github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/deploy/official-postgresql/templates/clusterdefinition.yaml (about) 1 apiVersion: apps.kubeblocks.io/v1alpha1 2 kind: ClusterDefinition 3 metadata: 4 name: official-postgresql 5 labels: 6 {{- include "official-postgresql.labels" . | nindent 4 }} 7 spec: 8 type: postgresql 9 connectionCredential: 10 username: postgres 11 password: "$(RANDOM_PASSWD)" 12 endpoint: "$(SVC_FQDN):$(SVC_PORT_tcp-postgresql)" 13 host: "$(SVC_FQDN)" 14 port: "$(SVC_PORT_tcp-postgresql)" 15 componentDefs: 16 - name: postgresql 17 workloadType: Replication 18 characterType: postgresql 19 probes: 20 roleProbe: 21 failureThreshold: {{ .Values.roleProbe.failureThreshold }} 22 periodSeconds: {{ .Values.roleProbe.periodSeconds }} 23 timeoutSeconds: {{ .Values.roleProbe.timeoutSeconds }} 24 configSpecs: 25 - name: official-postgresql-configuration 26 templateRef: official-postgresql14-configuration 27 constraintRef: official-postgresql14-cc 28 keys: 29 - postgresql.conf 30 namespace: {{ .Release.Namespace }} 31 volumeName: postgresql-config 32 defaultMode: 0444 33 scriptSpecs: 34 - name: official-postgresql-scripts 35 templateRef: official-postgresql-scripts 36 namespace: {{ .Release.Namespace }} 37 volumeName: scripts 38 defaultMode: 0555 39 service: 40 ports: 41 - name: tcp-postgresql 42 port: 5432 43 targetPort: tcp-postgresql 44 volumeTypes: 45 - name: data 46 type: data 47 podSpec: 48 securityContext: 49 runAsUser: 0 50 fsGroup: 103 51 runAsGroup: 103 52 containers: 53 - name: postgresql 54 imagePullPolicy: {{ default .Values.image.pullPolicy "IfNotPresent" }} 55 securityContext: 56 runAsUser: 0 57 command: 58 - /kb-scripts/setup.sh 59 volumeMounts: 60 - name: dshm 61 mountPath: /dev/shm 62 - name: data 63 mountPath: /var/lib/postgresql/data 64 - name: postgresql-config 65 mountPath: /var/lib/postgresql/conf 66 - name: scripts 67 mountPath: /kb-scripts 68 ports: 69 - name: tcp-postgresql 70 containerPort: 5432 71 env: 72 - name: KB_PG_CONFIG_PATH 73 value: /var/lib/postgresql/conf/postgresql.conf 74 - name: POSTGRESQL_MASTER_PORT_NUMBER 75 value: "5432" 76 - name: ALLOW_NOSSL 77 value: "true" 78 - name: POD_IP 79 valueFrom: 80 fieldRef: 81 apiVersion: v1 82 fieldPath: status.podIP 83 - name: POD_NAMESPACE 84 valueFrom: 85 fieldRef: 86 apiVersion: v1 87 fieldPath: metadata.namespace 88 - name: PGDATA 89 value: /var/lib/postgresql/data 90 - name: POSTGRES_USER 91 valueFrom: 92 secretKeyRef: 93 name: $(CONN_CREDENTIAL_SECRET_NAME) 94 key: username 95 optional: false 96 - name: POSTGRES_PASSWORD 97 valueFrom: 98 secretKeyRef: 99 name: $(CONN_CREDENTIAL_SECRET_NAME) 100 key: password 101 optional: false 102 - name: PGUSER 103 valueFrom: 104 secretKeyRef: 105 name: $(CONN_CREDENTIAL_SECRET_NAME) 106 key: username 107 optional: false 108 - name: PGPASSWORD 109 valueFrom: 110 secretKeyRef: 111 name: $(CONN_CREDENTIAL_SECRET_NAME) 112 key: password 113 optional: false 114 volumes: 115 - name: dshm 116 emptyDir: 117 medium: Memory 118 {{- with .Values.shmVolume.sizeLimit }} 119 sizeLimit: {{ . }} 120 {{- end }} 121 systemAccounts: 122 cmdExecutorConfig: 123 image: {{ .Values.image.registry | default "docker.io" }}/{{ .Values.image.repository }}:{{ default .Values.image.tag }} 124 command: 125 - psql 126 args: 127 - -h$(KB_ACCOUNT_ENDPOINT) 128 - -c 129 - $(KB_ACCOUNT_STATEMENT) 130 env: 131 - name: PGUSER 132 valueFrom: 133 secretKeyRef: 134 name: $(CONN_CREDENTIAL_SECRET_NAME) 135 key: username 136 optional: false 137 - name: PGPASSWORD 138 valueFrom: 139 secretKeyRef: 140 name: $(CONN_CREDENTIAL_SECRET_NAME) 141 key: password 142 optional: false 143 passwordConfig: 144 length: 10 145 numDigits: 5 146 numSymbols: 0 147 letterCase: MixedCases 148 accounts: 149 - name: kbadmin 150 provisionPolicy: &kbAdminAcctRef 151 type: CreateByStmt 152 scope: AnyPods 153 statements: 154 creation: CREATE USER $(USERNAME) SUPERUSER PASSWORD '$(PASSWD)'; 155 update: ALTER USER $(USERNAME) WITH PASSWORD '$(PASSWD)'; 156 - name: kbdataprotection 157 provisionPolicy: *kbAdminAcctRef 158 - name: kbprobe 159 provisionPolicy: &kbReadonlyAcctRef 160 type: CreateByStmt 161 scope: AnyPods 162 statements: 163 creation: CREATE USER $(USERNAME) WITH PASSWORD '$(PASSWD)'; GRANT pg_monitor TO $(USERNAME); 164 update: ALTER USER $(USERNAME) WITH PASSWORD '$(PASSWD)'; 165 - name: kbmonitoring 166 provisionPolicy: *kbReadonlyAcctRef 167 - name: kbreplicator 168 provisionPolicy: 169 type: CreateByStmt 170 scope: AnyPods 171 statements: 172 creation: CREATE USER $(USERNAME) WITH REPLICATION PASSWORD '$(PASSWD)'; 173 update: ALTER USER $(USERNAME) WITH PASSWORD '$(PASSWD)';