73a360f19a
- Postgres initdb fails running as non-root as it cannot change the ownership or permission on the PVC mounted to the container. Update the chart to use a uid 0 init container for setting ownership before the postgres container starts. Change-Id: I648fe7ca3dbc1f6ca6f4513360de2278be7c1ce4
129 lines
5.2 KiB
YAML
129 lines
5.2 KiB
YAML
{{/*
|
|
Copyright 2017 The Openstack-Helm Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/}}
|
|
|
|
{{- if .Values.manifests.statefulset }}
|
|
{{- $envAll := . }}
|
|
|
|
{{- $serviceAccountName := "postgresql" }}
|
|
{{ tuple $envAll "postgresql" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: postgresql
|
|
annotations:
|
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
|
labels:
|
|
{{ tuple $envAll "postgresql" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
|
spec:
|
|
serviceName: {{ tuple "postgresql" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
|
replicas: {{ .Values.pod.replicas.server }}
|
|
selector:
|
|
matchLabels:
|
|
{{ tuple $envAll "postgresql" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
|
|
template:
|
|
metadata:
|
|
labels:
|
|
{{ tuple $envAll "postgresql" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
|
spec:
|
|
serviceAccountName: {{ $serviceAccountName }}
|
|
{{ dict "envAll" $envAll "application" "server" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
|
affinity:
|
|
{{ tuple $envAll "postgresql" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
|
nodeSelector:
|
|
{{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }}
|
|
initContainers:
|
|
{{ tuple $envAll "postgresql" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
|
- name: set-volume-perms
|
|
{{ tuple $envAll "postgresql" | include "helm-toolkit.snippets.image" | indent 10 }}
|
|
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
|
command:
|
|
- "/bin/chown"
|
|
- {{ .Values.pod.security_context.server.pod.runAsUser | quote }}
|
|
- {{ .Values.storage.mount.path | quote }}
|
|
{{ dict "envAll" $envAll "application" "server" "container" "set-volume-perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
|
volumeMounts:
|
|
- name: postgresql-data
|
|
mountPath: {{ .Values.storage.mount.path }}
|
|
subPath: {{ .Values.storage.mount.subpath }}
|
|
containers:
|
|
- name: postgresql
|
|
{{ tuple $envAll "postgresql" | include "helm-toolkit.snippets.image" | indent 10 }}
|
|
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
|
ports:
|
|
- containerPort: {{ tuple "postgresql" "internal" "postgresql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
|
env:
|
|
- name: 'POSTGRES_PASSWORD'
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.secrets.postgresql.admin }}
|
|
key: 'POSTGRES_PASSWORD'
|
|
- name: 'POSTGRES_USER'
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.secrets.postgresql.admin }}
|
|
key: 'POSTGRES_USER'
|
|
- name: 'PGDATA'
|
|
value: {{ .Values.storage.mount.path | quote }}
|
|
command:
|
|
- /tmp/start.sh
|
|
livenessProbe:
|
|
exec:
|
|
command:
|
|
- /tmp/readiness.sh
|
|
initialDelaySeconds: 20
|
|
timeoutSeconds: 5
|
|
readinessProbe:
|
|
exec:
|
|
command:
|
|
- /tmp/readiness.sh
|
|
initialDelaySeconds: 20
|
|
timeoutSeconds: 5
|
|
volumeMounts:
|
|
- name: postgresql-bin
|
|
mountPath: /tmp/start.sh
|
|
subPath: start.sh
|
|
readOnly: true
|
|
- name: postgresql-bin
|
|
mountPath: /tmp/readiness.sh
|
|
subPath: readiness.sh
|
|
readOnly: true
|
|
- name: postgresql-data
|
|
mountPath: {{ .Values.storage.mount.path }}
|
|
subPath: {{ .Values.storage.mount.subpath }}
|
|
volumes:
|
|
- name: postgresql-bin
|
|
configMap:
|
|
name: postgresql-bin
|
|
defaultMode: 0555
|
|
{{- if not .Values.storage.pvc.enabled }}
|
|
- name: postgresql-data
|
|
hostPath:
|
|
path: {{ .Values.storage.host.host_path }}
|
|
{{- else }}
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
name: postgresql-data
|
|
annotations:
|
|
{{ .Values.storage.pvc.class_path }}: {{ .Values.storage.pvc.class_name }}
|
|
spec:
|
|
accessModes: [ "ReadWriteOnce" ]
|
|
resources:
|
|
requests:
|
|
storage: {{ .Values.storage.pvc.size }}
|
|
{{- end }}
|
|
{{- end }}
|