## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global Docker image parameters: imageRegistry and imagePullSecrets ## global: postgresql: {} # imageRegistry: myRegistryName # imagePullSecrets: # - myRegistryKeySecretName # storageClass: myStorageClass ## Bitnami PostgreSQL image version ## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ ## image: registry: docker.io repository: bitnami/postgresql tag: 11.9.0-debian-10-r48 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## # pullSecrets: # - myRegistryKeySecretName ## Set to true if you would like to see extra information on logs ## It turns BASH and NAMI debugging in minideb ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging ## debug: false ## String to partially override postgresql.fullname template (will maintain the release name) ## # nameOverride: ## String to fully override postgresql.fullname template ## # fullnameOverride: ## ## Init containers parameters: ## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup ## volumePermissions: enabled: false image: registry: docker.io repository: bitnami/minideb tag: buster ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: Always ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## # pullSecrets: # - myRegistryKeySecretName ## Init container Security Context ## Note: the chown of the data folder is done to securityContext.runAsUser ## and not the below volumePermissions.securityContext.runAsUser ## When runAsUser is set to special value "auto", init container will try to chwon the ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false ## securityContext: runAsUser: 0 ## Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## # schedulerName: ## Pod Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## securityContext: enabled: true fsGroup: 1001 ## Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## containerSecurityContext: enabled: true runAsUser: 1001 ## Pod Service Account ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ ## serviceAccount: enabled: false ## Name of an already existing service account. Setting this value disables the automatic service account creation. # name: ## Pod Security Policy ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ ## psp: create: false ## Creates role for ServiceAccount ## Required for PSP ## rbac: create: false replication: enabled: false user: repl_user password: repl_password slaveReplicas: 1 ## Set synchronous commit mode: on, off, remote_apply, remote_write and local ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL ## synchronousCommit: 'off' ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication ## NOTE: It cannot be > slaveReplicas ## numSynchronousReplicas: 0 ## Replication Cluster application name. Useful for defining multiple replication policies ## applicationName: my_application ## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) # postgresqlPostgresPassword: ## PostgreSQL user (has superuser privileges if username is `postgres`) ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run ## postgresqlUsername: postgres ## PostgreSQL password ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run ## # postgresqlPassword: ## PostgreSQL password using existing secret ## existingSecret: secret ## ## Mount PostgreSQL secret as a file instead of passing environment variable # usePasswordFile: false ## Create a database ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run ## # postgresqlDatabase: ## PostgreSQL data dir ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md ## postgresqlDataDir: /bitnami/postgresql/data ## An array to add extra environment variables ## For example: ## extraEnv: ## - name: FOO ## value: "bar" ## # extraEnv: extraEnv: [] ## Name of a ConfigMap containing extra env vars ## # extraEnvVarsCM: ## Specify extra initdb args ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md ## # postgresqlInitdbArgs: ## Specify a custom location for the PostgreSQL transaction log ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md ## # postgresqlInitdbWalDir: ## PostgreSQL configuration ## Specify runtime configuration parameters as a dict, using camelCase, e.g. ## {"sharedBuffers": "500MB"} ## Alternatively, you can put your postgresql.conf under the files/ directory ## ref: https://www.postgresql.org/docs/current/static/runtime-config.html ## # postgresqlConfiguration: ## PostgreSQL extended configuration ## As above, but _appended_ to the main configuration ## Alternatively, you can put your *.conf under the files/conf.d/ directory ## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf ## # postgresqlExtendedConf: ## Configure current cluster's master server to be the standby server in other cluster. ## This will allow cross cluster replication and provide cross cluster high availability. ## You will need to configure pgHbaConfiguration if you want to enable this feature with local cluster replication enabled. ## masterAsStandBy: enabled: false # masterHost: # masterPort: ## PostgreSQL client authentication configuration ## Specify content for pg_hba.conf ## Default: do not create pg_hba.conf ## Alternatively, you can put your pg_hba.conf under the files/ directory # pgHbaConfiguration: |- # local all all trust # host all all localhost trust # host mydatabase mysuser 192.168.0.0/24 md5 ## ConfigMap with PostgreSQL configuration ## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration # configurationConfigMap: ## ConfigMap with PostgreSQL extended configuration # extendedConfConfigMap: ## initdb scripts ## Specify dictionary of scripts to be run at first boot ## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory ## # initdbScripts: # my_init_script.sh: | # #!/bin/sh # echo "Do something." ## ConfigMap with scripts to be run at first boot ## NOTE: This will override initdbScripts # initdbScriptsConfigMap: ## Secret with scripts to be run at first boot (in case it contains sensitive information) ## NOTE: This can work along initdbScripts or initdbScriptsConfigMap # initdbScriptsSecret: ## Specify the PostgreSQL username and password to execute the initdb scripts # initdbUser: # initdbPassword: ## Audit settings ## https://github.com/bitnami/bitnami-docker-postgresql#auditing ## audit: ## Log client hostnames ## logHostname: false ## Log connections to the server ## logConnections: false ## Log disconnections ## logDisconnections: false ## Operation to audit using pgAudit (default if not set) ## pgAuditLog: "" ## Log catalog using pgAudit ## pgAuditLogCatalog: "off" ## Log level for clients ## clientMinMessages: error ## Template for log line prefix (default if not set) ## logLinePrefix: "" ## Log timezone ## logTimezone: "" ## Shared preload libraries ## postgresqlSharedPreloadLibraries: "pgaudit" ## Maximum total connections ## postgresqlMaxConnections: ## Maximum connections for the postgres user ## postgresqlPostgresConnectionLimit: ## Maximum connections for the created user ## postgresqlDbUserConnectionLimit: ## TCP keepalives interval ## postgresqlTcpKeepalivesInterval: ## TCP keepalives idle ## postgresqlTcpKeepalivesIdle: ## TCP keepalives count ## postgresqlTcpKeepalivesCount: ## Statement timeout ## postgresqlStatementTimeout: ## Remove pg_hba.conf lines with the following comma-separated patterns ## (cannot be used with custom pg_hba.conf) ## postgresqlPghbaRemoveFilters: ## Optional duration in seconds the pod needs to terminate gracefully. ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods ## # terminationGracePeriodSeconds: 30 ## LDAP configuration ## ldap: enabled: false url: '' server: '' port: '' prefix: '' suffix: '' baseDN: '' bindDN: '' bind_password: search_attr: '' search_filter: '' scheme: '' tls: false ## PostgreSQL service configuration ## service: ## PosgresSQL service type ## type: ClusterIP # clusterIP: None port: 5432 ## Specify the nodePort value for the LoadBalancer and NodePort service types. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport ## # nodePort: ## Provide any additional annotations which may be required. Evaluated as a template. ## annotations: {} ## Set the LoadBalancer service type to internal only. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## # loadBalancerIP: ## Load Balancer sources. Evaluated as a template. ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## # loadBalancerSourceRanges: # - 10.10.10.0/24 ## Start master and slave(s) pod(s) without limitations on shm memory. ## By default docker and containerd (and possibly other container runtimes) ## limit `/dev/shm` to `64M` (see e.g. the ## [docker issue](https://github.com/docker-library/postgres/issues/416) and the ## [containerd issue](https://github.com/containerd/containerd/issues/3654), ## which could be not enough if PostgreSQL uses parallel workers heavily. ## shmVolume: ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove ## this limitation. ## enabled: true ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. ## This option is ingored if `volumePermissions.enabled` is `false` ## chmod: enabled: true ## PostgreSQL data Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## persistence: enabled: true ## A manually managed Persistent Volume and Claim ## If defined, PVC must be created manually before volume will be bound ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart ## # existingClaim: ## The path the volume will be mounted at, useful when using different ## PostgreSQL images. ## mountPath: /bitnami/postgresql ## The subdirectory of the volume to mount to, useful in dev environments ## and one PV for multiple services. ## subPath: '' # storageClass: "-" accessModes: - ReadWriteOnce size: 8Gi annotations: {} ## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies ## updateStrategy: type: RollingUpdate ## ## PostgreSQL Master parameters ## master: ## Node, affinity, tolerations, and priorityclass settings for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption ## nodeSelector: {} affinity: {} tolerations: [] labels: {} annotations: {} podLabels: {} podAnnotations: {} priorityClassName: '' ## Extra init containers ## Example ## ## extraInitContainers: ## - name: do-something ## image: busybox ## command: ['do', 'something'] ## extraInitContainers: [] ## Additional PostgreSQL Master Volume mounts ## extraVolumeMounts: [] ## Additional PostgreSQL Master Volumes ## extraVolumes: [] ## Add sidecars to the pod ## ## For example: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## Override the service configuration for master ## service: {} # type: # nodePort: # clusterIP: ## ## PostgreSQL Slave parameters ## slave: ## Node, affinity, tolerations, and priorityclass settings for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption ## nodeSelector: {} affinity: {} tolerations: [] labels: {} annotations: {} podLabels: {} podAnnotations: {} priorityClassName: '' ## Extra init containers ## Example ## ## extraInitContainers: ## - name: do-something ## image: busybox ## command: ['do', 'something'] ## extraInitContainers: [] ## Additional PostgreSQL Slave Volume mounts ## extraVolumeMounts: [] ## Additional PostgreSQL Slave Volumes ## extraVolumes: [] ## Add sidecars to the pod ## ## For example: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## Override the service configuration for slave ## service: {} # type: # nodePort: # clusterIP: ## Whether to enable PostgreSQL slave replicas data Persistent ## persistence: enabled: true # Override the resource configuration for slave resources: {} # requests: # memory: 256Mi # cpu: 250m ## Configure resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: requests: memory: 256Mi cpu: 250m ## Add annotations to all the deployed resources ## commonAnnotations: {} networkPolicy: ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. ## enabled: false ## The Policy model to apply. When set to false, only pods with the correct ## client label will have network access to the port PostgreSQL is listening ## on. When true, PostgreSQL will accept connections from any source ## (with the correct destination port). ## allowExternal: true ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace ## and that match other criteria, the ones that have the good label, can reach the DB. ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. ## ## Example: ## explicitNamespacesSelector: ## matchLabels: ## role: frontend ## matchExpressions: ## - {key: role, operator: In, values: [frontend]} ## explicitNamespacesSelector: {} ## Configure extra options for liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) ## livenessProbe: enabled: true initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 readinessProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## Custom Liveness probe ## customLivenessProbe: {} ## Custom Rediness probe ## customReadinessProbe: {} ## ## TLS configuration ## tls: # Enable TLS traffic enabled: false # # Whether to use the server's TLS cipher preferences rather than the client's. preferServerCiphers: true # # Name of the Secret that contains the certificates certificatesSecret: '' # # Certificate filename certFilename: '' # # Certificate Key filename certKeyFilename: '' # # CA Certificate filename # If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate # ref: https://www.postgresql.org/docs/9.6/auth-methods.html certCAFilename: # # File containing a Certificate Revocation List crlFilename: ## Configure metrics exporter ## metrics: enabled: false # resources: {} service: type: ClusterIP annotations: prometheus.io/scrape: 'true' prometheus.io/port: '9187' loadBalancerIP: serviceMonitor: enabled: false additionalLabels: {} # namespace: monitoring # interval: 30s # scrapeTimeout: 10s ## Custom PrometheusRule to be defined ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions ## prometheusRule: enabled: false additionalLabels: {} namespace: '' ## These are just examples rules, please adapt them to your needs. ## Make sure to constraint the rules to the current postgresql service. ## rules: ## - alert: HugeReplicationLag ## expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1 ## for: 1m ## labels: ## severity: critical ## annotations: ## description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). ## rules: [] image: registry: docker.io repository: bitnami/postgres-exporter tag: 0.8.0-debian-10-r242 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## # pullSecrets: # - myRegistryKeySecretName ## Define additional custom metrics ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file # customMetrics: # pg_database: # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" # metrics: # - name: # usage: "LABEL" # description: "Name of the database" # - size_bytes: # usage: "GAUGE" # description: "Size of the database in bytes" # ## An array to add extra env vars to configure postgres-exporter ## see: https://github.com/wrouesnel/postgres_exporter#environment-variables ## For example: # extraEnvVars: # - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS # value: "true" extraEnvVars: {} ## Pod Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## securityContext: enabled: false runAsUser: 1001 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) ## Configure extra options for liveness and readiness probes ## livenessProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 readinessProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## Array with extra yaml to deploy with the chart. Evaluated as a template ## extraDeploy: []