-
Notifications
You must be signed in to change notification settings - Fork 9.3k
/
Copy pathvalues.yaml
1921 lines (1914 loc) · 88.9 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
## @section Global parameters
## Please, note that this will override the parameters, including dependencies, configured to use the global value
##
global:
## @param global.imageRegistry Global Docker image registry
##
imageRegistry: ""
## @param global.imagePullSecrets Global Docker registry secret names as an array
## e.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead
##
defaultStorageClass: ""
storageClass: ""
## Security parameters
##
security:
## @param global.security.allowInsecureImages Allows skipping image verification
allowInsecureImages: false
postgresql:
## @param global.postgresql.auth.postgresPassword Password for the "postgres" admin user (overrides `auth.postgresPassword`)
## @param global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`)
## @param global.postgresql.auth.password Password for the custom user to create (overrides `auth.password`)
## @param global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`)
## @param global.postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials (overrides `auth.existingSecret`).
## @param global.postgresql.auth.secretKeys.adminPasswordKey Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.adminPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set.
## @param global.postgresql.auth.secretKeys.userPasswordKey Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.userPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set.
## @param global.postgresql.auth.secretKeys.replicationPasswordKey Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.replicationPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set.
##
auth:
postgresPassword: ""
username: ""
password: ""
database: ""
existingSecret: ""
secretKeys:
adminPasswordKey: ""
userPasswordKey: ""
replicationPasswordKey: ""
## @param global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
##
service:
ports:
postgresql: ""
## Compatibility adaptations for Kubernetes platforms
##
compatibility:
## Compatibility adaptations for Openshift
##
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: auto
## @section Common parameters
##
## @param kubeVersion Override Kubernetes version
##
kubeVersion: ""
## @param nameOverride String to partially override common.names.fullname template (will maintain the release name)
##
nameOverride: ""
## @param fullnameOverride String to fully override common.names.fullname template
##
fullnameOverride: ""
## @param namespaceOverride String to fully override common.names.namespace
##
namespaceOverride: ""
## @param clusterDomain Kubernetes Cluster Domain
##
clusterDomain: cluster.local
## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template)
##
extraDeploy: []
## @param commonLabels Add labels to all the deployed resources
##
commonLabels: {}
## @param commonAnnotations Add annotations to all the deployed resources
##
commonAnnotations: {}
## Enable diagnostic mode in the statefulset
##
diagnosticMode:
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
##
enabled: false
## @param diagnosticMode.command Command to override all containers in the statefulset
##
command:
- sleep
## @param diagnosticMode.args Args to override all containers in the statefulset
##
args:
- infinity
## @section PostgreSQL common parameters
##
## Bitnami PostgreSQL image version
## ref: https://hub.docker.com/r/bitnami/postgresql/tags/
## @param image.registry [default: REGISTRY_NAME] PostgreSQL image registry
## @param image.repository [default: REPOSITORY_NAME/postgresql] PostgreSQL image repository
## @skip image.tag PostgreSQL image tag (immutable tags are recommended)
## @param image.digest PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy PostgreSQL image pull policy
## @param image.pullSecrets Specify image pull secrets
## @param image.debug Specify if debug values should be set
##
image:
registry: docker.io
repository: bitnami/postgresql
tag: 17.2.0-debian-12-r8
digest: ""
## Specify a imagePullPolicy
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## Example:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Set to true if you would like to see extra information on logs
##
debug: false
## Authentication parameters
## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#setting-the-root-password-on-first-run
## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#creating-a-database-on-first-run
## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#creating-a-database-user-on-first-run
##
auth:
## @param auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user
##
enablePostgresUser: true
## @param auth.postgresPassword Password for the "postgres" admin user. Ignored if `auth.existingSecret` is provided
##
postgresPassword: ""
## @param auth.username Name for a custom user to create
##
username: ""
## @param auth.password Password for the custom user to create. Ignored if `auth.existingSecret` is provided
##
password: ""
## @param auth.database Name for a custom database to create
##
database: ""
## @param auth.replicationUsername Name of the replication user
##
replicationUsername: repl_user
## @param auth.replicationPassword Password for the replication user. Ignored if `auth.existingSecret` is provided
##
replicationPassword: ""
## @param auth.existingSecret Name of existing secret to use for PostgreSQL credentials. `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret. The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case.
##
existingSecret: ""
## @param auth.secretKeys.adminPasswordKey Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set.
## @param auth.secretKeys.userPasswordKey Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set.
## @param auth.secretKeys.replicationPasswordKey Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set.
##
secretKeys:
adminPasswordKey: postgres-password
userPasswordKey: password
replicationPasswordKey: replication-password
## @param auth.usePasswordFiles Mount credentials as a files instead of using an environment variable
##
usePasswordFiles: false
## @param architecture PostgreSQL architecture (`standalone` or `replication`)
##
architecture: standalone
## Replication configuration
## Ignored if `architecture` is `standalone`
##
replication:
## @param replication.synchronousCommit Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off`
## @param replication.numSynchronousReplicas Number of replicas that will have synchronous replication. Note: Cannot be greater than `readReplicas.replicaCount`.
## ref: https://www.postgresql.org/docs/current/runtime-config-wal.html#GUC-SYNCHRONOUS-COMMIT
##
synchronousCommit: "off"
numSynchronousReplicas: 0
## @param replication.applicationName Cluster application name. Useful for advanced replication settings
##
applicationName: my_application
## @param containerPorts.postgresql PostgreSQL container port
##
containerPorts:
postgresql: 5432
## Audit settings
## https://github.com/bitnami/containers/tree/main/bitnami/postgresql#auditing
## @param audit.logHostname Log client hostnames
## @param audit.logConnections Add client log-in operations to the log file
## @param audit.logDisconnections Add client log-outs operations to the log file
## @param audit.pgAuditLog Add operations to log using the pgAudit extension
## @param audit.pgAuditLogCatalog Log catalog using pgAudit
## @param audit.clientMinMessages Message log level to share with the user
## @param audit.logLinePrefix Template for log line prefix (default if not set)
## @param audit.logTimezone Timezone for the log timestamps
##
audit:
logHostname: false
logConnections: false
logDisconnections: false
pgAuditLog: ""
pgAuditLogCatalog: "off"
clientMinMessages: error
logLinePrefix: ""
logTimezone: ""
## LDAP configuration
## @param ldap.enabled Enable LDAP support
## @param ldap.server IP address or name of the LDAP server.
## @param ldap.port Port number on the LDAP server to connect to
## @param ldap.prefix String to prepend to the user name when forming the DN to bind
## @param ldap.suffix String to append to the user name when forming the DN to bind
## DEPRECATED ldap.baseDN It will removed in a future, please use 'ldap.basedn' instead
## DEPRECATED ldap.bindDN It will removed in a future, please use 'ldap.binddn' instead
## DEPRECATED ldap.bind_password It will removed in a future, please use 'ldap.bindpw' instead
## @param ldap.basedn Root DN to begin the search for the user in
## @param ldap.binddn DN of user to bind to LDAP
## @param ldap.bindpw Password for the user to bind to LDAP
## DEPRECATED ldap.search_attr It will removed in a future, please use 'ldap.searchAttribute' instead
## DEPRECATED ldap.search_filter It will removed in a future, please use 'ldap.searchFilter' instead
## @param ldap.searchAttribute Attribute to match against the user name in the search
## @param ldap.searchFilter The search filter to use when doing search+bind authentication
## @param ldap.scheme Set to `ldaps` to use LDAPS
## DEPRECATED ldap.tls as string is deprecated, please use 'ldap.tls.enabled' instead
## @param ldap.tls.enabled Se to true to enable TLS encryption
##
ldap:
enabled: false
server: ""
port: ""
prefix: ""
suffix: ""
basedn: ""
binddn: ""
bindpw: ""
searchAttribute: ""
searchFilter: ""
scheme: ""
tls:
enabled: false
## @param ldap.uri LDAP URL beginning in the form `ldap[s]://host[:port]/basedn`. If provided, all the other LDAP parameters will be ignored.
## Ref: https://www.postgresql.org/docs/current/auth-ldap.html
##
uri: ""
## @param postgresqlDataDir PostgreSQL data dir folder
##
postgresqlDataDir: /bitnami/postgresql/data
## @param postgresqlSharedPreloadLibraries Shared preload libraries (comma-separated list)
##
postgresqlSharedPreloadLibraries: "pgaudit"
## Start PostgreSQL pod(s) without limitations on shm memory.
## By default docker and containerd (and possibly other container runtimes) limit `/dev/shm` to `64M`
## ref: https://github.com/docker-library/postgres/issues/416
## ref: https://github.com/containerd/containerd/issues/3654
##
shmVolume:
## @param shmVolume.enabled Enable emptyDir volume for /dev/shm for PostgreSQL pod(s)
##
enabled: true
## @param shmVolume.sizeLimit Set this to enable a size limit on the shm tmpfs
## Note: the size of the tmpfs counts against container's memory limit
## e.g:
## sizeLimit: 1Gi
##
sizeLimit: ""
## TLS configuration
##
tls:
## @param tls.enabled Enable TLS traffic support
##
enabled: false
## @param tls.autoGenerated Generate automatically self-signed TLS certificates
##
autoGenerated: false
## @param tls.preferServerCiphers Whether to use the server's TLS cipher preferences rather than the client's
##
preferServerCiphers: true
## @param tls.certificatesSecret Name of an existing secret that contains the certificates
##
certificatesSecret: ""
## @param tls.certFilename Certificate filename
##
certFilename: ""
## @param tls.certKeyFilename Certificate key filename
##
certKeyFilename: ""
## @param tls.certCAFilename CA Certificate filename
## If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate
## ref: https://www.postgresql.org/docs/9.6/auth-methods.html
##
certCAFilename: ""
## @param tls.crlFilename File containing a Certificate Revocation List
##
crlFilename: ""
## @section PostgreSQL Primary parameters
##
primary:
## @param primary.name Name of the primary database (eg primary, master, leader, ...)
##
name: primary
## @param primary.configuration PostgreSQL Primary main configuration to be injected as ConfigMap
## ref: https://www.postgresql.org/docs/current/static/runtime-config.html
##
configuration: ""
## @param primary.pgHbaConfiguration PostgreSQL Primary client authentication configuration
## ref: https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html
## e.g:#
## pgHbaConfiguration: |-
## local all all trust
## host all all localhost trust
## host mydatabase mysuser 192.168.0.0/24 md5
##
pgHbaConfiguration: ""
## @param primary.existingConfigmap Name of an existing ConfigMap with PostgreSQL Primary configuration
## NOTE: `primary.configuration` and `primary.pgHbaConfiguration` will be ignored
##
existingConfigmap: ""
## @param primary.extendedConfiguration Extended PostgreSQL Primary configuration (appended to main or default configuration)
## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf
##
extendedConfiguration: ""
## @param primary.existingExtendedConfigmap Name of an existing ConfigMap with PostgreSQL Primary extended configuration
## NOTE: `primary.extendedConfiguration` will be ignored
##
existingExtendedConfigmap: ""
## Initdb configuration
## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#specifying-initdb-arguments
##
initdb:
## @param primary.initdb.args PostgreSQL initdb extra arguments
##
args: ""
## @param primary.initdb.postgresqlWalDir Specify a custom location for the PostgreSQL transaction log
##
postgresqlWalDir: ""
## @param primary.initdb.scripts Dictionary of initdb scripts
## Specify dictionary of scripts to be run at first boot
## e.g:
## scripts:
## my_init_script.sh: |
## #!/bin/sh
## echo "Do something."
##
scripts: {}
## @param primary.initdb.scriptsConfigMap ConfigMap with scripts to be run at first boot
## NOTE: This will override `primary.initdb.scripts`
##
scriptsConfigMap: ""
## @param primary.initdb.scriptsSecret Secret with scripts to be run at first boot (in case it contains sensitive information)
## NOTE: This can work along `primary.initdb.scripts` or `primary.initdb.scriptsConfigMap`
##
scriptsSecret: ""
## @param primary.initdb.user Specify the PostgreSQL username to execute the initdb scripts
##
user: ""
## @param primary.initdb.password Specify the PostgreSQL password to execute the initdb scripts
##
password: ""
## Pre-init configuration
## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql/#on-container-start
preInitDb:
## @param primary.preInitDb.scripts Dictionary of pre-init scripts
## Specify dictionary of shell scripts to be run before db boot
## e.g:
## scripts:
## my_pre_init_script.sh: |
## #!/bin/sh
## echo "Do something."
scripts: {}
## @param primary.preInitDb.scriptsConfigMap ConfigMap with pre-init scripts to be run
## NOTE: This will override `primary.preInitDb.scripts`
scriptsConfigMap: ""
## @param primary.preInitDb.scriptsSecret Secret with pre-init scripts to be run
## NOTE: This can work along `primary.preInitDb.scripts` or `primary.preInitDb.scriptsConfigMap`
scriptsSecret: ""
## Configure current cluster's primary server to be the standby server in other cluster.
## This will allow cross cluster replication and provide cross cluster high availability.
## You will need to configure pgHbaConfiguration if you want to enable this feature with local cluster replication enabled.
## @param primary.standby.enabled Whether to enable current cluster's primary as standby server of another cluster or not
## @param primary.standby.primaryHost The Host of replication primary in the other cluster
## @param primary.standby.primaryPort The Port of replication primary in the other cluster
##
standby:
enabled: false
primaryHost: ""
primaryPort: ""
## @param primary.extraEnvVars Array with extra environment variables to add to PostgreSQL Primary nodes
## e.g:
## extraEnvVars:
## - name: FOO
## value: "bar"
##
extraEnvVars: []
## @param primary.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for PostgreSQL Primary nodes
##
extraEnvVarsCM: ""
## @param primary.extraEnvVarsSecret Name of existing Secret containing extra env vars for PostgreSQL Primary nodes
##
extraEnvVarsSecret: ""
## @param primary.command Override default container command (useful when using custom images)
##
command: []
## @param primary.args Override default container args (useful when using custom images)
##
args: []
## Configure extra options for PostgreSQL Primary containers' liveness, readiness and startup probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
## @param primary.livenessProbe.enabled Enable livenessProbe on PostgreSQL Primary containers
## @param primary.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param primary.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param primary.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param primary.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param primary.livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param primary.readinessProbe.enabled Enable readinessProbe on PostgreSQL Primary containers
## @param primary.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param primary.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param primary.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param primary.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param primary.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param primary.startupProbe.enabled Enable startupProbe on PostgreSQL Primary containers
## @param primary.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param primary.startupProbe.periodSeconds Period seconds for startupProbe
## @param primary.startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param primary.startupProbe.failureThreshold Failure threshold for startupProbe
## @param primary.startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 15
successThreshold: 1
## @param primary.customLivenessProbe Custom livenessProbe that overrides the default one
##
customLivenessProbe: {}
## @param primary.customReadinessProbe Custom readinessProbe that overrides the default one
##
customReadinessProbe: {}
## @param primary.customStartupProbe Custom startupProbe that overrides the default one
##
customStartupProbe: {}
## @param primary.lifecycleHooks for the PostgreSQL Primary container to automate configuration before or after startup
##
lifecycleHooks: {}
## PostgreSQL Primary resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param primary.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "nano"
## @param primary.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param primary.podSecurityContext.enabled Enable security context
## @param primary.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param primary.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param primary.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param primary.podSecurityContext.fsGroup Group ID for the pod
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param primary.containerSecurityContext.enabled Enabled containers' Security Context
## @param primary.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param primary.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param primary.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param primary.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param primary.containerSecurityContext.privileged Set container's Security Context privileged
## @param primary.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param primary.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param primary.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param primary.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param primary.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
## @param primary.hostAliases PostgreSQL primary pods host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param primary.hostNetwork Specify if host network should be enabled for PostgreSQL pod (postgresql primary)
##
hostNetwork: false
## @param primary.hostIPC Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary)
##
hostIPC: false
## @param primary.labels Map of labels to add to the statefulset (postgresql primary)
##
labels: {}
## @param primary.annotations Annotations for PostgreSQL primary pods
##
annotations: {}
## @param primary.podLabels Map of labels to add to the pods (postgresql primary)
##
podLabels: {}
## @param primary.podAnnotations Map of annotations to add to the pods (postgresql primary)
##
podAnnotations: {}
## @param primary.podAffinityPreset PostgreSQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param primary.podAntiAffinityPreset PostgreSQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## PostgreSQL Primary node affinity preset
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param primary.nodeAffinityPreset.type PostgreSQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param primary.nodeAffinityPreset.key PostgreSQL primary node label key to match Ignored if `primary.affinity` is set.
## E.g.
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## @param primary.nodeAffinityPreset.values PostgreSQL primary node label values to match. Ignored if `primary.affinity` is set.
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param primary.affinity Affinity for PostgreSQL primary pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: primary.podAffinityPreset, primary.podAntiAffinityPreset, and primary.nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param primary.nodeSelector Node labels for PostgreSQL primary pods assignment
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param primary.tolerations Tolerations for PostgreSQL primary pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param primary.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
##
topologySpreadConstraints: []
## @param primary.priorityClassName Priority Class to use for each pod (postgresql primary)
##
priorityClassName: ""
## @param primary.schedulerName Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param primary.terminationGracePeriodSeconds Seconds PostgreSQL primary pod needs to terminate gracefully
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
##
terminationGracePeriodSeconds: ""
## @param primary.updateStrategy.type PostgreSQL Primary statefulset strategy type
## @param primary.updateStrategy.rollingUpdate PostgreSQL Primary statefulset rolling update configuration parameters
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
##
updateStrategy:
type: RollingUpdate
rollingUpdate: {}
## @param primary.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the PostgreSQL Primary container(s)
##
extraVolumeMounts: []
## @param primary.extraVolumes Optionally specify extra list of additional volumes for the PostgreSQL Primary pod(s)
##
extraVolumes: []
## @param primary.sidecars Add additional sidecar containers to the PostgreSQL Primary pod(s)
## For example:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param primary.initContainers Add additional init containers to the PostgreSQL Primary pod(s)
## Example
##
## initContainers:
## - name: do-something
## image: busybox
## command: ['do', 'something']
##
initContainers: []
## Pod Disruption Budget configuration
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
## @param primary.pdb.create Enable/disable a Pod Disruption Budget creation
## @param primary.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
## @param primary.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `primary.pdb.minAvailable` and `primary.pdb.maxUnavailable` are empty.
##
pdb:
create: true
minAvailable: ""
maxUnavailable: ""
## @param primary.extraPodSpec Optionally specify extra PodSpec for the PostgreSQL Primary pod(s)
##
extraPodSpec: {}
## Network Policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param primary.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: true
## @param primary.networkPolicy.allowExternal Don't require server label for connections
## The Policy model to apply. When set to false, only pods with the correct
## server label will have network access to the ports server is listening
## on. When true, server will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param primary.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param primary.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
extraIngress: []
## @param primary.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param primary.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param primary.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## PostgreSQL Primary service configuration
##
service:
## @param primary.service.type Kubernetes Service type
##
type: ClusterIP
## @param primary.service.ports.postgresql PostgreSQL service port
##
ports:
postgresql: 5432
## Node ports to expose
## NOTE: choose port between <30000-32767>
## @param primary.service.nodePorts.postgresql Node port for PostgreSQL
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
nodePorts:
postgresql: ""
## @param primary.service.clusterIP Static clusterIP or None for headless services
## e.g:
## clusterIP: None
##
clusterIP: ""
## @param primary.service.annotations Annotations for PostgreSQL primary service
##
annotations: {}
## @param primary.service.loadBalancerClass Load balancer class if service type is `LoadBalancer`
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class
##
loadBalancerClass: ""
## @param primary.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer`
## Set the LoadBalancer service type to internal only
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
loadBalancerIP: ""
## @param primary.service.externalTrafficPolicy Enable client source IP preservation
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param primary.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
##
## loadBalancerSourceRanges:
## - 10.10.10.0/24
##
loadBalancerSourceRanges: []
## @param primary.service.extraPorts Extra ports to expose in the PostgreSQL primary service
##
extraPorts: []
## @param primary.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
## If "ClientIP", consecutive client requests will be directed to the same Pod
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
##
sessionAffinity: None
## @param primary.service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## Headless service properties
##
headless:
## @param primary.service.headless.annotations Additional custom annotations for headless PostgreSQL primary service
##
annotations: {}
## PostgreSQL Primary persistence configuration
##
persistence:
## @param primary.persistence.enabled Enable PostgreSQL Primary data persistence using PVC
##
enabled: true
## @param primary.persistence.volumeName Name to assign the volume
##
volumeName: "data"
## @param primary.persistence.existingClaim Name of an existing PVC to use
##
existingClaim: ""
## @param primary.persistence.mountPath The path the volume will be mounted at
## Note: useful when using custom PostgreSQL images
##
mountPath: /bitnami/postgresql
## @param primary.persistence.subPath The subdirectory of the volume to mount to
## Useful in dev environments and one PV for multiple services
##
subPath: ""
## @param primary.persistence.storageClass PVC Storage Class for PostgreSQL Primary data volume
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
## @param primary.persistence.accessModes PVC Access Mode for PostgreSQL volume
##
accessModes:
- ReadWriteOnce
## @param primary.persistence.size PVC Storage Request for PostgreSQL volume
##
size: 8Gi
## @param primary.persistence.annotations Annotations for the PVC
##
annotations: {}
## @param primary.persistence.labels Labels for the PVC
##
labels: {}
## @param primary.persistence.selector Selector to match an existing Persistent Volume (this value is evaluated as a template)
## selector:
## matchLabels:
## app: my-app
##
selector: {}
## @param primary.persistence.dataSource Custom PVC data source
##
dataSource: {}
## PostgreSQL Primary Persistent Volume Claim Retention Policy
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
##
persistentVolumeClaimRetentionPolicy:
## @param primary.persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for Primary Statefulset
##
enabled: false
## @param primary.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
##
whenScaled: Retain
## @param primary.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
##
whenDeleted: Retain
## @section PostgreSQL read only replica parameters (only used when `architecture` is set to `replication`)
##
readReplicas:
## @param readReplicas.name Name of the read replicas database (eg secondary, slave, ...)
##
name: read
## @param readReplicas.replicaCount Number of PostgreSQL read only replicas
##
replicaCount: 1
## @param readReplicas.extendedConfiguration Extended PostgreSQL read only replicas configuration (appended to main or default configuration)
## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf
##
extendedConfiguration: ""
## @param readReplicas.extraEnvVars Array with extra environment variables to add to PostgreSQL read only nodes
## e.g:
## extraEnvVars:
## - name: FOO
## value: "bar"
##
extraEnvVars: []
## @param readReplicas.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for PostgreSQL read only nodes
##
extraEnvVarsCM: ""
## @param readReplicas.extraEnvVarsSecret Name of existing Secret containing extra env vars for PostgreSQL read only nodes
##
extraEnvVarsSecret: ""
## @param readReplicas.command Override default container command (useful when using custom images)
##
command: []
## @param readReplicas.args Override default container args (useful when using custom images)
##
args: []
## Configure extra options for PostgreSQL read only containers' liveness, readiness and startup probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
## @param readReplicas.livenessProbe.enabled Enable livenessProbe on PostgreSQL read only containers
## @param readReplicas.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param readReplicas.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param readReplicas.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param readReplicas.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param readReplicas.livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param readReplicas.readinessProbe.enabled Enable readinessProbe on PostgreSQL read only containers
## @param readReplicas.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param readReplicas.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param readReplicas.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param readReplicas.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param readReplicas.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param readReplicas.startupProbe.enabled Enable startupProbe on PostgreSQL read only containers
## @param readReplicas.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param readReplicas.startupProbe.periodSeconds Period seconds for startupProbe
## @param readReplicas.startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param readReplicas.startupProbe.failureThreshold Failure threshold for startupProbe
## @param readReplicas.startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 15
successThreshold: 1
## @param readReplicas.customLivenessProbe Custom livenessProbe that overrides the default one
##
customLivenessProbe: {}
## @param readReplicas.customReadinessProbe Custom readinessProbe that overrides the default one
##
customReadinessProbe: {}
## @param readReplicas.customStartupProbe Custom startupProbe that overrides the default one
##
customStartupProbe: {}
## @param readReplicas.lifecycleHooks for the PostgreSQL read only container to automate configuration before or after startup
##
lifecycleHooks: {}
## PostgreSQL read only resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param readReplicas.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if readReplicas.resources is set (readReplicas.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "nano"
## @param readReplicas.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param readReplicas.podSecurityContext.enabled Enable security context
## @param readReplicas.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param readReplicas.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param readReplicas.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param readReplicas.podSecurityContext.fsGroup Group ID for the pod
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param readReplicas.containerSecurityContext.enabled Enabled containers' Security Context
## @param readReplicas.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param readReplicas.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param readReplicas.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param readReplicas.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param readReplicas.containerSecurityContext.privileged Set container's Security Context privileged
## @param readReplicas.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param readReplicas.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param readReplicas.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param readReplicas.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param readReplicas.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
## @param readReplicas.hostAliases PostgreSQL read only pods host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param readReplicas.hostNetwork Specify if host network should be enabled for PostgreSQL pod (PostgreSQL read only)
##
hostNetwork: false
## @param readReplicas.hostIPC Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary)
##
hostIPC: false
## @param readReplicas.labels Map of labels to add to the statefulset (PostgreSQL read only)
##
labels: {}
## @param readReplicas.annotations Annotations for PostgreSQL read only pods
##
annotations: {}