helm chart first version implemented

[yanchenko-igor]

Helm chart implemented, for now it only supports influxdb backend

[msumla]

Hi @yanchenko-igor , the chart is nice, but starting from Kubernetes v1.22 the deployment of ingresses fail.

Error: unable to build kubernetes objects from release manifest: unable to recognize "": no matches for kind "Ingress" in version "networking.k8s.io/v1beta1".

I tried the obvious to rename those to "networking.k8s.io/v1", but that did not work.

Error: unable to build kubernetes objects from release manifest: error validating "": error validating data: [ValidationError(Ingress.spec.rules[0].http.paths[0].backend): unknown field "serviceName" in io.k8s.api.networking.v1.IngressBackend, ValidationError(Ingress.spec.rules[0].http.paths[0].backend): unknown field "servicePort" in io.k8s.api.networking.v1.IngressBackend, ValidationError(Ingress.spec.rules[0].http.paths[0]): missing required field "pathType" in io.k8s.api.networking.v1.HTTPIngressPath]

Could you please take a look?

[yanchenko-igor]

@msumla Does everything work as expected with disabled ingress?

[yanchenko-igor]

@msumla Could you maybe provide the value file you are using to reproduce the issue?

[msumla]

@yanchenko-igor to my understanding the ingresses were already disabled.
I.e. in helm-chart-k8s-pg-storage/values.yaml:

exporter:
  service:
    type: ClusterIP
    servicePort: 9187
  ingress:
    enabled: false
...

[msumla]

@yanchenko-igor

$ cat helm-chart-k8s-pg-storage/values.yaml 
pgwatch2:
  service:
    type: ClusterIP
    servicePort: 8081 # the health-check / status port
  ingress:
    enabled: false
  testDBEnabled: true
  datastore: postgres
  persistentVolumes:
    config:
      enabled: true
      annotations: {}
      accessModes:
        - ReadWriteOnce
      existingClaim: ""
      mountPath: /pgwatch2/persistent-config
      size: 2Gi
    database:
      enabled: true
      annotations: {}
      accessModes:
        - ReadWriteOnce
      existingClaim: ""
      mountPath: /var/lib/postgresql
      size: 4Gi

web:
  service:
    type: ClusterIP
    servicePort: 80
  noAnonymous: false
  user: #
  password: # password will be auto generated if emtpy
  ingress:
    enabled: false
    annotations: {}
    host: pgwatch2-web.local
    tls: []
    #  - secretName: chart-web-tls
    #    hosts:
    #      - pgwatch2-web.local

grafana:
  service:
    type: ClusterIP
    servicePort: 3000
  noAnonymous: false
  user: #
  password: # password will be auto generated if emtpy
  ingress:
    enabled: false
    annotations: {}
    host: pgwatch2-grafana.local
    tls: []
    #  - secretName: chart-grafana-tls
    #    hosts:
    #      - pgwatch2-grafana.local

# NB! The port only actually listens when datastore=prometheus
exporter:
  service:
    type: ClusterIP
    servicePort: 9187
  ingress:
    enabled: false
    annotations: {}
    host: pgwatch2-exporter.local
    tls: []
    #  - secretName: chart-exporter-tls
    #    hosts:
    #      - pgwatch2-exporter.local


replicaCount: 1

image:
  repository: cybertec/pgwatch2-postgres
  tag: 1.9.0
  pullPolicy: IfNotPresent

imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""

serviceAccount:
  create: true
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name:

podSecurityContext: {}

securityContext: {}

resources:
  limits:
    cpu: 400m
    memory: 512Mi
  requests:
    cpu: 400m
    memory: 512Mi

nodeSelector: {}

tolerations: []

affinity: {}

[yanchenko-igor]

@msumla It looks like you are using the wrong chart. Here is the chart you need https://github.com/cybertec-postgresql/pgwatch2/tree/helmchart/helm-chart please use the value file in the same directory as an example.

[msumla]

@yanchenko-igor using the new chart and value file.

$ git clone https://github.com/cybertec-postgresql/pgwatch2.git
$ cd pgwatch2/
$ git checkout helmchart
$ cd helm-chart/
$ helm install -n pgwatch2-ms1 pgwatch2 .
walk.go:74: found symbolic link in path: /home/ms1/pgwatch2/helm-chart/grafana_dashboards resolves to /home/ms1/pgwatch2/grafana_dashboards
Error: found in Chart.yaml, but missing in charts/ directory: pgadmin, grafana, influxdb, metallb, postgresql
$ helm dependency update -n pgwatch2-ms1
...
$ helm install -n pgwatch2-ms1 pgwatch2 .
walk.go:74: found symbolic link in path: /home/ms1/pgwatch2/helm-chart/grafana_dashboards resolves to /home/ms1/pgwatch2/grafana_dashboards
Error: template: pgwatch2/templates/grafana-dashboards.yaml:9:110: executing "pgwatch2/templates/grafana-dashboards.yaml" at <.Subcharts.grafana.Chart.AppVersion>: nil pointer evaluating interface {}.grafana

[msumla]

@yanchenko-igor using the new chart and value file.

$ git clone https://github.com/cybertec-postgresql/pgwatch2.git
$ cd pgwatch2/
$ git checkout helmchart
$ cd helm-chart/
$ helm install -n pgwatch2-ms1 pgwatch2 .
walk.go:74: found symbolic link in path: /home/ms1/pgwatch2/helm-chart/grafana_dashboards resolves to /home/ms1/pgwatch2/grafana_dashboards
Error: found in Chart.yaml, but missing in charts/ directory: pgadmin, grafana, influxdb, metallb, postgresql
$ helm dependency update -n pgwatch2-ms1
...
$ helm install -n pgwatch2-ms1 pgwatch2 .
walk.go:74: found symbolic link in path: /home/ms1/pgwatch2/helm-chart/grafana_dashboards resolves to /home/ms1/pgwatch2/grafana_dashboards
Error: template: pgwatch2/templates/grafana-dashboards.yaml:9:110: executing "pgwatch2/templates/grafana-dashboards.yaml" at <.Subcharts.grafana.Chart.AppVersion>: nil pointer evaluating interface {}.grafana

This was using helm v3.4.1, but when using v3.9.0-rc.1 the result was much better.

$ ~/linux-amd64/helm install -n pgwatch2-ms1 pgwatch2 ./helm-chart/
walk.go:74: found symbolic link in path: /home/ms1/pgwatch2/helm-chart/grafana_dashboards resolves to /home/ms1/pgwatch2/grafana_dashboards. Contents of linked file included and used
W0510 11:38:19.378790   18035 warnings.go:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
W0510 11:38:19.382695   18035 warnings.go:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
W0510 11:38:19.387727   18035 warnings.go:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
W0510 11:38:19.390729   18035 warnings.go:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
W0510 11:38:20.448114   18035 warnings.go:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
W0510 11:38:20.448545   18035 warnings.go:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
W0510 11:38:20.449027   18035 warnings.go:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
W0510 11:38:20.449412   18035 warnings.go:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
NAME: pgwatch2
LAST DEPLOYED: Tue May 10 11:38:17 2022
NAMESPACE: pgwatch2-ms1
STATUS: deployed
REVISION: 1
NOTES:
#TODO

[yanchenko-igor]

Yes, that looks as expected, does it work as expected for you?

[msumla]

Yes, that looks as expected, does it work as expected for you?

I have not gotten that far yet.
But the services are up and the Grafana dashboard UI is reachable via browser (I cannot login with admin and pgwatch2admin though..).
Only thing suspicious so far are these:

...
pod/pgwatch2-pgadmin-8664fb47d6-zdfbf              0/1     CrashLoopBackOff   8 (52s ago)   21m
...
deployment.apps/pgwatch2-pgadmin              0/1     1            0           21m
...

BTW my end goal is actually adding a ConfigMap which includes LDAP integration configuration to Grafana and then mounting it as a volume to enable user management.
I can push my solution when it is done and tested if you would like.

[yanchenko-igor]

you can get grafana password using this command:

kubectl -n <namespace> get secret pgwatch2-grafana -o jsonpath="{.data.admin-password}" | base64 -d

Feel free to suggest your desired changes, I will make sure that you get what you want.

[msumla]

you can get grafana password using this command:

kubectl -n <namespace> get secret pgwatch2-grafana -o jsonpath="{.data.admin-password}" | base64 -d

Feel free to suggest your desired changes, I will make sure that you get what you want.

My plan is to add ldap.toml to /etc/grafana/ dir and configure /etc/grafana/grafana.ini to use that configuration.
It seems that the consistent solution would be to mount the ldap.toml from a ConfigMap as a volume and append the necessary configuration to grafana.ini file.

What I've used so far follows.
values.yaml:

  grafana.ini:
...
    auth.ldap:
      enabled: true
      config_file: /etc/grafana/ldap.toml
...

templates/configmaps.yaml:

        volumeMounts:
...
        - mountPath: /etc/grafana/ldap.toml
          name: pgwatch2-grafana-ldap-config-volume
...
      - name: pgwatch2-grafana-ldap-config-volume
        configMap:
          name: pgwatch2-grafana-ldap-config
          optional: true
...

templates/configmaps.yaml:

...
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ include "pgwatch2.fullname" . }}-grafana-ldap-config
data:
  ldap.toml: |
    [[servers]]
    # Ldap server host (specify multiple hosts space separated)
    host = "127.0.0.1"
    # Default port is 389 or 636 if use_ssl = true
    port = 389
    # Set to true if LDAP server should use an encrypted TLS connection (either with STARTTLS or LDAPS)
    use_ssl = false
    # If set to true, use LDAP with STARTTLS instead of LDAPS
    start_tls = false
    # set to true if you want to skip SSL cert validation
    ssl_skip_verify = false
    # set to the path to your root CA certificate or leave unset to use system defaults
    # root_ca_cert = "/path/to/certificate.crt"
    # Authentication against LDAP servers requiring client certificates
    # client_cert = "/path/to/client.crt"
    # client_key = "/path/to/client.key"

    # Search user bind dn
    bind_dn = "cn=admin,dc=grafana,dc=org"
    # Search user bind password
    # If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
    bind_password = "grafana"

    # User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
    # Allow login from email or username, example "(|(sAMAccountName=%s)(userPrincipalName=%s))"
    search_filter = "(cn=%s)"

    # An array of base dns to search through
    search_base_dns = ["dc=grafana,dc=org"]

    # group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
    # group_search_filter_user_attribute = "distinguishedName"
    # group_search_base_dns = ["ou=groups,dc=grafana,dc=org"]

    # Specify names of the LDAP attributes your LDAP uses
    [servers.attributes]
    member_of = "memberOf"
    email =  "email"
...

[msumla]

you can get grafana password using this command:

kubectl -n <namespace> get secret pgwatch2-grafana -o jsonpath="{.data.admin-password}" | base64 -d

Feel free to suggest your desired changes, I will make sure that you get what you want.

My plan is to add ldap.toml to /etc/grafana/ dir and configure /etc/grafana/grafana.ini to use that configuration. It seems that the consistent solution would be to mount the ldap.toml from a ConfigMap as a volume and append the necessary configuration to grafana.ini file.

What I've used so far follows. values.yaml:

  grafana.ini:
...
    auth.ldap:
      enabled: true
      config_file: /etc/grafana/ldap.toml
...

templates/configmaps.yaml:

        volumeMounts:
...
        - mountPath: /etc/grafana/ldap.toml
          name: pgwatch2-grafana-ldap-config-volume
...
      - name: pgwatch2-grafana-ldap-config-volume
        configMap:
          name: pgwatch2-grafana-ldap-config
          optional: true
...

templates/configmaps.yaml:

...
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ include "pgwatch2.fullname" . }}-grafana-ldap-config
data:
  ldap.toml: |
    [[servers]]
    # Ldap server host (specify multiple hosts space separated)
    host = "127.0.0.1"
    # Default port is 389 or 636 if use_ssl = true
    port = 389
    # Set to true if LDAP server should use an encrypted TLS connection (either with STARTTLS or LDAPS)
    use_ssl = false
    # If set to true, use LDAP with STARTTLS instead of LDAPS
    start_tls = false
    # set to true if you want to skip SSL cert validation
    ssl_skip_verify = false
    # set to the path to your root CA certificate or leave unset to use system defaults
    # root_ca_cert = "/path/to/certificate.crt"
    # Authentication against LDAP servers requiring client certificates
    # client_cert = "/path/to/client.crt"
    # client_key = "/path/to/client.key"

    # Search user bind dn
    bind_dn = "cn=admin,dc=grafana,dc=org"
    # Search user bind password
    # If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
    bind_password = "grafana"

    # User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
    # Allow login from email or username, example "(|(sAMAccountName=%s)(userPrincipalName=%s))"
    search_filter = "(cn=%s)"

    # An array of base dns to search through
    search_base_dns = ["dc=grafana,dc=org"]

    # group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
    # group_search_filter_user_attribute = "distinguishedName"
    # group_search_base_dns = ["ou=groups,dc=grafana,dc=org"]

    # Specify names of the LDAP attributes your LDAP uses
    [servers.attributes]
    member_of = "memberOf"
    email =  "email"
...

I am actually having trouble getting the ldap.toml mounted using helm charts. Somehow the default toml is used in the Grafana pod and the configmap is not mounted. I do not understand where the default one comes from.

[yanchenko-igor]

@msumla Thank you, I will find a proper way to do it.

[yanchenko-igor]

@msumla I added ldap config to the value file, please test the changes.

[msumla]

@msumla I added ldap config to the value file, please test the changes.

@yanchenko-igor good work. I only needed to add the ldap.toml content to the values.yaml and it worked.
Then only thing I had to do beforehand was helm dependency update. Is there a way to do that automatically with the chart?

[yanchenko-igor]

Then only thing I had to do beforehand was helm dependency update. Is there a way to do that automatically with the chart?

Yes, we can do that, any other requests?

[yanchenko-igor]

@msumla I included the dependencies in the chart, so you won't need to run helm dependency update, do you have any other ideas how to improve the chart?

[msumla]

@msumla I included the dependencies in the chart, so you won't need to run helm dependency update, do you have any other ideas how to improve the chart?

@yanchenko-igor Yes, is this pgwatch2-pgadmin supposed to be up as well?

...
pod/pgwatch2-pgadmin-8664fb47d6-zdfbf              0/1     CrashLoopBackOff   8 (52s ago)   21m
...
deployment.apps/pgwatch2-pgadmin              0/1     1            0           21m
...

And also could you include pgwatch2-grafana and pgwatch2-webui HTTPS configuration, templates and value placeholders for secure UI access?

[yanchenko-igor]

@msumla could you show logs from

kubectl -n <namespace> logs pod/pgwatch2-pgadmin-8664fb47d6-zdfbf

[msumla]

@msumla could you show logs from

kubectl -n <namespace> logs pod/pgwatch2-pgadmin-8664fb47d6-zdfbf

$ kubectl -n pgwatch2-ms1 logs pgwatch2-pgadmin-8664fb47d6-g2tlf
WARNING: Failed to set ACL on the directory containing the configuration database:
           [Errno 1] Operation not permitted: '/var/lib/pgadmin'
HINT   : You may need to manually set the permissions on
         /var/lib/pgadmin to allow pgadmin to write to it.
ERROR  : Failed to create the directory /var/lib/pgadmin/sessions:
           [Errno 13] Permission denied: '/var/lib/pgadmin/sessions'
HINT   : Create the directory /var/lib/pgadmin/sessions, ensure it is writeable by
         'pgadmin', and try again, or, create a config_local.py file
         and override the SESSION_DB_PATH setting per
         https://www.pgadmin.org/docs/pgadmin4/6.8/config_py.html
[2022-05-13 08:45:30 +0000] [1] [INFO] Starting gunicorn 20.1.0
[2022-05-13 08:45:30 +0000] [1] [ERROR] Retrying in 1 second.
[2022-05-13 08:45:31 +0000] [1] [ERROR] Retrying in 1 second.
[2022-05-13 08:45:32 +0000] [1] [ERROR] Retrying in 1 second.
[2022-05-13 08:45:33 +0000] [1] [ERROR] Retrying in 1 second.
[2022-05-13 08:45:34 +0000] [1] [ERROR] Retrying in 1 second.
[2022-05-13 08:45:35 +0000] [1] [ERROR] Can't connect to ('::', 80)

[yanchenko-igor]

@msumla what storage are you using? can you check?

kubectl -n <namespace> get pvc -o wide

[msumla]

kubectl -n get pvc -o wide

$ kubectl -n pgwatch2-ms1 get pvc -o wide
NAME                                         STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS      AGE   VOLUMEMODE
data-pgwatch2-postgresql-0                   Bound    pvc-e7d82791-5a35-40b1-acbe-9e261bcca77b   8Gi        RWO            default-storage   2d    Filesystem
pgwatch2-influxdb-data-pgwatch2-influxdb-0   Bound    pvc-d06e084b-6209-4868-ba71-9d77ade78146   8Gi        RWO            default-storage   2d    Filesystem
pgwatch2-pgadmin                             Bound    pvc-e7e79bc5-52b2-4a6d-ade7-488c2280152a   4Gi        RWO            default-storage   2d    Filesystem

[yanchenko-igor]

@msumla what does this command say:

kubectl get storageclasses default-storage -o jsonpath={.provisioner}

[msumla]

kubectl get storageclasses default-storage -o jsonpath={.provisioner}

$ kubectl get storageclasses default-storage -o jsonpath={.provisioner}
kubernetes.io/vsphere-volume

Where are we going with this?
To me it seems that it is a file permissions issue inside the container.

[yanchenko-igor]

Where are we going with this? To me it seems that it is a file permissions issue inside the container.

It's about permissions on /var/lib/pgadmin/ which is the volume pvc/pgwatch2-pgadmin

[msumla]

Where are we going with this? To me it seems that it is a file permissions issue inside the container.

It's about permissions on /var/lib/pgadmin/ which is the volume pvc/pgwatch2-pgadmin

Any recommendations how to solve it?

[yanchenko-igor]

I will have a look into the provisioner you are using, when I have time.

[msumla]

Okay, thanks. So with your setup this does not happen?

[yanchenko-igor]

Okay, thanks. So with your setup this does not happen?

no, it works for me, I am actually considering removing it if we don't find a solution, it's a 3 party software that is not required by pgwatch2.

[ghost]

With the current chart version I get the following error:

30s         Warning   FailedMount                pod/pgw2-postgresql-0                                      MountVolume.SetUp failed for volume "custom-init-scripts" : configmap "pgwatch2-initdb" not found

I got the chart installed as pgw2 in the pgw2 namespace.

Also: is the web-ui supposed to display anything when hit by a web browser?

[yanchenko-igor]

With the current chart version I get the following error:

30s         Warning   FailedMount                pod/pgw2-postgresql-0                                      MountVolume.SetUp failed for volume "custom-init-scripts" : configmap "pgwatch2-initdb" not found

I got the chart installed as pgw2 in the pgw2 namespace.

You need to update the values file: your postgresql section should look like this:

postgresql:
  primary:
    initdb:
      scriptsConfigMap: pgw2-initdb

You might need to update other values that have pgwatch2 in them, the default value file is expected to be installed as pgwatch2, but you can have other names so they won't conflict with each other.

Also: is the web-ui supposed to display anything when hit by a web browser?

Yes it should show login page, and after logging in, it should show the UI to manage databases to monitor.

[msumla]

@yanchenko-igor Hey, have you thought about adding a cert and key to enable using the Grafana LB over HTTPS?

[yanchenko-igor]

@yanchenko-igor Hey, have you thought about adding a cert and key to enable using the Grafana LB over HTTPS?

@msumla Using a certificate and a key that published on the internet wouldn't be secure, you have to generate your own certificate.

[msumla]

@yanchenko-igor Hey, have you thought about adding a cert and key to enable using the Grafana LB over HTTPS?

@msumla Using a certificate and a key that published on the internet wouldn't be secure, you have to generate your own certificate.

@yanchenko-igor Let me rephrase: how about adding functionality to the Helm chart that allows adding a cert and key in the values.yaml file and maybe an option or conditional to enable/disable HTTPS?

[yanchenko-igor]

@yanchenko-igor Hey, have you thought about adding a cert and key to enable using the Grafana LB over HTTPS?

@msumla Using a certificate and a key that published on the internet wouldn't be secure, you have to generate your own certificate.

@yanchenko-igor Let me rephrase: how about adding functionality to the Helm chart that allows adding a cert and key in the values.yaml file and maybe an option or conditional to enable/disable HTTPS?

@msumla This functionality is already implemented in the grafana chart, just add the certificate the same way as it's done for webui.

[msumla]

@yanchenko-igor Hey, have you thought about adding a cert and key to enable using the Grafana LB over HTTPS?

@msumla Using a certificate and a key that published on the internet wouldn't be secure, you have to generate your own certificate.

@yanchenko-igor Let me rephrase: how about adding functionality to the Helm chart that allows adding a cert and key in the values.yaml file and maybe an option or conditional to enable/disable HTTPS?

@msumla This functionality is already implemented in the grafana chart, just add the certificate the same way as it's done for webui.

@yanchenko-igor is this expected? To me it seems something might be wrong with the helpers which should provide this value.

Error: INSTALLATION FAILED: template: pgwatch2/templates/ingress.yaml:10:15: executing "pgwatch2/templates/ingress.yaml" at <include "webui.ingress.apiVersion" .>: error calling include: template: no template "webui.ingress.apiVersion" associated with template "gotpl"

[msumla]

@yanchenko-igor Hey, have you thought about adding a cert and key to enable using the Grafana LB over HTTPS?

@msumla Using a certificate and a key that published on the internet wouldn't be secure, you have to generate your own certificate.

@yanchenko-igor Let me rephrase: how about adding functionality to the Helm chart that allows adding a cert and key in the values.yaml file and maybe an option or conditional to enable/disable HTTPS?

@msumla This functionality is already implemented in the grafana chart, just add the certificate the same way as it's done for webui.

@yanchenko-igor is this expected? To me it seems something might be wrong with the helpers which should provide this value.

Error: INSTALLATION FAILED: template: pgwatch2/templates/ingress.yaml:10:15: executing "pgwatch2/templates/ingress.yaml" at <include "webui.ingress.apiVersion" .>: error calling include: template: no template "webui.ingress.apiVersion" associated with template "gotpl"

@yanchenko-igor it seems to me that the ingress template is looking for webui.ingress., but the helpers file is providing pgwatch2.ingress.

[yanchenko-igor]

@msumla Thank you for pointing out the mistake, I will fix it in the new PR

[msumla]

@msumla Thank you for pointing out the mistake, I will fix it in the new PR

@yanchenko-igor Hi, any news yet?

[yanchenko-igor]

@yanchenko-igor Hi, any news yet?

Yes, the fix is already in the master branch.

[msumla]

Grafana ingress TLS works. :)

But about WebUI, was this also fixed?
Error: UPGRADE FAILED: template: pgwatch2/templates/ingress.yaml:14:25: executing "pgwatch2/templates/ingress.yaml" at <{{template "webui.namespace" .}}>: template "webui.namespace" not defined

If I hard coded the namespace value then I got: Error: UPGRADE FAILED: template: pgwatch2/templates/ingress.yaml:16:8: executing "pgwatch2/templates/ingress.yaml" at <include "webui.labels" .>: error calling include: template: no template "webui.labels" associated with template "gotpl"

[yanchenko-igor]

I merged more fixes into the master branch. Now everything should work.

[msumla]

@yanchenko-igor hey, I need to use the container images from a local repository, I have set up public -> private repository replication. The reason is that this K8s cluster is air gapped.
I have replaced the values in values.yaml, but those seem to be still overridden by the public images when installing with helm.
It is possible that the values are overridden by the dependency charts?

Also only pgwatch2-daemon, pgwatch2-db-bootstrapper, pgwatch2 and grafana are present in values.yaml.
The metal-lb etc images cannot be templated.

Example:

...
daemon:
  enabled: true
  image:
    repository: harbor.local/pgwatch2/pgwatch2-daemon
    tag: latest
  resources: {}
...

[msumla]

@yanchenko-igor oh, and another question. I managed to get HTTPS running for Grafana fine, but for that I installed an NGINX ingresscontroller. I would like to know if it is mandatory to install the ingresscontroller .. is it namespace scoped or cluster scoped? and can I just get it running with a regular ingress service? I'm a newb in the ingress area.

[msumla]

@yanchenko-igor hey, I need to use the container images from a local repository, I have set up public -> private repository replication. The reason is that this K8s cluster is air gapped. I have replaced the values in values.yaml, but those seem to be still overridden by the public images when installing with helm. It is possible that the values are overridden by the dependency charts?

Also only pgwatch2-daemon, pgwatch2-db-bootstrapper, pgwatch2 and grafana are present in values.yaml. The metal-lb etc images cannot be templated.

Example:

...
daemon:
  enabled: true
  image:
    repository: harbor.local/pgwatch2/pgwatch2-daemon
    tag: latest
  resources: {}
...

Seems like it works with i.e. -f myvalues.yaml

[yanchenko-igor]

@msumla Sorry, I somehow missed your comments. Is there any question left that I could help you with?

[msumla]

@yanchenko-igor we are fine now. :)
No more questions at this point.