| Table of Contents | ||
|---|---|---|
|
Plan of work
Focus first on the “core” part of ONAP, i.e. the one allowing to onboard and instantiate a service.
...
- DMaaP
- AAI
- SDC
- SO
- SDN-C
- Multicloud
DMaaP
Components
3 main components:
...
- Message router relies on Kafka (which relies on Zookeeper)
- Data router relies on Mariadb galera
- Bus controller relies on postgreSQL
Work Done
Generic work
Jobs
Force service mesh to be disabled on every job by adding these annotations in the POD metadata (not in the Job metadata):
spec:
template:
metadata:
annotations:
linkerd.io/inject: disabled # This is not needed for Istio
sidecar.istio.io/inject: disabled
Service Naming
Istio asks to set the type of protocol in the port name (https://istio.io/docs/ops/configuration/traffic-management/protocol-selection/). As DMaaP is exclusively http/https, I've added http- or https- in front of port names (hardcoded).
HTTP call
As istio is dealing (or not?) with mtls, http is sufficient. So every configuration with https should be move to http
Kafka
Kafka and Zookeeper from Message router seems not to be “service mesh compatible".
...
Mariadb galera was working out of the box with a replica of 2. The only issue is that their internal communication is not seen and appears as 'PassthroughCluster'.
So I tried bitnami-mariadb charts (with replica of 3) but we have the same "issue" .
→ Moved back to "our" chart.
Postgresql
common postgres cluster chart doesn't work at all with service mesh:
- the installation use a statefulset but with some "voodoo" in order to specialize the deployment
- pgpool is not used (by DMaaP) nor can work (as passwords are hardcoded)
So I decided to recreate the chart with (specialized) deployments instead of a statefulset + make pgpool work with specific users (but only at launch for now) + use secrets with pgpool.
Here's the diff:
diff --git a/kubernetes/common/music/charts/music-cassandra-job/templates/job.yaml b/kubernetes/common/music/charts/music-cassandra-job/templates/job.yaml
index 88f0c746..0db0a95b 100644
--- a/kubernetes/common/music/charts/music-cassandra-job/templates/job.yaml
+++ b/kubernetes/common/music/charts/music-cassandra-job/templates/job.yaml
@@ -30,6 +30,9 @@ spec:
labels:
app: {{ include "common.name" . }}-job
release: {{ .Release.Name }}
+ annotations:
+ linkerd.io/inject: disabled
+ sidecar.istio.io/inject: disabled
spec:
restartPolicy: Never
initContainers:
diff --git a/kubernetes/common/music/charts/zookeeper/templates/job-chroots.yaml b/kubernetes/common/music/charts/zookeeper/templates/job-chroots.yaml
index b5b97233..5d7dacc7 100644
--- a/kubernetes/common/music/charts/zookeeper/templates/job-chroots.yaml
+++ b/kubernetes/common/music/charts/zookeeper/templates/job-chroots.yaml
@@ -28,6 +28,9 @@ spec:
release: {{ .Release.Name }}
component: jobs
job: chroots
+ annotations:
+ linkerd.io/inject: disabled
+ sidecar.istio.io/inject: disabled
spec:
restartPolicy: {{ $job.restartPolicy }}
containers:
diff --git a/kubernetes/common/postgres/charts/pgpool/configs/pool_hba.conf b/kubernetes/common/postgres/charts/pgpool/configs/pool_hba.conf
index d8918409..580185c6 100644
--- a/kubernetes/common/postgres/charts/pgpool/configs/pool_hba.conf
+++ b/kubernetes/common/postgres/charts/pgpool/configs/pool_hba.conf
@@ -65,3 +65,4 @@
#local all all trust
# IPv4 local connections:
host all all 0.0.0.0/0 md5
+
diff --git a/kubernetes/common/postgres/charts/pgpool/configs/pool_passwd b/kubernetes/common/postgres/charts/pgpool/configs/pool_passwd
deleted file mode 100644
index 3636d1de..00000000
--- a/kubernetes/common/postgres/charts/pgpool/configs/pool_passwd
+++ /dev/null
@@ -1,2 +0,0 @@
-testuser:md599e8713364988502fa6189781bcf648f
-postgres:md53175bce1d3201d16594cebf9d7eb3f9d
diff --git a/kubernetes/common/postgres/charts/pgpool/templates/deployment.yaml b/kubernetes/common/postgres/charts/pgpool/templates/deployment.yaml
index 15fa18d8..a4b0ca86 100644
--- a/kubernetes/common/postgres/charts/pgpool/templates/deployment.yaml
+++ b/kubernetes/common/postgres/charts/pgpool/templates/deployment.yaml
@@ -31,6 +31,33 @@ spec:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-job
+ image: "{{.Values.repository}}/{{.Values.image}}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: pgpool-pgconf
+ mountPath: /pgconf/pgpoolconfigdir
+ readOnly: false
+ - name: pgpool-pgconf-static
+ mountPath: /configdir/
+ readOnly: false
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ cp /configdir/pgpool.conf /pgconf/pgpoolconfigdir/
+ cp /configdir/pool_hba.conf /pgconf/pgpoolconfigdir/
+ pg_md5 -f /pgconf/pgpoolconfigdir/pgpool.conf --md5auth --username=${PG_USER} ${PG_PASSWORD}
+ env:
+ - name: PG_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "common.fullname" . }}
+ key: db-user-password
+ - name: PG_USER
+ value: {{ index .Values.credentials.pgusername }}
debian@control01-test-1:/opt/oom/kubernetes/common/postgres$ git diff -- .
diff --git a/kubernetes/common/postgres/charts/pgpool/configs/pool_hba.conf b/kubernetes/common/postgres/charts/pgpool/configs/pool_hba.conf
index d8918409..580185c6 100644
--- a/kubernetes/common/postgres/charts/pgpool/configs/pool_hba.conf
+++ b/kubernetes/common/postgres/charts/pgpool/configs/pool_hba.conf
@@ -65,3 +65,4 @@
#local all all trust
# IPv4 local connections:
host all all 0.0.0.0/0 md5
+
diff --git a/kubernetes/common/postgres/charts/pgpool/configs/pool_passwd b/kubernetes/common/postgres/charts/pgpool/configs/pool_passwd
deleted file mode 100644
index 3636d1de..00000000
--- a/kubernetes/common/postgres/charts/pgpool/configs/pool_passwd
+++ /dev/null
@@ -1,2 +0,0 @@
-testuser:md599e8713364988502fa6189781bcf648f
-postgres:md53175bce1d3201d16594cebf9d7eb3f9d
diff --git a/kubernetes/common/postgres/charts/pgpool/templates/deployment.yaml b/kubernetes/common/postgres/charts/pgpool/templates/deployment.yaml
index 15fa18d8..a4b0ca86 100644
--- a/kubernetes/common/postgres/charts/pgpool/templates/deployment.yaml
+++ b/kubernetes/common/postgres/charts/pgpool/templates/deployment.yaml
@@ -31,6 +31,33 @@ spec:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-job
+ image: "{{.Values.repository}}/{{.Values.image}}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: pgpool-pgconf
+ mountPath: /pgconf/pgpoolconfigdir
+ readOnly: false
+ - name: pgpool-pgconf-static
+ mountPath: /configdir/
+ readOnly: false
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ cp /configdir/pgpool.conf /pgconf/pgpoolconfigdir/
+ cp /configdir/pool_hba.conf /pgconf/pgpoolconfigdir/
+ pg_md5 -f /pgconf/pgpoolconfigdir/pgpool.conf --md5auth --username=${PG_USER} ${PG_PASSWORD}
+ env:
+ - name: PG_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "common.fullname" . }}
+ key: db-user-password
+ - name: PG_USER
+ value: {{ index .Values.credentials.pgusername }}
containers:
- image: "{{.Values.repository}}/{{.Values.image}}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -43,7 +70,10 @@ spec:
- name: PG_USERNAME
value: {{.Values.credentials.pgusername}}
- name: PG_PASSWORD
- value: {{.Values.credentials.pgpassword}}
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "common.fullname" . }}
+ key: db-user-password
ports:
- containerPort: 5432
name: pgpool
@@ -64,5 +94,7 @@ spec:
readOnly: false
volumes:
- name: pgpool-pgconf
+ emptyDir: {}
+ - name: pgpool-pgconf-static
configMap:
name: {{ include "common.fullname" . }}-pgpool-configmap
diff --git a/kubernetes/common/postgres/charts/pgpool/templates/service.yaml b/kubernetes/common/postgres/charts/pgpool/templates/service.yaml
index 86442a27..4306b264 100644
--- a/kubernetes/common/postgres/charts/pgpool/templates/service.yaml
+++ b/kubernetes/common/postgres/charts/pgpool/templates/service.yaml
@@ -15,11 +15,11 @@ spec:
debian@control01-test-1:/opt/oom/kubernetes/common/postgres$ cd ..
debian@control01-test-1:/opt/oom/kubernetes/common$ git diff -- postgres
diff --git a/kubernetes/common/postgres/charts/pgpool/configs/pool_hba.conf b/kubernetes/common/postgres/charts/pgpool/configs/pool_hba.conf
index d8918409..580185c6 100644
--- a/kubernetes/common/postgres/charts/pgpool/configs/pool_hba.conf
+++ b/kubernetes/common/postgres/charts/pgpool/configs/pool_hba.conf
@@ -65,3 +65,4 @@
#local all all trust
# IPv4 local connections:
host all all 0.0.0.0/0 md5
+
diff --git a/kubernetes/common/postgres/charts/pgpool/configs/pool_passwd b/kubernetes/common/postgres/charts/pgpool/configs/pool_passwd
deleted file mode 100644
index 3636d1de..00000000
--- a/kubernetes/common/postgres/charts/pgpool/configs/pool_passwd
+++ /dev/null
@@ -1,2 +0,0 @@
-testuser:md599e8713364988502fa6189781bcf648f
-postgres:md53175bce1d3201d16594cebf9d7eb3f9d
diff --git a/kubernetes/common/postgres/charts/pgpool/templates/deployment.yaml b/kubernetes/common/postgres/charts/pgpool/templates/deployment.yaml
index 15fa18d8..a4b0ca86 100644
--- a/kubernetes/common/postgres/charts/pgpool/templates/deployment.yaml
+++ b/kubernetes/common/postgres/charts/pgpool/templates/deployment.yaml
@@ -31,6 +31,33 @@ spec:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-job
+ image: "{{.Values.repository}}/{{.Values.image}}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: pgpool-pgconf
+ mountPath: /pgconf/pgpoolconfigdir
+ readOnly: false
+ - name: pgpool-pgconf-static
+ mountPath: /configdir/
+ readOnly: false
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ cp /configdir/pgpool.conf /pgconf/pgpoolconfigdir/
+ cp /configdir/pool_hba.conf /pgconf/pgpoolconfigdir/
+ pg_md5 -f /pgconf/pgpoolconfigdir/pgpool.conf --md5auth --username=${PG_USER} ${PG_PASSWORD}
+ env:
+ - name: PG_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "common.fullname" . }}
+ key: db-user-password
+ - name: PG_USER
+ value: {{ index .Values.credentials.pgusername }}
containers:
- image: "{{.Values.repository}}/{{.Values.image}}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -43,7 +70,10 @@ spec:
- name: PG_USERNAME
value: {{.Values.credentials.pgusername}}
- name: PG_PASSWORD
- value: {{.Values.credentials.pgpassword}}
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "common.fullname" . }}
+ key: db-user-password
ports:
- containerPort: 5432
name: pgpool
@@ -64,5 +94,7 @@ spec:
readOnly: false
volumes:
- name: pgpool-pgconf
+ emptyDir: {}
+ - name: pgpool-pgconf-static
configMap:
name: {{ include "common.fullname" . }}-pgpool-configmap
diff --git a/kubernetes/common/postgres/charts/pgpool/templates/service.yaml b/kubernetes/common/postgres/charts/pgpool/templates/service.yaml
index 86442a27..4306b264 100644
--- a/kubernetes/common/postgres/charts/pgpool/templates/service.yaml
+++ b/kubernetes/common/postgres/charts/pgpool/templates/service.yaml
@@ -15,11 +15,11 @@ spec:
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.externalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.name }}
+ name: {{ .Values.service.portName }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
+ name: {{ .Values.service.portName }}
{{- end}}
selector:
app: {{ include "common.name" . }}
diff --git a/kubernetes/common/postgres/charts/pgpool/values.yaml b/kubernetes/common/postgres/charts/pgpool/values.yaml
index cb732b7c..8ceff8f9 100644
--- a/kubernetes/common/postgres/charts/pgpool/values.yaml
+++ b/kubernetes/common/postgres/charts/pgpool/values.yaml
@@ -38,7 +38,8 @@ credentials:
pgusername: testuser
pgpassword: password
service:
- name: pgpool
+ name: pgpool
+ portName: tcp-postgres
type: ClusterIP
externalPort: 5432
internalPort: 5432
diff --git a/kubernetes/common/postgres/templates/pv.yaml b/kubernetes/common/postgres/templates/pv.yaml
deleted file mode 100644
index 144a3f79..00000000
--- a/kubernetes/common/postgres/templates/pv.yaml
+++ /dev/null
@@ -1,58 +0,0 @@
-{{/*
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-data0
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ .Release.Name }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}0
----
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-data1
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ .Release.Name }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}1
-{{- end -}}
diff --git a/kubernetes/common/postgres/templates/service.yaml b/kubernetes/common/postgres/templates/service.yaml
deleted file mode 100644
index 2a4e369e..00000000
--- a/kubernetes/common/postgres/templates/service.yaml
+++ /dev/null
@@ -1,95 +0,0 @@
-{{/*
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.name }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ .Release.Name }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name2 }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type2 }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.name2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.name2 }}
- {{- end}}
- selector:
- name: "{{.Values.container.name.primary}}"
- release: {{ .Release.Name }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name3 }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type3 }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort3 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
- name: {{ .Values.service.name3 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort3 }}
- targetPort: {{ .Values.service.internalPort3 }}
- name: {{ .Values.service.name3 }}
- {{- end}}
- selector:
- name: "{{.Values.container.name.replica}}"
- release: {{ .Release.Name }}
diff --git a/kubernetes/common/postgres/templates/statefulset.yaml b/kubernetes/common/postgres/templates/statefulset.yaml
deleted file mode 100644
index db4a256f..00000000
--- a/kubernetes/common/postgres/templates/statefulset.yaml
+++ /dev/null
@@ -1,155 +0,0 @@
-{{/*
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-apiVersion: apps/v1beta1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-spec:
- serviceName: {{ .Values.service.name }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ .Release.Name }}
- spec:
- initContainers:
- - command:
- - /bin/sh
- - -c
- - |
- for i in $(seq 0 $(({{ .Values.replicaCount }}-1))); do
- if [ ! -d /podroot/data$i ]; then
- mkdir -p /podroot/data$i;
- chown 26:26 /podroot/data$i;
- chmod 700 /podroot/data$i;
- fi;
- done
- env:
- - name: POD_NAME
- valueFrom: { fieldRef: { fieldPath: metadata.name } }
- securityContext:
- privileged: true
- image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: init-sysctl
- volumeMounts:
- - name: {{ include "common.fullname" . }}-init
- mountPath: /podroot/
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ .Values.postgresRepository }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: postgres
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: PGHOST
- value: /tmp
- - name: PG_PRIMARY_USER
- value: primaryuser
- - name: PG_MODE
- value: set
- - name: PG_PRIMARY_HOST
- value: "{{.Values.container.name.primary}}"
- - name: PG_REPLICA_HOST
- value: "{{.Values.container.name.replica}}"
- - name: PG_PRIMARY_PORT
- value: "{{.Values.service.internalPort}}"
- - name: PG_PRIMARY_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: pg-primary-password
- - name: PG_USER
- value: "{{.Values.config.pgUserName}}"
- - name: PG_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: pg-user-password
- - name: PG_DATABASE
- value: "{{.Values.config.pgDatabase}}"
- - name: PG_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: pg-root-password
- volumeMounts:
- - mountPath: /pgdata
- name: {{ include "common.fullname" . }}-data
- - mountPath: /backup
- name: {{ include "common.fullname" . }}-backup
- readOnly: true
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-init
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountInitPath }}
- - name: {{ include "common.fullname" . }}-backup
- emptyDir: {}
-#{{ if not .Values.persistence.enabled }}
- - name: {{ include "common.fullname" . }}-data
- emptyDir: {}
-#{{ else }}
- volumeClaimTemplates:
- - metadata:
- name: {{ include "common.fullname" . }}-data
- labels:
- name: {{ include "common.fullname" . }}
- spec:
- accessModes: [ {{ .Values.persistence.accessMode }} ]
- storageClassName: {{ include "common.fullname" . }}-data
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
- selector:
- matchLabels:
- name: {{ include "common.fullname" . }}
-#{{ end }}
diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml
index 8dd5d0aa..3104ee79 100644
--- a/kubernetes/common/postgres/values.yaml
+++ b/kubernetes/common/postgres/values.yaml
@@ -104,14 +104,17 @@ persistence:
service:
type: ClusterIP
name: pgset
+ portName: tcp-postgres
externalPort: 5432
internalPort: 5432
type2: ClusterIP
- name2: pgset-primary
+ name2: tcp-pgset-primary
+ portName2: tcp-postgres
externalPort2: 5432
internalPort2: 5432
type3: ClusterIP
- name3: pgset-replica
+ name3: tcp-pgset-replica
+ portName3: tcp-postgres
externalPort3: 5432
internalPort3: 5432
@@ -136,4 +139,3 @@ resources: {}
# requests:
# cpu: 2
# memory: 4GiWhat’s not (yet) on service mesh
...