[stable/postgresql] PostgreSQL maintenance proposal (#8004)

* Adopt postgresql chart

Signed-off-by: Carlos Rodriguez Hernandez <crhernandez@bitnami.com>

* Fix Chart.yaml

Signed-off-by: Carlos Rodriguez Hernandez <crhernandez@bitnami.com>

* Add metrics and NetworkPolicy to the README

Signed-off-by: Carlos Rodriguez Hernandez <crhernandez@bitnami.com>

* Remove previous deployment.yaml

Signed-off-by: Carlos Rodriguez Hernandez <crhernandez@bitnami.com>

* Update NOTES.txt

Signed-off-by: Carlos Rodriguez Hernandez <crhernandez@bitnami.com>

* Add OWNERS file

Signed-off-by: Carlos Rodriguez Hernandez <crhernandez@bitnami.com>

* Add kubeapps text to charts READMEs

Signed-off-by: Carlos Rodriguez Hernandez <crhernandez@bitnami.com>

* Appy different suggestions

Signed-off-by: Carlos Rodriguez Hernandez <crhernandez@bitnami.com>

* Add terminationGracePeriodSeconds

Signed-off-by: Carlos Rodriguez Hernandez <crhernandez@bitnami.com>

* Add upgrade steps to README

Signed-off-by: Carlos Rodriguez Hernandez <crhernandez@bitnami.com>

* Add how to connect when the networkpolicy is enabled to NOTES.txt

Signed-off-by: Carlos Rodriguez Hernandez <crhernandez@bitnami.com>

* Allow using pg_hba.conf via configmap

Signed-off-by: Carlos Rodriguez Hernandez <crhernandez@bitnami.com>

* Update description ingluding pg_hba.conf

Signed-off-by: Carlos Rodriguez Hernandez <crhernandez@bitnami.com>

* Fix metrics deployment

Signed-off-by: Carlos Rodriguez Hernandez <crhernandez@bitnami.com>

* Rebase latest changes

Signed-off-by: Carlos Rodriguez Hernandez <crhernandez@bitnami.com>

* Remove distro tags

Signed-off-by: Carlos Rodriguez Hernandez <crhernandez@bitnami.com>

* Add OWNERs to .helmignore

Signed-off-by: Carlos Rodriguez Hernandez <crhernandez@bitnami.com>

stable/postgresql/.helmignore

@@ -0,0 +1,2 @@
+.git
+OWNERS

stable/postgresql/Chart.yaml

@@ -1,16 +1,19 @@
 name: postgresql
-version: 1.0.0
-appVersion: 9.6.2
-description: Object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance.
+version: 2.0.0
+appVersion: 10.5.0
+description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance.
 keywords:
 - postgresql
 - postgres
 - database
 - sql
+- replication
+- cluster
 home: https://www.postgresql.org/
-icon: https://www.postgresql.org/media/img/about/press/elephant.png
+icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-110x117.png
 sources:
-- https://github.com/kubernetes/charts
-- https://github.com/docker-library/postgres
-maintainers: []
+- https://github.com/bitnami/bitnami-docker-postgresql
+maintainers:
+- name: Bitnami
+  email: containers@bitnami.com
 engine: gotpl

stable/postgresql/OWNERS

@@ -0,0 +1,12 @@
+approvers:
+- prydonius
+- tompizmor
+- sameersbn
+- carrodher
+- juan131
+reviewers:
+- prydonius
+- tompizmor
+- sameersbn
+- carrodher
+- juan131

stable/postgresql/files/README.md

@@ -0,0 +1 @@
+Copy here your postgresql.conf and/or pg_hba.conf files to use it as a config map.

stable/postgresql/files/docker-entrypoint-initdb.d/README.md

@@ -0,0 +1,3 @@
+You can copy here your custom `.sh`, `.sql` or `.sql.gz` file so they are executed during the first boot of the image.
+
+More info in the [bitnami-docker-postgresql](https://github.com/bitnami/bitnami-docker-postgresql#initializing-a-new-instance) repository.

stable/postgresql/templates/NOTES.txt

@@ -1,41 +1,58 @@
-PostgreSQL can be accessed via port 5432 on the following DNS name from within your cluster:
-{{ template "postgresql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
+{{- if contains .Values.service.type "LoadBalancer" }}
+{{- if not .Values.postgresqlPassword }}
+-------------------------------------------------------------------------------
+ WARNING
 
-{{- if .Values.existingSecret }}
-If you have not already created the postgres admin secret:
+    By specifying "serviceType=LoadBalancer" and not specifying "postgresqlPassword"
+    you have most likely exposed the PostgreSQL service externally without any
+    authentication mechanism.
 
-   kubectl create secret generic {{ .Values.existingSecret }} --namespace {{ .Release.Namespace }} --from-file=./postgres-password
-{{ else }}
-To get your user password run:
+    For security reasons, we strongly suggest that you switch to "ClusterIP" or
+    "NodePort". As an alternative, you can also specify a valid password on the
+    "postgresqlPassword" parameter.
 
-    PGPASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }} -o jsonpath="{.data.postgres-password}" | base64 --decode; echo)
+-------------------------------------------------------------------------------
+{{- end }}
 {{- end }}
 
-To connect to your database run the following command (using the env variable from above):
+** Please be patient while the chart is being deployed **
+
+PostgreSQL can be accessed via port 5432 on the following DNS name from within your cluster:
+
+    {{ template "postgresql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
+
+To get the password for "{{ .Values.postgresqlUsername }}" run:
+
+    export POSTGRESQL_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }} -o jsonpath="{.data.postgresql-password}" | base64 --decode)
 
-   kubectl run --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }}-client --restart=Never --rm --tty -i --image postgres \
-   --env "PGPASSWORD=$PGPASSWORD" \{{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
-   --labels="{{ template "postgresql.fullname" . }}-client=true" \{{- end }}
-   --command -- psql -U {{ default "postgres" .Values.postgresUser }} \
-   -h {{ template "postgresql.fullname" . }} {{ default "postgres" .Values.postgresDatabase }}
+To connect to your database run the following command:
+
+    kubectl run {{ template "postgresql.fullname" . }}-client --rm --tty -i --image bitnami/postgresql --env="PGPASSWORD=$POSTGRESQL_PASSWORD" {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
+   --labels="{{ template "postgresql.fullname" . }}-client=true" {{- end }} --command -- psql --host {{ template "postgresql.fullname" . }} -U {{ .Values.postgresqlUsername }}
 
 {{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
-Note: Since NetworkPolicy is enabled, only pods with label
-{{ template "postgresql.fullname" . }}-client=true"
-will be able to connect to this PostgreSQL cluster.
+Note: Since NetworkPolicy is enabled, only pods with label {{ template "postgresql.fullname" . }}-client=true" will be able to connect to this PostgreSQL cluster.
 {{- end }}
 
-To connect to your database directly from outside the K8s cluster:
-   {{- if contains "NodePort" .Values.service.type }}
-     PGHOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath='{.items[0].status.addresses[0].address}')
-     PGPORT=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }} -o jsonpath='{.spec.ports[0].nodePort}')
+To connect to your database from outside the cluster execute the following commands:
+
+{{- if contains "NodePort" .Values.service.type }}
+
+    export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+    export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "postgresql.fullname" . }})
+    {{ if .Values.postgresqlPassword }}PGPASSWORD={{ .Values.postgresqlPassword}} "{{- end }}psql --host $NODE_IP --port $NODE_PORT -U {{ .Values.postgresqlUsername }}
+
+{{- else if contains "LoadBalancer" .Values.service.type }}
 
-   {{- else if contains "ClusterIP" .Values.service.type }}
-     PGHOST=127.0.0.1
-     PGPORT={{ default "5432" .Values.service.port }}
+  NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+        Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "postgresql.fullname" . }}'
 
-     # Execute the following commands to route the connection:
-     export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "postgresql.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-     kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME {{ default "5432" .Values.service.port }}:{{ default "5432" .Values.service.port }}
+    export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }} --template "{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}")
+    {{ if .Values.postgresqlPassword }}PGPASSWORD={{ .Values.postgresqlPassword}} "{{- end }}psql --host $SERVICE_IP --port {{ .Values.service.port }} -U {{ .Values.postgresqlUsername }}
 
-   {{- end }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+
+    kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "postgresql.fullname" . }} 5432:5432 &
+    {{ if .Values.postgresqlPassword }}PGPASSWORD={{ .Values.postgresqlPassword}} "{{- end }}psql --host 127.0.0.1 -U {{ .Values.postgresqlUsername }}
+
+{{- end }}

stable/postgresql/templates/_helpers.tpl

@@ -9,18 +9,22 @@ Expand the name of the chart.
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
 */}}
 {{- define "postgresql.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
 {{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "postgresql.master.fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if .Values.replication.enabled -}}
+{{- printf "%s-%s-%s" .Release.Name $name "master" | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{- end -}}
 
@@ -43,8 +47,19 @@ Create chart name and version as used by the chart label.
 {{- end -}}
 
 {{/*
-Generate chart secret name
+Return the proper PostgreSQL image name
+*/}}
+{{- define "postgresql.image" -}}
+{{- $registryName :=  default "docker.io" .Values.image.registry -}}
+{{- $tag := default "latest" .Values.image.tag | toString -}}
+{{- printf "%s/%s:%s" $registryName .Values.image.repository $tag -}}
+{{- end -}}
+
+{{/*
+Return the proper PostgreSQL metrics image name
 */}}
-{{- define "postgresql.secretName" -}}
-{{ default (include "postgresql.fullname" .) .Values.existingSecret }}
+{{- define "metrics.image" -}}
+{{- $registryName :=  default "docker.io" .Values.metrics.image.registry -}}
+{{- $tag := default "latest" .Values.metrics.image.tag | toString -}}
+{{- printf "%s/%s:%s" $registryName .Values.metrics.image.repository $tag -}}
 {{- end -}}

stable/postgresql/templates/configmap.yaml

@@ -1,16 +1,18 @@
+{{ if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ template "postgresql.fullname" . }}
+  name: {{ template "postgresql.fullname" . }}-configuration
   labels:
     app: {{ template "postgresql.name" . }}
     chart: {{ template "postgresql.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name | quote }}
+    heritage: {{ .Release.Service | quote }}
 data:
-  {{- if .Values.metrics.customMetrics }}
-  custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | quote }}
-  {{- end }}
-  {{- if .Values.pgHbaConf }}
-  pg_hba.conf: {{ .Values.pgHbaConf | quote }}
-  {{- end }}
+{{- if (.Files.Glob "files/postgresql.conf") }}
+{{ (.Files.Glob "files/postgresql.conf").AsConfig | indent 2 }}
+{{- end }}
+{{- if (.Files.Glob "files/pg_hba.conf") }}
+{{ (.Files.Glob "files/pg_hba.conf").AsConfig | indent 2 }}
+{{- end }}
+{{ end }}