github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/deploy/postgresql/templates/clusterdefinition.yaml (about) 1 apiVersion: apps.kubeblocks.io/v1alpha1 2 kind: ClusterDefinition 3 metadata: 4 name: postgresql 5 labels: 6 {{- include "postgresql.labels" . | nindent 4 }} 7 spec: 8 type: postgresql 9 connectionCredential: 10 username: postgres 11 password: "$(RANDOM_PASSWD)" 12 endpoint: "$(SVC_FQDN):$(SVC_PORT_tcp-postgresql)" 13 host: "$(SVC_FQDN)" 14 port: "$(SVC_PORT_tcp-postgresql)" 15 componentDefs: 16 - name: postgresql 17 workloadType: Replication 18 characterType: postgresql 19 customLabelSpecs: 20 - key: apps.kubeblocks.postgres.patroni/scope 21 value: "$(KB_CLUSTER_NAME)-$(KB_COMP_NAME)-patroni$(KB_CLUSTER_UID_POSTFIX_8)" 22 resources: 23 - gvk: "v1/Pod" 24 selector: 25 app.kubernetes.io/managed-by: kubeblocks 26 - gvk: "apps/v1/StatefulSet" 27 selector: 28 app.kubernetes.io/managed-by: kubeblocks 29 probes: 30 roleProbe: 31 failureThreshold: 2 32 periodSeconds: 1 33 timeoutSeconds: 1 34 monitor: 35 builtIn: false 36 exporterConfig: 37 scrapePath: /metrics 38 scrapePort: {{ .Values.metrics.service.port }} 39 logConfigs: 40 {{- range $name,$pattern := .Values.logConfigs }} 41 - name: {{ $name }} 42 filePathPattern: {{ $pattern }} 43 {{- end }} 44 configSpecs: 45 - name: postgresql-configuration 46 templateRef: postgresql-configuration 47 constraintRef: postgresql14-cc 48 keys: 49 - postgresql.conf 50 namespace: {{ .Release.Namespace }} 51 volumeName: postgresql-config 52 defaultMode: 0444 53 - name: pgbouncer-configuration 54 templateRef: pgbouncer-configuration 55 keys: 56 - pgbouncer.ini 57 namespace: {{ .Release.Namespace }} 58 volumeName: pgbouncer-config 59 defaultMode: 0444 60 - name: postgresql-custom-metrics 61 templateRef: postgresql14-custom-metrics 62 namespace: {{ .Release.Namespace }} 63 volumeName: postgresql-custom-metrics 64 defaultMode: 0444 65 - name: agamotto-configuration 66 templateRef: postgresql-agamotto-configuration 67 namespace: {{ .Release.Namespace }} 68 volumeName: agamotto-configuration 69 defaultMode: 0444 70 scriptSpecs: 71 - name: postgresql-scripts 72 templateRef: postgresql-scripts 73 namespace: {{ .Release.Namespace }} 74 volumeName: scripts 75 defaultMode: 0555 76 service: 77 ports: 78 - name: tcp-postgresql 79 port: 5432 80 targetPort: tcp-postgresql 81 - name: tcp-pgbouncer 82 port: 6432 83 targetPort: tcp-pgbouncer 84 volumeTypes: 85 - name: data 86 type: data 87 switchoverSpec: 88 withCandidate: 89 cmdExecutorConfig: 90 image: {{ .Values.image.registry | default "docker.io" }}/{{ .Values.image.repository }}:{{ default .Values.image.tag }} 91 command: 92 - /bin/bash 93 - -c 94 args: 95 - curl -s http://$(KB_REPLICATION_PRIMARY_POD_FQDN):8008/switchover -XPOST -d '{"leader":"$(KB_REPLICATION_PRIMARY_POD_NAME)","candidate":"$(KB_SWITCHOVER_CANDIDATE_NAME)"}' 96 withoutCandidate: 97 cmdExecutorConfig: 98 image: {{ .Values.image.registry | default "docker.io" }}/{{ .Values.image.repository }}:{{ default .Values.image.tag }} 99 command: 100 - /bin/bash 101 - -c 102 args: 103 - curl -s http://$(KB_REPLICATION_PRIMARY_POD_FQDN):8008/switchover -XPOST -d '{"leader":"$(KB_REPLICATION_PRIMARY_POD_NAME)"}' 104 podSpec: 105 securityContext: 106 runAsUser: 0 107 fsGroup: 103 108 runAsGroup: 103 109 initContainers: 110 - name: pg-init-container 111 imagePullPolicy: {{ default .Values.image.pullPolicy "IfNotPresent" }} 112 command: 113 - /kb-scripts/init_container.sh 114 volumeMounts: 115 - name: data 116 mountPath: {{ .Values.dataMountPath }} 117 - name: postgresql-config 118 mountPath: /home/postgres/conf 119 - name: scripts 120 mountPath: /kb-scripts 121 - name: pod-info 122 mountPath: /kb-podinfo 123 containers: 124 - name: postgresql 125 imagePullPolicy: {{ default .Values.image.pullPolicy "IfNotPresent" }} 126 securityContext: 127 runAsUser: 0 128 command: 129 - /kb-scripts/setup.sh 130 readinessProbe: 131 failureThreshold: 3 132 initialDelaySeconds: 10 133 periodSeconds: 30 134 successThreshold: 1 135 timeoutSeconds: 5 136 exec: 137 command: 138 - /bin/sh 139 - -c 140 - -ee 141 - | 142 exec pg_isready -U {{ default "postgres" | quote }} -h 127.0.0.1 -p 5432 143 [ -f /postgresql/tmp/.initialized ] || [ -f /postgresql/.initialized ] 144 volumeMounts: 145 - name: dshm 146 mountPath: /dev/shm 147 - name: data 148 mountPath: {{ .Values.dataMountPath }} 149 - name: postgresql-config 150 mountPath: /home/postgres/conf 151 - name: scripts 152 mountPath: /kb-scripts 153 - name: pod-info 154 mountPath: /kb-podinfo 155 ports: 156 - name: tcp-postgresql 157 containerPort: 5432 158 - name: patroni 159 containerPort: 8008 160 env: ## refer https://github.com/zalando/spilo/blob/master/ENVIRONMENT.rst 161 - name: SERVICE_PORT 162 value: "5432" 163 - name: DCS_ENABLE_KUBERNETES_API 164 value: "true" 165 - name: KUBERNETES_USE_CONFIGMAPS 166 value: "true" 167 - name: SCOPE 168 value: "$(KB_CLUSTER_NAME)-$(KB_COMP_NAME)-patroni$(KB_CLUSTER_UID_POSTFIX_8)" 169 - name: KUBERNETES_SCOPE_LABEL 170 value: "apps.kubeblocks.postgres.patroni/scope" 171 - name: KUBERNETES_ROLE_LABEL 172 value: "apps.kubeblocks.postgres.patroni/role" 173 - name: KUBERNETES_LABELS 174 value: '{"app.kubernetes.io/instance":"$(KB_CLUSTER_NAME)","apps.kubeblocks.io/component-name":"$(KB_COMP_NAME)"}' 175 - name: RESTORE_DATA_DIR 176 value: {{ .Values.dataMountPath }}/kb_restore 177 - name: KB_PG_CONFIG_PATH 178 value: /home/postgres/conf/postgresql.conf 179 - name: SPILO_CONFIGURATION 180 value: | ## https://github.com/zalando/patroni#yaml-configuration 181 bootstrap: 182 initdb: 183 - auth-host: md5 184 - auth-local: trust 185 - name: ALLOW_NOSSL 186 value: "true" 187 - name: PGROOT 188 value: {{ .Values.dataMountPath }}/pgroot 189 - name: POD_IP 190 valueFrom: 191 fieldRef: 192 apiVersion: v1 193 fieldPath: status.podIP 194 - name: POD_NAMESPACE 195 valueFrom: 196 fieldRef: 197 apiVersion: v1 198 fieldPath: metadata.namespace 199 - name: PGUSER_SUPERUSER 200 valueFrom: 201 secretKeyRef: 202 name: $(CONN_CREDENTIAL_SECRET_NAME) 203 key: username 204 optional: false 205 - name: PGPASSWORD_SUPERUSER 206 valueFrom: 207 secretKeyRef: 208 name: $(CONN_CREDENTIAL_SECRET_NAME) 209 key: password 210 optional: false 211 - name: PGUSER_ADMIN 212 value: superadmin 213 - name: PGPASSWORD_ADMIN 214 valueFrom: 215 secretKeyRef: 216 name: $(CONN_CREDENTIAL_SECRET_NAME) 217 key: password 218 optional: false 219 - name: PGUSER_STANDBY 220 value: standby 221 - name: PGPASSWORD_STANDBY 222 valueFrom: 223 secretKeyRef: 224 name: $(CONN_CREDENTIAL_SECRET_NAME) 225 key: password 226 optional: false 227 - name: PGUSER 228 valueFrom: 229 secretKeyRef: 230 name: $(CONN_CREDENTIAL_SECRET_NAME) 231 key: username 232 optional: false 233 - name: PGPASSWORD 234 valueFrom: 235 secretKeyRef: 236 name: $(CONN_CREDENTIAL_SECRET_NAME) 237 key: password 238 optional: false 239 - name: pgbouncer 240 image: {{ .Values.pgbouncer.image.registry | default "docker.io" }}/{{ .Values.pgbouncer.image.repository }}:{{ default .Values.pgbouncer.image.tag }} 241 imagePullPolicy: {{ .Values.pgbouncer.image.pullPolicy | quote }} 242 securityContext: 243 runAsUser: 0 244 ports: 245 - name: tcp-pgbouncer 246 containerPort: 6432 247 volumeMounts: 248 - name: pgbouncer-config 249 mountPath: /home/pgbouncer/conf 250 - name: scripts 251 mountPath: /kb-scripts 252 command: 253 - /kb-scripts/pgbouncer_setup.sh 254 livenessProbe: 255 failureThreshold: 3 256 initialDelaySeconds: 15 257 periodSeconds: 30 258 successThreshold: 1 259 timeoutSeconds: 5 260 tcpSocket: 261 port: tcp-pgbouncer 262 readinessProbe: 263 failureThreshold: 3 264 initialDelaySeconds: 15 265 periodSeconds: 30 266 successThreshold: 1 267 timeoutSeconds: 5 268 tcpSocket: 269 port: tcp-pgbouncer 270 env: 271 - name: PGBOUNCER_AUTH_TYPE 272 value: md5 273 - name: POSTGRESQL_USERNAME 274 valueFrom: 275 secretKeyRef: 276 name: $(CONN_CREDENTIAL_SECRET_NAME) 277 key: username 278 optional: false 279 - name: POSTGRESQL_PASSWORD 280 valueFrom: 281 secretKeyRef: 282 name: $(CONN_CREDENTIAL_SECRET_NAME) 283 key: password 284 optional: false 285 - name: POSTGRESQL_PORT 286 value: "5432" 287 - name: POSTGRESQL_HOST 288 valueFrom: 289 fieldRef: 290 apiVersion: v1 291 fieldPath: status.podIP 292 - name: PGBOUNCER_PORT 293 value: "6432" 294 - name: PGBOUNCER_BIND_ADDRESS 295 value: "0.0.0.0" 296 - name: metrics 297 image: {{ .Values.metrics.image.registry | default "docker.io" }}/{{ .Values.metrics.image.repository }}:{{ .Values.metrics.image.tag }} 298 imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} 299 securityContext: 300 runAsUser: 0 301 env: 302 - name: ENDPOINT 303 value: {{ printf "127.0.0.1:5432" }} 304 - name: DATA_SOURCE_PASS 305 valueFrom: 306 secretKeyRef: 307 name: $(CONN_CREDENTIAL_SECRET_NAME) 308 key: password 309 optional: false 310 - name: DATA_SOURCE_USER 311 valueFrom: 312 secretKeyRef: 313 name: $(CONN_CREDENTIAL_SECRET_NAME) 314 key: username 315 optional: false 316 command: 317 - "/bin/agamotto" 318 - "--config=/opt/agamotto/agamotto-config.yaml" 319 ports: 320 - name: http-metrics 321 containerPort: {{ .Values.metrics.service.port }} 322 volumeMounts: 323 - name: postgresql-custom-metrics 324 mountPath: /opt/conf 325 - name: agamotto-configuration 326 mountPath: /opt/agamotto 327 volumes: 328 - name: dshm 329 emptyDir: 330 medium: Memory 331 {{- with .Values.shmVolume.sizeLimit }} 332 sizeLimit: {{ . }} 333 {{- end }} 334 - name: pod-info 335 downwardAPI: 336 items: 337 - path: "pod-role" 338 fieldRef: 339 fieldPath: metadata.labels['kubeblocks.io/role'] 340 - path: "primary-pod" 341 fieldRef: 342 fieldPath: metadata.annotations['rs.apps.kubeblocks.io/primary'] 343 - path: "component-replicas" 344 fieldRef: 345 fieldPath: metadata.annotations['apps.kubeblocks.io/component-replicas'] 346 systemAccounts: 347 cmdExecutorConfig: 348 image: {{ .Values.image.registry | default "docker.io" }}/{{ .Values.image.repository }}:{{ default .Values.image.tag }} 349 command: 350 - psql 351 args: 352 - -h$(KB_ACCOUNT_ENDPOINT) 353 - -c 354 - $(KB_ACCOUNT_STATEMENT) 355 env: 356 - name: PGUSER 357 valueFrom: 358 secretKeyRef: 359 name: $(CONN_CREDENTIAL_SECRET_NAME) 360 key: username 361 optional: false 362 - name: PGPASSWORD 363 valueFrom: 364 secretKeyRef: 365 name: $(CONN_CREDENTIAL_SECRET_NAME) 366 key: password 367 optional: false 368 passwordConfig: 369 length: 10 370 numDigits: 5 371 numSymbols: 0 372 letterCase: MixedCases 373 accounts: 374 - name: kbadmin 375 provisionPolicy: &kbAdminAcctRef 376 type: CreateByStmt 377 scope: AnyPods 378 statements: 379 creation: CREATE USER $(USERNAME) SUPERUSER PASSWORD '$(PASSWD)'; 380 update: ALTER USER $(USERNAME) WITH PASSWORD '$(PASSWD)'; 381 - name: kbdataprotection 382 provisionPolicy: *kbAdminAcctRef 383 - name: kbprobe 384 provisionPolicy: &kbReadonlyAcctRef 385 type: CreateByStmt 386 scope: AnyPods 387 statements: 388 creation: CREATE USER $(USERNAME) WITH PASSWORD '$(PASSWD)'; GRANT pg_monitor TO $(USERNAME); 389 update: ALTER USER $(USERNAME) WITH PASSWORD '$(PASSWD)'; 390 - name: kbmonitoring 391 provisionPolicy: *kbReadonlyAcctRef 392 - name: kbreplicator 393 provisionPolicy: 394 type: CreateByStmt 395 scope: AnyPods 396 statements: 397 creation: CREATE USER $(USERNAME) WITH REPLICATION PASSWORD '$(PASSWD)'; 398 update: ALTER USER $(USERNAME) WITH PASSWORD '$(PASSWD)';