diff --git a/charts/common/v1.1.0/templates/_helpers.tpl b/charts/common/v1.1.0/templates/_helpers.tpl index 214c16a..735c009 100644 --- a/charts/common/v1.1.0/templates/_helpers.tpl +++ b/charts/common/v1.1.0/templates/_helpers.tpl @@ -105,6 +105,49 @@ Return password or secret value from values.yml or generate if it doesn't exists {{- end -}} {{- end -}} +{{/* +Return password or secret value from values.yml or an existing secret, or generate if it doesn't exist + +Usage: + {{- include "common.stickySecretValue" (dict "Config" .Values.postgresqlPassword "Context" . ) -}} + +Parameters + - Config The password config + - Context The context + +*/}} +{{- define "common.stickySecretValue" -}} +{{- if .Config.value -}} + {{- .Config.value -}} +{{- else if .Config.valueFrom -}} + {{- include "common.getValueFromSecret" (dict "Namespace" .Context.Release.Namespace "Name" (default (include "common.fullname" .Context ) .Config.valueFrom.secretKeyRef.name ) "Key" .Config.valueFrom.secretKeyRef.key ) -}} +{{- end -}} +{{- end -}} + + +{{/* +Returns the available value for certain key in an existing secret (if it exists), +otherwise it generates a random value. + +Usage: + {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.fullname" .) "Length" 10 "Key" "postgis-password") -}} + +Parameters: + - Namespace The release namespace to search. (default: .Release.Namespace) + - Name The name of the secret + - Length The length of the generated secret (default 10) + - Key The key within the secret to retrieve the value +*/}} +{{- define "common.getValueFromSecret" }} + {{- $len := (default 10 .Length) | int -}} + {{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} + {{- if $obj }} + {{- index $obj .Key | b64dec -}} + {{- else -}} + {{- randAlphaNum $len -}} + {{- end -}} +{{- end }} + {{- /* common.util.merge will merge two YAML templates and output the result. This takes an array of three values: diff --git a/charts/postgis/v0.3.0/.DS_Store b/charts/postgis/v0.3.0/.DS_Store new file mode 100644 index 0000000..bbda36e Binary files /dev/null and b/charts/postgis/v0.3.0/.DS_Store differ diff --git a/charts/postgis/v0.3.0/.envrc b/charts/postgis/v0.3.0/.envrc new file mode 100644 index 0000000..abbec07 --- /dev/null +++ b/charts/postgis/v0.3.0/.envrc @@ -0,0 +1,3 @@ +source_up + +export HELM_DOCS_ARGS="-t ${PROJECT_ROOT}/charts/common/v1.0.1/_templates.gotmpl -t $(pwd)/README.md.gotmpl" diff --git a/charts/postgis/v0.3.0/Chart.yaml b/charts/postgis/v0.3.0/Chart.yaml new file mode 100644 index 0000000..221fcaa --- /dev/null +++ b/charts/postgis/v0.3.0/Chart.yaml @@ -0,0 +1,25 @@ +apiVersion: v2 +name: postgis +version: 0.3.0 +appVersion: 13-3.1 +description: Chart for postgis +keywords: + - postgis + - postgresql + - database + - postgres + - sql + - replication + - cluster +home: https://postgis.net/ +sources: + - https://github.com/kartoza/docker-postgis +maintainers: + - name: lucernae + email: lana.pcfre@gmail.com +engine: gotpl +icon: https://raw.githubusercontent.com/kartoza/charts/master/assets/logo/postgis.png +dependencies: + - name: common + version: 1.1.0 + repository: "file://../../common/v1.1.0" diff --git a/charts/postgis/v0.3.0/README.md b/charts/postgis/v0.3.0/README.md new file mode 100644 index 0000000..b5e9e9a --- /dev/null +++ b/charts/postgis/v0.3.0/README.md @@ -0,0 +1,1188 @@ + + +# postgis + +![Version: 0.2.4](https://img.shields.io/badge/Version-0.2.4-informational?style=flat-square) ![AppVersion: 13-3.1](https://img.shields.io/badge/AppVersion-13--3.1-informational?style=flat-square) + +Chart for postgis + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| lucernae | lana.pcfre@gmail.com | | + +## Source Code + +* + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| [../../common/v1.0.1](../../common/v1.0.1) | common | 1.0.1 | + +# Long Description + +This is Kartoza's Postgis Rancher charts + +Postgis is an extension of PostgreSQL database with added support for +Spatial Data + +# How to Use + +For helm: + +```bash +helm install release-name kartoza/postgis +``` + +# Intro + +This chart bootstrap a PostgreSQL database with Postgis installed in its +main database. +It behaves like a PostgreSQL database, but with Postgis extension installed +in its database. + +# What it can do + +The default install uses kartoza/postgis image, which can do the following: + +- Generate superuser roles at startup +- Generate new database at startup if volume empty +- Generate one or more database with Postgis installed +- Accept locale and collations settings for the database +- Default TLS enabled +- GDAL Driver installed +- Support out-of-db rasters +- Enable multiple extensions + +You can override the image to use your own Postgre Image. + +# Common use case + +## Using it as a headless service + +By default, we created a Headless service. Headless service can only be +accessed within the cluster itself. +The name of the service can be used as the hostname. +If you need to expose this, you can further cascade it using +LoadBalancer or NodePort. + +## Using custom certificate in conjunction with cert-manager.io + +With cert-manager you can automatically create certificate. First, you need +an issuer and also the certificate request object. +Cert-manager will then create the certificate and store it into a secret. +This should happen before you create the Postgis App. + +Use the generated secret by filling out `tls` config options. +Because Postgres works in L3/4 Layer, the generated CA must be accepted by +your OS if you want to connect using self-signed certificate. +If not, then you can just ignore the warning. However some Database client +will check the CA, depending on what is the mode of the connection, +which can be: disable, allow, required, verify-ca, verify-full. + +## Executing scripts after the database starts + +Sometimes you want to execute certain scripts after the database is ready. +Our default image can do that (and most Postgres image based on official Postgres). + +The best way would be to create a ConfigMap with your scripts in it, then +apply it to your Kubernetes Cluster. +Reference: +https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap + +Then mount it to the pod using our [extraVolume](#extraVolume) and +[extraVolumeMounts](#extraVolumeMounts) config. +If you mount it in the pod's path: `/docker-entrypoint-initdb.d/` , +it will be scanned by the image. +The executed scripts are only files with the extensions `.sql` and `.sh`. + +Depending on the postgres image you use, you can also mount it to directory +where the entrypoint script will be executed according to that image +implementations. + +## Replications + +TODO: Describe how replication works with stateful set pods. + +## Values + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyTypeDefaultDescription
+ +existingSecret + + + +tpl/string + + + +```yaml +existingSecret: | +``` + + + +Use this if you have predefined secrets object + +
+ +extraConfigMap + + + +tpl/map + + + +```yaml +extraConfigMap: | + #file_1: "conf content" +``` + + + +Define this for extra config map + +
+ +extraPodEnv + + + +tpl/list + + + +
++Expand + +```yaml +extraPodEnv: | + #- name: KEY_1 + # value: "VALUE_1" + #- name: KEY_2 + # value: "VALUE_2" + - name: PASSWORD_AUTHENTICATION + value: "md5" +``` + +
+ +		 + +Define this for extra pod environment variables + +
+ +extraPodSpec + + + +tpl/map + + + +
++Expand + +```yaml +extraPodSpec: | + ##You can set pod attribute if needed + #ports: + # - containerPort: 5432 + # name: tcp-port +``` + +
+ +		 + +This will be evaluated as pod spec + +
+ +extraSecret + + + +tpl/map + + + +```yaml +extraSecret: | + #key_1: value_1 +``` + + + +Define this for extra secrets to be included + +
+ +extraVolume + + + +tpl/list + + + +
++Expand + +```yaml +extraVolume: | + ##You may potentially mount a config map/secret + #- name: custom-config + # configMap: + # name: geoserver-config +``` + +
+ +		 + +Define this for extra volume (in pair with extraVolumeMounts) + +
+ +extraVolumeMounts + + + +tpl/list + + + +
++Expand + +```yaml +extraVolumeMounts: | + ##You may potentially mount a config map/secret + #- name: custom-config + # mountPath: /docker-entrypoint.sh + # subPath: docker-entrypoint.sh + # readOnly: true +``` + +
+ +		 + +Define this for extra volume mounts in the pod + +
+ +global.storageClass + + + +string + + + +```json +null +``` + + + +Storage class name used to provision PV + +
+ +image + + + +object/container-image + + + +
++Expand + +```yaml +# -- Image registry +registry: docker.io +# -- Image repository +repository: kartoza/postgis +# -- Image tag +tag: "13-3.1" +# -- (k8s/containers/image/imagePullPolicy) Image pullPolicy +pullPolicy: IfNotPresent +``` + +
+ +		 + +Image map + +
+ +image.pullPolicy + + + +k8s/containers/image/imagePullPolicy + + + +```json +"IfNotPresent" +``` + + + +Image pullPolicy + +
+ +image.registry + + + +string + + + +```json +"docker.io" +``` + + + +Image registry + +
+ +image.repository + + + +string + + + +```json +"kartoza/postgis" +``` + + + +Image repository + +
+ +image.tag + + + +string + + + +```json +"13-3.1" +``` + + + +Image tag + +
+ +persistence.accessModes + + + +list + + + +```json +[ + "ReadWriteOnce" +] +``` + + + +Default Access Modes + +
+ +persistence.annotations + + + +map + + + +```json +{} +``` + + + +You can specify extra annotations here + +
+ +persistence.enabled + + + +bool + + + +```json +true +``` + + + +Enable persistence. If set to false, the data directory will use ephemeral volume + +
+ +persistence.existingClaim + + + +string + + + +```yaml +persistence.existingClaim: | +``` + + + +A manually managed Persistent Volume and Claim If defined, PVC must be created manually before volume will be bound The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart + +
+ +persistence.mountPath + + + +path + + + +```json +"/opt/kartoza/postgis/data" +``` + + + +The path the volume will be mounted at, useful when using different PostgreSQL images. + +
+ +persistence.size + + + +string/size + + + +```json +"8Gi" +``` + + + +Size of the PV + +
+ +persistence.storageClass + + + +string + + + +```json +null +``` + + + +Storage class name used to provision PV + +
+ +persistence.subPath + + + +string + + + +```json +"data" +``` + + + +The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services. Default provisioner usually have .lost+found directory, so you might want to use this so the container can have empty volume + +
+ +postgresqlDataDir + + + +path + + + +```json +"/opt/kartoza/postgis/data" +``` + + + +PostgreSQL data dir. Location where you want to store the stateful data + +
+ +postgresqlDatabase + + + +string + + + +```json +"gis" +``` + + + +default generated database name if the image support it, pass a comma-separated list of database name, and it will be exposed in environment variable POSTGRES_DBNAME. The first database will be used to check connection in the probe. + +
+ +postgresqlPassword + + + +object/common.secret + + + +
++Expand + +```yaml +# -- (string) Specify this password value. If not, it will be +# autogenerated everytime chart upgraded +value: +valueFrom: + secretKeyRef: + name: + key: postgresql-password +``` + +
+ +		 + +Secret structure for postgres super user password Use this for prefilled password + +
+ +postgresqlPassword.value + + + +string + + + +```json +null +``` + + + +Specify this password value. If not, it will be autogenerated everytime chart upgraded + +
+ +postgresqlUsername + + + +string + + + +```json +"docker" +``` + + + +postgres super user + +
+ +probe + + + +k8s/containers/probe + + + +```yaml +probe: | +``` + + + +Probe can be overridden If set empty, it will use default probe + +
+ +securityContext + + + +k8s/containers/securityContext + + + +
++Expand + +```yaml +securityContext: | + ##You have to use fsGroup if you use custom certificate + #fsGroup: 101 # postgres group + #runAsUser: 1000 # run as root + #runAsGroup: 1000 # run as root +``` + +
+ +		 + +Define this if you want more control with the security context of the pods + +
+ +service.annotations + + + +tpl/map + + + +```yaml +service.annotations: | +``` + + + +Provide any additional annotations which may be required. Evaluated as a template. + +
+ +service.clusterIP + + + +k8s/service/clusterIP + + + +```json +"None" +``` + + + +Set to None for Headless Service Otherwise set to "" to give a default cluster IP + +
+ +service.labels + + + +tpl/map + + + +```yaml +service.labels: | +``` + + + +Provide any additional annotations which may be required. Evaluated as a template. + +
+ +service.loadBalancerIP + + + +k8s/service/loadBalancerIP + + + +```json +null +``` + + + +Set the LoadBalancer service type to internal only. [ref](https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer) + +
+ +service.nodePort + + + +k8s/service/nodePort + + + +```json +null +``` + + + +Specify the nodePort value for the LoadBalancer and NodePort service types. [ref](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport) + +
+ +service.port + + + +k8s/service/port + + + +```json +5432 +``` + + + +Default TCP port + +
+ +service.type + + + +k8s/service/type + + + +```json +"ClusterIP" +``` + + + +PostgresSQL service type + +
+ +test.postgis.containers + + + +tpl/array + + + +```json +null +``` + + + +List of containers override for testing + +
+ +tls.ca_file + + + +string + + + +```json +"ca.crt" +``` + + + +Subpath of the secret CA + +
+ +tls.cert_file + + + +string + + + +```json +"tls.crt" +``` + + + +Subpath of the secret Cert file + +
+ +tls.enabled + + + +bool + + + +```json +false +``` + + + +Enable to true if you can specify where the certificate is located. You must also enable securityContext.fsGroup if you want to use tls + +
+ +tls.key_file + + + +string + + + +```json +"tls.key" +``` + + + +Subpath of the secret TLS key + +
+ +tls.secretName + + + +string + + + +```json +null +``` + + + +Secret of a Certificate kind that stores the certificate + +
+ +# Helm-Docs Chart Template Version +common-v1.0.1 + +# Docs Version + +v2021.07.24 diff --git a/charts/postgis/v0.3.0/README.md.gotmpl b/charts/postgis/v0.3.0/README.md.gotmpl new file mode 100644 index 0000000..c5826e7 --- /dev/null +++ b/charts/postgis/v0.3.0/README.md.gotmpl @@ -0,0 +1,112 @@ +{{ template "chart.header" . }} + +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} + +# Long Description + +This is Kartoza's Postgis Rancher charts + +Postgis is an extension of PostgreSQL database with added support for +Spatial Data + +# How to Use + +For helm: + +```bash +helm install release-name kartoza/postgis +``` + +# Intro + +This chart bootstrap a PostgreSQL database with Postgis installed in its +main database. +It behaves like a PostgreSQL database, but with Postgis extension installed +in its database. + +# What it can do + +The default install uses kartoza/postgis image, which can do the following: + +- Generate superuser roles at startup +- Generate new database at startup if volume empty +- Generate one or more database with Postgis installed +- Accept locale and collations settings for the database +- Default TLS enabled +- GDAL Driver installed +- Support out-of-db rasters +- Enable multiple extensions + +You can override the image to use your own Postgre Image. + +# Common use case + +## Using it as a headless service + +By default, we created a Headless service. Headless service can only be +accessed within the cluster itself. +The name of the service can be used as the hostname. +If you need to expose this, you can further cascade it using +LoadBalancer or NodePort. + +## Using custom certificate in conjunction with cert-manager.io + +With cert-manager you can automatically create certificate. First, you need +an issuer and also the certificate request object. +Cert-manager will then create the certificate and store it into a secret. +This should happen before you create the Postgis App. + +Use the generated secret by filling out `tls` config options. +Because Postgres works in L3/4 Layer, the generated CA must be accepted by +your OS if you want to connect using self-signed certificate. +If not, then you can just ignore the warning. However some Database client +will check the CA, depending on what is the mode of the connection, +which can be: disable, allow, required, verify-ca, verify-full. + +## Executing scripts after the database starts + +Sometimes you want to execute certain scripts after the database is ready. +Our default image can do that (and most Postgres image based on official Postgres). + +The best way would be to create a ConfigMap with your scripts in it, then +apply it to your Kubernetes Cluster. +Reference: +https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap + +Then mount it to the pod using our [extraVolume](#extraVolume) and +[extraVolumeMounts](#extraVolumeMounts) config. +If you mount it in the pod's path: `/docker-entrypoint-initdb.d/` , +it will be scanned by the image. +The executed scripts are only files with the extensions `.sql` and `.sh`. + +Depending on the postgres image you use, you can also mount it to directory +where the entrypoint script will be executed according to that image +implementations. + + +## Replications + +TODO: Describe how replication works with stateful set pods. + + +{{ template "chart.valuesSectionHtml" . }} + +{{ template "helm-docs.versionFooter" . }} + +{{ template "chart.templates.version" . }} + +# Docs Version + +v2021.07.24 diff --git a/charts/postgis/v0.3.0/app-readme.md b/charts/postgis/v0.3.0/app-readme.md new file mode 100644 index 0000000..7de943d --- /dev/null +++ b/charts/postgis/v0.3.0/app-readme.md @@ -0,0 +1,6 @@ +# Postgis + +This is Kartoza's Postgis Rancher charts + +Postgis is an extension of PostgreSQL database with added support for Spatial Data + diff --git a/charts/postgis/v0.3.0/charts/common-1.1.0.tgz b/charts/postgis/v0.3.0/charts/common-1.1.0.tgz new file mode 100644 index 0000000..32abc05 Binary files /dev/null and b/charts/postgis/v0.3.0/charts/common-1.1.0.tgz differ diff --git a/charts/postgis/v0.3.0/ci/loadbalancer-values.yml b/charts/postgis/v0.3.0/ci/loadbalancer-values.yml new file mode 100644 index 0000000..ac40986 --- /dev/null +++ b/charts/postgis/v0.3.0/ci/loadbalancer-values.yml @@ -0,0 +1,26 @@ +--- +postgresqlUsername: myuser +postgresqlPassword: + value: mysecret +postgresqlDatabase: dbone,dbtwo + +service: + type: LoadBalancer + loadBalancerIP: 192.168.100.6 + externalIPs: | + - {{ .Values.service.loadBalancerIP }} + port: 35432 + +securityContext: | + fsGroup: 101 + +tls: + enabled: true + secretName: postgis-tls + ca_file: ca.crt + cert_file: tls.crt + key_file: tls.key + +extraPodSpec: | + nodeSelector: + label: value diff --git a/charts/postgis/v0.3.0/ci/minimum-values.yaml b/charts/postgis/v0.3.0/ci/minimum-values.yaml new file mode 100644 index 0000000..906484d --- /dev/null +++ b/charts/postgis/v0.3.0/ci/minimum-values.yaml @@ -0,0 +1,5 @@ +--- +postgresqlUsername: myuser +postgresqlPassword: + value: mysecret +postgresqlDatabase: dbone,dbtwo diff --git a/charts/postgis/v0.3.0/ci/values.yml b/charts/postgis/v0.3.0/ci/values.yml new file mode 100644 index 0000000..ec81b40 --- /dev/null +++ b/charts/postgis/v0.3.0/ci/values.yml @@ -0,0 +1,25 @@ +--- +postgresqlUsername: myuser +postgresqlPassword: mysecret +postgresqlDatabase: dbone,dbtwo + +service: + type: LoadBalancer + loadBalancerIP: 192.168.100.6 + externalIPs: | + - {{ .Values.service.loadBalancerIP }} + port: 35432 + +securityContext: | + fsGroup: 101 + +tls: + enabled: true + secretName: postgis-tls + ca_file: ca.crt + cert_file: tls.crt + key_file: tls.key + +extraPodSpec: | + nodeSelector: + label: value diff --git a/charts/postgis/v0.3.0/templates/NOTES.txt b/charts/postgis/v0.3.0/templates/NOTES.txt new file mode 100644 index 0000000..f093d6e --- /dev/null +++ b/charts/postgis/v0.3.0/templates/NOTES.txt @@ -0,0 +1,53 @@ +To access postgres: + +1. Get user and password: + + ```bash + export PGUSER=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "common.fullname" . }} -o jsonpath='{.data.postgresql-user}' | base64 --decode) + export PGPASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "common.fullname" . }} -o jsonpath='{.data.{{ template "common.secretKey" .Values.postgresqlPassword }}}' | base64 --decode) + ``` + +{{- if (eq "ClusterIP" .Values.service.type) }} +2. Connect to postgis by from within the pod + + ```bash + kubectl exec -it ---namespace {{ .Release.Namespace }} postgis-0 -- PGPASSWORD=$PGPASSWORD psql -h localhost -U $PGUSER -l + ``` + +{{- end }} + +{{- if (eq "LoadBalancer" .Values.service.type) }} +2. Connect to postgis from load balancer IP + + ```bash + psql -h {{ .Values.service.loadBalancerIP }} -p {{ .Values.service.port }} -l + ``` + +{{- end }} + +{{- if .Values.tls.enabled }} +3. You have enabled TLS. You can connect by specifying SSLMODE + + ```bash + export PGSSLMODE=require + ``` + + To download certificate, you can do this: + + ```bash + kubectl get secret --namespace {{ .Release.Namespace }} {{ .Values.tls.secretName }} -o "jsonpath={.data['tls\\.key']}" | base64 --decode > tls.key + kubectl get secret --namespace {{ .Release.Namespace }} {{ .Values.tls.secretName }} -o "jsonpath={.data['tls\\.crt']}" | base64 --decode > tls.crt + kubectl get secret --namespace {{ .Release.Namespace }} {{ .Values.tls.secretName }} -o "jsonpath={.data['ca\\.crt']}" | base64 --decode > ca.crt + + export PGSSLROOTCERT=ca.crt + export PGSSLCERT=tls.crt + export PGSSLKEY=tls.key + ``` + + If you wish to view the certificate, you can check using openssl_client: + + ```bash + openssl s_client -starttls postgres -connect : + ``` + +{{- end }} diff --git a/charts/postgis/v0.3.0/templates/_helpers.tpl b/charts/postgis/v0.3.0/templates/_helpers.tpl new file mode 100644 index 0000000..e2b6ae4 --- /dev/null +++ b/charts/postgis/v0.3.0/templates/_helpers.tpl @@ -0,0 +1,36 @@ +{{/* +Return first PostgreSQL database +*/}} +{{- define "postgresql.firstDatabaseName" -}} +{{- $dbList := splitList "," (printf "%s" .Values.postgresqlDatabase) -}} +{{- first $dbList -}} +{{- end -}} + +{{/* +Return default internal cluster postgres host +*/}} +{{- define "postgresql.service.name" -}} +{{- include "common.fullname" . -}} +{{- end -}} + +{{/* +Constructs postgres:// protocol connection string +Input is a map. If any value not supplied, will defer to default value. +- Context: Top Context +- Database: Database name +- Protocol: Protocol string. Like postgres for postgres:// +- Port +- User +- Host +- Password +*/}} +{{- define "postgresql.connectionstring" -}} +{{- $top := .Context -}} +{{- $user := default $top.Values.postgresqlUsername .User -}} +{{- $port := default (int $top.Values.service.port) .Port -}} +{{- $db := default (include "postgresql.firstDatabaseName" $top) .Database -}} +{{- $host := default (include "postgresql.service.name" $top) .Host -}} +{{- $password := default (include "common.secretValue" $top.Values.postgresqlPassword) .Password -}} +{{- $protocol := default "postgres" .Protocol -}} +{{ printf "%s://%s:%s@%s:%d/%s" $protocol $user $password $host $port $db }} +{{- end -}} diff --git a/charts/postgis/v0.3.0/templates/configmap.yaml b/charts/postgis/v0.3.0/templates/configmap.yaml new file mode 100644 index 0000000..63c9fc3 --- /dev/null +++ b/charts/postgis/v0.3.0/templates/configmap.yaml @@ -0,0 +1,19 @@ +{{- define "postgis.configmap" -}} +metadata: + name: {{ template "common.fullname" . }} + {{- with .Values.labels }} + labels: {{- toYaml . | nindent 4 }} + {{- end }} + + {{- with .Values.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +data: + {{- with .Values.extraConfigMap }} + {{- tpl . $ | nindent 2 }} + {{- end }} +{{- end -}} + +{{- if .Values.extraConfigMap -}} +{{- include "common.configmap" (list . "postgis.configmap") -}} +{{- end -}} diff --git a/charts/postgis/v0.3.0/templates/secrets.yaml b/charts/postgis/v0.3.0/templates/secrets.yaml new file mode 100644 index 0000000..1014e94 --- /dev/null +++ b/charts/postgis/v0.3.0/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{- define "postgis.secret" -}} +data: + {{- if not .Values.existingSecret }} + postgresql-user: {{ .Values.postgresqlUsername | b64enc | quote }} + {{- $postgresqlPassword := include "common.stickySecretValue" (dict "Config" .Values.postgresqlPassword "Context" . ) }} + {{ include "common.secretKey" .Values.postgresqlPassword | nindent 2 }}: {{ $postgresqlPassword | b64enc | quote }} + {{- $param := dict "Password" $postgresqlPassword "Context" . }} + database-url: {{ (include "postgresql.connectionstring" $param ) | b64enc | quote }} + {{- end }} + {{- with .Values.extraSecret }} + {{- tpl . $ | nindent 2 }} + {{- end }} +{{- end -}} + +{{- if or (not .Values.existingSecret) .Values.extraSecret }} +{{- include "common.secret" (list . "postgis.secret") -}} +{{- end }} diff --git a/charts/postgis/v0.3.0/templates/statefulset.yaml b/charts/postgis/v0.3.0/templates/statefulset.yaml new file mode 100644 index 0000000..5267d2b --- /dev/null +++ b/charts/postgis/v0.3.0/templates/statefulset.yaml @@ -0,0 +1,183 @@ +{{- include "common.statefulset" (list . "postgis.statefulset") -}} +{{- define "postgis.statefulset" -}} +metadata: + {{- with .Values.labels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.annotations }} + annotations: + {{ toYaml . | nindent 4 }} + {{- end }} +spec: + serviceName: {{ template "common.fullname" . }}-headless + replicas: 1 + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app: {{ template "common.fullname" . }} + role: master + template: + metadata: + labels: + role: master + {{- with .Values.podLabels }} + {{- tpl . $ | nindent 8 }} + {{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} + {{- (tpl . $) | nindent 8 }} + {{- end }} + spec: + securityContext: + {{- with .Values.securityContext }} + {{- tpl . $ | nindent 8 }} + {{- end }} + containers: + - name: {{ template "common.fullname" . }} + image: {{ template "common.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + env: + {{- if .Values.postgresqlInitdbArgs }} + - name: POSTGRES_INITDB_ARGS + value: {{ .Values.postgresqlInitdbArgs | quote }} + {{- end }} + {{- if .Values.persistence.mountPath }} + - name: PGDATA + value: {{ .Values.postgresqlDataDir | quote }} + {{- end }} + - name: POSTGRES_USER + value: {{ .Values.postgresqlUsername | quote }} + - name: POSTGRES_PASSWORD + {{- $param := dict "Value" .Values.postgresqlPassword "Context" . -}} + {{ include "common.secretFrom" $param | nindent 14 }} + - name: POSTGRES_DBNAME + value: {{ .Values.postgresqlDatabase | quote }} + {{- if .Values.tls.enabled }} + - name: SSL_CERT_FILE + value: /cert/tls.crt + - name: SSL_KEY_FILE + value: /cert/tls.key + - name: SSL_CA_FILE + value: /cert/ca.crt + {{- end }} + {{- with .Values.extraPodEnv }} + {{- tpl . $ | nindent 12 }} + {{- end }} + ports: + - name: tcp-postgis + containerPort: 5432 + volumeMounts: + {{- if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: cert + mountPath: /cert/tls.key + subPath: {{ .Values.tls.key_file }} + readOnly: true + - name: cert + mountPath: /cert/tls.crt + subPath: {{ .Values.tls.cert_file }} + readOnly: true + - name: cert + mountPath: /cert/ca.crt + subPath: {{ .Values.tls.ca_file }} + readOnly: true + {{- end }} + {{- with .Values.extraVolumeMounts }} + {{- (tpl . $) | nindent 12 }} + {{- end }} + {{- if .Values.probe }} + {{- with .Values.probe }} + {{- tpl . $ | nindent 10 }} + {{- end }} + {{- else }} + livenessProbe: + exec: + command: + - bash + - -c + - | + PGPASSWORD=$POSTGRES_PASSWORD pg_isready -h localhost -U $POSTGRES_USER -d {{ template "postgresql.firstDatabaseName" . }} + PGPASSWORD=$POSTGRES_PASSWORD psql -h localhost -U $POSTGRES_USER -d {{ template "postgresql.firstDatabaseName" . }} -c "\dt+" > /dev/null + periodSeconds: 60 + successThreshold: 1 + failureThreshold: 3 + timeoutSeconds: 2 + startupProbe: + exec: + command: + - bash + - -c + - | + PGPASSWORD=$POSTGRES_PASSWORD pg_isready -h localhost -U $POSTGRES_USER -d {{ template "postgresql.firstDatabaseName" . }} + PGPASSWORD=$POSTGRES_PASSWORD psql -h localhost -U $POSTGRES_USER -d {{ template "postgresql.firstDatabaseName" . }} -c "\dt+" > /dev/null + periodSeconds: 60 + successThreshold: 1 + failureThreshold: 5 + timeoutSeconds: 2 + readinessProbe: + exec: + command: + - bash + - -c + - | + PGPASSWORD=$POSTGRES_PASSWORD pg_isready -h localhost -U $POSTGRES_USER -d {{ template "postgresql.firstDatabaseName" . }} + PGPASSWORD=$POSTGRES_PASSWORD psql -h localhost -U $POSTGRES_USER -d {{ template "postgresql.firstDatabaseName" . }} -c "\dt+" > /dev/null + periodSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + timeoutSeconds: 2 + {{- end }} + {{- with .Values.extraPodSpec }} + {{- tpl . $ | nindent 6 }} + {{- end }} + volumes: + {{- if .Values.tls.enabled }} + - name: cert + secret: + secretName: {{ .Values.tls.secretName }} + defaultMode: 0440 + {{- end }} + {{- with .Values.extraVolume }} + {{- (tpl . $) | nindent 8 }} + {{- end }} +{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} + - name: data + persistentVolumeClaim: +{{- with .Values.persistence.existingClaim }} + claimName: {{ tpl . $ }} +{{- end }} +{{- else if not .Values.persistence.enabled }} + - name: data + emptyDir: {} +{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} + volumeClaimTemplates: + - metadata: + name: data + {{- with .Values.persistence.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{ include "common.storageClass" . | nindent 8 }} +{{- end -}} +{{- end -}} diff --git a/charts/postgis/v0.3.0/templates/svc-headless.yaml b/charts/postgis/v0.3.0/templates/svc-headless.yaml new file mode 100644 index 0000000..1e03ad7 --- /dev/null +++ b/charts/postgis/v0.3.0/templates/svc-headless.yaml @@ -0,0 +1,77 @@ +{{- define "postgis.service.basic" -}} +metadata: + name: {{ include "postgresql.service.name" . }} + labels: + {{- with .Values.service.labels }} + {{- tpl . $ | nindent 4 }} + {{- end }} + annotations: + {{- with .Values.service.annotations }} + {{- tpl . $ | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + clusterIP: {{ .Values.service.clusterIP }} + ports: + - name: tcp-postgis + port: {{ .Values.service.port }} + targetPort: tcp-postgis + protocol: TCP +{{- end -}} + +{{- define "postgis.service.headless" -}} +metadata: + name: {{ template "common.fullname" . }}-headless + labels: + {{- with .Values.service.labels }} + {{- tpl . $ | nindent 4 }} + {{- end }} + annotations: + {{- with .Values.service.annotations }} + {{- tpl . $ | nindent 4 }} + {{- end }} +spec: + type: "ClusterIP" + clusterIP: None + ports: + - name: tcp-postgis + port: {{ .Values.service.port }} + targetPort: tcp-postgis + protocol: TCP +{{- end -}} + +{{- define "postgis.service.loadbalancer" -}} +metadata: + name: {{ template "common.fullname" . }}-lb + labels: + {{- with .Values.service.labels }} + {{- tpl . $ | nindent 4 }} + {{- end }} + annotations: + {{- with .Values.service.annotations }} + {{- tpl . $ | nindent 4 }} + {{- end }} +spec: + type: LoadBalancer + externalIPs: + {{- with .Values.service.externalIPs }} + {{- tpl . $ | nindent 4 }} + {{- end }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + ports: + - name: tcp-postgis + port: {{ .Values.service.port }} + targetPort: tcp-postgis + protocol: TCP +{{- end -}} + +--- +{{- include "common.service" (list . "postgis.service.basic") }} +... +--- +{{- if (eq "ClusterIP" .Values.service.type) }} +{{- include "common.service" (list . "postgis.service.headless") -}} +{{- else if (eq "LoadBalancer" .Values.service.type) }} +{{- include "common.service" (list . "postgis.service.loadbalancer") -}} +{{- end }} +... diff --git a/charts/postgis/v0.3.0/templates/tests/postgres-connection.yaml b/charts/postgis/v0.3.0/templates/tests/postgres-connection.yaml new file mode 100644 index 0000000..505082f --- /dev/null +++ b/charts/postgis/v0.3.0/templates/tests/postgres-connection.yaml @@ -0,0 +1,46 @@ +{{- include "common.pod" (list . "postgis.test.connection") -}} +{{- define "postgis.test.connection" -}} +metadata: + name: {{ template "common.fullname" . }}-postgres-test + annotations: + helm.sh/hook: test +spec: + restartPolicy: Never + containers: + {{- if not .Values.test.postgis.containers }} + - name: {{ .Release.Name }}-postgres-test + image: {{ template "common.image" . }} + env: + - name: POSTGRES_USER + value: {{ .Values.postgresqlUsername | quote }} + - name: POSTGRES_DBNAME + value: {{ .Values.postgresqlDatabase | quote }} + - name: POSTGRES_PASSWORD + {{- $param := dict "Value" .Values.postgresqlPassword "Context" . -}} + {{ include "common.secretFrom" $param | nindent 10 }} + - name: DATABASE_URL + valueFrom: + secretKeyRef: + key: database-url + name: {{ template "common.secretName" $param }} + command: + - /bin/bash + - -ceux + - | + echo "Test connection" + psql ${DATABASE_URL} -c "\dt+" > /tmp/test-output.txt + cat /tmp/test-output.txt + echo "" + echo "Test all database created" + for db in $(echo ${POSTGRES_DBNAME} | tr ',' ' '); do + echo "Check connection to DB: $db" + {{- $param = dict "Context" . "Password" "$POSTGRES_PASSWORD" "Database" "$db" }} + psql {{ include "postgresql.connectionstring" $param }} -c "\dt+" > /tmp/test-output.txt + cat /tmp/test-output.txt + done + {{- else }} + {{- with .Values.test.postgis.containers }} + {{- tpl . $ | nindent 4 }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/charts/postgis/v0.3.0/values.yaml b/charts/postgis/v0.3.0/values.yaml new file mode 100644 index 0000000..16ab825 --- /dev/null +++ b/charts/postgis/v0.3.0/values.yaml @@ -0,0 +1,184 @@ +# -- (object/container-image) Image map +# @notationType -- yaml +image: + # -- Image registry + registry: docker.io + # -- Image repository + repository: kartoza/postgis + # -- Image tag + tag: "13-3.1" + # -- (k8s/containers/image/imagePullPolicy) Image pullPolicy + pullPolicy: IfNotPresent + +# -- (string) postgres super user +postgresqlUsername: docker + +# -- (object/common.secret) Secret structure for postgres super user password +# Use this for prefilled password +# @notationType -- yaml +postgresqlPassword: + # -- (string) Specify this password value. If not, it will be + # autogenerated everytime chart upgraded + value: + valueFrom: + secretKeyRef: + name: + key: postgresql-password + +# -- (string) default generated database name +# if the image support it, pass a comma-separated list of database name, and +# it will be exposed in environment variable POSTGRES_DBNAME. +# The first database will be used to check connection in the probe. +postgresqlDatabase: gis + +# -- (tpl/string) Use this if you have predefined secrets object +# @notationType -- tpl +existingSecret: | + +# -- (tpl/list) Define this for extra pod environment variables +# @notationType -- tpl +extraPodEnv: | + #- name: KEY_1 + # value: "VALUE_1" + #- name: KEY_2 + # value: "VALUE_2" + - name: PASSWORD_AUTHENTICATION + value: "md5" + +# -- (tpl/map) This will be evaluated as pod spec +# @notationType -- tpl +extraPodSpec: | + ##You can set pod attribute if needed + #ports: + # - containerPort: 5432 + # name: tcp-port + +# -- (tpl/map) Define this for extra secrets to be included +# @notationType -- tpl +extraSecret: | + #key_1: value_1 + +# -- (tpl/map) Define this for extra config map +# @notationType -- tpl +extraConfigMap: | + #file_1: "conf content" + +# -- (tpl/list) Define this for extra volume mounts in the pod +# @notationType -- tpl +extraVolumeMounts: | + ##You may potentially mount a config map/secret + #- name: custom-config + # mountPath: /docker-entrypoint.sh + # subPath: docker-entrypoint.sh + # readOnly: true + +# -- (tpl/list) Define this for extra volume (in pair with extraVolumeMounts) +# @notationType -- tpl +extraVolume: | + ##You may potentially mount a config map/secret + #- name: custom-config + # configMap: + # name: geoserver-config + +# -- (path) PostgreSQL data dir. Location where you want to store the stateful +# data +postgresqlDataDir: /opt/kartoza/postgis/data + +# -- (k8s/containers/securityContext) Define this if you want more control +# with the security context of the pods +# @notationType -- tpl +securityContext: | + ##You have to use fsGroup if you use custom certificate + #fsGroup: 101 # postgres group + #runAsUser: 1000 # run as root + #runAsGroup: 1000 # run as root + +tls: + # -- (bool) Enable to true if you can specify where the certificate is located. + # You must also enable securityContext.fsGroup if you want to use tls + enabled: false + # -- (string) Secret of a Certificate kind that stores the certificate + secretName: + # -- (string) Subpath of the secret CA + ca_file: ca.crt + # -- (string) Subpath of the secret Cert file + cert_file: tls.crt + # -- (string) Subpath of the secret TLS key + key_file: tls.key + +# -- (k8s/containers/probe) Probe can be overridden +# If set empty, it will use default probe +# @notationType -- tpl +probe: | + +# PostgreSQL service configuration +service: + # -- (k8s/service/type) PostgresSQL service type + type: ClusterIP + # -- (k8s/service/clusterIP) Set to None for Headless Service + # Otherwise set to "" to give a default cluster IP + clusterIP: None + # -- (k8s/service/port) Default TCP port + port: 5432 + + # -- (k8s/service/nodePort) Specify the nodePort value for the LoadBalancer and NodePort service types. + # [ref](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport) + nodePort: + + # -- (tpl/map) Provide any additional annotations which may be required. + # Evaluated as a template. + # @notationType -- tpl + labels: | + + # -- (tpl/map) Provide any additional annotations which may be required. + # Evaluated as a template. + # @notationType -- tpl + annotations: | + + # -- (k8s/service/loadBalancerIP) Set the LoadBalancer service type to internal only. + # [ref](https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer) + loadBalancerIP: + + +global: + # -- (string) Storage class name used to provision PV + storageClass: null + +persistence: + # -- (bool) Enable persistence. If set to false, the data directory + # will use ephemeral volume + enabled: true + # -- (string) Storage class name used to provision PV + storageClass: null + # -- (string) A manually managed Persistent Volume and Claim + # If defined, PVC must be created manually before volume will be bound + # The value is evaluated as a template, + # so, for example, the name can depend on .Release or .Chart + # @notationType -- tpl + existingClaim: | + + # -- (path) The path the volume will be mounted at, useful when using different + # PostgreSQL images. + mountPath: /opt/kartoza/postgis/data + + # -- (string) The subdirectory of the volume to mount to, useful in + # dev environments and one PV for multiple services. Default provisioner + # usually have .lost+found directory, so you might want to use this so + # the container can have empty volume + subPath: "data" + + # -- (string/size) Size of the PV + size: 8Gi + + # -- (list) Default Access Modes + accessModes: + - ReadWriteOnce + # -- (map) You can specify extra annotations here + annotations: {} + + +test: + postgis: + # -- (tpl/array) List of containers override for testing + # @notationType -- (tpl) + containers: