github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/deploy/postgresql/templates/clusterdefinition.yaml (about)

     1  apiVersion: apps.kubeblocks.io/v1alpha1
     2  kind: ClusterDefinition
     3  metadata:
     4    name: postgresql
     5    labels:
     6      {{- include "postgresql.labels" . | nindent 4 }}
     7  spec:
     8    type: postgresql
     9    connectionCredential:
    10      username: postgres
    11      password: "$(RANDOM_PASSWD)"
    12      endpoint: "$(SVC_FQDN):$(SVC_PORT_tcp-postgresql)"
    13      host: "$(SVC_FQDN)"
    14      port: "$(SVC_PORT_tcp-postgresql)"
    15    componentDefs:
    16      - name: postgresql
    17        workloadType: Replication
    18        characterType: postgresql
    19        customLabelSpecs:
    20          - key: apps.kubeblocks.postgres.patroni/scope
    21            value: "$(KB_CLUSTER_NAME)-$(KB_COMP_NAME)-patroni$(KB_CLUSTER_UID_POSTFIX_8)"
    22            resources:
    23              - gvk: "v1/Pod"
    24                selector:
    25                  app.kubernetes.io/managed-by: kubeblocks
    26              - gvk: "apps/v1/StatefulSet"
    27                selector:
    28                  app.kubernetes.io/managed-by: kubeblocks
    29        probes:
    30          roleProbe:
    31            failureThreshold: 2
    32            periodSeconds: 1
    33            timeoutSeconds: 1
    34        monitor:
    35          builtIn: false
    36          exporterConfig:
    37            scrapePath: /metrics
    38            scrapePort: {{ .Values.metrics.service.port }}
    39        logConfigs:
    40          {{- range $name,$pattern := .Values.logConfigs }}
    41          - name: {{ $name }}
    42            filePathPattern: {{ $pattern }}
    43          {{- end }}
    44        configSpecs:
    45          - name: postgresql-configuration
    46            templateRef: postgresql-configuration
    47            constraintRef: postgresql14-cc
    48            keys:
    49              - postgresql.conf
    50            namespace: {{ .Release.Namespace }}
    51            volumeName: postgresql-config
    52            defaultMode: 0444
    53          - name: pgbouncer-configuration
    54            templateRef: pgbouncer-configuration
    55            keys:
    56              - pgbouncer.ini
    57            namespace: {{ .Release.Namespace }}
    58            volumeName: pgbouncer-config
    59            defaultMode: 0444
    60          - name: postgresql-custom-metrics
    61            templateRef: postgresql14-custom-metrics
    62            namespace: {{ .Release.Namespace }}
    63            volumeName: postgresql-custom-metrics
    64            defaultMode: 0444
    65          - name: agamotto-configuration
    66            templateRef: postgresql-agamotto-configuration
    67            namespace: {{ .Release.Namespace }}
    68            volumeName: agamotto-configuration
    69            defaultMode: 0444
    70        scriptSpecs:
    71          - name: postgresql-scripts
    72            templateRef: postgresql-scripts
    73            namespace: {{ .Release.Namespace }}
    74            volumeName: scripts
    75            defaultMode: 0555
    76        service:
    77          ports:
    78            - name: tcp-postgresql
    79              port: 5432
    80              targetPort: tcp-postgresql
    81            - name: tcp-pgbouncer
    82              port: 6432
    83              targetPort: tcp-pgbouncer
    84        volumeTypes:
    85          - name: data
    86            type: data
    87        switchoverSpec:
    88          withCandidate:
    89            cmdExecutorConfig:
    90              image: {{ .Values.image.registry | default "docker.io" }}/{{ .Values.image.repository }}:{{ default .Values.image.tag }}
    91              command:
    92                - /bin/bash
    93                - -c
    94              args:
    95                - curl -s http://$(KB_REPLICATION_PRIMARY_POD_FQDN):8008/switchover -XPOST -d '{"leader":"$(KB_REPLICATION_PRIMARY_POD_NAME)","candidate":"$(KB_SWITCHOVER_CANDIDATE_NAME)"}'
    96          withoutCandidate:
    97            cmdExecutorConfig:
    98              image: {{ .Values.image.registry | default "docker.io" }}/{{ .Values.image.repository }}:{{ default .Values.image.tag }}
    99              command:
   100                - /bin/bash
   101                - -c
   102              args:
   103                - curl -s http://$(KB_REPLICATION_PRIMARY_POD_FQDN):8008/switchover -XPOST -d '{"leader":"$(KB_REPLICATION_PRIMARY_POD_NAME)"}'
   104        podSpec:
   105          securityContext:
   106            runAsUser: 0
   107            fsGroup: 103
   108            runAsGroup: 103
   109          initContainers:
   110            - name: pg-init-container
   111              imagePullPolicy: {{ default .Values.image.pullPolicy "IfNotPresent" }}
   112              command:
   113                - /kb-scripts/init_container.sh
   114              volumeMounts:
   115                - name: data
   116                  mountPath: {{ .Values.dataMountPath }}
   117                - name: postgresql-config
   118                  mountPath: /home/postgres/conf
   119                - name: scripts
   120                  mountPath: /kb-scripts
   121                - name: pod-info
   122                  mountPath: /kb-podinfo
   123          containers:
   124            - name: postgresql
   125              imagePullPolicy: {{ default .Values.image.pullPolicy "IfNotPresent" }}
   126              securityContext:
   127                runAsUser: 0
   128              command:
   129                - /kb-scripts/setup.sh
   130              readinessProbe:
   131                failureThreshold: 3
   132                initialDelaySeconds: 10
   133                periodSeconds: 30
   134                successThreshold: 1
   135                timeoutSeconds: 5
   136                exec:
   137                  command:
   138                    - /bin/sh
   139                    - -c
   140                    - -ee
   141                    - |
   142                      exec pg_isready -U {{ default "postgres" | quote }} -h 127.0.0.1 -p 5432
   143                      [ -f /postgresql/tmp/.initialized ] || [ -f /postgresql/.initialized ]
   144              volumeMounts:
   145                - name: dshm
   146                  mountPath: /dev/shm
   147                - name: data
   148                  mountPath: {{ .Values.dataMountPath }}
   149                - name: postgresql-config
   150                  mountPath: /home/postgres/conf
   151                - name: scripts
   152                  mountPath: /kb-scripts
   153                - name: pod-info
   154                  mountPath: /kb-podinfo
   155              ports:
   156                - name: tcp-postgresql
   157                  containerPort: 5432
   158                - name: patroni
   159                  containerPort: 8008
   160              env: ## refer https://github.com/zalando/spilo/blob/master/ENVIRONMENT.rst
   161                - name: SERVICE_PORT
   162                  value: "5432"
   163                - name: DCS_ENABLE_KUBERNETES_API
   164                  value: "true"
   165                - name: KUBERNETES_USE_CONFIGMAPS
   166                  value: "true"
   167                - name: SCOPE
   168                  value: "$(KB_CLUSTER_NAME)-$(KB_COMP_NAME)-patroni$(KB_CLUSTER_UID_POSTFIX_8)"
   169                - name: KUBERNETES_SCOPE_LABEL
   170                  value: "apps.kubeblocks.postgres.patroni/scope"
   171                - name: KUBERNETES_ROLE_LABEL
   172                  value: "apps.kubeblocks.postgres.patroni/role"
   173                - name: KUBERNETES_LABELS
   174                  value: '{"app.kubernetes.io/instance":"$(KB_CLUSTER_NAME)","apps.kubeblocks.io/component-name":"$(KB_COMP_NAME)"}'
   175                - name: RESTORE_DATA_DIR
   176                  value: {{ .Values.dataMountPath }}/kb_restore
   177                - name: KB_PG_CONFIG_PATH
   178                  value: /home/postgres/conf/postgresql.conf
   179                - name: SPILO_CONFIGURATION
   180                  value: | ## https://github.com/zalando/patroni#yaml-configuration
   181                    bootstrap:
   182                      initdb:
   183                        - auth-host: md5
   184                        - auth-local: trust
   185                - name: ALLOW_NOSSL
   186                  value: "true"
   187                - name: PGROOT
   188                  value: {{ .Values.dataMountPath }}/pgroot
   189                - name: POD_IP
   190                  valueFrom:
   191                    fieldRef:
   192                      apiVersion: v1
   193                      fieldPath: status.podIP
   194                - name: POD_NAMESPACE
   195                  valueFrom:
   196                    fieldRef:
   197                      apiVersion: v1
   198                      fieldPath: metadata.namespace
   199                - name: PGUSER_SUPERUSER
   200                  valueFrom:
   201                    secretKeyRef:
   202                      name: $(CONN_CREDENTIAL_SECRET_NAME)
   203                      key: username
   204                      optional: false
   205                - name: PGPASSWORD_SUPERUSER
   206                  valueFrom:
   207                    secretKeyRef:
   208                      name: $(CONN_CREDENTIAL_SECRET_NAME)
   209                      key: password
   210                      optional: false
   211                - name: PGUSER_ADMIN
   212                  value: superadmin
   213                - name: PGPASSWORD_ADMIN
   214                  valueFrom:
   215                    secretKeyRef:
   216                      name: $(CONN_CREDENTIAL_SECRET_NAME)
   217                      key: password
   218                      optional: false
   219                - name: PGUSER_STANDBY
   220                  value: standby
   221                - name: PGPASSWORD_STANDBY
   222                  valueFrom:
   223                    secretKeyRef:
   224                      name: $(CONN_CREDENTIAL_SECRET_NAME)
   225                      key: password
   226                      optional: false
   227                - name: PGUSER
   228                  valueFrom:
   229                    secretKeyRef:
   230                      name: $(CONN_CREDENTIAL_SECRET_NAME)
   231                      key: username
   232                      optional: false
   233                - name: PGPASSWORD
   234                  valueFrom:
   235                    secretKeyRef:
   236                      name: $(CONN_CREDENTIAL_SECRET_NAME)
   237                      key: password
   238                      optional: false
   239            - name: pgbouncer
   240              image: {{ .Values.pgbouncer.image.registry | default "docker.io" }}/{{ .Values.pgbouncer.image.repository }}:{{ default .Values.pgbouncer.image.tag }}
   241              imagePullPolicy: {{ .Values.pgbouncer.image.pullPolicy | quote }}
   242              securityContext:
   243                runAsUser: 0
   244              ports:
   245                - name: tcp-pgbouncer
   246                  containerPort: 6432
   247              volumeMounts:
   248                - name: pgbouncer-config
   249                  mountPath: /home/pgbouncer/conf
   250                - name: scripts
   251                  mountPath: /kb-scripts
   252              command:
   253                - /kb-scripts/pgbouncer_setup.sh
   254              livenessProbe:
   255                failureThreshold: 3
   256                initialDelaySeconds: 15
   257                periodSeconds: 30
   258                successThreshold: 1
   259                timeoutSeconds: 5
   260                tcpSocket:
   261                  port: tcp-pgbouncer
   262              readinessProbe:
   263                failureThreshold: 3
   264                initialDelaySeconds: 15
   265                periodSeconds: 30
   266                successThreshold: 1
   267                timeoutSeconds: 5
   268                tcpSocket:
   269                  port: tcp-pgbouncer
   270              env:
   271                - name: PGBOUNCER_AUTH_TYPE
   272                  value: md5
   273                - name: POSTGRESQL_USERNAME
   274                  valueFrom:
   275                    secretKeyRef:
   276                      name: $(CONN_CREDENTIAL_SECRET_NAME)
   277                      key: username
   278                      optional: false
   279                - name: POSTGRESQL_PASSWORD
   280                  valueFrom:
   281                    secretKeyRef:
   282                      name: $(CONN_CREDENTIAL_SECRET_NAME)
   283                      key: password
   284                      optional: false
   285                - name: POSTGRESQL_PORT
   286                  value: "5432"
   287                - name: POSTGRESQL_HOST
   288                  valueFrom:
   289                    fieldRef:
   290                      apiVersion: v1
   291                      fieldPath: status.podIP
   292                - name: PGBOUNCER_PORT
   293                  value: "6432"
   294                - name: PGBOUNCER_BIND_ADDRESS
   295                  value: "0.0.0.0"
   296            - name: metrics
   297              image:  {{ .Values.metrics.image.registry | default "docker.io" }}/{{ .Values.metrics.image.repository }}:{{ .Values.metrics.image.tag }}
   298              imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
   299              securityContext:
   300                runAsUser: 0
   301              env:
   302                - name: ENDPOINT
   303                  value: {{ printf "127.0.0.1:5432" }}
   304                - name: DATA_SOURCE_PASS
   305                  valueFrom:
   306                    secretKeyRef:
   307                      name: $(CONN_CREDENTIAL_SECRET_NAME)
   308                      key: password
   309                      optional: false
   310                - name: DATA_SOURCE_USER
   311                  valueFrom:
   312                    secretKeyRef:
   313                      name: $(CONN_CREDENTIAL_SECRET_NAME)
   314                      key: username
   315                      optional: false
   316              command:
   317                - "/bin/agamotto"
   318                - "--config=/opt/agamotto/agamotto-config.yaml"
   319              ports:
   320                - name: http-metrics
   321                  containerPort: {{ .Values.metrics.service.port }}
   322              volumeMounts:
   323                - name: postgresql-custom-metrics
   324                  mountPath: /opt/conf
   325                - name: agamotto-configuration
   326                  mountPath: /opt/agamotto
   327          volumes:
   328            - name: dshm
   329              emptyDir:
   330                medium: Memory
   331                {{- with .Values.shmVolume.sizeLimit }}
   332                sizeLimit: {{ . }}
   333                {{- end }}
   334            - name: pod-info
   335              downwardAPI:
   336                items:
   337                  - path: "pod-role"
   338                    fieldRef:
   339                      fieldPath: metadata.labels['kubeblocks.io/role']
   340                  - path: "primary-pod"
   341                    fieldRef:
   342                      fieldPath: metadata.annotations['rs.apps.kubeblocks.io/primary']
   343                  - path: "component-replicas"
   344                    fieldRef:
   345                      fieldPath: metadata.annotations['apps.kubeblocks.io/component-replicas']
   346        systemAccounts:
   347          cmdExecutorConfig:
   348            image: {{ .Values.image.registry | default "docker.io" }}/{{ .Values.image.repository }}:{{ default .Values.image.tag }}
   349            command:
   350              - psql
   351            args:
   352              - -h$(KB_ACCOUNT_ENDPOINT)
   353              - -c
   354              - $(KB_ACCOUNT_STATEMENT)
   355            env:
   356            - name: PGUSER
   357              valueFrom:
   358                secretKeyRef:
   359                  name: $(CONN_CREDENTIAL_SECRET_NAME)
   360                  key: username
   361                  optional: false
   362            - name: PGPASSWORD
   363              valueFrom:
   364                secretKeyRef:
   365                  name: $(CONN_CREDENTIAL_SECRET_NAME)
   366                  key: password
   367                  optional: false
   368          passwordConfig:
   369            length: 10
   370            numDigits: 5
   371            numSymbols: 0
   372            letterCase: MixedCases
   373          accounts:
   374            - name: kbadmin
   375              provisionPolicy: &kbAdminAcctRef
   376                type: CreateByStmt
   377                scope: AnyPods
   378                statements:
   379                  creation: CREATE USER $(USERNAME) SUPERUSER PASSWORD '$(PASSWD)';
   380                  update: ALTER USER $(USERNAME) WITH PASSWORD '$(PASSWD)';
   381            - name: kbdataprotection
   382              provisionPolicy: *kbAdminAcctRef
   383            - name: kbprobe
   384              provisionPolicy: &kbReadonlyAcctRef
   385                type: CreateByStmt
   386                scope: AnyPods
   387                statements:
   388                  creation: CREATE USER $(USERNAME) WITH PASSWORD '$(PASSWD)';  GRANT pg_monitor TO $(USERNAME);
   389                  update: ALTER USER $(USERNAME) WITH PASSWORD '$(PASSWD)';
   390            - name: kbmonitoring
   391              provisionPolicy: *kbReadonlyAcctRef
   392            - name: kbreplicator
   393              provisionPolicy:
   394                type: CreateByStmt
   395                scope: AnyPods
   396                statements:
   397                  creation: CREATE USER $(USERNAME) WITH REPLICATION PASSWORD '$(PASSWD)';
   398                  update: ALTER USER $(USERNAME) WITH PASSWORD '$(PASSWD)';