kjuulh/clank-postgres
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

feat: add basic pgo

Browse Source
This commit is contained in:
Kasper Juul Hermansen
2023-04-06 02:21:56 +02:00
commit ebd0fcf700
128 changed files with 61656 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
pgo/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,31 @@
Thank you for deploying PGO v{{ .Chart.AppVersion }}!
((((((((((((((((((((((
(((((((((((((%%%%%%%(((((((((((((((
(((((((((((%%% %%%%((((((((((((
(((((((((((%%( (((( ( %%%(((((((((((
(((((((((((((%% (( ,(( %%%(((((((((((
(((((((((((((((%% *%%/ %%%%%%%((((((((((
(((((((((((((((((((%%(( %%%%%%%%%%#(((((%%%%%%%%%%#((((((((((((
((((((((((((((((((%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%((((((((((((((
*((((((((((((((((((((%%%%%% /%%%%%%%%%%%%%%%%%%%((((((((((((((((
(((((((((((((((((((((((%%%/ .%, %%%((((((((((((((((((,
((((((((((((((((((((((% %#(((((((((((((((((
(((((((((((((((%%%%%% #%(((((((((((((((((
((((((((((((((%% %%(((((((((((((((,
((((((((((((%%%#% % %%(((((((((((((((
((((((((((((%. % % #((((((((((((((
(((((((((((%% % %%* %(((((((((((((
#(###(###(#%% %%% %% %%% #%%#(###(###(#
###########%%%%% /%%%%%%%%%%%%% %% %%%%% ,%%#######
###############%% %%%%%% %%% %%%%%%%% %%#####
################%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% %%##
################%% %%%%%%%%%%%%%%%%% %%%% %
##############%# %% (%%%%%%% %%%%%%
#############% %%%%% %%%%%%%%%%%
###########% %%%%%%%%%%% %%%%%%%%%
#########%% %% %%%%%%%%%%%%%%%#
########%% %% %%%%%%%%%
######%% %% %%%%%%
####%%% %%%%% %
%% %%%%

94
pgo/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,94 @@
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "install.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Crunchy labels
*/}}
{{- define "install.clusterLabels" -}}
postgres-operator.crunchydata.com/control-plane: {{ .Chart.Name }}
{{- end }}
{{- define "install.upgradeLabels" -}}
postgres-operator.crunchydata.com/control-plane: {{ .Chart.Name }}-upgrade
{{- end }}
{{/*
Common labels
*/}}
{{- define "install.labels" -}}
helm.sh/chart: {{ include "install.chart" . }}
app.kubernetes.io/name: {{ .Chart.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "install.serviceAccountName" -}}
{{ .Chart.Name }}
{{- end }}
{{/*
Create the name of the Role/ClusterRole to use
*/}}
{{- define "install.roleName" -}}
{{ .Chart.Name }}
{{- end }}
{{/*
Create the name of the RoleBinding/ClusterRoleBinding to use
*/}}
{{- define "install.roleBindingName" -}}
{{ .Chart.Name }}
{{- end }}
{{/*
Create the kind for rolebindings. Will be RoleBinding in single
namespace mode or ClusterRoleBinding by default.
*/}}
{{- define "install.roleBindingKind" -}}
{{- if .Values.singleNamespace -}}
RoleBinding
{{- else -}}
ClusterRoleBinding
{{- end }}
{{- end }}
{{/*
Create the kind for role. Will be Role in single
namespace mode or ClusterRole by default.
*/}}
{{- define "install.roleKind" -}}
{{- if .Values.singleNamespace -}}
Role
{{- else -}}
ClusterRole
{{- end }}
{{- end }}
{{- define "install.imagePullSecrets" -}}
{{/* Earlier versions required the full structure of PodSpec.ImagePullSecrets */}}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets }}
{{- else if .Values.imagePullSecretNames }}
imagePullSecrets:
{{- range .Values.imagePullSecretNames }}
- name: {{ . | quote }}
{{- end }}{{/* range */}}
{{- end }}{{/* if */}}
{{- end }}{{/* define */}}
{{- define "install.relatedImages" -}}
{{- range $id, $object := .Values.relatedImages }}
- name: RELATED_IMAGE_{{ $id | upper }}
value: {{ $object.image | quote }}
{{- end }}
{{- end }}

45
pgo/templates/manager-upgrade.yaml Normal file
View File

@@ -0,0 +1,45 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Chart.Name }}-upgrade
labels:
{{- include "install.labels" . | nindent 4 }}
{{- include "install.upgradeLabels" . | nindent 4 }}
spec:
replicas: 1
strategy: { type: Recreate }
selector:
matchLabels:
{{- include "install.upgradeLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "install.upgradeLabels" . | nindent 8 }}
spec:
{{- include "install.imagePullSecrets" . | indent 6 }}
serviceAccountName: {{ include "install.serviceAccountName" . }}-upgrade
containers:
- name: operator
image: {{ required ".Values.controllerImages.upgrade is required" .Values.controllerImages.upgrade | quote }}
env:
- name: CRUNCHY_DEBUG
value: {{ .Values.debug | ne false | quote }}
{{- if .Values.singleNamespace }}
- name: PGO_TARGET_NAMESPACE
valueFrom: { fieldRef: { apiVersion: v1, fieldPath: metadata.namespace } }
{{- end }}
{{- if .Values.workers }}
- name: PGO_WORKERS
value: {{ .Values.workers | quote }}
{{- end }}
{{- include "install.relatedImages" . | indent 8 }}
{{- if .Values.resources.upgrade }}
resources:
{{- toYaml .Values.resources.upgrade | nindent 10 }}
{{- end }}
securityContext:
allowPrivilegeEscalation: false
capabilities: { drop: [ALL] }
readOnlyRootFilesystem: true
runAsNonRoot: true

51
pgo/templates/manager.yaml Normal file
View File

@@ -0,0 +1,51 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Chart.Name }}
labels:
{{- include "install.labels" . | nindent 4 }}
{{- include "install.clusterLabels" . | nindent 4 }}
spec:
replicas: 1
strategy: { type: Recreate }
selector:
matchLabels:
{{- include "install.clusterLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "install.clusterLabels" . | nindent 8 }}
spec:
{{- include "install.imagePullSecrets" . | indent 6 }}
serviceAccountName: {{ include "install.serviceAccountName" . }}
containers:
- name: operator
image: {{ required ".Values.controllerImages.cluster is required" .Values.controllerImages.cluster | quote }}
env:
- name: CRUNCHY_DEBUG
value: {{ .Values.debug | ne false | quote }}
- name: PGO_NAMESPACE
valueFrom: { fieldRef: { apiVersion: v1, fieldPath: metadata.namespace } }
{{- if .Values.singleNamespace }}
- name: PGO_TARGET_NAMESPACE
valueFrom: { fieldRef: { apiVersion: v1, fieldPath: metadata.namespace } }
{{- end }}
{{- if .Values.workers }}
- name: PGO_WORKERS
value: {{ .Values.workers | quote }}
{{- end }}
{{- include "install.relatedImages" . | indent 8 }}
{{- if .Values.disable_check_for_upgrades }}
- name: CHECK_FOR_UPGRADES
value: "false"
{{- end }}
{{- if .Values.resources.controller }}
resources:
{{- toYaml .Values.resources.controller | nindent 10 }}
{{- end }}
securityContext:
allowPrivilegeEscalation: false
capabilities: { drop: [ALL] }
readOnlyRootFilesystem: true
runAsNonRoot: true

71
pgo/templates/role-upgrade.yaml Normal file
View File

@@ -0,0 +1,71 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ include "install.roleKind" . }}
metadata:
name: {{ include "install.roleName" . }}-upgrade
labels:
{{- include "install.labels" . | nindent 4 }}
{{- include "install.upgradeLabels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- endpoints
verbs:
- delete
- get
- list
- watch
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- list
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- list
- patch
- watch
- apiGroups:
- postgres-operator.crunchydata.com
resources:
- pgupgrades
verbs:
- get
- list
- watch
- apiGroups:
- postgres-operator.crunchydata.com
resources:
- pgupgrades/finalizers
verbs:
- patch
- update
- apiGroups:
- postgres-operator.crunchydata.com
resources:
- pgupgrades/status
verbs:
- get
- patch
- apiGroups:
- postgres-operator.crunchydata.com
resources:
- postgresclusters
verbs:
- get
- list
- watch
- apiGroups:
- postgres-operator.crunchydata.com
resources:
- postgresclusters/status
verbs:
- patch

136
pgo/templates/role.yaml Normal file
View File

@@ -0,0 +1,136 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ include "install.roleKind" . }}
metadata:
name: {{ include "install.roleName" . }}
labels:
{{- include "install.labels" . | nindent 4 }}
{{- include "install.clusterLabels" . | nindent 4 }}
rules:
- apiGroups:
- ''
resources:
- configmaps
- persistentvolumeclaims
- secrets
- services
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- ''
resources:
- endpoints
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- watch
- apiGroups:
- ''
resources:
- endpoints/restricted
- pods/exec
verbs:
- create
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ''
resources:
- pods
verbs:
- delete
- get
- list
- patch
- watch
- apiGroups:
- ''
resources:
- serviceaccounts
verbs:
- create
- get
- list
- patch
- watch
- apiGroups:
- apps
resources:
- deployments
- statefulsets
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- batch
resources:
- cronjobs
- jobs
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- postgres-operator.crunchydata.com
resources:
- postgresclusters
verbs:
- get
- list
- patch
- watch
- apiGroups:
- postgres-operator.crunchydata.com
resources:
- postgresclusters/finalizers
verbs:
- update
- apiGroups:
- postgres-operator.crunchydata.com
resources:
- postgresclusters/status
verbs:
- patch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
- roles
verbs:
- create
- get
- list
- patch
- watch

32
pgo/templates/role_binding.yaml Normal file
View File

@@ -0,0 +1,32 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ include "install.roleBindingKind" . }}
metadata:
name: {{ include "install.roleBindingName" . }}
labels:
{{- include "install.labels" . | nindent 4 }}
{{- include "install.clusterLabels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: {{ include "install.roleKind" . }}
name: {{ include "install.roleName" . }}
subjects:
- kind: ServiceAccount
name: {{ include "install.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ include "install.roleBindingKind" . }}
metadata:
name: {{ include "install.roleBindingName" . }}-upgrade
labels:
{{- include "install.labels" . | nindent 4 }}
{{- include "install.upgradeLabels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: {{ include "install.roleKind" . }}
name: {{ include "install.roleName" . }}-upgrade
subjects:
- kind: ServiceAccount
name: {{ include "install.serviceAccountName" . }}-upgrade
namespace: {{ .Release.Namespace }}

16
pgo/templates/service_account.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "install.serviceAccountName" . }}
labels:
{{- include "install.labels" . | nindent 4 }}
{{- include "install.clusterLabels" . | nindent 4 }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "install.serviceAccountName" . }}-upgrade
labels:
{{- include "install.labels" . | nindent 4 }}
{{- include "install.upgradeLabels" . | nindent 4 }}