250 lines
7.1 KiB
YAML
250 lines
7.1 KiB
YAML
---
|
|
schema: armada/Chart/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: ucp-postgresql
|
|
labels:
|
|
name: ucp-postgresql-global
|
|
layeringDefinition:
|
|
abstract: false
|
|
layer: global
|
|
storagePolicy: cleartext
|
|
substitutions:
|
|
# Chart source
|
|
- src:
|
|
schema: pegleg/SoftwareVersions/v1
|
|
name: software-versions
|
|
path: .charts.ucp.postgresql
|
|
dest:
|
|
path: .source
|
|
|
|
# Images
|
|
- src:
|
|
schema: pegleg/SoftwareVersions/v1
|
|
name: software-versions
|
|
path: .images.ucp.postgresql
|
|
dest:
|
|
path: .values.images.tags
|
|
|
|
# Endpoints
|
|
- src:
|
|
schema: pegleg/EndpointCatalogue/v1
|
|
name: ucp_endpoints
|
|
path: .ucp.postgresql
|
|
dest:
|
|
path: .values.endpoints.postgresql
|
|
- src:
|
|
schema: pegleg/EndpointCatalogue/v1
|
|
name: ucp_endpoints
|
|
path: .ucp.prometheus_postgresql_exporter
|
|
dest:
|
|
path: .values.endpoints.prometheus_postgresql_exporter
|
|
- src:
|
|
schema: pegleg/EndpointCatalogue/v1
|
|
name: ucp_endpoints
|
|
path: .ucp.postgresql.hosts.default
|
|
dest:
|
|
path: .values.secrets.pki.server.hosts.names[0]
|
|
|
|
# Credentials
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: ucp_service_accounts
|
|
path: .ucp.postgres.admin
|
|
dest:
|
|
path: .values.endpoints.postgresql.auth.admin
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: ucp_service_accounts
|
|
path: .ucp.prometheus_postgresql_exporter.user
|
|
dest:
|
|
path: .values.endpoints.postgresql.auth.exporter
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: ucp_service_accounts
|
|
path: .ucp.prometheus_postgresql_exporter.user
|
|
dest:
|
|
path: .values.endpoints.prometheus_postgresql_exporter.auth.user
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: ucp_service_accounts
|
|
path: .ucp.postgres.audit
|
|
dest:
|
|
path: .values.endpoints.postgresql.auth.audit
|
|
|
|
# Secrets
|
|
- dest:
|
|
path: .values.endpoints.postgresql.auth.admin.password
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: ucp_postgres_admin_password
|
|
path: .
|
|
- dest:
|
|
path: .values.endpoints.postgresql.auth.exporter.password
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: ucp_postgres_exporter_postgres_password
|
|
path: .
|
|
- dest:
|
|
path: .values.endpoints.prometheus_postgresql_exporter.auth.user.password
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: ucp_postgres_exporter_postgres_password
|
|
path: .
|
|
- dest:
|
|
path: .values.endpoints.postgresql.auth.audit.password
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: ucp_postgres_audit_password
|
|
path: .
|
|
|
|
# POD IPs
|
|
- src:
|
|
schema: pegleg/CommonAddresses/v1
|
|
name: common-addresses
|
|
path: .kubernetes.pod_cidr
|
|
dest:
|
|
path: .values.secrets.pki.pod_cidr
|
|
|
|
# Forming the container name for database backups to go into
|
|
- src:
|
|
schema: pegleg/CommonAddresses/v1
|
|
name: common-addresses
|
|
path: .dns.ingress_domain
|
|
dest:
|
|
- path: .values.conf.backup.remote_backup.container_name
|
|
pattern: DOMAIN
|
|
|
|
data:
|
|
chart_name: ucp-postgresql
|
|
release: ucp-postgresql
|
|
namespace: ucp
|
|
protected:
|
|
continue_processing: false
|
|
wait:
|
|
timeout: 1800
|
|
labels:
|
|
release_group: clcp-ucp-postgresql
|
|
install:
|
|
no_hooks: false
|
|
upgrade:
|
|
no_hooks: false
|
|
options:
|
|
force: true
|
|
pre:
|
|
delete:
|
|
- type: job
|
|
labels:
|
|
release_group: clcp-ucp-postgresql
|
|
- type: cronjob
|
|
labels:
|
|
release_group: clcp-ucp-postgresql
|
|
create: []
|
|
post:
|
|
create: []
|
|
values:
|
|
pod:
|
|
mandatory_access_control:
|
|
type: apparmor
|
|
postgresql:
|
|
postgresql: runtime/default
|
|
set-volume-perms: runtime/default
|
|
init: runtime/default
|
|
postgresql-backup:
|
|
postgresql-backup: runtime/default
|
|
backup-perms: runtime/default
|
|
init: runtime/default
|
|
prometheus-postgresql-exporter:
|
|
postgresql-exporter: runtime/default
|
|
init: runtime/default
|
|
prometheus-postgresql-exporter-create-user:
|
|
prometheus-postgresql-exporter-create-user: runtime/default
|
|
init: runtime/default
|
|
affinity:
|
|
anti:
|
|
type:
|
|
default: requiredDuringSchedulingIgnoredDuringExecution
|
|
replicas:
|
|
server: 1
|
|
monitoring:
|
|
prometheus:
|
|
enabled: true
|
|
volume:
|
|
backup:
|
|
size: 50Gi
|
|
conf:
|
|
postgresql:
|
|
max_connections: 1000
|
|
shared_buffers: 2GB
|
|
log_connections: 'off'
|
|
log_disconnections: 'off'
|
|
# disable archiving
|
|
archive_mode: 'off'
|
|
# disable wal senders (required with wal_level minimal)
|
|
max_wal_senders: 0
|
|
# to avoid filling up pgdata/pg_xlog, limit to 32 wal files (16 MB each), i.e. 512MB
|
|
max_wal_size: 32
|
|
# to avoid filling up pgdata/pg_commit_ts, don't track commit timestamps
|
|
track_commit_timestamp: 'off'
|
|
# don't explicitly force a minimum # of wal files to keep
|
|
wal_keep_segments: 0
|
|
# retain enough data to recover from a crash or immediate shutdown
|
|
wal_level: minimal
|
|
# don't force writes for hint bit modifications
|
|
wal_log_hints: 'off'
|
|
pg_hba: |
|
|
host all all 127.0.0.1/32 trust
|
|
host all postgresql-admin 0.0.0.0/0 md5
|
|
host all postgres 0.0.0.0/0 md5
|
|
host all psql_exporter 0.0.0.0/0 md5
|
|
host postgres postgresql_exporter 0.0.0.0/0 md5
|
|
host deckhand deckhand 0.0.0.0/0 md5
|
|
host maasdb maas 0.0.0.0/0 md5
|
|
host airflow airflow 0.0.0.0/0 md5
|
|
host shipyard shipyard 0.0.0.0/0 md5
|
|
host drydock drydock 0.0.0.0/0 md5
|
|
local all all trust
|
|
host all all 0.0.0.0/0 reject
|
|
backup:
|
|
pg_dumpall_options: '--inserts --clean'
|
|
enabled: true
|
|
days_to_keep: 3
|
|
remote_backup:
|
|
enabled: true
|
|
container_name: DOMAIN
|
|
days_to_keep: 14
|
|
storage_policy: ncbackup_pt
|
|
development:
|
|
enabled: false
|
|
labels:
|
|
server:
|
|
node_selector_key: ucp-control-plane
|
|
node_selector_value: enabled
|
|
test:
|
|
node_selector_key: ucp-control-plane
|
|
node_selector_value: enabled
|
|
prometheus_postgresql_exporter:
|
|
node_selector_key: ucp-control-plane
|
|
node_selector_value: enabled
|
|
job:
|
|
node_selector_key: ucp-control-plane
|
|
node_selector_value: enabled
|
|
manifests:
|
|
# Enable automated backups
|
|
cron_job_postgresql_backup: true
|
|
# Not needing to create a keystone user - it should already be created on CH
|
|
job_ks_user: false
|
|
# Still backing up to local PVC in addition to CH backups
|
|
pvc_backup: true
|
|
# Enable backup/restore secrets
|
|
secret_backup_restore: true
|
|
secrets:
|
|
pki:
|
|
server:
|
|
life: 365
|
|
replication:
|
|
life: 365
|
|
dependencies:
|
|
- postgres-htk
|
|
...
|