162 lines
6.3 KiB
YAML
162 lines
6.3 KiB
YAML
# This file and its contents are licensed under the Apache License 2.0.
|
|
# Please see the included NOTICE for copyright information and LICENSE for a copy of the license.
|
|
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: {{ template "timescaledb.dataname" . }}
|
|
labels:
|
|
app: {{ template "timescaledb.fullname" . }}
|
|
chart: {{ template "timescaledb.chart" . }}
|
|
release: {{ .Release.Name }}
|
|
heritage: {{ .Release.Service }}
|
|
spec:
|
|
serviceName: {{ template "timescaledb.dataname" . }}
|
|
replicas: {{ .Values.dataNodes }}
|
|
podManagementPolicy: Parallel
|
|
selector:
|
|
matchLabels:
|
|
app: {{ template "timescaledb.fullname" . }}
|
|
release: {{ .Release.Name }}
|
|
timescaleNodeType: data
|
|
template:
|
|
metadata:
|
|
name: {{ template "timescaledb.dataname" . }}
|
|
labels:
|
|
app: {{ template "timescaledb.fullname" . }}
|
|
release: {{ .Release.Name }}
|
|
timescaleNodeType: data
|
|
spec:
|
|
serviceAccountName: {{ template "timescaledb.serviceAccountName" . }}
|
|
securityContext:
|
|
# The postgres user inside the TimescaleDB image has uid=1000.
|
|
# This configuration ensures the permissions of the mounts are suitable
|
|
fsGroup: {{ template "postgres.uid" }}
|
|
runAsGroup: {{ template "postgres.uid" }}
|
|
runAsNonRoot: true
|
|
runAsUser: {{ template "postgres.uid" }}
|
|
initContainers:
|
|
- name: initdb
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
|
env:
|
|
- name: POSTGRESQL_CUSTOM_PARAMETERS
|
|
value: |
|
|
{{- range $key, $value := .Values.postgresql.parameters }}
|
|
{{ printf "%s = '%s'" $key ($value | toString) }}
|
|
{{- end }}
|
|
- name: POSTGRES_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ template "timescaledb.dataname" . }}
|
|
key: password-superuser
|
|
{{- if .Values.env }}
|
|
{{ .Values.env | default list | toYaml | indent 8 }}
|
|
{{- end }}
|
|
command:
|
|
- sh
|
|
- '-c'
|
|
# By calling the original entrypoint with the first argument being postgres
|
|
# we ensure we do everything that is required to init a PostgreSQL instance.
|
|
# By supplying --single however, we ensure the postmaster is running in the
|
|
# foreground, allowing us to do some more initialization
|
|
- |
|
|
set -e
|
|
install -o postgres -g postgres -m 0700 -d "${PGDATA}" "${PGDATA}/../conf.d"
|
|
/docker-entrypoint.sh postgres --single < /dev/null
|
|
grep -qxF "include 'postgresql_helm_customizations.conf'" "${PGDATA}/postgresql.conf" \
|
|
|| echo "include 'postgresql_helm_customizations.conf'" >> "${PGDATA}/postgresql.conf"
|
|
echo "Writing custom PostgreSQL Parameters to ${PGDATA}/postgresql_helm_customizations.conf"
|
|
echo "cluster_name = '$(hostname)'" > "${PGDATA}/postgresql_helm_customizations.conf"
|
|
echo "${POSTGRESQL_CUSTOM_PARAMETERS}" | sort >> "${PGDATA}/postgresql_helm_customizations.conf"
|
|
echo "Adding host all all all md5 in pg_hba.conf"
|
|
grep -qxF "host all all all md5" "${PGDATA}/pg_hba.conf" \
|
|
|| echo "host all all all md5" >> ${PGDATA}/pg_hba.conf
|
|
# The TimescaleDB extension should not be available by default, as this interferes with the bootstrapping
|
|
# done by the access nodes. Therefore we drop the extensions from template1
|
|
echo "DROP EXTENSION timescaledb" | /docker-entrypoint.sh postgres --single -D "${PGDATA}" template1
|
|
volumeMounts:
|
|
- name: storage-volume
|
|
mountPath: "{{ .Values.persistentVolume.mountPath }}"
|
|
subPath: "{{ .Values.persistentVolume.subPath }}"
|
|
containers:
|
|
- name: timescaledb
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
|
# We start postgres with a fully cleared environment
|
|
command:
|
|
- sh
|
|
- '-c'
|
|
- exec env -i PGDATA="${PGDATA}" PATH="${PATH}" /docker-entrypoint.sh postgres
|
|
env:
|
|
- name: POD_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
apiVersion: v1
|
|
fieldPath: metadata.namespace
|
|
{{- if .Values.env }}
|
|
{{ .Values.env | default list | toYaml | indent 8 }}
|
|
{{- end }}
|
|
ports:
|
|
- containerPort: 5432
|
|
volumeMounts:
|
|
- name: storage-volume
|
|
mountPath: "{{ .Values.persistentVolume.mountPath }}"
|
|
subPath: "{{ .Values.persistentVolume.subPath }}"
|
|
resources:
|
|
{{ toYaml .Values.resources | indent 10 }}
|
|
{{- with .Values.nodeSelector }}
|
|
nodeSelector:
|
|
{{ toYaml . | indent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.tolerations }}
|
|
tolerations:
|
|
{{ toYaml . | indent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.schedulerName }}
|
|
schedulerName: {{ .Values.schedulerName }}
|
|
{{- end }}
|
|
affinity:
|
|
nodeAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
nodeSelectorTerms:
|
|
- matchExpressions:
|
|
- key: kubernetes.io/hostname
|
|
operator: NotIn
|
|
values:
|
|
- an
|
|
{{- if not .Values.persistentVolume.enabled }}
|
|
- name: storage-volume
|
|
emptyDir: {}
|
|
{{- end }}
|
|
{{- if .Values.persistentVolume.enabled }}
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
name: storage-volume
|
|
annotations:
|
|
{{- if .Values.persistentVolume.annotations }}
|
|
{{ toYaml .Values.persistentVolume.annotations | indent 8 }}
|
|
{{- end }}
|
|
labels:
|
|
app: {{ template "timescaledb.fullname" . }}
|
|
release: {{ .Release.Name }}
|
|
heritage: {{ .Release.Service }}
|
|
spec:
|
|
accessModes:
|
|
{{ toYaml .Values.persistentVolume.accessModes | indent 8 }}
|
|
resources:
|
|
requests:
|
|
storage: "{{ .Values.persistentVolume.size }}"
|
|
{{- if .Values.persistentVolume.storageClass }}
|
|
{{- if (eq "-" .Values.persistentVolume.storageClass) }}
|
|
storageClassName: ""
|
|
{{- else }}
|
|
storageClassName: "{{ .Values.persistentVolume.storageClass }}"
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|