postgresql-ha

Helm chart

Last changed

Request a free trial

Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.

Tag:

# This file has been modified by Chainguard, Inc.

# Chainguard, Inc. modifications are subject to the license

# available at: https://www.chainguard.dev/legal/software-license-agreement

# SPDX-License-Identifier: APACHE-2.0

## @section Global parameters

## Global Docker image parameters

## Please, note that this will override the image parameters, including dependencies, configured to use the global value

## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass

## @param global.imageRegistry Global Docker image registry

## @param global.imagePullSecrets Global Docker registry secret names as an array

## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)

## @param global.postgresql.username PostgreSQL username (overrides `postgresql.username`)

## @param global.postgresql.password PostgreSQL password (overrides `postgresql.password`)

## @param global.postgresql.database PostgreSQL database (overrides `postgresql.database`)

## @param global.postgresql.repmgrUsername PostgreSQL repmgr username (overrides `postgresql.repmgrUsername`)

## @param global.postgresql.repmgrPassword PostgreSQL repmgr password (overrides `postgresql.repmgrpassword`)

## @param global.postgresql.repmgrDatabase PostgreSQL repmgr database (overrides `postgresql.repmgrDatabase`)

## @param global.postgresql.existingSecret Name of existing secret to use for PostgreSQL passwords (overrides `postgresql.existingSecret`)

## @param global.ldap.bindpw LDAP bind password (overrides `ldap.bindpw`)

## @param global.ldap.existingSecret Name of existing secret to use for LDAP passwords (overrides `ldap.existingSecret`)

## @param global.pgpool.adminUsername Pgpool-II Admin username (overrides `pgpool.adminUsername`)

## @param global.pgpool.adminPassword Pgpool-II Admin password (overrides `pgpool.adminPassword`)

## @param global.pgpool.srCheckUsername Pgpool-II SR Check username (overrides `pgpool.srCheckUsername`)

## @param global.pgpool.srCheckPassword Pgpool-II SR Check password (overrides `pgpool.srCheckPassword`)

## @param global.pgpool.existingSecret Pgpool-II existing secret

global:

imageRegistry: ""

## E.g.

## imagePullSecrets:

## - myRegistryKeySecretName

imagePullSecrets: []

defaultStorageClass: ""

## Security parameters

security:

## @param global.security.allowInsecureImages Allows skipping image verification

allowInsecureImages: false

postgresql:

username: ""

password: ""

database: ""

repmgrUsername: ""

repmgrPassword: ""

repmgrDatabase: ""

existingSecret: ""

ldap:

bindpw: ""

existingSecret: ""

pgpool:

adminUsername: ""

adminPassword: ""

srCheckUsername: ""

srCheckPassword: ""

existingSecret: ""

## Compatibility adaptations for Kubernetes platforms

compatibility:

## Compatibility adaptations for Openshift

openshift:

## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)

adaptSecurityContext: auto

org: ""

## @section Common parameters

## @param kubeVersion Override Kubernetes version

kubeVersion: ""

## @param nameOverride String to partially override common.names.fullname template (will maintain the release name)

nameOverride: ""

## @param fullnameOverride String to fully override common.names.fullname template

fullnameOverride: ""

## @param namespaceOverride String to fully override common.names.namespace

namespaceOverride: ""

## @param commonLabels Common labels to add to all resources (sub-charts are not considered). Evaluated as a template

commonLabels: {}

## @param commonAnnotations Common annotations to add to all resources (sub-charts are not considered). Evaluated as a template

commonAnnotations: {}

## @param clusterDomain Kubernetes Cluster Domain

clusterDomain: cluster.local

## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template)

extraDeploy: []

## Diagnostic mode in the deployment

100

101

diagnosticMode:

102

## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)

103

104

enabled: false

105

## @param diagnosticMode.command [array] Command to override all containers in the deployment

106

107

command:

108

- sleep

109

## @param diagnosticMode.args [array] Args to override all containers in the deployment

110

111

args:

112

- infinity

113

## @section PostgreSQL with Repmgr parameters

114

postgresql:

115

## @param postgresql.image.registry [default: REGISTRY_NAME] PostgreSQL with Repmgr image registry

116

## @param postgresql.image.repository [default: REPOSITORY_NAME/postgresql-repmgr] PostgreSQL with Repmgr image repository

117

## @skip postgresql.image.tag PostgreSQL with Repmgr image tag

118

## @param postgresql.image.digest PostgreSQL with Repmgr image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag

119

## @param postgresql.image.pullPolicy PostgreSQL with Repmgr image pull policy

120

## @param postgresql.image.pullSecrets Specify docker-registry secret names as an array

121

## @param postgresql.image.debug Specify if debug logs should be enabled

122

123

image:

124

registry: cgr.dev

125

repository: chainguard-private/postgres-repmgr-iamguarded

126

tag: 18.3-r2

127

digest: ""

128

## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images

129

130

pullPolicy: IfNotPresent

131

## Optionally specify an array of imagePullSecrets.

132

## Secrets must be manually created in the namespace.

133

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

134

## Example:

135

## pullSecrets:

136

## - myRegistryKeySecretName

137

138

pullSecrets: []

139

## Set to true if you would like to see extra information on logs

140

141

debug: false

142

## @param postgresql.labels Labels to add to the StatefulSet. Evaluated as template

143

144

labels: {}

145

## @param postgresql.podLabels Labels to add to the StatefulSet pods. Evaluated as template

146

147

podLabels: {}

148

## @param postgresql.serviceAnnotations Provide any additional annotations for PostgreSQL service

149

150

serviceAnnotations: {}

151

## @param postgresql.replicaCount Number of replicas to deploy. Use an odd number. Having 3 replicas is the minimum to get quorum when promoting a new primary.

152

153

replicaCount: 3

154

## @param postgresql.updateStrategy.type Postgresql StatefulSet strategy type

155

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies

156

## e.g:

157

## updateStrategy:

158

## type: RollingUpdate

159

## rollingUpdate:

160

## maxSurge: 25%

161

## maxUnavailable: 25%

162

163

updateStrategy:

164

type: RollingUpdate

165

## @param postgresql.containerPorts.postgresql PostgreSQL port

166

167

containerPorts:

168

postgresql: 5432

169

## @param postgresql.automountServiceAccountToken Mount Service Account token in pod

170

171

automountServiceAccountToken: false

172

## @param postgresql.hostAliases Deployment pod host aliases

173

## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/

174

175

hostAliases: []

176

## @param postgresql.hostNetwork Specify if host network should be enabled for PostgreSQL pod

177

178

hostNetwork: false

179

## @param postgresql.hostIPC Specify if host IPC should be enabled for PostgreSQL pod

180

181

hostIPC: false

182

## @param postgresql.podAnnotations Additional pod annotations

183

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

184

185

podAnnotations: {}

186

## @param postgresql.podAffinityPreset PostgreSQL pod affinity preset. Ignored if `postgresql.affinity` is set. Allowed values: `soft` or `hard`

187

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

188

189

podAffinityPreset: ""

190

## @param postgresql.podAntiAffinityPreset PostgreSQL pod anti-affinity preset. Ignored if `postgresql.affinity` is set. Allowed values: `soft` or `hard`

191

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

192

193

podAntiAffinityPreset: soft

194

## PostgreSQL node affinity preset

195

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity

196

197

nodeAffinityPreset:

198

## @param postgresql.nodeAffinityPreset.type PostgreSQL node affinity preset type. Ignored if `postgresql.affinity` is set. Allowed values: `soft` or `hard`

199

200

type: ""

201

## @param postgresql.nodeAffinityPreset.key PostgreSQL node label key to match Ignored if `postgresql.affinity` is set.

202

## E.g.

203

## key: "kubernetes.io/e2e-az-name"

204

205

key: ""

206

## @param postgresql.nodeAffinityPreset.values PostgreSQL node label values to match. Ignored if `postgresql.affinity` is set.

207

## E.g.

208

## values:

209

## - e2e-az1

210

## - e2e-az2

211

212

values: []

213

## @param postgresql.affinity Affinity for PostgreSQL pods assignment

214

## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

215

## Note: postgresql.podAffinityPreset, postgresql.podAntiAffinityPreset, and postgresql.nodeAffinityPreset will be ignored when it's set

216

217

affinity: {}

218

## @param postgresql.nodeSelector Node labels for PostgreSQL pods assignment

219

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

220

221

nodeSelector: {}

222

## @param postgresql.tolerations Tolerations for PostgreSQL pods assignment

223

## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

224

225

tolerations: []

226

## @param postgresql.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template

227

## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods

228

229

topologySpreadConstraints: []

230

## @param postgresql.priorityClassName Pod priority class

231

## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/

232

233

priorityClassName: ""

234

## @param postgresql.schedulerName Use an alternate scheduler, e.g. "stork".

235

## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/

236

237

schedulerName: ""

238

## @param postgresql.terminationGracePeriodSeconds Seconds PostgreSQL pod needs to terminate gracefully

239

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods

240

241

terminationGracePeriodSeconds: ""

242

## K8s Security Context

243

## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

244

## @param postgresql.podSecurityContext.enabled Enable security context for PostgreSQL with Repmgr

245

## @param postgresql.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy

246

## @param postgresql.podSecurityContext.sysctls Set kernel settings using the sysctl interface

247

## @param postgresql.podSecurityContext.supplementalGroups Set filesystem extra groups

248

## @param postgresql.podSecurityContext.fsGroup Group ID for the PostgreSQL with Repmgr filesystem

249

250

podSecurityContext:

251

enabled: true

252

fsGroupChangePolicy: Always

253

sysctls: []

254

supplementalGroups: []

255

fsGroup: 1001

256

## Container Security Context

257

## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

258

## @param postgresql.containerSecurityContext.enabled Enabled containers' Security Context

259

## @param postgresql.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container

260

## @param postgresql.containerSecurityContext.runAsUser Set containers' Security Context runAsUser

261

## @param postgresql.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup

262

## @param postgresql.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot

263

## @param postgresql.containerSecurityContext.privileged Set container's Security Context privileged

264

## @param postgresql.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem

265

## @param postgresql.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation

266

## @param postgresql.containerSecurityContext.capabilities.drop List of capabilities to be dropped

267

## @param postgresql.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile

268

## e.g:

269

## containerSecurityContext:

270

## enabled: true

271

## capabilities:

272

## drop: ["NET_RAW"]

273

## readOnlyRootFilesystem: true

274

275

containerSecurityContext:

276

enabled: true

277

seLinuxOptions: {}

278

runAsUser: 1001

279

runAsGroup: 1001

280

runAsNonRoot: true

281

privileged: false

282

readOnlyRootFilesystem: true

283

allowPrivilegeEscalation: false

284

capabilities:

285

drop: ["ALL"]

286

seccompProfile:

287

type: "RuntimeDefault"

288

## @param postgresql.command Override default container command (useful when using custom images)

289

290

command: []

291

## @param postgresql.args Override default container args (useful when using custom images)

292

293

args: []

294

## @param postgresql.lifecycleHooks LifecycleHook to set additional configuration at startup, e.g. LDAP settings via REST API. Evaluated as a template

295

296

lifecycleHooks: {}

297

## @param postgresql.extraEnvVars Array containing extra environment variables

298

## For example:

299

## - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS

300

## value: "true"

301

302

extraEnvVars: []

303

## @param postgresql.extraEnvVarsCM ConfigMap with extra environment variables

304

305

extraEnvVarsCM: ""

306

## @param postgresql.extraEnvVarsSecret Secret with extra environment variables

307

308

extraEnvVarsSecret: ""

309

## @param postgresql.extraVolumes Extra volumes to add to the StatefulSet

310

311

extraVolumes: []

312

## @param postgresql.extraVolumeMounts Extra volume mounts to add to the container. Normally used with `extraVolumes`.

313

314

extraVolumeMounts: []

315

## @param postgresql.initContainers Extra init containers to add to the StatefulSet

316

317

initContainers: []

318

## @param postgresql.sidecars Extra sidecar containers to add to the StatefulSet

319

320

sidecars: []

321

## PostgreSQL containers' resource requests and limits

322

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

323

## We usually recommend not to specify default resources and to leave this as a conscious

324

## choice for the user. This also increases chances charts run on environments with little

325

## resources, such as Minikube. If you do want to specify resources, uncomment the following

326

## lines, adjust them as necessary, and remove the curly braces after 'resources:'.

327

## @param postgresql.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if postgresql.resources is set (postgresql.resources is recommended for production).

328

329

resourcesPreset: "micro"

330

## @param postgresql.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

331

## Example:

332

## resources:

333

## requests:

334

## cpu: 2

335

## memory: 512Mi

336

## limits:

337

## cpu: 3

338

## memory: 1024Mi

339

340

resources: {}

341

## @param postgresql.podManagementPolicy Sets the pod management policy

342

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies

343

344

podManagementPolicy: Parallel

345

## PostgreSQL container's liveness probe

346

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes

347

## @param postgresql.livenessProbe.enabled Enable livenessProbe

348

## @param postgresql.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe

349

## @param postgresql.livenessProbe.periodSeconds Period seconds for livenessProbe

350

## @param postgresql.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe

351

## @param postgresql.livenessProbe.failureThreshold Failure threshold for livenessProbe

352

## @param postgresql.livenessProbe.successThreshold Success threshold for livenessProbe

353

354

livenessProbe:

355

enabled: true

356

initialDelaySeconds: 15

357

periodSeconds: 10

358

timeoutSeconds: 5

359

successThreshold: 1

360

failureThreshold: 6

361

## PostgreSQL container's readiness probe

362

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes

363

## @param postgresql.readinessProbe.enabled Enable readinessProbe

364

## @param postgresql.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe

365

## @param postgresql.readinessProbe.periodSeconds Period seconds for readinessProbe

366

## @param postgresql.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe

367

## @param postgresql.readinessProbe.failureThreshold Failure threshold for readinessProbe

368

## @param postgresql.readinessProbe.successThreshold Success threshold for readinessProbe

369

370

readinessProbe:

371

enabled: true

372

initialDelaySeconds: 5

373

periodSeconds: 10

374

timeoutSeconds: 5

375

successThreshold: 1

376

failureThreshold: 6

377

## PostgreSQL container's startup probe

378

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes

379

## @param postgresql.startupProbe.enabled Enable startupProbe

380

## @param postgresql.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe

381

## @param postgresql.startupProbe.periodSeconds Period seconds for startupProbe

382

## @param postgresql.startupProbe.timeoutSeconds Timeout seconds for startupProbe

383

## @param postgresql.startupProbe.failureThreshold Failure threshold for startupProbe

384

## @param postgresql.startupProbe.successThreshold Success threshold for startupProbe

385

386

startupProbe:

387

enabled: false

388

initialDelaySeconds: 5

389

periodSeconds: 10

390

timeoutSeconds: 5

391

successThreshold: 1

392

failureThreshold: 10

393

## @param postgresql.customLivenessProbe Override default liveness probe

394

395

customLivenessProbe: {}

396

## @param postgresql.customReadinessProbe Override default readiness probe

397

398

customReadinessProbe: {}

399

## @param postgresql.customStartupProbe Override default startup probe

400

401

customStartupProbe: {}

402

## Network Policies

403

## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/

404

405

networkPolicy:

406

## @param postgresql.networkPolicy.enabled Specifies whether a NetworkPolicy should be created

407

408

enabled: true

409

## @param postgresql.networkPolicy.allowExternal Don't require server label for connections

410

## The Policy model to apply. When set to false, only pods with the correct

411

## server label will have network access to the ports server is listening

412

## on. When true, server will accept connections from any source

413

## (with the correct destination port).

414

415

allowExternal: true

416

## @param postgresql.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.

417

418

allowExternalEgress: true

419

## @param postgresql.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy

420

## e.g:

421

## extraIngress:

422

## - ports:

423

## - port: 1234

424

## from:

425

## - podSelector:

426

## - matchLabels:

427

## - role: frontend

428

## - podSelector:

429

## - matchExpressions:

430

## - key: role

431

## operator: In

432

## values:

433

## - frontend

434

extraIngress: []

435

## @param postgresql.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy

436

## e.g:

437

## extraEgress:

438

## - ports:

439

## - port: 1234

440

## to:

441

## - podSelector:

442

## - matchLabels:

443

## - role: frontend

444

## - podSelector:

445

## - matchExpressions:

446

## - key: role

447

## operator: In

448

## values:

449

## - frontend

450

451

extraEgress: []

452

## @param postgresql.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces

453

## @param postgresql.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces

454

455

ingressNSMatchLabels: {}

456

ingressNSPodMatchLabels: {}

457

## Pod disruption budget configuration

458

## @param postgresql.pdb.create Specifies whether to create a Pod disruption budget for PostgreSQL with Repmgr

459

## @param postgresql.pdb.minAvailable Minimum number / percentage of pods that should remain scheduled

460

## @param postgresql.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `postgresql.pdb.minAvailable` and `postgresql.pdb.maxUnavailable` are empty.

461

462

pdb:

463

create: true

464

minAvailable: ""

465

maxUnavailable: ""

466

## PostgreSQL authentication parameters

467

## @param postgresql.username PostgreSQL username

468

## @param postgresql.password PostgreSQL password

469

## @param postgresql.database PostgreSQL database

470

471

username: postgres

472

password: ""

473

database: ""

474

## @param postgresql.existingSecret PostgreSQL password using existing secret

475

476

existingSecret: ""

477

## @param postgresql.postgresPassword PostgreSQL password for the `postgres` user when `username` is not `postgres`

478

479

postgresPassword: ""

480

## @param postgresql.usePasswordFiles Set to `true` to mount PostgreSQL secret as a file instead of passing environment variable

481

482

usePasswordFiles: true

483

## @param postgresql.pgHbaTrustAll Configures PostgreSQL HBA to trust every user

484

485

pgHbaTrustAll: false

486

## @param postgresql.syncReplication Enable synchronous replication synchronous, waiting until data is synchronized in every replica before other queries can be run

487

## This ensures the data availability at the expenses of speed

488

489

syncReplication: false

490

## @param postgresql.syncReplicationMode This specifies the method to choose synchronous standbys from the listed servers. Valid values: empty, FIRST, ANY.

491

## ref: https://www.postgresql.org/docs/current/runtime-config-replication.html#GUC-SYNCHRONOUS-STANDBY-NAMES

492

493

syncReplicationMode: ""

494

## Repmgr configuration parameters

495

## @param postgresql.repmgrUsername PostgreSQL Repmgr username

496

## @param postgresql.repmgrPassword PostgreSQL Repmgr password

497

## @param postgresql.repmgrDatabase PostgreSQL Repmgr database

498

## @param postgresql.repmgrUsePassfile Configure Repmgr to use `passfile` instead of `password` vars*:*:*:username:password"

499

## @param postgresql.repmgrPassfilePath Custom path where `passfile` will be stored

500

## @param postgresql.repmgrLogLevel Repmgr log level (DEBUG, INFO, NOTICE, WARNING, ERROR, ALERT, CRIT or EMERG)

501

## @param postgresql.repmgrConnectTimeout Repmgr backend connection timeout (in seconds)

502

## @param postgresql.repmgrReconnectAttempts Repmgr backend reconnection attempts

503

## @param postgresql.repmgrReconnectInterval Repmgr backend reconnection interval (in seconds)

504

## @param postgresql.repmgrFenceOldPrimary Set if fencing of old primary in multiple primary situation is desired

505

## @param postgresql.repmgrChildNodesCheckInterval Repmgr child nodes check interval (in seconds)

506

## @param postgresql.repmgrChildNodesConnectedMinCount Repmgr minimum number of connected child nodes before being considered as failed primary for fencing

507

## @param postgresql.repmgrChildNodesDisconnectTimeout Repmgr time before node will be fenced when insufficient child nodes are detected (in seconds)

508

## @param postgresql.upgradeRepmgrExtension Upgrade Repmgr extension in the database

509

510

repmgrUsername: repmgr

511

repmgrPassword: ""

512

repmgrDatabase: repmgr

513

repmgrUsePassfile: true

514

repmgrPassfilePath: ""

515

repmgrLogLevel: NOTICE

516

repmgrConnectTimeout: 5

517

repmgrReconnectAttempts: 2

518

repmgrReconnectInterval: 3

519

repmgrFenceOldPrimary: false

520

repmgrChildNodesCheckInterval: 5

521

repmgrChildNodesConnectedMinCount: 1

522

repmgrChildNodesDisconnectTimeout: 30

523

upgradeRepmgrExtension: false

524

## @param postgresql.usePgRewind Use pg_rewind for standby failover (experimental)

525

526

usePgRewind: false

527

## Audit settings

528

529

audit:

530

## @param postgresql.audit.logHostname Add client hostnames to the log file

531

532

logHostname: true

533

## @param postgresql.audit.logConnections Add client log-in operations to the log file

534

535

logConnections: false

536

## @param postgresql.audit.logDisconnections Add client log-outs operations to the log file

537

538

logDisconnections: false

539

## @param postgresql.audit.pgAuditLog Add operations to log using the pgAudit extension

540

541

pgAuditLog: ""

542

## @param postgresql.audit.pgAuditLogCatalog Log catalog using pgAudit

543

544

pgAuditLogCatalog: "off"

545

## @param postgresql.audit.clientMinMessages Message log level to share with the user

546

547

clientMinMessages: error

548

## @param postgresql.audit.logLinePrefix Template string for the log line prefix

549

550

logLinePrefix: ""

551

## @param postgresql.audit.logTimezone Timezone for the log timestamps

552

553

logTimezone: ""

554

## @param postgresql.sharedPreloadLibraries Shared preload libraries (comma-separated list)

555

556

sharedPreloadLibraries: "pgaudit, repmgr"

557

## @param postgresql.maxConnections Maximum total connections

558

559

maxConnections: ""

560

## @param postgresql.postgresConnectionLimit Maximum connections for the postgres user

561

562

postgresConnectionLimit: ""

563

## @param postgresql.dbUserConnectionLimit Maximum connections for the created user

564

565

dbUserConnectionLimit: ""

566

## @param postgresql.tcpKeepalivesInterval TCP keepalives interval

567

568

tcpKeepalivesInterval: ""

569

## @param postgresql.tcpKeepalivesIdle TCP keepalives idle

570

571

tcpKeepalivesIdle: ""

572

## @param postgresql.tcpKeepalivesCount TCP keepalives count

573

574

tcpKeepalivesCount: ""

575

## @param postgresql.statementTimeout Statement timeout

576

577

statementTimeout: ""

578

## @param postgresql.pghbaRemoveFilters Comma-separated list of patterns to remove from the pg_hba.conf file

579

## (cannot be used with custom pg_hba.conf)

580

581

pghbaRemoveFilters: ""

582

## @param postgresql.extraInitContainers Extra init containers

583

## Example:

584

## extraInitContainers:

585

## - name: do-something

586

## image: busybox

587

## command: ['do', 'something']

588

589

extraInitContainers: []

590

## @param postgresql.repmgrConfiguration Repmgr configuration

591

## You can use this parameter to specify the content for repmgr.conf

592

## Otherwise, a repmgr.conf will be generated based on the environment variables

593

## Example:

594

## repmgrConfiguration: |-

595

## ssh_options='-o "StrictHostKeyChecking no" -v'

596

## use_replication_slots='1'

597

## ...

598

599

repmgrConfiguration: ""

600

## @param postgresql.configuration PostgreSQL configuration

601

## You can use this parameter to specify the content for postgresql.conf

602

## Otherwise, a postgresql.conf will be generated based on the environment variables

603

## Example:

604

## configuration: |-

605

## listen_addresses = '*'

606

## port = '5432'

607

## ...

608

609

configuration: ""

610

## @param postgresql.pgHbaConfiguration PostgreSQL client authentication configuration

611

## You can use this parameter to specify the content for pg_hba.conf

612

## Otherwise, a pg_hba.conf will be generated based on the environment variables

613

## Example:

614

## pgHbaConfiguration: |-

615

## host all repmgr 0.0.0.0/0 md5

616

## host repmgr repmgr 0.0.0.0/0 md

617

## ...

618

619

pgHbaConfiguration: ""

620

## @param postgresql.configurationCM Name of existing ConfigMap with configuration files

621

## NOTE: This will override postgresql.repmgrConfiguration, postgresql.configuration and postgresql.pgHbaConfiguration

622

623

configurationCM: ""

624

## @param postgresql.extendedConf Extended PostgreSQL configuration (requires `volumePermissions.enabled` to be `true`)

625

## Similar to postgresql.configuration, but _appended_ to the main configuration

626

## Example:

627

## extendedConf: |-

628

## deadlock_timeout = 1s

629

## max_locks_per_transaction = 64

630

## ...

631

632

extendedConf: ""

633

## @param postgresql.extendedConfCM ConfigMap with PostgreSQL extended configuration (requires `volumePermissions.enabled` to be `true`)

634

## NOTE: This will override postgresql.extendedConf

635

636

extendedConfCM: ""

637

## @param postgresql.initdbScripts Dictionary of initdb scripts

638

## Specify dictionary of scripts to be run at first boot

639

## The allowed extensions are `.sh`, `.sql` and `.sql.gz`

640

## e.g:

641

## initdbScripts:

642

## my_init_script.sh: |

643

## #!/bin/sh

644

## echo "Do something."

645

646

initdbScripts: {}

647

## @param postgresql.initdbScriptsCM ConfigMap with scripts to be run at first boot

648

## NOTE: This will override initdbScripts

649

650

initdbScriptsCM: ""

651

## @param postgresql.initdbScriptsSecret Secret with scripts to be run at first boot

652

## Note: can be used with initdbScriptsCM or initdbScripts

653

654

initdbScriptsSecret: ""

655

## TLS configuration

656

657

tls:

658

## @param postgresql.tls.enabled Enable TLS traffic support for end-client connections

659

660

enabled: false

661

## @param postgresql.tls.preferServerCiphers Whether to use the server's TLS cipher preferences rather than the client's

662

663

preferServerCiphers: true

664

## @param postgresql.tls.certificatesSecret Name of an existing secret that contains the certificates

665

666

certificatesSecret: ""

667

## @param postgresql.tls.certFilename Certificate filename

668

669

certFilename: ""

670

## @param postgresql.tls.certKeyFilename Certificate key filename

671

672

certKeyFilename: ""

673

## @param postgresql.preStopDelayAfterPgStopSeconds Minimal number of seconds preStop hook waits after PostgreSQL instance is stopped

674

## It is used to delay PostgreSQL pod termination. It gives Pgpool-II time to detect that node goes down. Down up cycle in

675

## Pgpool-II makes sure PostgreSQL node is registered correctly in Pgpool-II (mainly primary flag).

676

## Note: it could be replaced with .spec.minReadySeconds for Kubernetes v1.25 or later once

677

## https://github.com/kubernetes/kubernetes/issues/112066 is fixed.

678

## Note: must be set to lower value than terminationGracePeriodSeconds (defaults to 30) so that preStop hook finishes

679

## before grace period expires

680

681

preStopDelayAfterPgStopSeconds: 25

682

## @param postgresql.headlessWithNotReadyAddresses set postgres headless service into publishNotReadyAddresses mode

683

## It can be used to minimize/eliminate Pgpool-II restarts during PostgreSQL rolling upgrades or edge-case situations like

684

## network split. It expects that no other external component will use PostgreSQL headless service to connect or that

685

## such component implements re-try logic.

686

## This mode also enables enriched readiness probe implementation which delays first switch of POD to READY state

687

## after start/restart of container. It gives Pgpool-II time switch node back from DOWN to UP state during rolling

688

## upgrade.

689

690

headlessWithNotReadyAddresses: false

691

witness:

692

## @param witness.create Create PostgreSQL witness nodes

693

694

create: false

695

## @param witness.labels Labels to add to the StatefulSet. Evaluated as template

696

697

labels: {}

698

## @param witness.podLabels Labels to add to the StatefulSet pods. Evaluated as template

699

700

podLabels: {}

701

## @param witness.replicaCount Number of replicas to deploy.

702

703

replicaCount: 1

704

## @param witness.updateStrategy.type Postgresql StatefulSet strategy type

705

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies

706

## e.g:

707

## updateStrategy:

708

## type: RollingUpdate

709

## rollingUpdate:

710

## maxSurge: 25%

711

## maxUnavailable: 25%

712

713

updateStrategy:

714

type: RollingUpdate

715

## @param witness.containerPorts.postgresql PostgreSQL witness port

716

717

containerPorts:

718

postgresql: 5432

719

## @param witness.automountServiceAccountToken Mount Service Account token in pod

720

721

automountServiceAccountToken: false

722

## @param witness.hostAliases Deployment pod host aliases

723

## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/

724

725

hostAliases: []

726

## @param witness.hostNetwork Specify if host network should be enabled for PostgreSQL witness pod

727

728

hostNetwork: false

729

## @param witness.hostIPC Specify if host IPC should be enabled for PostgreSQL witness pod

730

731

hostIPC: false

732

## @param witness.podAnnotations Additional pod annotations

733

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

734

735

podAnnotations: {}

736

## @param witness.podAffinityPreset PostgreSQL witness pod affinity preset. Ignored if `witness.affinity` is set. Allowed values: `soft` or `hard`

737

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

738

739

podAffinityPreset: ""

740

## @param witness.podAntiAffinityPreset PostgreSQL witness pod anti-affinity preset. Ignored if `witness.affinity` is set. Allowed values: `soft` or `hard`

741

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

742

743

podAntiAffinityPreset: soft

744

## PostgreSQL witness node affinity preset

745

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity

746

747

nodeAffinityPreset:

748

## @param witness.nodeAffinityPreset.type PostgreSQL witness node affinity preset type. Ignored if `witness.affinity` is set. Allowed values: `soft` or `hard`

749

750

type: ""

751

## @param witness.nodeAffinityPreset.key PostgreSQL witness node label key to match Ignored if `witness.affinity` is set.

752

## E.g.

753

## key: "kubernetes.io/e2e-az-name"

754

755

key: ""

756

## @param witness.nodeAffinityPreset.values PostgreSQL witness node label values to match. Ignored if `witness.affinity` is set.

757

## E.g.

758

## values:

759

## - e2e-az1

760

## - e2e-az2

761

762

values: []

763

## @param witness.affinity Affinity for PostgreSQL witness pods assignment

764

## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

765

## Note: witness.podAffinityPreset, witness.podAntiAffinityPreset, and witness.nodeAffinityPreset will be ignored when it's set

766

767

affinity: {}

768

## @param witness.nodeSelector Node labels for PostgreSQL witness pods assignment

769

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

770

771

nodeSelector: {}

772

## @param witness.tolerations Tolerations for PostgreSQL witness pods assignment

773

## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

774

775

tolerations: []

776

## @param witness.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template

777

## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods

778

779

topologySpreadConstraints: []

780

## @param witness.priorityClassName Pod priority class

781

## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/

782

783

priorityClassName: ""

784

## @param witness.schedulerName Use an alternate scheduler, e.g. "stork".

785

## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/

786

787

schedulerName: ""

788

## @param witness.terminationGracePeriodSeconds Seconds PostgreSQL witness pod needs to terminate gracefully

789

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods

790

791

terminationGracePeriodSeconds: ""

792

## K8s Security Context

793

## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

794

## @param witness.podSecurityContext.enabled Enable security context for PostgreSQL witness with Repmgr

795

## @param witness.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy

796

## @param witness.podSecurityContext.sysctls Set kernel settings using the sysctl interface

797

## @param witness.podSecurityContext.supplementalGroups Set filesystem extra groups

798

## @param witness.podSecurityContext.fsGroup Group ID for the PostgreSQL witness with Repmgr filesystem

799

800

podSecurityContext:

801

enabled: true

802

fsGroupChangePolicy: Always

803

sysctls: []

804

supplementalGroups: []

805

fsGroup: 1001

806

## Container Security Context

807

## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

808

## @param witness.containerSecurityContext.enabled Enabled containers' Security Context

809

## @param witness.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container

810

## @param witness.containerSecurityContext.runAsUser Set containers' Security Context runAsUser

811

## @param witness.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup

812

## @param witness.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot

813

## @param witness.containerSecurityContext.privileged Set container's Security Context privileged

814

## @param witness.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem

815

## @param witness.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation

816

## @param witness.containerSecurityContext.capabilities.drop List of capabilities to be dropped

817

## @param witness.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile

818

## e.g:

819

## containerSecurityContext:

820

## enabled: true

821

## capabilities:

822

## drop: ["NET_RAW"]

823

## readOnlyRootFilesystem: false

824

825

containerSecurityContext:

826

enabled: true

827

seLinuxOptions: {}

828

runAsUser: 1001

829

runAsGroup: 1001

830

runAsNonRoot: true

831

privileged: false

832

readOnlyRootFilesystem: true

833

allowPrivilegeEscalation: false

834

capabilities:

835

drop: ["ALL"]

836

seccompProfile:

837

type: "RuntimeDefault"

838

## @param witness.command Override default container command (useful when using custom images)

839

840

command: []

841

## @param witness.args Override default container args (useful when using custom images)

842

843

args: []

844

## @param witness.lifecycleHooks LifecycleHook to set additional configuration at startup, e.g. LDAP settings via REST API. Evaluated as a template

845

846

lifecycleHooks: {}

847

## @param witness.extraEnvVars Array containing extra environment variables

848

## For example:

849

## - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS

850

## value: "true"

851

852

extraEnvVars: []

853

## @param witness.extraEnvVarsCM ConfigMap with extra environment variables

854

855

extraEnvVarsCM: ""

856

## @param witness.extraEnvVarsSecret Secret with extra environment variables

857

858

extraEnvVarsSecret: ""

859

## @param witness.extraVolumes Extra volumes to add to the deployment

860

861

extraVolumes: []

862

## @param witness.extraVolumeMounts Extra volume mounts to add to the container. Normally used with `extraVolumes`.

863

864

extraVolumeMounts: []

865

## @param witness.initContainers Extra init containers to add to the deployment

866

867

initContainers: []

868

## @param witness.sidecars Extra sidecar containers to add to the deployment

869

870

sidecars: []

871

## PostgreSQL containers' resource requests and limits

872

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

873

## We usually recommend not to specify default resources and to leave this as a conscious

874

## choice for the user. This also increases chances charts run on environments with little

875

## resources, such as Minikube. If you do want to specify resources, uncomment the following

876

## lines, adjust them as necessary, and remove the curly braces after 'resources:'.

877

## @param witness.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if witness.resources is set (witness.resources is recommended for production).

878

879

resourcesPreset: "micro"

880

## @param witness.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

881

## Example:

882

## resources:

883

## requests:

884

## cpu: 2

885

## memory: 512Mi

886

## limits:

887

## cpu: 3

888

## memory: 1024Mi

889

890

resources: {}

891

## PostgreSQL container's liveness probe

892

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes

893

## @param witness.livenessProbe.enabled Enable livenessProbe

894

## @param witness.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe

895

## @param witness.livenessProbe.periodSeconds Period seconds for livenessProbe

896

## @param witness.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe

897

## @param witness.livenessProbe.failureThreshold Failure threshold for livenessProbe

898

## @param witness.livenessProbe.successThreshold Success threshold for livenessProbe

899

900

livenessProbe:

901

enabled: true

902

initialDelaySeconds: 30

903

periodSeconds: 10

904

timeoutSeconds: 5

905

successThreshold: 1

906

failureThreshold: 6

907

## PostgreSQL container's readiness probe

908

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes

909

## @param witness.readinessProbe.enabled Enable readinessProbe

910

## @param witness.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe

911

## @param witness.readinessProbe.periodSeconds Period seconds for readinessProbe

912

## @param witness.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe

913

## @param witness.readinessProbe.failureThreshold Failure threshold for readinessProbe

914

## @param witness.readinessProbe.successThreshold Success threshold for readinessProbe

915

916

readinessProbe:

917

enabled: true

918

initialDelaySeconds: 5

919

periodSeconds: 10

920

timeoutSeconds: 5

921

successThreshold: 1

922

failureThreshold: 6

923

## PostgreSQL container's startup probe

924

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes

925

## @param witness.startupProbe.enabled Enable startupProbe

926

## @param witness.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe

927

## @param witness.startupProbe.periodSeconds Period seconds for startupProbe

928

## @param witness.startupProbe.timeoutSeconds Timeout seconds for startupProbe

929

## @param witness.startupProbe.failureThreshold Failure threshold for startupProbe

930

## @param witness.startupProbe.successThreshold Success threshold for startupProbe

931

932

startupProbe:

933

enabled: false

934

initialDelaySeconds: 5

935

periodSeconds: 10

936

timeoutSeconds: 5

937

successThreshold: 1

938

failureThreshold: 10

939

## @param witness.customLivenessProbe Override default liveness probe

940

941

customLivenessProbe: {}

942

## @param witness.customReadinessProbe Override default readiness probe

943

944

customReadinessProbe: {}

945

## @param witness.customStartupProbe Override default startup probe

946

947

customStartupProbe: {}

948

## Pod disruption budget configuration

949

## @param witness.pdb.create Specifies whether to create a Pod disruption budget for PostgreSQL witness with Repmgr

950

## @param witness.pdb.minAvailable Minimum number / percentage of pods that should remain scheduled

951

## @param witness.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `witness.pdb.minAvailable` and `witness.pdb.maxUnavailable` are empty.

952

953

pdb:

954

create: true

955

minAvailable: ""

956

maxUnavailable: ""

957

## @param witness.upgradeRepmgrExtension Upgrade repmgr extension in the database

958

959

upgradeRepmgrExtension: false

960

## @param witness.pgHbaTrustAll Configures PostgreSQL HBA to trust every user

961

962

pgHbaTrustAll: false

963

## Repmgr configuration parameters

964

## @param witness.repmgrLogLevel Repmgr log level (DEBUG, INFO, NOTICE, WARNING, ERROR, ALERT, CRIT or EMERG)

965

## @param witness.repmgrConnectTimeout Repmgr backend connection timeout (in seconds)

966

## @param witness.repmgrReconnectAttempts Repmgr backend reconnection attempts

967

## @param witness.repmgrReconnectInterval Repmgr backend reconnection interval (in seconds)

968

969

repmgrLogLevel: NOTICE

970

repmgrConnectTimeout: 5

971

repmgrReconnectAttempts: 2

972

repmgrReconnectInterval: 3

973

## Audit settings

974

975

audit:

976

## @param witness.audit.logHostname Add client hostnames to the log file

977

978

logHostname: true

979

## @param witness.audit.logConnections Add client log-in operations to the log file

980

981

logConnections: false

982

## @param witness.audit.logDisconnections Add client log-outs operations to the log file

983

984

logDisconnections: false

985

## @param witness.audit.pgAuditLog Add operations to log using the pgAudit extension

986

987

pgAuditLog: ""

988

## @param witness.audit.pgAuditLogCatalog Log catalog using pgAudit

989

990

pgAuditLogCatalog: "off"

991

## @param witness.audit.clientMinMessages Message log level to share with the user

992

993

clientMinMessages: error

994

## @param witness.audit.logLinePrefix Template string for the log line prefix

995

996

logLinePrefix: ""

997

## @param witness.audit.logTimezone Timezone for the log timestamps

998

999

logTimezone: ""

1000

## @param witness.maxConnections Maximum total connections

1001

1002

maxConnections: ""

1003

## @param witness.postgresConnectionLimit Maximum connections for the postgres user

1004

1005

postgresConnectionLimit: ""

1006

## @param witness.dbUserConnectionLimit Maximum connections for the created user

1007

1008

dbUserConnectionLimit: ""

1009

## @param witness.tcpKeepalivesInterval TCP keepalives interval

1010

1011

tcpKeepalivesInterval: ""

1012

## @param witness.tcpKeepalivesIdle TCP keepalives idle

1013

1014

tcpKeepalivesIdle: ""

1015

## @param witness.tcpKeepalivesCount TCP keepalives count

1016

1017

tcpKeepalivesCount: ""

1018

## @param witness.statementTimeout Statement timeout

1019

1020

statementTimeout: ""

1021

## @param witness.pghbaRemoveFilters Comma-separated list of patterns to remove from the pg_hba.conf file

1022

## (cannot be used with custom pg_hba.conf)

1023

1024

pghbaRemoveFilters: ""

1025

## @param witness.extraInitContainers Extra init containers

1026

## Example:

1027

## extraInitContainers:

1028

## - name: do-something

1029

## image: busybox

1030

## command: ['do', 'something']

1031

1032

extraInitContainers: []

1033

## @param witness.repmgrConfiguration Repmgr configuration

1034

## You can use this parameter to specify the content for repmgr.conf

1035

## Otherwise, a repmgr.conf will be generated based on the environment variables

1036

## Example:

1037

## repmgrConfiguration: |-

1038

## ssh_options='-o "StrictHostKeyChecking no" -v'

1039

## use_replication_slots='1'

1040

## ...

1041

1042

repmgrConfiguration: ""

1043

## @param witness.configuration PostgreSQL configuration

1044

## You can use this parameter to specify the content for witness.conf

1045

## Otherwise, a repmgr.conf will be generated based on the environment variables

1046

## Example:

1047

## configuration: |-

1048

## listen_addresses = '*'

1049

## port = '5432'

1050

## ...

1051

1052

configuration: ""

1053

## @param witness.pgHbaConfiguration PostgreSQL client authentication configuration

1054

## You can use this parameter to specify the content for pg_hba.conf

1055

## Otherwise, a repmgr.conf will be generated based on the environment variables

1056

## Example:

1057

## pgHbaConfiguration: |-

1058

## host all repmgr 0.0.0.0/0 md5

1059

## host repmgr repmgr 0.0.0.0/0 md

1060

## ...

1061

1062

pgHbaConfiguration: ""

1063

## @param witness.configurationCM Name of existing ConfigMap with configuration files

1064

## NOTE: This will override witness.repmgrConfiguration, witness.configuration and witness.pgHbaConfiguration

1065

1066

configurationCM: ""

1067

## @param witness.extendedConf Extended PostgreSQL configuration (requires `volumePermissions.enabled` to be `true`)

1068

## Similar to witness.configuration, but _appended_ to the main configuration

1069

## Example:

1070

## extendedConf: |-

1071

## deadlock_timeout = 1s

1072

## max_locks_per_transaction = 64

1073

## ...

1074

1075

extendedConf: ""

1076

## @param witness.extendedConfCM ConfigMap with PostgreSQL extended configuration (requires `volumePermissions.enabled` to be `true`)

1077

## NOTE: This will override witness.extendedConf

1078

1079

extendedConfCM: ""

1080

## @param witness.initdbScripts Dictionary of initdb scripts

1081

## Specify dictionary of scripts to be run at first boot

1082

## The allowed extensions are `.sh`, `.sql` and `.sql.gz`

1083

## e.g:

1084

## initdbScripts:

1085

## my_init_script.sh: |

1086

## #!/bin/sh

1087

## echo "Do something."

1088

1089

initdbScripts: {}

1090

## @param witness.initdbScriptsCM ConfigMap with scripts to be run at first boot

1091

## NOTE: This will override initdbScripts

1092

1093

initdbScriptsCM: ""

1094

## @param witness.initdbScriptsSecret Secret with scripts to be run at first boot

1095

## Note: can be used with initdbScriptsCM or initdbScripts

1096

1097

initdbScriptsSecret: ""

1098

## @section Pgpool-II parameters

1099

1100

## Pgpool-II parameters

1101

1102

pgpool:

1103

## Iamguarded Pgpool-II image

1104

## @param pgpool.image.registry [default: REGISTRY_NAME] Pgpool-II image registry

1105

## @param pgpool.image.repository [default: REPOSITORY_NAME/pgpool] Pgpool-II image repository

1106

## @skip pgpool.image.tag Pgpool-II image tag

1107

## @param pgpool.image.digest Pgpool-II image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag

1108

## @param pgpool.image.pullPolicy Pgpool-II image pull policy

1109

## @param pgpool.image.pullSecrets Specify docker-registry secret names as an array

1110

## @param pgpool.image.debug Specify if debug logs should be enabled

1111

1112

image:

1113

registry: cgr.dev

1114

repository: chainguard-private/pgpool2-iamguarded

1115

tag: 4.7.1

1116

digest: ""

1117

## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images

1118

1119

pullPolicy: IfNotPresent

1120

## Optionally specify an array of imagePullSecrets.

1121

## Secrets must be manually created in the namespace.

1122

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

1123

## Example:

1124

## pullSecrets:

1125

## - myRegistryKeySecretName

1126

1127

pullSecrets: []

1128

## Set to true if you would like to see extra information on logs

1129

1130

debug: false

1131

## @param pgpool.customUsers.usernames Comma or semicolon separated list of additional users that will be performing connections to the database using pgpool.

1132

## @param pgpool.customUsers.passwords Comma or semicolon separated list of the associated passwords for the users above. Must have the same number of elements as the usernames list.

1133

## Use this property in order to create new user/password entries that will be appended to the "pgpool_passwd" file.

1134

## e.g:

1135

## customUsers:

1136

## usernames: "user01;user02"

1137

## passwords: "pass01;pass02"

1138

customUsers:

1139

usernames: ""

1140

passwords: ""

1141

## @param pgpool.automountServiceAccountToken Mount Service Account token in pod

1142

1143

automountServiceAccountToken: false

1144

## @param pgpool.hostAliases Deployment pod host aliases

1145

## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/

1146

1147

hostAliases: []

1148

## @param pgpool.customUsersSecret Name of a secret containing the usernames and passwords of accounts that will be added to pgpool_passwd

1149

## The secret must contain the keys "usernames" and "passwords" respectively.

1150

1151

customUsersSecret: ""

1152

## @param pgpool.existingSecret Pgpool-II admin password using existing secret

1153

1154

existingSecret: ""

1155

## @param pgpool.labels Labels to add to the Deployment. Evaluated as template

1156

1157

labels: {}

1158

## @param pgpool.podLabels Labels to add to the pods. Evaluated as template

1159

1160

podLabels: {}

1161

## @param pgpool.serviceLabels Labels to add to the service. Evaluated as template

1162

1163

serviceLabels: {}

1164

## @param pgpool.serviceAnnotations Provide any additional annotations for Pgpool-II service

1165

1166

serviceAnnotations: {}

1167

## @param pgpool.customLivenessProbe Override default liveness probe

1168

1169

customLivenessProbe: {}

1170

## @param pgpool.customReadinessProbe Override default readiness probe

1171

1172

customReadinessProbe: {}

1173

## @param pgpool.customStartupProbe Override default startup probe

1174

1175

customStartupProbe: {}

1176

## @param pgpool.command Override default container command (useful when using custom images)

1177

1178

command: []

1179

## @param pgpool.args Override default container args (useful when using custom images)

1180

1181

args: []

1182

## @param pgpool.lifecycleHooks LifecycleHook to set additional configuration at startup, e.g. LDAP settings via REST API. Evaluated as a template

1183

1184

lifecycleHooks: {}

1185

## @param pgpool.extraEnvVars Array containing extra environment variables

1186

## For example:

1187

## - name: BEARER_AUTH

1188

## value: true

1189

1190

extraEnvVars: []

1191

## @param pgpool.extraEnvVarsCM ConfigMap with extra environment variables

1192

1193

extraEnvVarsCM: ""

1194

## @param pgpool.extraEnvVarsSecret Secret with extra environment variables

1195

1196

extraEnvVarsSecret: ""

1197

## @param pgpool.extraVolumes Extra volumes to add to the deployment

1198

1199

extraVolumes: []

1200

## @param pgpool.extraVolumeMounts Extra volume mounts to add to the container. Normally used with `extraVolumes`

1201

1202

extraVolumeMounts: []

1203

## @param pgpool.initContainers Extra init containers to add to the deployment

1204

1205

initContainers: []

1206

## @param pgpool.sidecars Extra sidecar containers to add to the deployment

1207

1208

sidecars: []

1209

## @param pgpool.replicaCount The number of replicas to deploy

1210

1211

replicaCount: 1

1212

## @param pgpool.podAnnotations Additional pod annotations

1213

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

1214

1215

podAnnotations: {}

1216

## @param pgpool.priorityClassName Pod priority class

1217

## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/

1218

1219

priorityClassName: ""

1220

## @param pgpool.schedulerName Use an alternate scheduler, e.g. "stork".

1221

## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/

1222

1223

schedulerName: ""

1224

## @param pgpool.terminationGracePeriodSeconds Seconds pgpool pod needs to terminate gracefully

1225

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods

1226

1227

terminationGracePeriodSeconds: ""

1228

## @param pgpool.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template

1229

## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods

1230

1231

topologySpreadConstraints: []

1232

## @param pgpool.podAffinityPreset Pgpool-II pod affinity preset. Ignored if `pgpool.affinity` is set. Allowed values: `soft` or `hard`

1233

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

1234

1235

podAffinityPreset: ""

1236

## @param pgpool.podAntiAffinityPreset Pgpool-II pod anti-affinity preset. Ignored if `pgpool.affinity` is set. Allowed values: `soft` or `hard`

1237

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

1238

1239

podAntiAffinityPreset: soft

1240

## Pgpool-II node affinity preset

1241

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity

1242

1243

nodeAffinityPreset:

1244

## @param pgpool.nodeAffinityPreset.type Pgpool-II node affinity preset type. Ignored if `pgpool.affinity` is set. Allowed values: `soft` or `hard`

1245

1246

type: ""

1247

## @param pgpool.nodeAffinityPreset.key Pgpool-II node label key to match Ignored if `pgpool.affinity` is set.

1248

## E.g.

1249

## key: "kubernetes.io/e2e-az-name"

1250

1251

key: ""

1252

## @param pgpool.nodeAffinityPreset.values Pgpool-II node label values to match. Ignored if `pgpool.affinity` is set.

1253

## E.g.

1254

## values:

1255

## - e2e-az1

1256

## - e2e-az2

1257

1258

values: []

1259

## @param pgpool.affinity Affinity for Pgpool-II pods assignment

1260

## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

1261

## Note: pgpool.podAffinityPreset, pgpool.podAntiAffinityPreset, and pgpool.nodeAffinityPreset will be ignored when it's set

1262

1263

affinity: {}

1264

## @param pgpool.nodeSelector Node labels for Pgpool-II pods assignment

1265

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

1266

1267

nodeSelector: {}

1268

## @param pgpool.tolerations Tolerations for Pgpool-II pods assignment

1269

## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

1270

1271

tolerations: []

1272

## K8s Security Context

1273

## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

1274

## @param pgpool.podSecurityContext.enabled Enable security context for Pgpool-II

1275

## @param pgpool.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy

1276

## @param pgpool.podSecurityContext.sysctls Set kernel settings using the sysctl interface

1277

## @param pgpool.podSecurityContext.supplementalGroups Set filesystem extra groups

1278

## @param pgpool.podSecurityContext.fsGroup Group ID for the Pgpool-II filesystem

1279

1280

podSecurityContext:

1281

enabled: true

1282

fsGroupChangePolicy: Always

1283

sysctls: []

1284

supplementalGroups: []

1285

fsGroup: 1001

1286

## Container Security Context

1287

## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

1288

## @param pgpool.containerSecurityContext.enabled Enabled containers' Security Context

1289

## @param pgpool.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container

1290

## @param pgpool.containerSecurityContext.runAsUser Set containers' Security Context runAsUser

1291

## @param pgpool.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup

1292

## @param pgpool.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot

1293

## @param pgpool.containerSecurityContext.privileged Set container's Security Context privileged

1294

## @param pgpool.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem

1295

## @param pgpool.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation

1296

## @param pgpool.containerSecurityContext.capabilities.drop List of capabilities to be dropped

1297

## @param pgpool.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile

1298

## e.g:

1299

## containerSecurityContext:

1300

## enabled: true

1301

## capabilities:

1302

## drop: ["NET_RAW"]

1303

## readOnlyRootFilesystem: false

1304

1305

containerSecurityContext:

1306

enabled: true

1307

seLinuxOptions: {}

1308

runAsUser: 1001

1309

runAsGroup: 1001

1310

runAsNonRoot: true

1311

privileged: false

1312

readOnlyRootFilesystem: true

1313

allowPrivilegeEscalation: false

1314

capabilities:

1315

drop: ["ALL"]

1316

seccompProfile:

1317

type: "RuntimeDefault"

1318

## Pgpool-II containers' resource requests and limits

1319

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

1320

## We usually recommend not to specify default resources and to leave this as a conscious

1321

## choice for the user. This also increases chances charts run on environments with little

1322

## resources, such as Minikube. If you do want to specify resources, uncomment the following

1323

## lines, adjust them as necessary, and remove the curly braces after 'resources:'.

1324

## @param pgpool.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if pgpool.resources is set (pgpool.resources is recommended for production).

1325

1326

resourcesPreset: "micro"

1327

## @param pgpool.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

1328

## Example:

1329

## resources:

1330

## requests:

1331

## cpu: 2

1332

## memory: 512Mi

1333

## limits:

1334

## cpu: 3

1335

## memory: 1024Mi

1336

1337

resources: {}

1338

## Pgpool-II container's liveness probe

1339

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes

1340

## @param pgpool.livenessProbe.enabled Enable livenessProbe

1341

## @param pgpool.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe

1342

## @param pgpool.livenessProbe.periodSeconds Period seconds for livenessProbe

1343

## @param pgpool.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe

1344

## @param pgpool.livenessProbe.failureThreshold Failure threshold for livenessProbe

1345

## @param pgpool.livenessProbe.successThreshold Success threshold for livenessProbe

1346

1347

livenessProbe:

1348

enabled: true

1349

initialDelaySeconds: 30

1350

periodSeconds: 10

1351

timeoutSeconds: 5

1352

successThreshold: 1

1353

failureThreshold: 3

1354

## Pgpool-II container's readiness probe

1355

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes

1356

## @param pgpool.readinessProbe.enabled Enable readinessProbe

1357

## @param pgpool.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe

1358

## @param pgpool.readinessProbe.periodSeconds Period seconds for readinessProbe

1359

## @param pgpool.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe

1360

## @param pgpool.readinessProbe.failureThreshold Failure threshold for readinessProbe

1361

## @param pgpool.readinessProbe.successThreshold Success threshold for readinessProbe

1362

1363

readinessProbe:

1364

enabled: true

1365

initialDelaySeconds: 5

1366

periodSeconds: 5

1367

timeoutSeconds: 5

1368

successThreshold: 1

1369

failureThreshold: 5

1370

## Pgpool-II container's startup probe

1371

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes

1372

## @param pgpool.startupProbe.enabled Enable startupProbe

1373

## @param pgpool.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe

1374

## @param pgpool.startupProbe.periodSeconds Period seconds for startupProbe

1375

## @param pgpool.startupProbe.timeoutSeconds Timeout seconds for startupProbe

1376

## @param pgpool.startupProbe.failureThreshold Failure threshold for startupProbe

1377

## @param pgpool.startupProbe.successThreshold Success threshold for startupProbe

1378

1379

startupProbe:

1380

enabled: false

1381

initialDelaySeconds: 5

1382

periodSeconds: 10

1383

timeoutSeconds: 5

1384

successThreshold: 1

1385

failureThreshold: 10

1386

## Network Policies

1387

## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/

1388

1389

networkPolicy:

1390

## @param pgpool.networkPolicy.enabled Specifies whether a NetworkPolicy should be created

1391

1392

enabled: true

1393

## @param pgpool.networkPolicy.allowExternal Don't require server label for connections

1394

## The Policy model to apply. When set to false, only pods with the correct

1395

## server label will have network access to the ports server is listening

1396

## on. When true, server will accept connections from any source

1397

## (with the correct destination port).

1398

1399

allowExternal: true

1400

## @param pgpool.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.

1401

1402

allowExternalEgress: true

1403

## @param pgpool.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy

1404

## e.g:

1405

## extraIngress:

1406

## - ports:

1407

## - port: 1234

1408

## from:

1409

## - podSelector:

1410

## - matchLabels:

1411

## - role: frontend

1412

## - podSelector:

1413

## - matchExpressions:

1414

## - key: role

1415

## operator: In

1416

## values:

1417

## - frontend

1418

extraIngress: []

1419

## @param pgpool.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy

1420

## e.g:

1421

## extraEgress:

1422

## - ports:

1423

## - port: 1234

1424

## to:

1425

## - podSelector:

1426

## - matchLabels:

1427

## - role: frontend

1428

## - podSelector:

1429

## - matchExpressions:

1430

## - key: role

1431

## operator: In

1432

## values:

1433

## - frontend

1434

1435

extraEgress: []

1436

## @param pgpool.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces

1437

## @param pgpool.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces

1438

1439

ingressNSMatchLabels: {}

1440

ingressNSPodMatchLabels: {}

1441

## Pod disruption budget configuration

1442

## @param pgpool.pdb.create Specifies whether a Pod disruption budget should be created for Pgpool-II pods

1443

## @param pgpool.pdb.minAvailable Minimum number / percentage of pods that should remain scheduled

1444

## @param pgpool.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `pgpool.pdb.minAvailable` and `pgpool.pdb.maxUnavailable` are empty.

1445

1446

pdb:

1447

create: true

1448

minAvailable: ""

1449

maxUnavailable: ""

1450

## @param pgpool.updateStrategy Strategy used to replace old Pods by new ones

1451

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy

1452

1453

updateStrategy: {}

1454

## @param pgpool.containerPorts.postgresql Pgpool-II port

1455

1456

containerPorts:

1457

postgresql: 5432

1458

## @param pgpool.minReadySeconds How many seconds a pod needs to be ready before killing the next, during update

1459

1460

minReadySeconds: ""

1461

## Credentials for the Pgpool-II

1462

## @param pgpool.adminUsername Pgpool-II Admin username

1463

## @param pgpool.adminPassword Pgpool-II Admin password

1464

## @param pgpool.srCheckUsername Pgpool-II Streaming Replication Check username

1465

## @param pgpool.srCheckPassword Pgpool-II Streaming Replication Check password

1466

## @param pgpool.srCheckDatabase Name of the database to perform Streaming Replication Check

1467

1468

adminUsername: admin

1469

adminPassword: ""

1470

srCheckUsername: "sr_check_user"

1471

srCheckPassword: ""

1472

srCheckDatabase: postgres

1473

## @param pgpool.usePasswordFiles Set to `true` to mount pgpool secret as a file instead of passing environment variable

1474

1475

usePasswordFiles: true

1476

## Authentication method for pgpool container (PGPOOL_AUTHENTICATION_METHOD)

1477

## @param pgpool.authenticationMethod Pgpool authentication method. Use 'md5' for PSQL < 14.

1478

1479

authenticationMethod: scram-sha-256

1480

## @param pgpool.logConnections Log all client connections (PGPOOL_ENABLE_LOG_CONNECTIONS)

1481

1482

logConnections: false

1483

## @param pgpool.logHostname Log the client hostname instead of IP address (PGPOOL_ENABLE_LOG_HOSTNAME)

1484

1485

logHostname: true

1486

## @param pgpool.logPcpProcesses Log PCP processes (PGPOOL_ENABLE_LOG_PCP_PROCESSES)

1487

1488

logPcpProcesses: true

1489

## @param pgpool.logPerNodeStatement Log every SQL statement for each DB node separately (PGPOOL_ENABLE_LOG_PER_NODE_STATEMENT)

1490

1491

logPerNodeStatement: false

1492

## @param pgpool.logLinePrefix Format of the log entry lines (PGPOOL_LOG_LINE_PREFIX)

1493

## ref: https://www.pgpool.net/docs/latest/en/html/runtime-config-logging.html

1494

1495

logLinePrefix: ""

1496

## @param pgpool.clientMinMessages Log level for clients

1497

1498

clientMinMessages: error

1499

## @param pgpool.numInitChildren The number of preforked Pgpool-II server processes. It is also the concurrent

1500

## connections limit to Pgpool-II from clients. Must be a positive integer. (PGPOOL_NUM_INIT_CHILDREN)

1501

1502

numInitChildren: ""

1503

## @param pgpool.reservedConnections Number of reserved connections. When zero, excess connection block. When non-zero, excess connections are refused with an error message.

1504

## When this parameter is set to 1 or greater, incoming connections from clients are not accepted with error message

1505

## "Sorry, too many clients already", rather than blocked if the number of current connections from clients is more than

1506

## (num_init_children - reserved_connections).

1507

1508

reservedConnections: 1

1509

## @param pgpool.maxPool The maximum number of cached connections in each child process (PGPOOL_MAX_POOL)

1510

1511

maxPool: ""

1512

## @param pgpool.childMaxConnections The maximum number of client connections in each child process (PGPOOL_CHILD_MAX_CONNECTIONS)

1513

1514

childMaxConnections: ""

1515

## @param pgpool.childLifeTime The time in seconds to terminate a Pgpool-II child process if it remains idle (PGPOOL_CHILD_LIFE_TIME)

1516

1517

childLifeTime: ""

1518

## @param pgpool.clientIdleLimit The time in seconds to disconnect a client if it remains idle since the last query (PGPOOL_CLIENT_IDLE_LIMIT)

1519

1520

clientIdleLimit: ""

1521

## @param pgpool.connectionLifeTime The time in seconds to terminate the cached connections to the PostgreSQL backend (PGPOOL_CONNECTION_LIFE_TIME)

1522

1523

connectionLifeTime: ""

1524

## @param pgpool.useConnectionCache Use connection cache (PGPOOL_ENABLE_CONNECTION_CACHE)

1525

1526

useConnectionCache: true

1527

## @param pgpool.useLoadBalancing Use Pgpool-II Load-Balancing

1528

1529

useLoadBalancing: true

1530

## @param pgpool.disableLoadBalancingOnWrite LoadBalancer on write actions behavior

1531

## one of: [off, transaction, trans_transaction, always]

1532

1533

disableLoadBalancingOnWrite: transaction

1534

## @param pgpool.configuration Pgpool-II configuration

1535

## You can use this parameter to specify the content for pgpool.conf

1536

## Otherwise, a repmgr.conf will be generated based on the environment variables

1537

## Example:

1538

## configuration: |-

1539

## listen_addresses = '*'

1540

## port = '5432'

1541

## ...

1542

1543

configuration: ""

1544

## @param pgpool.poolHbaConfiguration Pgpool-II client authentication configuration

1545

## You can use this parameter to specify the content for pool_hba.conf

1546

## Otherwise, a pool_hba.conf will be generated based on the environment variables

1547

## Example:

1548

## poolHbaConfiguration: |-

1549

## host all repmgr 0.0.0.0/0 md5

1550

## host repmgr repmgr 0.0.0.0/0 md

1551

## ...

1552

1553

poolHbaConfiguration: ""

1554

## @param pgpool.configurationCM ConfigMap with Pgpool-II configuration

1555

## NOTE: This will override pgpool.configuration and pgpool.poolHbaConfiguration parameters

1556

1557

configurationCM: ""

1558

## @param pgpool.initdbScripts Dictionary of initdb scripts

1559

## Specify dictionary of scripts to be run every time Pgpool-II container is initialized

1560

## The allowed extension is `.sh`

1561

## e.g:

1562

## initdbScripts:

1563

## my_init_script.sh: |

1564

## #!/bin/sh

1565

## echo "Do something."

1566

1567

initdbScripts: {}

1568

## @param pgpool.initdbScriptsCM ConfigMap with scripts to be run every time Pgpool-II container is initialized

1569

## NOTE: This will override pgpool.initdbScripts

1570

1571

initdbScriptsCM: ""

1572

## @param pgpool.initdbScriptsSecret Secret with scripts to be run every time Pgpool-II container is initialized

1573

## Note: can be used with initdbScriptsCM or initdbScripts

1574

1575

initdbScriptsSecret: ""

1576

1577

## TLS configuration

1578

1579

tls:

1580

## @param pgpool.tls.enabled Enable TLS traffic support for end-client connections

1581

1582

enabled: false

1583

## @param pgpool.tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates

1584

1585

autoGenerated: false

1586

## @param pgpool.tls.preferServerCiphers Whether to use the server's TLS cipher preferences rather than the client's

1587

1588

preferServerCiphers: true

1589

## @param pgpool.tls.certificatesSecret Name of an existing secret that contains the certificates

1590

1591

certificatesSecret: ""

1592

## @param pgpool.tls.certFilename Certificate filename

1593

1594

certFilename: ""

1595

## @param pgpool.tls.certKeyFilename Certificate key filename

1596

1597

certKeyFilename: ""

1598

## @param pgpool.tls.certCAFilename CA Certificate filename

1599

## If provided, Pgpool-II will authenticate TLS/SSL clients by requesting them a certificate

1600

## ref: https://www.pgpool.net/docs/latest/en/html/runtime-ssl.html

1601

1602

certCAFilename: ""

1603

## @section LDAP parameters

1604

1605

## LDAP parameters

1606

## @param ldap.enabled Enable LDAP support

1607

## @param ldap.existingSecret Name of existing secret to use for LDAP passwords

1608

## @param ldap.uri LDAP URL beginning in the form `ldap[s]://<hostname>:<port>`

1609

## @param ldap.basedn LDAP base DN

1610

## @param ldap.binddn LDAP bind DN

1611

## @param ldap.bindpw LDAP bind password

1612

## @param ldap.bslookup LDAP base lookup

1613

## @param ldap.scope LDAP search scope

1614

## @param ldap.searchfilter LDAP search filter

1615

## @param ldap.searchmap LDAP search map

1616

## @param ldap.tlsReqcert LDAP TLS check on server certificates

1617

## @param ldap.nssInitgroupsIgnoreusers LDAP ignored users

1618

1619

ldap:

1620

enabled: false

1621

existingSecret: ""

1622

uri: ""

1623

basedn: ""

1624

binddn: ""

1625

bindpw: ""

1626

bslookup: ""

1627

scope: ""

1628

searchfilter: ""

1629

searchmap: ""

1630

tlsReqcert: ""

1631

nssInitgroupsIgnoreusers: root,nslcd

1632

## @section Other Parameters

1633

1634

## RBAC configuration

1635

## Required for PSP

1636

1637

rbac:

1638

## @param rbac.create Create Role and RoleBinding (required for PSP to work)

1639

1640

create: false

1641

## @param rbac.rules Custom RBAC rules to set

1642

## e.g:

1643

## rules:

1644

## - apiGroups:

1645

## - ""

1646

## resources:

1647

## - pods

1648

## verbs:

1649

## - get

1650

## - list

1651

1652

rules: []

1653

## ServiceAccount configuration

1654

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

1655

1656

serviceAccount:

1657

## @param serviceAccount.create Specifies whether a ServiceAccount should be created

1658

1659

create: true

1660

## @param serviceAccount.name The name of the ServiceAccount to use.

1661

## If not set and create is true, a name is generated using the common.names.fullname template

1662

1663

name: ""

1664

## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount

1665

1666

annotations: {}

1667

## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created

1668

## Can be set to false if pods using this serviceAccount do not need to use K8s API

1669

1670

automountServiceAccountToken: false

1671

## Pod Security Policy configuration

1672

## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/

1673

## @param psp.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later

1674

1675

psp:

1676

create: false

1677

## @section Metrics parameters

1678

1679

## PostgreSQL Prometheus exporter parameters

1680

1681

metrics:

1682

## Iamguarded PostgreSQL Prometheus exporter image

1683

## @param metrics.enabled Enable PostgreSQL Prometheus exporter

1684

1685

enabled: false

1686

## @param metrics.image.registry [default: REGISTRY_NAME] PostgreSQL Prometheus exporter image registry

1687

## @param metrics.image.repository [default: REPOSITORY_NAME/postgres-exporter] PostgreSQL Prometheus exporter image repository

1688

## @skip metrics.image.tag PostgreSQL Prometheus exporter image tag

1689

## @param metrics.image.digest PostgreSQL Prometheus exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag

1690

## @param metrics.image.pullPolicy PostgreSQL Prometheus exporter image pull policy

1691

## @param metrics.image.pullSecrets Specify docker-registry secret names as an array

1692

## @param metrics.image.debug Specify if debug logs should be enabled

1693

1694

image:

1695

registry: cgr.dev

1696

repository: chainguard-private/prometheus-postgres-exporter-iamguarded

1697

tag: 0.19.1

1698

digest: ""

1699

## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images

1700

1701

pullPolicy: IfNotPresent

1702

## Optionally specify an array of imagePullSecrets.

1703

## Secrets must be manually created in the namespace.

1704

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

1705

## Example:

1706

## pullSecrets:

1707

## - myRegistryKeySecretName

1708

1709

pullSecrets: []

1710

## Set to true if you would like to see extra information on logs

1711

1712

debug: false

1713

## K8s Security Context

1714

## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

1715

## @param metrics.podSecurityContext.enabled Enable security context for PostgreSQL Prometheus exporter

1716

## @param metrics.podSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container

1717

## @param metrics.podSecurityContext.runAsUser User ID for the PostgreSQL Prometheus exporter container

1718

## @param metrics.podSecurityContext.runAsGroup Group ID for the PostgreSQL Prometheus exporter container

1719

## @param metrics.podSecurityContext.runAsNonRoot Set PostgreSQL Prometheus exporter container's Security Context runAsNonRoot

1720

## @param metrics.podSecurityContext.seccompProfile.type Set PostgreSQL Prometheus exporter container's Security Context seccompProfile

1721

1722

podSecurityContext:

1723

enabled: true

1724

seLinuxOptions: {}

1725

runAsUser: 1001

1726

runAsGroup: 1001

1727

runAsNonRoot: true

1728

seccompProfile:

1729

type: RuntimeDefault

1730

## Prometheus exporter containers' resource requests and limits

1731

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

1732

## We usually recommend not to specify default resources and to leave this as a conscious

1733

## choice for the user. This also increases chances charts run on environments with little

1734

## resources, such as Minikube. If you do want to specify resources, uncomment the following

1735

## lines, adjust them as necessary, and remove the curly braces after 'resources:'.

1736

## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).

1737

1738

resourcesPreset: "nano"

1739

## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

1740

## Example:

1741

## resources:

1742

## requests:

1743

## cpu: 2

1744

## memory: 512Mi

1745

## limits:

1746

## cpu: 3

1747

## memory: 1024Mi

1748

1749

resources: {}

1750

## @param metrics.containerPorts.http Prometheus metrics exporter port

1751

1752

containerPorts:

1753

http: 9187

1754

## Prometheus exporter container's liveness probe

1755

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes

1756

## @param metrics.livenessProbe.enabled Enable livenessProbe

1757

## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe

1758

## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe

1759

## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe

1760

## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe

1761

## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe

1762

1763

livenessProbe:

1764

enabled: true

1765

initialDelaySeconds: 30

1766

periodSeconds: 10

1767

timeoutSeconds: 5

1768

successThreshold: 1

1769

failureThreshold: 6

1770

## Prometheus exporter container's readiness probe

1771

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes

1772

## @param metrics.readinessProbe.enabled Enable readinessProbe

1773

## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe

1774

## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe

1775

## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe

1776

## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe

1777

## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe

1778

1779

readinessProbe:

1780

enabled: true

1781

initialDelaySeconds: 5

1782

periodSeconds: 10

1783

timeoutSeconds: 5

1784

successThreshold: 1

1785

failureThreshold: 6

1786

## Prometheus exporter container's startup probes

1787

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes

1788

## @param metrics.startupProbe.enabled Enable startupProbe

1789

## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe

1790

## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe

1791

## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe

1792

## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe

1793

## @param metrics.startupProbe.successThreshold Success threshold for startupProbe

1794

1795

startupProbe:

1796

enabled: false

1797

initialDelaySeconds: 5

1798

periodSeconds: 10

1799

timeoutSeconds: 5

1800

successThreshold: 1

1801

failureThreshold: 10

1802

## @param metrics.customLivenessProbe Override default liveness probe

1803

1804

customLivenessProbe: {}

1805

## @param metrics.customReadinessProbe Override default readiness probe

1806

1807

customReadinessProbe: {}

1808

## @param metrics.customStartupProbe Override default startup probe

1809

1810

customStartupProbe: {}

1811

## Metrics service parameters

1812

1813

service:

1814

## @param metrics.service.enabled PostgreSQL Prometheus exporter metrics service enabled

1815

1816

enabled: true

1817

## @param metrics.service.type PostgreSQL Prometheus exporter metrics service type

1818

1819

type: ClusterIP

1820

## @param metrics.service.ports.metrics PostgreSQL Prometheus exporter metrics service port

1821

1822

ports:

1823

metrics: 9187

1824

## @param metrics.service.nodePorts.metrics PostgreSQL Prometheus exporter Node Port

1825

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport

1826

1827

nodePorts:

1828

metrics: ""

1829

## @param metrics.service.clusterIP PostgreSQL Prometheus exporter metrics service Cluster IP

1830

## e.g.:

1831

## clusterIP: None

1832

1833

clusterIP: ""

1834

## @param metrics.service.loadBalancerIP PostgreSQL Prometheus exporter service Load Balancer IP

1835

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer

1836

1837

loadBalancerIP: ""

1838

## @param metrics.service.loadBalancerSourceRanges PostgreSQL Prometheus exporter service Load Balancer sources

1839

## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service

1840

## e.g:

1841

## loadBalancerSourceRanges:

1842

## - 10.10.10.0/24

1843

1844

loadBalancerSourceRanges: []

1845

## @param metrics.service.externalTrafficPolicy PostgreSQL Prometheus exporter service external traffic policy

1846

## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip

1847

1848

externalTrafficPolicy: Cluster

1849

## @param metrics.annotations [object] Annotations for PostgreSQL Prometheus exporter service

1850

1851

annotations:

1852

prometheus.io/scrape: "true"

1853

prometheus.io/port: "9187"

1854

## @param metrics.customMetrics Additional custom metrics

1855

## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file

1856

## customMetrics:

1857

## pg_database:

1858

## query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')"

1859

## metrics:

1860

## - name:

1861

## usage: "LABEL"

1862

## description: "Name of the database"

1863

## - size_bytes:

1864

## usage: "GAUGE"

1865

## description: "Size of the database in bytes"

1866

1867

customMetrics: {}

1868

## @param metrics.extraEnvVars Array containing extra environment variables

1869

## For example:

1870

## - name: BEARER_AUTH

1871

## value: true

1872

1873

extraEnvVars: []

1874

## @param metrics.extraEnvVarsCM ConfigMap with extra environment variables

1875

1876

extraEnvVarsCM: ""

1877

## @param metrics.extraEnvVarsSecret Secret with extra environment variables

1878

1879

extraEnvVarsSecret: ""

1880

## Metrics serviceMonitor parameters

1881

## Enable this if you're using Prometheus Operator

1882

1883

serviceMonitor:

1884

## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)

1885

1886

enabled: false

1887

## @param metrics.serviceMonitor.namespace Optional namespace which Prometheus is running in

1888

## Fallback to the prometheus default unless specified

1889

1890

namespace: ""

1891

## @param metrics.serviceMonitor.interval How frequently to scrape metrics (use by default, falling back to Prometheus' default)

1892

## e.g:

1893

## interval: 10s

1894

1895

interval: ""

1896

## @param metrics.serviceMonitor.scrapeTimeout Service monitor scrape timeout

1897

## e.g:

1898

## scrapeTimeout: 10s

1899

1900

scrapeTimeout: ""

1901

## @param metrics.serviceMonitor.annotations Additional annotations for the ServiceMonitor

1902

1903

annotations: {}

1904

## @param metrics.serviceMonitor.labels Additional labels that can be used so ServiceMonitor will be discovered by Prometheus

1905

1906

labels: {}

1907

1908

selector:

1909

prometheus: kube-prometheus

1910

## @param metrics.serviceMonitor.relabelings ServiceMonitor relabelings. Value is evaluated as a template

1911

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig

1912

1913

relabelings: []

1914

## @param metrics.serviceMonitor.metricRelabelings ServiceMonitor metricRelabelings. Value is evaluated as a template

1915

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig

1916

1917

metricRelabelings: []

1918

## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint

1919

1920

honorLabels: false

1921

## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.

1922

1923

jobLabel: ""

1924

## @section Volume permissions parameters

1925

1926

## Init Container parameters

1927

## volumePermissions: Change the owner and group of the persistent volume mountpoint

1928

1929

volumePermissions:

1930

## @param volumePermissions.enabled Enable init container to adapt volume permissions

1931

1932

enabled: false

1933

## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry

1934

## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository

1935

## @skip volumePermissions.image.tag Init container volume-permissions image tag

1936

## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag

1937

## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy

1938

## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array

1939

1940

image:

1941

registry: cgr.dev

1942

repository: chainguard-private/os-shell-iamguarded

1943

tag: 1.0.0

1944

digest: ""

1945

## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images

1946

1947

pullPolicy: IfNotPresent

1948

## Optionally specify an array of imagePullSecrets.

1949

## Secrets must be manually created in the namespace.

1950

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

1951

## Example:

1952

## pullSecrets:

1953

## - myRegistryKeySecretName

1954

1955

pullSecrets: []

1956

## K8s Security Context

1957

## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

1958

## @param volumePermissions.podSecurityContext.enabled Whether to enable security context for the volume-permissions init container

1959

## @param volumePermissions.podSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container

1960

## @param volumePermissions.podSecurityContext.runAsUser Init container volume-permissions User ID

1961

## @param volumePermissions.podSecurityContext.runAsGroup Group ID for the init container volume-permissions container

1962

## @param volumePermissions.podSecurityContext.runAsNonRoot Set Security Context runAsNonRoot for the init container volume-permissions container

1963

## @param volumePermissions.podSecurityContext.seccompProfile.type Set Security Context seccompProfile for the init container volume-permissions container

1964

1965

podSecurityContext:

1966

enabled: true

1967

seLinuxOptions: {}

1968

runAsUser: 0

1969

runAsGroup: 0

1970

runAsNonRoot: false

1971

seccompProfile:

1972

type: RuntimeDefault

1973

## Init container' resource requests and limits

1974

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

1975

## We usually recommend not to specify default resources and to leave this as a conscious

1976

## choice for the user. This also increases chances charts run on environments with little

1977

## resources, such as Minikube. If you do want to specify resources, uncomment the following

1978

## lines, adjust them as necessary, and remove the curly braces after 'resources:'.

1979

## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).

1980

1981

resourcesPreset: "nano"

1982

## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

1983

## Example:

1984

## resources:

1985

## requests:

1986

## cpu: 2

1987

## memory: 512Mi

1988

## limits:

1989

## cpu: 3

1990

## memory: 1024Mi

1991

1992

resources: {}

1993

## @section Persistence parameters

1994

1995

## Enable persistence using Persistent Volume Claims

1996

## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/

1997

1998

persistence:

1999

## @param persistence.enabled Enable data persistence

2000

2001

enabled: true

2002

## @param persistence.existingClaim A manually managed Persistent Volume and Claim

2003

## If defined, PVC must be created manually before volume will be bound.

2004

## All replicas will share this PVC, using existingClaim with replicas > 1 is only useful in very special use cases.

2005

## The value is evaluated as a template.

2006

2007

existingClaim: ""

2008

## @param persistence.storageClass Persistent Volume Storage Class

2009

## If defined, storageClassName: <storageClass>

2010

## If set to "-", storageClassName: "", which disables dynamic provisioning

2011

## If undefined (the default) or set to null, no storageClassName spec is

2012

## set, choosing the default provisioner.

2013

2014

storageClass: ""

2015

## @param persistence.mountPath The path the volume will be mounted at, useful when using different PostgreSQL images.

2016

2017

mountPath: /iamguarded/postgresql

2018

## @param persistence.accessModes List of access modes of data volume

2019

2020

accessModes:

2021

- ReadWriteOnce

2022

## @param persistence.size Persistent Volume Claim size

2023

2024

size: 8Gi

2025

## @param persistence.annotations Persistent Volume Claim annotations

2026

2027

annotations: {}

2028

## @param persistence.labels Persistent Volume Claim labels

2029

2030

labels: {}

2031

## @param persistence.selector Selector to match an existing Persistent Volume (this value is evaluated as a template)

2032

## selector:

2033

## matchLabels:

2034

## app: my-app

2035

2036

selector: {}

2037

## Persistent Volume Claim Retention Policy

2038

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention

2039

2040

persistentVolumeClaimRetentionPolicy:

2041

## @param persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for postgresql Statefulset

2042

2043

enabled: false

2044

## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced

2045

2046

whenScaled: Retain

2047

## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted

2048

2049

whenDeleted: Retain

2050

## @section Traffic Exposure parameters

2051

2052

## PostgreSQL service parameters

2053

2054

service:

2055

## @param service.type Kubernetes service type (`ClusterIP`, `NodePort` or `LoadBalancer`)

2056

2057

type: ClusterIP

2058

## @param service.ports.postgresql PostgreSQL port

2059

2060

ports:

2061

postgresql: 5432

2062

## @param service.portName PostgreSQL service port name

2063

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services

2064

2065

portName: postgresql

2066

## @param service.nodePorts.postgresql Kubernetes service nodePort

2067

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport

2068

2069

nodePorts:

2070

postgresql: ""

2071

## @param service.loadBalancerIP Load balancer IP if service type is `LoadBalancer`

2072

## Set the LoadBalancer service type to internal only

2073

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer

2074

2075

loadBalancerIP: ""

2076

## @param service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer

2077

## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service

2078

2079

## loadBalancerSourceRanges:

2080

## - 10.10.10.0/24

2081

2082

loadBalancerSourceRanges: []

2083

## @param service.clusterIP Set the Cluster IP to use

2084

## Static clusterIP or None for headless services

2085

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address

2086

## e.g:

2087

## clusterIP: None

2088

2089

clusterIP: ""

2090

## @param service.externalTrafficPolicy Enable client source IP preservation

2091

## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip

2092

2093

externalTrafficPolicy: Cluster

2094

## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)

2095

2096

extraPorts: []

2097

## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin

2098

## Values: ClientIP or None

2099

## ref: https://kubernetes.io/docs/concepts/services-networking/service/

2100

2101

sessionAffinity: "None"

2102

## @param service.sessionAffinityConfig Additional settings for the sessionAffinity

2103

## sessionAffinityConfig:

2104

## clientIP:

2105

## timeoutSeconds: 300

2106

sessionAffinityConfig: {}

2107

## @param service.annotations Provide any additional annotations both for PostgreSQL and Pgpool-II services

2108

2109

annotations: {}

2110

## @param service.serviceLabels Labels for PostgreSQL service

2111

2112

serviceLabels: {}

2113

## Headless service properties

2114

2115

headless:

2116

## @param service.headless.annotations Annotations for the headless service.

2117

2118

annotations: {}

2119

## @section Backup parameters

2120

## This section implements a trivial logical dump cronjob of the database.

2121

## This only comes with the consistency guarantees of the dump program.

2122

## This is not a snapshot based roll forward/backward recovery backup.

2123

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/

2124

backup:

2125

## @param backup.enabled Enable the logical dump of the database "regularly"

2126

enabled: false

2127

cronjob:

2128

## @param backup.cronjob.schedule Set the cronjob parameter schedule

2129

schedule: "@daily"

2130

## @param backup.cronjob.timeZone Set the cronjob parameter timeZone

2131

timeZone: ""

2132

## @param backup.cronjob.concurrencyPolicy Set the cronjob parameter concurrencyPolicy

2133

concurrencyPolicy: Allow

2134

## @param backup.cronjob.failedJobsHistoryLimit Set the cronjob parameter failedJobsHistoryLimit

2135

failedJobsHistoryLimit: 1

2136

## @param backup.cronjob.successfulJobsHistoryLimit Set the cronjob parameter successfulJobsHistoryLimit

2137

successfulJobsHistoryLimit: 3

2138

## @param backup.cronjob.startingDeadlineSeconds Set the cronjob parameter startingDeadlineSeconds

2139

startingDeadlineSeconds: ""

2140

## @param backup.cronjob.ttlSecondsAfterFinished Set the cronjob parameter ttlSecondsAfterFinished

2141

ttlSecondsAfterFinished: ""

2142

## @param backup.cronjob.restartPolicy Set the cronjob parameter restartPolicy

2143

restartPolicy: OnFailure

2144

## @param backup.cronjob.podSecurityContext.enabled Enable PodSecurityContext for CronJob/Backup

2145

## @param backup.cronjob.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy

2146

## @param backup.cronjob.podSecurityContext.sysctls Set kernel settings using the sysctl interface

2147

## @param backup.cronjob.podSecurityContext.supplementalGroups Set filesystem extra groups

2148

## @param backup.cronjob.podSecurityContext.fsGroup Group ID for the CronJob

2149

podSecurityContext:

2150

enabled: true

2151

fsGroupChangePolicy: Always

2152

sysctls: []

2153

supplementalGroups: []

2154

fsGroup: 1001

2155

## backup container's Security Context

2156

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container

2157

## @param backup.cronjob.containerSecurityContext.enabled Enable container security context

2158

## @param backup.cronjob.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container

2159

## @param backup.cronjob.containerSecurityContext.runAsUser User ID for the backup container

2160

## @param backup.cronjob.containerSecurityContext.runAsGroup Group ID for the backup container

2161

## @param backup.cronjob.containerSecurityContext.runAsNonRoot Set backup container's Security Context runAsNonRoot

2162

## @param backup.cronjob.containerSecurityContext.readOnlyRootFilesystem Is the container itself readonly

2163

## @param backup.cronjob.containerSecurityContext.allowPrivilegeEscalation Is it possible to escalate backup pod(s) privileges

2164

## @param backup.cronjob.containerSecurityContext.seccompProfile.type Set backup container's Security Context seccompProfile type

2165

## @param backup.cronjob.containerSecurityContext.capabilities.drop Set backup container's Security Context capabilities to drop

2166

containerSecurityContext:

2167

enabled: true

2168

seLinuxOptions: {}

2169

runAsUser: 1001

2170

runAsGroup: 1001

2171

runAsNonRoot: true

2172

allowPrivilegeEscalation: false

2173

readOnlyRootFilesystem: true

2174

seccompProfile:

2175

type: RuntimeDefault

2176

capabilities:

2177

drop:

2178

- ALL

2179

## @param backup.cronjob.command Set backup container's command to run

2180

command:

2181

- /bin/bash

2182

- -c

2183

- PGPASSWORD="${PGPASSWORD:-$(< "$PGPASSWORD_FILE")}" pg_dumpall --clean --if-exists --load-via-partition-root --quote-all-identifiers --no-password --file="${PGDUMP_DIR}/pg_dumpall-$(date '+%Y-%m-%d-%H-%M').pgdump"

2184

## @param backup.cronjob.labels Set the cronjob labels

2185

labels: {}

2186

## @param backup.cronjob.annotations Set the cronjob annotations

2187

annotations: {}

2188

## @param backup.cronjob.nodeSelector Node labels for PostgreSQL backup CronJob pod assignment

2189

## ref: https://kubernetes.io/docs/user-guide/node-selection/

2190

2191

nodeSelector: {}

2192

## @param backup.cronjob.tolerations Tolerations for PostgreSQL backup CronJob pod assignment

2193

## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

2194

2195

tolerations: []

2196

## @param backup.cronjob.podAffinityPreset PostgreSQL backup pod affinity preset. Ignored if `backup.cronjob.affinity` is set. Allowed values: `soft` or `hard`

2197

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

2198

2199

podAffinityPreset: ""

2200

## PostgreSQL backup node affinity preset

2201

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity

2202

2203

nodeAffinityPreset:

2204

## @param backup.cronjob.nodeAffinityPreset.type PostgreSQL backup node affinity preset type. Ignored if `backup.cronjob.affinity` is set. Allowed values: `soft` or `hard`

2205

2206

type: ""

2207

## @param backup.cronjob.nodeAffinityPreset.key PostgreSQL backup node label key to match Ignored if `backup.cronjob.affinity` is set.

2208

## E.g.

2209

## key: "kubernetes.io/e2e-az-name"

2210

2211

key: ""

2212

## @param backup.cronjob.nodeAffinityPreset.values PostgreSQL backup node label values to match. Ignored if `backup.cronjob.affinity` is set.

2213

## E.g.

2214

## values:

2215

## - e2e-az1

2216

## - e2e-az2

2217

2218

values: []

2219

## @param backup.cronjob.affinity Affinity for PostgreSQL backup pods assignment

2220

## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

2221

## Note: backup.cronjob.podAffinityPreset and backup.cronjob.nodeAffinityPreset will be ignored when it's set

2222

2223

affinity: {}

2224

## backup cronjob container resource requests and limits

2225

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

2226

## @param backup.cronjob.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if backup.cronjob.resources is set (backup.cronjob.resources is recommended for production).

2227

2228

resourcesPreset: "nano"

2229

## @param backup.cronjob.resources Set container requests and limits for different resources like CPU or memory

2230

## Example:

2231

resources: {}

2232

## resources:

2233

## requests:

2234

## cpu: 1

2235

## memory: 512Mi

2236

## limits:

2237

## cpu: 2

2238

## memory: 1024Mi

2239

## @param backup.cronjob.extraEnvVars Array containing extra environment variables

2240

## For example:

2241

## - name: BEARER_AUTH

2242

## value: true

2243

2244

extraEnvVars: []

2245

## @param backup.cronjob.extraEnvVarsCM ConfigMap with extra environment variables

2246

2247

extraEnvVarsCM: ""

2248

## @param backup.cronjob.extraEnvVarsSecret Secret with extra environment variables

2249

2250

extraEnvVarsSecret: ""

2251

## @param backup.cronjob.extraVolumes Extra volumes to add to the backup container

2252

2253

extraVolumes: []

2254

## @param backup.cronjob.extraVolumeMounts Extra volume mounts to add to the backup container. Normally used with `extraVolumes`

2255

2256

extraVolumeMounts: []

2257

storage:

2258

## @param backup.cronjob.storage.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`)

2259

## If defined, PVC must be created manually before volume will be bound

2260

2261

existingClaim: ""

2262

## @param backup.cronjob.storage.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted

2263

2264

resourcePolicy: ""

2265

## @param backup.cronjob.storage.storageClass PVC Storage Class for the backup data volume

2266

## If defined, storageClassName: <storageClass>

2267

## If set to "-", storageClassName: "", which disables dynamic provisioning

2268

## If undefined (the default) or set to null, no storageClassName spec is

2269

## set, choosing the default provisioner.

2270

2271

storageClass: ""

2272

## @param backup.cronjob.storage.accessModes PV Access Mode

2273

2274

accessModes:

2275

- ReadWriteOnce

2276

## @param backup.cronjob.storage.size PVC Storage Request for the backup data volume

2277

2278

size: 8Gi

2279

## @param backup.cronjob.storage.annotations PVC annotations

2280

2281

annotations: {}

2282

## @param backup.cronjob.storage.mountPath Path to mount the volume at

2283

2284

mountPath: /backup/pgdump

2285

## @param backup.cronjob.storage.subPath Subdirectory of the volume to mount at

2286

## and one PV for multiple services.

2287

2288

subPath: ""

2289

## Fine tuning for volumeClaimTemplates

2290

2291

volumeClaimTemplates:

2292

## @param backup.cronjob.storage.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes)

2293

## A label query over volumes to consider for binding (e.g. when using local volumes)

2294

## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details

2295

2296

selector: {}

2297

The trusted source for open source

Talk to an expert

Privacy

Terms

postgresql-ha

The trusted source for open source

Product

Solutions

Customers

Resources

Company