use official crunchy helm chart

.github/environments/values.dev.yaml

@@ -34,50 +34,95 @@ postgres:
 
   # --- cluster resource allocation ----
   instances:
-    replicas: 2
-    dataVolumeClaimSpec:
-      storage: 2Gi
-      storageClassName: netapp-block-standard
-    requests:
-      cpu: 10m
-      memory: 256Mi
-    limits:
-      cpu: 500m
-      memory: 512Mi
+    - name: db # do not change this name after initial install, pvc (data) and stateful sets will be deleted
+      replicas: 2
+      dataVolumeClaimSpec:
+        accessModes:
+          - "ReadWriteOnce"
+        resources:
+          requests:
+            storage: 1Gi
+        storageClassName: "netapp-block-standard"
+      resources:
+        requests:
+          cpu: 1m
+          memory: 256Mi
+        limits:
+          cpu: 100m
+          memory: 512Mi
 
   # -------- backups ---------
-  # (move all in backups section to values-prod eventually)
-  pgBackRest:
-    # 'backups to "volume" are hard-coded (enabled) in the PostgresCluster template (see: repo1)
-    retention: "2"
-    retentionFullType: count
-    repos:
-      schedules:
-        full: 0 8 * * *
-        incremental: 0 0,4,12,16,20 * * *
-      volume:
-        # enable backups to volume (pvc)
-        enabled: true
-        accessModes: ReadWriteOnce
-        storage: 2Gi
-        storageClassName: netapp-file-backup
-    # backups to S3 are also hard-coded in postgresCluster template (see repo2)
-    s3:
-      # enable backups to s3
-      enabled: true
-      createS3Secret: true
-      s3Secret: s3-pgbackrest
-      s3Path: "/habackup"
-      s3UriStyle: path
-      bucket: "bucketName"
-      endpoint: "endpointName"
-      region: "ca-central-1"
-      key: "s3keyValue"
-      keySecret: "s3SecretValue"
-      fullSchedule: "0 9 * * *"
-      incrementalSchedule: "0 1,5,13,17,21 * * *"
+  # # (move all in backups section to values-prod eventually)
+  # pgBackRest:
+  #   # 'backups to "volume" are hard-coded (enabled) in the PostgresCluster template (see: repo1)
+  #   retention: "2"
+  #   retentionFullType: count
+  #   repos:
+  #     schedules:
+  #       full: 0 8 * * *
+  #       incremental: 0 0,4,12,16,20 * * *
+  #     volume:
+  #       # enable backups to volume (pvc)
+  #       enabled: true
+  #       accessModes: ReadWriteOnce
+  #       storage: 2Gi
+  #       storageClassName: netapp-file-backup
+  #   # backups to S3 are also hard-coded in postgresCluster template (see repo2)
+  #   s3:
+  #     # enable backups to s3
+  #     enabled: true
+  #     createS3Secret: true
+  #     s3Secret: s3-pgbackrest
+  #     s3Path: "/habackup"
+  #     s3UriStyle: path
+  #     bucket: "bucketName"
+  #     endpoint: "endpointName"
+  #     region: "ca-central-1"
+  #     key: "s3keyValue"
+  #     keySecret: "s3SecretValue"
+  #     fullSchedule: "0 9 * * *"
+  #     incrementalSchedule: "0 1,5,13,17,21 * * *"
 
-  # ------ pgBouncer-------
-  proxy:
-    pgBouncer:
-      replicas: 2
+  # pgBackRestConfig allows for the configuration of every pgBackRest option
+  # except for "image", which is set by "pgBackRest".
+  pgBackRestConfig:
+    global:
+      repo1-retention-full: "4"
+      repo1-retention-full-type: "count"
+    repos:
+      - name: repo1
+        schedules:
+          # Full backup weekly on Sunday at 1am or 2am (9am UTC) and
+          # Differential backups daily at 1am or 2am (9am UTC) on every day except Sunday,
+          # Incremental backups every hour except for 9am UTC
+          # be sure to configure these not to run at the same time
+          full: "0 9 * * 0"
+          differential: "0 9 * * 1-6"
+          incremental: "0 0-8,10-23 * * *"
+        volume:
+          volumeClaimSpec:
+            accessModes:
+              - "ReadWriteOnce"
+            resources:
+              requests:
+                storage: 2Gi
+            storageClassName: "netapp-file-backup"
+    # this stuff is for the "pgbackrest" container (the only non-init container) in the "postgres-crunchy-repo-host" pod
+    repoHost:
+      resources:
+        requests:
+          cpu: 1m
+          memory: 64Mi
+        limits:
+          cpu: 50m
+          memory: 128Mi
+    sidecars:
+      # this stuff is for the "pgbackrest" container in the "postgres-crunchy-ha" set of pods
+      pgbackrest:
+        resources:
+          requests:
+            cpu: 1m
+            memory: 64Mi
+          limits:
+            cpu: 50m
+            memory: 128Mi

.github/environments/values.test.yaml

@@ -34,26 +34,19 @@ postgres:
 
   # --- cluster resource allocation ----
   instances:
-    replicas: 5
-    dataVolumeClaimSpec:
-      storage: 4Gi
-      storageClassName: netapp-block-standard
-    requests:
-      cpu: 10m
-      memory: 256Mi
-    limits:
-      cpu: 500m
-      memory: 512Mi
-
-  # -------- backups ---------
-  pgBackRest:
-    repos:
-      volume:
-        enabled: false
-    s3:
-      enabled: false
-
-  # ------ pgBouncer-------
-  proxy:
-    pgBouncer:
+    - name: db # do not change this name after initial install, pvc (data) and stateful sets will be deleted
       replicas: 2
+      dataVolumeClaimSpec:
+        accessModes:
+          - "ReadWriteOnce"
+        resources:
+          requests:
+            storage: 1Gi
+        storageClassName: "netapp-block-standard"
+      resources:
+        requests:
+          cpu: 1m
+          memory: 256Mi
+        limits:
+          cpu: 100m
+          memory: 512Mi

charts/coms/Chart.yaml

@@ -3,7 +3,7 @@ name: common-object-management-service
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.6.6
+version: 0.7.1
 kubeVersion: ">= 1.13.0"
 description: A microservice for managing access control to S3 Objects
 # A chart can be either an 'application' or a 'library' chart.
@@ -27,14 +27,10 @@ home: https://bcgov.github.io/common-object-management-service
 sources:
   - https://github.com/bcgov/common-object-management-service
 dependencies:
-  - name: crunchy-postgres
-    version: 0.0.66
-    # repository: https://timcsaky.github.io/nr-patroni-chart
-    repository: "file://../crunchy-postgres"
+  - name: postgrescluster
+    version: 5.6.1
+    repository: "file://../postgres"
     condition: postgres.enabled
-    # tags:
-    #   - crunchy-postgres
-    # by default, the object created will be named <your-app>-crunchy-postgres. You can use an alias to override the -crunchy-postgres suffix
     alias: postgres
 maintainers:
   - name: NR Common Service Showcase Team

charts/coms/templates/networkpolicy.yaml

@@ -17,26 +17,4 @@ spec:
           protocol: TCP
   podSelector:
     matchLabels: {{- include "coms.selectorLabels" . | nindent 6 }}
-{{- if .Values.postgres.enabled }}
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: allow-{{ include "coms.fullname" . }}-app-to-{{ include "crunchy-postgres.fullname" .Subcharts.postgres }}-cluster
-  labels:
-    {{- include "crunchy-postgres.selectorLabels" .Subcharts.postgres | nindent 4 }}
-spec:
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels: {{ include "coms.selectorLabels" . | nindent 14 }}
-        - podSelector:
-            matchLabels:
-              openshift.io/deployer-pod.type: hook-pre
-      ports:
-        - port: {{ default "5432" .Values.config.configMap.DB_PORT | atoi }}
-          protocol: TCP
-  podSelector:
-    matchLabels: {{ include "crunchy-postgres.selectorLabels" .Subcharts.postgres | nindent 6 }}
-{{- end }}
 {{- end }}

charts/coms/values.yaml

@@ -197,12 +197,11 @@ postgres:
   # --------------------------------
 
   # note: override methodology:
-  # - defaults exist in subchart crunchy-postgres
+  # - defaults exist in subchart postgres
   # - overrides that apply to all coms environments are defined in this values.yaml file
   # - overrides specific to a single environment are defined in values.<environment>.yaml
 
-  fullnameOverride: ~
-  nameOverride: postgres
+  postgresVersion: 15
 
   # ------- postgres user/db configuration ----------
   users:
@@ -225,10 +224,13 @@ postgres:
       CREATE SCHEMA queue;
       ALTER SCHEMA queue OWNER TO app;
 
-  # -------- backups ---------
-  pgBackRest:
-    repos:
-      volume:
-        enabled: false
-    s3:
-      enabled: false
+  # -------- monitoring ----------
+  monitoring: true
+  monitoringConfig:
+    resources:
+      requests:
+        cpu: 1m
+        memory: 64Mi
+      limits:
+        cpu: 50m
+        memory: 128Mi

charts/postgres/Chart.yaml

@@ -0,0 +1,7 @@
+apiVersion: v2
+name: postgrescluster
+description: A Helm chart for Kubernetes
+type: application
+# The version below should match the version on the PostgresCluster CRD
+version: 5.6.1
+appVersion: 5.6.0

charts/postgres/templates/NOTES.txt

@@ -0,0 +1,31 @@
+Thank you for deploying a Crunchy PostgreSQL cluster!
+
+                          ((((((((((((((((((((((
+                    (((((((((((((%%%%%%%(((((((((((((((
+                (((((((((((%%%             %%%%((((((((((((
+            (((((((((((%%(   (((( (            %%%(((((((((((
+          (((((((((((((%%     (( ,((               %%%(((((((((((
+        (((((((((((((((%%         *%%/            %%%%%%%((((((((((
+      (((((((((((((((((((%%(( %%%%%%%%%%#(((((%%%%%%%%%%#((((((((((((
+    ((((((((((((((((((%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%((((((((((((((
+  *((((((((((((((((((((%%%%%%     /%%%%%%%%%%%%%%%%%%%((((((((((((((((
+  (((((((((((((((((((((((%%%/      .%,             %%%((((((((((((((((((,
+  ((((((((((((((((((((((%                             %#(((((((((((((((((
+(((((((((((((((%%%%%%                                 #%(((((((((((((((((
+((((((((((((((%%                                         %%(((((((((((((((,
+((((((((((((%%%#%                                     %   %%(((((((((((((((
+((((((((((((%.                      %                 %     #((((((((((((((
+(((((((((((%%                        %               %%*     %(((((((((((((
+#(###(###(#%%                      %%%    %%        %%%      #%%#(###(###(#
+###########%%%%%   /%%%%%%%%%%%%%       %%       %%%%%         ,%%#######
+###############%%       %%%%%%        %%%    %%%%%%%%             %%#####
+  ################%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   %%               %%##
+  ################%%        %%%%%%%%%%%%%%%%%      %%%%               %
+    ##############%#        %%   (%%%%%%%           %%%%%%
+    #############%     %%%%%                      %%%%%%%%%%%
+      ###########%       %%%%%%%%%%%            %%%%%%%%%
+        #########%%     %%            %%%%%%%%%%%%%%%#
+          ########%%   %%                  %%%%%%%%%
+              ######%% %%                      %%%%%%
+                ####%%%                        %%%%%  %
+                      %%                         %%%%

charts/postgres/templates/_azure.tpl

@@ -0,0 +1,12 @@
+{{/* Allow for Azure secret information to be stored in a Secret */}}
+{{- define "postgres.azure" }}
+[global]
+{{- if .azure }}
+  {{- if .azure.account }}
+repo{{ add .index 1 }}-azure-account={{ .azure.account }}
+  {{- end }}
+  {{- if .azure.key }}
+repo{{ add .index 1 }}-azure-key={{ .azure.key }}
+  {{- end }}
+{{- end }}
+{{ end }}

charts/postgres/templates/_gcs.tpl

@@ -0,0 +1,7 @@
+{{/* Allow for GCS secret information to be stored in a Secret */}}
+{{- define "postgres.gcs" }}
+[global]
+{{- if .gcs }}
+repo{{ add .index 1 }}-gcs-key=/etc/pgbackrest/conf.d/gcs-key.json
+{{- end }}
+{{ end }}

charts/postgres/templates/_s3.tpl

@@ -0,0 +1,18 @@
+{{/* Allow for S3 secret information to be stored in a Secret */}}
+{{- define "postgres.s3" }}
+[global]
+{{- if .s3 }}
+  {{- if .s3.key }}
+repo{{ add .index 1 }}-s3-key={{ .s3.key }}
+  {{- end }}
+  {{- if .s3.keySecret }}
+repo{{ add .index 1 }}-s3-key-secret={{ .s3.keySecret }}
+  {{- end }}
+  {{- if .s3.keyType }}
+repo{{ add .index 1 }}-s3-key-type={{ .s3.keyType }}
+  {{- end }}
+  {{- if .s3.encryptionPassphrase }}
+repo{{ add .index 1 }}-cipher-pass={{ .s3.encryptionPassphrase }}
+  {{- end }}
+{{- end }}
+{{ end }}

charts/postgres/templates/pgbackrest-secret.yaml

@@ -0,0 +1,41 @@
+{{- if or .Values.multiBackupRepos .Values.s3 .Values.gcs .Values.azure }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ default .Release.Name .Values.name }}-pgbackrest-secret
+type: Opaque
+data:
+{{- if .Values.multiBackupRepos }}
+  {{- range $index, $repo := .Values.multiBackupRepos }}
+  {{- if $repo.s3 }}
+  {{- $args := dict "s3" $repo.s3 "index" $index }}
+  s3.conf: |-
+        {{ include "postgres.s3" $args | b64enc }}
+  {{- else if $repo.gcs }}
+  {{- $args := dict "gcs" $repo.gcs "index" $index }}
+  gcs.conf: |-
+        {{ include "postgres.gcs" $args | b64enc }}
+  gcs-key.json: |-
+        {{ $repo.gcs.key | b64enc }}
+  {{- else if $repo.azure }}
+  {{- $args := dict "azure" $repo.azure "index" $index }}
+  azure.conf: |-
+        {{ include "postgres.azure" $args | b64enc }}
+  {{- end }}
+{{- end }}
+{{- else if .Values.s3 }}
+  {{- $args := dict "s3" .Values.s3 "index" 0 }}
+  s3.conf: |-
+        {{ include "postgres.s3" $args | b64enc }}
+{{- else if .Values.gcs }}
+  {{- $args := dict "gcs" .Values.gcs "index" 0 }}
+  gcs.conf: |-
+        {{ include "postgres.gcs" $args | b64enc }}
+  gcs-key.json: |-
+        {{ .Values.gcs.key | b64enc }}
+{{- else if .Values.azure }}
+  {{- $args := dict "azure" .Values.azure "index" 0 }}
+  azure.conf: |-
+        {{ include "postgres.azure" $args | b64enc }}
+{{- end }}
+{{- end }}