## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global Docker image parameters: imageRegistry and imagePullSecrets ## global: postgresql: {} # imageRegistry: myRegistryName # imagePullSecrets: # - myRegistryKeySecretName # storageClass: myStorageClass ## Bitnami PostgreSQL image version ## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ ## image: registry: docker.io repository: bitnami/postgresql tag: 11.7.0-debian-10-r9 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## # pullSecrets: # - myRegistryKeySecretName ## Set to true if you would like to see extra information on logs ## It turns BASH and NAMI debugging in minideb ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging debug: false ## String to partially override postgresql.fullname template (will maintain the release name) ## # nameOverride: ## String to fully override postgresql.fullname template ## # fullnameOverride: ## ## Init containers parameters: ## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup ## volumePermissions: enabled: false image: registry: docker.io repository: bitnami/minideb tag: buster ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: Always ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## # pullSecrets: # - myRegistryKeySecretName ## Init container Security Context ## Note: the chown of the data folder is done to securityContext.runAsUser ## and not the below volumePermissions.securityContext.runAsUser ## When runAsUser is set to special value "auto", init container will try to chwon the ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false ## securityContext: runAsUser: 0 ## Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## # schedulerName: ## Pod Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## securityContext: enabled: true fsGroup: 1001 runAsUser: 1001 ## Pod Service Account ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ serviceAccount: enabled: false ## Name of an already existing service account. Setting this value disables the automatic service account creation. # name: replication: enabled: false user: repl_user password: repl_password slaveReplicas: 1 ## Set synchronous commit mode: on, off, remote_apply, remote_write and local ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL synchronousCommit: "off" ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication ## NOTE: It cannot be > slaveReplicas numSynchronousReplicas: 0 ## Replication Cluster application name. Useful for defining multiple replication policies applicationName: my_application ## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) # postgresqlPostgresPassword: ## PostgreSQL user (has superuser privileges if username is `postgres`) ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run postgresqlUsername: postgres ## PostgreSQL password ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run ## # postgresqlPassword: ## PostgreSQL password using existing secret ## existingSecret: secret ## Mount PostgreSQL secret as a file instead of passing environment variable # usePasswordFile: false ## Create a database ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run ## # postgresqlDatabase: ## PostgreSQL data dir ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md ## postgresqlDataDir: /bitnami/postgresql/data ## An array to add extra environment variables ## For example: ## extraEnv: ## - name: FOO ## value: "bar" ## # extraEnv: extraEnv: [] ## Name of a ConfigMap containing extra env vars ## # extraEnvVarsCM: ## Specify extra initdb args ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md ## # postgresqlInitdbArgs: ## Specify a custom location for the PostgreSQL transaction log ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md ## # postgresqlInitdbWalDir: ## PostgreSQL configuration ## Specify runtime configuration parameters as a dict, using camelCase, e.g. ## {"sharedBuffers": "500MB"} ## Alternatively, you can put your postgresql.conf under the files/ directory ## ref: https://www.postgresql.org/docs/current/static/runtime-config.html ## # postgresqlConfiguration: ## PostgreSQL extended configuration ## As above, but _appended_ to the main configuration ## Alternatively, you can put your *.conf under the files/conf.d/ directory ## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf ## # postgresqlExtendedConf: ## PostgreSQL client authentication configuration ## Specify content for pg_hba.conf ## Default: do not create pg_hba.conf ## Alternatively, you can put your pg_hba.conf under the files/ directory # pgHbaConfiguration: |- # local all all trust # host all all localhost trust # host mydatabase mysuser 192.168.0.0/24 md5 ## ConfigMap with PostgreSQL configuration ## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration # configurationConfigMap: ## ConfigMap with PostgreSQL extended configuration # extendedConfConfigMap: ## initdb scripts ## Specify dictionary of scripts to be run at first boot ## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory ## # initdbScripts: # my_init_script.sh: | # #!/bin/sh # echo "Do something." ## ConfigMap with scripts to be run at first boot ## NOTE: This will override initdbScripts # initdbScriptsConfigMap: ## Secret with scripts to be run at first boot (in case it contains sensitive information) ## NOTE: This can work along initdbScripts or initdbScriptsConfigMap # initdbScriptsSecret: ## Specify the PostgreSQL username and password to execute the initdb scripts # initdbUser: # initdbPassword: ## Optional duration in seconds the pod needs to terminate gracefully. ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods ## # terminationGracePeriodSeconds: 30 ## LDAP configuration ## ldap: enabled: false url: "" server: "" port: "" prefix: "" suffix: "" baseDN: "" bindDN: "" bind_password: search_attr: "" search_filter: "" scheme: "" tls: false ## PostgreSQL service configuration service: ## PosgresSQL service type type: ClusterIP # clusterIP: None port: 5432 ## Specify the nodePort value for the LoadBalancer and NodePort service types. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport ## # nodePort: ## Provide any additional annotations which may be required. ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart annotations: {} ## Set the LoadBalancer service type to internal only. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## # loadBalancerIP: ## Load Balancer sources ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## # loadBalancerSourceRanges: # - 10.10.10.0/24 ## Start master and slave(s) pod(s) without limitations on shm memory. ## By default docker and containerd (and possibly other container runtimes) ## limit `/dev/shm` to `64M` (see e.g. the ## [docker issue](https://github.com/docker-library/postgres/issues/416) and the ## [containerd issue](https://github.com/containerd/containerd/issues/3654), ## which could be not enough if PostgreSQL uses parallel workers heavily. ## shmVolume: ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove ## this limitation. ## enabled: true ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. ## This option is ingored if `volumePermissions.enabled` is `false` ## chmod: enabled: true ## PostgreSQL data Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## persistence: enabled: true ## A manually managed Persistent Volume and Claim ## If defined, PVC must be created manually before volume will be bound ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart ## # existingClaim: ## The path the volume will be mounted at, useful when using different ## PostgreSQL images. ## mountPath: /bitnami/postgresql ## The subdirectory of the volume to mount to, useful in dev environments ## and one PV for multiple services. ## subPath: "" # storageClass: "-" accessModes: - ReadWriteOnce size: 8Gi annotations: {} ## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies updateStrategy: type: RollingUpdate ## ## PostgreSQL Master parameters ## master: ## Node, affinity, tolerations, and priorityclass settings for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption nodeSelector: {} affinity: {} tolerations: [] labels: {} annotations: {} podLabels: {} podAnnotations: {} priorityClassName: "" extraInitContainers: | # - name: do-something # image: busybox # command: ['do', 'something'] ## Additional PostgreSQL Master Volume mounts ## extraVolumeMounts: [] ## Additional PostgreSQL Master Volumes ## extraVolumes: [] ## Add sidecars to the pod ## ## For example: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 sidecars: [] ## ## PostgreSQL Slave parameters ## slave: ## Node, affinity, tolerations, and priorityclass settings for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption nodeSelector: {} affinity: {} tolerations: [] labels: {} annotations: {} podLabels: {} podAnnotations: {} priorityClassName: "" extraInitContainers: | # - name: do-something # image: busybox # command: ['do', 'something'] ## Additional PostgreSQL Slave Volume mounts ## extraVolumeMounts: [] ## Additional PostgreSQL Slave Volumes ## extraVolumes: [] ## Add sidecars to the pod ## ## For example: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 sidecars: [] ## Configure resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: requests: memory: 256Mi cpu: 250m networkPolicy: ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. ## enabled: false ## The Policy model to apply. When set to false, only pods with the correct ## client label will have network access to the port PostgreSQL is listening ## on. When true, PostgreSQL will accept connections from any source ## (with the correct destination port). ## allowExternal: true ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace ## and that match other criteria, the ones that have the good label, can reach the DB. ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. ## # explicitNamespacesSelector: # matchLabels: # role: frontend # matchExpressions: # - {key: role, operator: In, values: [frontend]} ## Configure extra options for liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) livenessProbe: enabled: true initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 readinessProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## Configure metrics exporter ## metrics: enabled: false # resources: {} service: type: ClusterIP annotations: prometheus.io/scrape: "true" prometheus.io/port: "9187" loadBalancerIP: serviceMonitor: enabled: false additionalLabels: {} # namespace: monitoring # interval: 30s # scrapeTimeout: 10s ## Custom PrometheusRule to be defined ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions prometheusRule: enabled: false additionalLabels: {} namespace: "" rules: [] ## These are just examples rules, please adapt them to your needs. ## Make sure to constraint the rules to the current postgresql service. # - alert: HugeReplicationLag # expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 # for: 1m # labels: # severity: critical # annotations: # description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). # summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). image: registry: docker.io repository: bitnami/postgres-exporter tag: 0.8.0-debian-10-r28 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## # pullSecrets: # - myRegistryKeySecretName ## Define additional custom metrics ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file # customMetrics: # pg_database: # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" # metrics: # - name: # usage: "LABEL" # description: "Name of the database" # - size_bytes: # usage: "GAUGE" # description: "Size of the database in bytes" ## Pod Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## securityContext: enabled: false runAsUser: 1001 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) ## Configure extra options for liveness and readiness probes livenessProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 readinessProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1