - Start dump"
pg_dumpall > /backup/new && mv /backup/new /backup/backup
echo "$(date) - End dump"
ls -lh /backup
resources:
{{- .Values.dbBackup.resources | toYaml | nindent 16 }}
env:
- name: PGHOST
value: {{ $instanceName }}
- name: PGUSER
valueFrom:
secretKeyRef:
name: {{ $secretName }}
key: username
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: {{ $secretName }}
key: password
volumeMounts:
- mountPath: /backup
name: backup-volume
subPath: {{ $backupPVCSubpath }}
restartPolicy: OnFailure
volumes:
- name: backup-volume
persistentVolumeClaim:
claimName: {{ .Values.dbBackup.existingClaim }}
{{- end -}}
{{- end -}}
{{- end -}}

View File

@@ -32,6 +32,7 @@ serviceAccount:
# If not set and create is true, a name is generated using the fullname template
name: ""
env: {}
# TZ: UTC
@@ -240,6 +241,29 @@ persistence:
emptyDir: true
mountPath: /shared
# Special PVC instance, that does get affected by putting "persistence" into questions.yaml
backupPersistence:
buildinBackup:
enabled: true
nameOverride: "buildinBackup"
## configuration data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
## storageClass: "-"
##
## If you want to reuse an existing claim, you can pass the name of the PVC using
## the existingClaim variable
# existingClaim: your-claim
# subPath: some-subpath
accessMode: ReadWriteOnce
size: 100Gi
## Set to true to retain the PVC upon helm uninstall
skipuninstall: false
additionalVolumes: []
additionalVolumeMounts: []
@@ -312,3 +336,58 @@ fixMountPermissions: true
# hostPathEnabled: false
# hostPath: ""
# setPermissions: true
#### DB Values
# See all operator values at https://github.com/zalando/postgres-operator/blob/master/docs/reference/cluster_manifest.md
postgresql:
# -- team Id for the DB cluster
teamId:
# -- Number of replicas
# It will be automatically set with the number of replicaNodes so any values set here are ignored.
numberOfInstances: 1
# -- DB users to create (see operator)
users:
postgres:
- superuser
- createdb
# -- databases to create and their user
databases:
postgres: postgres
postgresql:
# -- Postgres version to deploy - see which versions are supported by the operator
version: "13"
dbsuperuser:
# -- Superuser user used for cronjobs
# @default -- first user in postgresql.users
user:
# -- Superuser password
# @default -- randomly generated on first install of the chart
password:
# -- Superuser k8s secret name. It must match the patter used by the operator
# @default -- <user>.<db name>.credentials.postgresql.acid.zalan.do
secret:
dbBackup:
# Enable backups to a PVC
# defaults to our default buildinBackup PVC, but can be overridden in the future
existingClaim: buildinBackup
# -- Backup schedule for postgres dumps
schedule: "@daily"
# -- Persistent volume claim subpath prefix for the backups
subpathPrefix: "backup/db"
# -- Persistent volume claim subpath for the backups
# @default: <subpathPrefix/<release-name>
subpath:
image:
repository: postgres
pullPolicy: IfNotPresent
tag: latest
resources:
requests:
memory: "10Mi"
cpu: "5m"