Home Explore Help
Register Sign In
lcy
/
truenas
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 8bd4f3281d
Branches Tags
truenas
/
library
/
common
/
templates
/
app_functions
/
_postgres.tpl

_postgres.tpl 7.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235 
  1. {{/* Returns a postgres pod with init container for fixing permissions
    2. 

  2. and a pre-upgrade job to backup the database */}}
    3. 

  3. {{/* Call this template:
    4. 

  4. {{ include "ix.v1.common.app.postgres" (dict "name" "postgres" "secretName" "postgres-creds" "backupPath" "/postgres_backup" "resources" .Values.resources) }}
    5. 

  5. 

  6. name (optional): Name of the postgres pod/container (default: postgres)
    7. 

  7. secretName (required): Name of the secret containing the postgres credentials
    8. 

  8. backupPath (optional): Path to store the backup, it's the container's path (default: /postgres_backup)
    9. 

  9. resources (required): Resources for the postgres container
    10. 

  10. backupChownMode (optional): Whether to chown the backup directory or
    11. 

  11.           check parent directory permissions and fix them if needed.
    12. 

  12.           (default: check) Valid values: always, check
    13. 

  13. */}}
    14. 

  14. {{- define "ix.v1.common.app.postgres" -}}
    15. 

  15.   {{- $name := .name | default "postgres" -}}
    16. 

  16.   {{- $imageSelector := .imageSelector | default "postgresImage" -}}
    17. 

  17.   {{- $secretName := (required "Postgres - Secret Name is required" .secretName) -}}
    18. 

  18.   {{- $backupSecretName := .backupSecretName | default $secretName -}}
    19. 

  19.   {{- $backupPath := .backupPath | default "/postgres_backup" -}}
    20. 

  20.   {{- $backupChownMode := .backupChownMode | default "check" -}}
    21. 

  21.   {{- $ixChartContext := .ixChartContext -}}
    22. 

  22.   {{- $preUpgradeTasks := .preUpgradeTasks | default list -}}
    23. 

  23.   {{- $resources := (required "Postgres - Resources are required" .resources) }}
    24. 

  24. 

  25. {{ $name }}:
    26. 

  26.   enabled: true
    27. 

  27.   type: Deployment
    28. 

  28.   podSpec:
    29. 

  29.     containers:
    30. 

  30.       {{ $name }}:
    31. 

  31.         enabled: true
    32. 

  32.         primary: true
    33. 

  33.         imageSelector: {{ $imageSelector }}
    34. 

  34.         securityContext:
    35. 

  35.           runAsUser: 999
    36. 

  36.           runAsGroup: 999
    37. 

  37.           readOnlyRootFilesystem: false
    38. 

  38.         resources:
    39. 

  39.           limits:
    40. 

  40.             cpu: {{ $resources.limits.cpu }}
    41. 

  41.             memory: {{ $resources.limits.memory }}
    42. 

  42.         envFrom:
    43. 

  43.           - secretRef:
    44. 

  44.               name: {{ $secretName }}
    45. 

  45.         probes:
    46. 

  46.           liveness:
    47. 

  47.             enabled: true
    48. 

  48.             type: exec
    49. 

  49.             command:
    50. 

  50.               - sh
    51. 

  51.               - -c
    52. 

  52.               - "until pg_isready -U ${POSTGRES_USER} -h localhost; do sleep 2; done"
    53. 

  53.           readiness:
    54. 

  54.             enabled: true
    55. 

  55.             type: exec
    56. 

  56.             command:
    57. 

  57.               - sh
    58. 

  58.               - -c
    59. 

  59.               - "until pg_isready -U ${POSTGRES_USER} -h localhost; do sleep 2; done"
    60. 

  60.           startup:
    61. 

  61.             enabled: true
    62. 

  62.             type: exec
    63. 

  63.             command:
    64. 

  64.               - sh
    65. 

  65.               - -c
    66. 

  66.               - "until pg_isready -U ${POSTGRES_USER} -h localhost; do sleep 2; done"
    67. 

  67.     initContainers:
    68. 

  68.       {{- include "ix.v1.common.app.permissions"
    69. 

  69.         (dict
    70. 

  70.           "UID" 999
    71. 

  71.           "GID" 999
    72. 

  72.           "type" "install"
    73. 

  73.           "containerName" "permissions"
    74. 

  74.         ) | nindent 6 }}
    75. 

  75. 

  76.   {{- $enableBackupJob := false -}}
    77. 

  77.   {{- if hasKey $ixChartContext "isUpgrade" -}}
    78. 

  78.     {{- if $ixChartContext.isUpgrade -}}
    79. 

  79.       {{- $enableBackupJob = true -}}
    80. 

  80.       {{- if hasKey $ixChartContext "isStopped" -}}
    81. 

  81.         {{- if $ixChartContext.isStopped -}}
    82. 

  82.           {{- fail "Application must be running before upgrade. This is to ensure the database backup will be able to complete." -}}
    83. 

  83.         {{- end -}}
    84. 

  84.       {{- end -}}
    85. 

  85.     {{- end -}}
    86. 

  86.   {{- else -}}
    87. 

  87.     {{/* If the key is not present in ixChartContext, means we
    88. 

  88.       are outside SCALE (Probably CI), let upgrade job run */}}
    89. 

  89.     {{- $enableBackupJob = true -}}
    90. 

  90.   {{- end }}
    91. 

  91. 

  92. postgresbackup:
    93. 

  93.   enabled: {{ $enableBackupJob }}
    94. 

  94.   type: Job
    95. 

  95.   annotations:
    96. 

  96.     "helm.sh/hook": pre-upgrade
    97. 

  97.     "helm.sh/hook-weight": "1"
    98. 

  98.     "helm.sh/hook-delete-policy": hook-succeeded
    99. 

  99.   podSpec:
    100. 

  100.     restartPolicy: Never
    101. 

  101.     containers:
    102. 

  102.       postgresbackup:
    103. 

  103.         enabled: true
    104. 

  104.         primary: true
    105. 

  105.         imageSelector: {{ $imageSelector }}
    106. 

  106.         securityContext:
    107. 

  107.           runAsUser: 999
    108. 

  108.           runAsGroup: 999
    109. 

  109.           readOnlyRootFilesystem: false
    110. 

  110.         probes:
    111. 

  111.           liveness:
    112. 

  112.             enabled: false
    113. 

  113.           readiness:
    114. 

  114.             enabled: false
    115. 

  115.           startup:
    116. 

  116.             enabled: false
    117. 

  117.         resources:
    118. 

  118.           limits:
    119. 

  119.             cpu: 2000m
    120. 

  120.             memory: 2Gi
    121. 

  121.         envFrom:
    122. 

  122.           - secretRef:
    123. 

  123.               name: {{ $backupSecretName }}
    124. 

  124.         command:
    125. 

  125.           - sh
    126. 

  126.           - -c
    127. 

  127.           - |
    128. 

  128.             until pg_isready -U ${POSTGRES_USER} -h ${POSTGRES_HOST}; do sleep 2; done
    129. 

  129.             echo "Creating backup of ${POSTGRES_DB} database"
    130. 

  130.             pg_dump --dbname=${POSTGRES_URL} --file {{ $backupPath }}/${POSTGRES_DB}_$(date +%Y-%m-%d_%H-%M-%S).sql || echo "Failed to create backup"
    131. 

  131.             echo "Backup finished"
    132. 

  132.             {{- range $task := $preUpgradeTasks }}
    133. 

  133.             {{ $task }}
    134. 

  134.             {{- end }}
    135. 

  135.     initContainers:
    136. 

  136.     {{- include "ix.v1.common.app.permissions"
    137. 

  137.       (dict
    138. 

  138.         "UID" 999
    139. 

  139.         "GID" 999
    140. 

  140.         "type" "init"
    141. 

  141.         "mode" $backupChownMode
    142. 

  142.         "containerName" "permissions"
    143. 

  143.       ) | nindent 6 }}
    144. 

  144. {{- end -}}
    145. 

  145. 

  146. {{/* Returns a postgres-wait container for waiting for postgres to be ready */}}
    147. 

  147. {{/* Call this template:
    148. 

  148. {{ include "ix.v1.common.app.postgresWait" (dict "name" "postgres-wait" "secretName" "postgres-creds") }}
    149. 

  149. 

  150. name (optional): Name of the postgres-wait container (default: postgres-wait)
    151. 

  151. secretName (required): Name of the secret containing the postgres credentials
    152. 

  152. */}}
    153. 

  153. 

  154. {{- define "ix.v1.common.app.postgresWait" -}}
    155. 

  155.   {{- $name := .name | default "postgres-wait" -}}
    156. 

  156.   {{- $secretName := (required "Postgres-Wait - Secret Name is required" .secretName) }}
    157. 

  157. 

  158. {{ $name }}:
    159. 

  159.   enabled: true
    160. 

  160.   type: init
    161. 

  161.   imageSelector: postgresImage
    162. 

  162.   envFrom:
    163. 

  163.     - secretRef:
    164. 

  164.         name: {{ $secretName }}
    165. 

  165.   resources:
    166. 

  166.     limits:
    167. 

  167.       cpu: 500m
    168. 

  168.       memory: 256Mi
    169. 

  169.   command: bash
    170. 

  170.   args:
    171. 

  171.     - -c
    172. 

  172.     - |
    173. 

  173.       echo "Waiting for postgres to be ready"
    174. 

  174.       until pg_isready -h ${POSTGRES_HOST} -U ${POSTGRES_USER} -d ${POSTGRES_DB}; do
    175. 

  175.         sleep 2
    176. 

  176.       done
    177. 

  177. {{- end -}}
    178. 

  178. 

  179. {{/* Returns persistence entries for postgres */}}
    180. 

  180. {{/* Call this template:
    181. 

  181. {{ include "ix.v1.common.app.postgresPersistence" (dict "pgData" .Values.storage.pgData "pgBackup" .Values.storage.pgBackup) }}
    182. 

  182. 

  183. pgData (required): Data persistence configuration
    184. 

  184. pgBackup (required): Data persistence configuration for backup
    185. 

  185. */}}
    186. 

  186. 

  187. {{- define "ix.v1.common.app.postgresPersistence" -}}
    188. 

  188.   {{- $data := .pgData -}}
    189. 

  189.   {{- $backup := .pgBackup }}
    190. 

  190. 

  191.   {{- if not $data -}}
    192. 

  192.     {{- fail "Postgres - Data persistence configuration is required" -}}
    193. 

  193.   {{- end -}}
    194. 

  194. 

  195.   {{- if not $backup -}}
    196. 

  196.     {{- fail "Postgres - Backup persistence configuration is required" -}}
    197. 

  197.   {{- end -}}
    198. 

  198. 

  199. postgresdata:
    200. 

  200.   enabled: true
    201. 

  201.   {{- include "ix.v1.common.app.storageOptions" (dict "storage" $data) | nindent 2 }}
    202. 

  202.   targetSelector:
    203. 

  203.     postgres:
    204. 

  204.       postgres:
    205. 

  205.         mountPath: /var/lib/postgresql/data
    206. 

  206.       permissions:
    207. 

  207.         mountPath: /mnt/directories/postgres_data
    208. 

  208. postgresbackup:
    209. 

  209.   enabled: true
    210. 

  210.   {{- include "ix.v1.common.app.storageOptions" (dict "storage" $backup) | nindent 2 }}
    211. 

  211.   targetSelector:
    212. 

  212.     postgresbackup:
    213. 

  213.       postgresbackup:
    214. 

  214.         mountPath: /postgres_backup
    215. 

  215.       permissions:
    216. 

  216.         mountPath: /mnt/directories/postgres_backup
    217. 

  217. {{- end -}}
    218. 

  218. 

  219. {{/* Returns service entry for postgres */}}
    220. 

  220. {{/* Call this template:
    221. 

  221. {{ include "ix.v1.common.app.postgresService" . }}
    222. 

  222. */}}
    223. 

  223. {{- define "ix.v1.common.app.postgresService" -}}
    224. 

  224. postgres:
    225. 

  225.   enabled: true
    226. 

  226.   type: ClusterIP
    227. 

  227.   targetSelector: postgres
    228. 

  228.   ports:
    229. 

  229.     postgres:
    230. 

  230.       enabled: true
    231. 

  231.       primary: true
    232. 

  232.       port: 5432
    233. 

  233.       targetPort: 5432
    234. 

  234.       targetSelector: postgres
    235. 

  235. {{- end -}}
    236.