[cloud-native-pg,inventory,workflow-manager] Helm charts for CloudNativePG cluster configuration

.github/lint_test_config.yaml

@@ -22,3 +22,5 @@ excluded-charts:
   - topology-discovery
   # This chart has a dependency to postresql 
   - postgrest
+  # This chart has a dependency to CloudNativePG operator 
+  - cloud-native-pg

charts/cloud-native-pg/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/cloud-native-pg/Chart.yaml

@@ -0,0 +1,8 @@
+apiVersion: v2
+name: cloud-native-pg
+description: A Helm chart for creating postgres cluster via CloudNativePG operator
+icon: https://avatars.githubusercontent.com/u/23452093?s=200&v=4
+type: application
+version: 0.0.1
+maintainers:
+  - name: FRINX

charts/cloud-native-pg/README.md

@@ -0,0 +1,72 @@
+# cloud-native-pg
+
+A Helm chart for Kubernetes deployment of the cloud-native-pg
+
+## Get Repo Info
+
+```console
+helm repo add frinx https://FRINXio.github.io/helm-charts
+helm repo update
+```
+
+## Install Chart
+
+```console
+helm install [RELEASE_NAME] frinx/cloud-native-pg
+```
+
+## Upgrading Chart
+
+```console
+helm upgrade [RELEASE_NAME] frinx/cloud-native-pg
+```
+
+## Uninstall Chart
+
+```console
+helm uninstall [RELEASE_NAME]
+```
+
+## Configuration
+
+| Parameter                | Description             | Default        |
+| ------------------------ | ----------------------- | -------------- |
+| `name` | Cluster name. If not defined, Chart name is used. | `null` |
+| `imageName` | Name of the container image, supporting both tags (<image>:<tag>) and digests for deterministic and repeatable deployments (<image>:<tag>@sha256:<digestValue>) | `"ghcr.io/cloudnative-pg/postgresql:12.10@sha256:3cd378bf6b4e6bdc495cf478ca893a3490ecdab5332a614d99d2adb41b1e63ce"` |
+| `imagePullPolicy` | Image pull policy | `"IfNotPresent"` |
+| `imagePullSecrets` | The list of pull secrets to be used to pull the images | `[]` |
+| `instances` | Number of instances required in the cluster | `3` |
+| `primaryUpdateStrategy` | Deployment strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated: it can be automated (unsupervised - default) or manual (supervised) | `"unsupervised"` |
+| `primaryUpdateMethod` | Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated: it can be with a switchover (switchover - default) or in-place (restart) | `"switchover"` |
+| `startDelay` | The time in seconds that is allowed for a PostgreSQL instance to successfully start up (default 30) | `30` |
+| `stopDelay` | The time in seconds that is allowed for a PostgreSQL instance to gracefully shutdown (default 30) | `30` |
+| `replicationSlots` | ReplicationSlotsConfiguration encapsulates the configuration of replication slots | `{}` |
+| `storage` | StorageConfiguration is the configuration of the storage of the PostgreSQL instances | `{"size": "1Gi"}` |
+| `storage.size` | Size of the storage. Required if not already specified in the PVC template. Changes to this field are automatically reapplied to the created PVCs. Size cannot be decreased. | `"1Gi"` |
+| `resources` | CPU/Memory resource requests/limits | `{}` |
+| `postgresql` | PostgreSQL configuration options (postgresql.conf) | `{}` |
+| `bootstrap.initdb.database` | Name of the database used by the application | `"frinx"` |
+| `bootstrap.initdb.owner` | Name of the owner of the database in the instance to be used by applications | `"frinx"` |
+| `bootstrap.initdb.secret.name` | User secret reference name | `"frinx-user"` |
+| `bootstrap.initdb.postInitSQL` | List of SQL queries to be executed as a superuser immediately after the cluster has been created - to be used with extreme care (by default empty) | `{}` |
+| `bootstrap.initdb.postInitTemplateSQL` | List of SQL queries to be executed as a superuser in the template1 after the cluster has been created - to be used with extreme care (by default empty) | `{}` |
+| `bootstrap.initdb.postInitApplicationSQL` | List of SQL queries to be executed as a superuser in the application database right after is created - to be used with extreme care (by default empty) | `{}` |
+| `bootstrap.initdb.postInitApplicationSQLRefs.configMapRefs` | ConfigMapRefs holds a list of references to ConfigMaps | `{}` |
+| `bootstrap.initdb.postInitApplicationSQLRefs.secretRefs` | SecretRefs holds a list of references to Secrets | `{}` |
+| `backup` | BackupConfiguration defines how the backup of the cluster are taken. Currently the only supported backup method is barmanObjectStore. For details and examples refer to the Backup and Recovery section of the documentation | `{}` |
+| `superuserSecret.name` | Reference name to secret for superuser | `"frinx-superuser"` |
+| `monitoring` | MonitoringConfiguration is the type containing all the monitoring configuration for a certain cluster | `{}` |
+| `env` | Env follows the Env format to pass environment variables to the pods created in the cluster | `{}` |
+| `envFrom` | EnvFrom follows the EnvFrom format to pass environment variables sources to the pods to be used by Env | `{}` |
+| `logLevel` | The instances' log level, one of the following values: error, warning, info (default), debug, trace | `"info"` |
+| `affinity` | AffinityConfiguration contains the info we need to create the affinity rules for Pods | `{}` |
+| `secrets.superuserSecret.name` | superuser secret reference name | `"frinx-superuser"` |
+| `secrets.superuserSecret.username` | superuser username | `"postgres"` |
+| `secrets.superuserSecret.password` | superuser password | `"postgres"` |
+| `secrets.userSecret.name` | user secret reference name | `"frinx-user"` |
+| `secrets.userSecret.username` | user username | `"frinx"` |
+| `secrets.userSecret.password` | user password | `"postgres"` |
+| `secrets.postInitSqlSecret` | postInitSqlSecret secret reference name | `{}` |
+
+## CloudNativePG configuration API reference
+More details about configuration can be found on [CloudNativePG API reference](https://cloudnative-pg.io/documentation/1.18/api_reference) page.

charts/cloud-native-pg/templates/helpers.tpl

@@ -0,0 +1,72 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cloud-native-pg.fullname" -}}
+{{- or $.Values.name $.Chart.Name | trunc 63 | trimSuffix "-" -}}
+{{- end }}
+
+{{/*
+Return true if a secret object should be created
+*/}}
+{{- define "cloud-native-pg.createSuperuserSecret" -}}
+{{- if (.Values.secrets.superuserSecret) -}}
+    {{- if (not .Values.secrets.superuserSecret.existingSecret ) -}}
+        {{- true -}}
+    {{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Get the password secret.
+*/}}
+{{- define "cloud-native-pg.superUserSecretName" -}}
+{{- if .Values.secrets.superuserSecret.existingSecret }}
+    {{- printf "%s" (tpl  .Values.secrets.superuserSecret.existingSecret $) -}}
+{{- else -}}
+    {{- printf "%s-frinx-superuser"  (include "cloud-native-pg.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return true if a secret object should be created
+*/}}
+{{- define "cloud-native-pg.createUserSecret" -}}
+{{- if (.Values.secrets.userSecret) -}}
+    {{- if (not .Values.secrets.userSecret.existingSecret ) -}}
+        {{- true -}}
+    {{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Get the password secret.
+*/}}
+{{- define "cloud-native-pg.userSecretName" -}}
+{{- if .Values.secrets.userSecret.existingSecret }}
+    {{- printf "%s" (tpl  .Values.secrets.userSecret.existingSecret $) -}}
+{{- else -}}
+    {{- printf "%s-frinx-user"  (include "cloud-native-pg.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return true if a secret object should be created
+*/}}
+{{- define "cloud-native-pg.createPostInitSqlSecret" -}}
+{{- if (.Values.secrets.postInitSqlSecret) -}}
+    {{- if (not .Values.secrets.postInitSqlSecret.existingSecret ) -}}
+        {{- true -}}
+    {{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Get the password secret.
+*/}}
+{{- define "cloud-native-pg.postInitSqlSecretName" -}}
+{{- if .Values.secrets.postInitSqlSecret.existingSecret }}
+    {{- printf "%s" (tpl  .Values.secrets.postInitSqlSecret.existingSecret $) -}}
+{{- else -}}
+    {{- printf "%s-post-init-sql-secret"  (include "cloud-native-pg.fullname" .) -}}
+{{- end -}}
+{{- end -}}

charts/cloud-native-pg/templates/post-init-sql-secret.yaml

@@ -0,0 +1,8 @@
+{{- if (include "cloud-native-pg.createPostInitSqlSecret" .) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name:  {{ template "cloud-native-pg.fullname" . }}-post-init-sql-secret
+stringData:
+  secret.sql: {{- required "Required value for secrets.postInitSqlSecret.sql" .Values.secrets.postInitSqlSecret.sql | toYaml | indent 1 }}
+{{ end }}

charts/cloud-native-pg/templates/postgres-cluster.yaml

@@ -0,0 +1,106 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: {{ include "cloud-native-pg.fullname" . }}
+spec:
+  instances: {{ .Values.instances }}
+  imageName: {{ .Values.imageName }}
+  imagePullPolicy: {{ .Values.imagePullPolicy }}
+  imagePullSecrets: {{ .Values.imagePullSecrets }}
+  primaryUpdateStrategy: {{ .Values.primaryUpdateStrategy }}
+  primaryUpdateMethod: {{ .Values.primaryUpdateMethod }}
+  logLevel: {{ .Values.logLevel }}
+
+  {{- if .Values.startDelay }}
+  startDelay: {{ .Values.startDelay }}
+  {{- end }}
+
+  {{- if .Values.stopDelay }}
+  stopDelay: {{ .Values.stopDelay }}
+  {{- end }}
+
+  {{- if .Values.replicationSlots }}
+  replicationSlots:
+    {{- toYaml .Values.replicationSlots | nindent 4 }}
+  {{- end }}
+
+  {{- if .Values.storage }}
+  storage:
+    {{- toYaml .Values.storage | nindent 4 }}
+  {{- end }}
+
+  {{- if .Values.resources }}
+  resources:
+    {{- toYaml .Values.resources | nindent 4 }}
+  {{- end }}
+
+  {{- if .Values.postgresql }}
+  postgresql:
+    {{- toYaml .Values.postgresql | nindent 4 }}
+  {{- end }}
+
+  {{- if .Values.affinity }}
+  monitoring:
+    {{- toYaml .Values.affinity | nindent 4 }}
+  {{- end }}
+
+  bootstrap:
+    initdb:
+      database: {{ .Values.bootstrap.initdb.database }}
+      owner: {{ .Values.bootstrap.initdb.owner }}
+      secret:
+        name: {{ include "cloud-native-pg.userSecretName" . }}
+      {{- if .Values.bootstrap.initdb.postInitSQL }}
+      postInitSQL:
+        {{- toYaml .Values.bootstrap.initdb.postInitSQL | nindent 8 }}
+      {{- end }}
+      {{- if .Values.bootstrap.initdb.postInitTemplateSQL }}
+      postInitTemplateSQL:
+        {{- toYaml .Values.bootstrap.initdb.postInitTemplateSQL | nindent 8 }}
+      {{- end }}
+      {{- if .Values.bootstrap.initdb.postInitApplicationSQL }}
+      postInitApplicationSQL:
+        {{- toYaml .Values.bootstrap.initdb.postInitApplicationSQL | nindent 8 }}
+      {{- end }}
+      {{- if .Values.bootstrap.initdb.postInitApplicationSQLRefs }}
+      postInitApplicationSQLRefs:
+        configMapRefs:
+          {{- range .Values.bootstrap.initdb.postInitApplicationSQLRefs.extraConfigMapRefs }}
+          - name: {{ .name }}
+            key: {{ .key }}
+          {{- end }}
+        secretRefs:
+          {{- if .Values.secrets.postInitSqlSecret }}
+          - name: {{ include "cloud-native-pg.postInitSqlSecretName" . }}
+            key: secret.sql
+          {{- end }}
+          {{- range .Values.bootstrap.initdb.postInitApplicationSQLRefs.extraSecretRefs }}
+          - name: {{- .name }}
+            key: {{ .key }}
+          {{- end }}
+  {{- end }}
+
+  {{- if .Values.backup }}
+  backup:
+    {{- toYaml .Values.backup | nindent 4 }}
+  {{- end }}
+
+  {{- if .Values.secrets.superuserSecret }}
+  superuserSecret:
+    name: {{ include "cloud-native-pg.superUserSecretName" . }}
+  {{- end }}
+
+  {{- if .Values.env }}
+  env:
+    {{- toYaml .Values.env | nindent 4 }}
+  {{- end }}
+
+  {{- if .Values.envFrom }}
+  envFrom:
+    {{- toYaml .Values.envFrom | nindent 4 }}
+  {{- end }}
+
+  {{- if .Values.monitoring }}
+  monitoring:
+    {{- toYaml .Values.monitoring | nindent 4 }}
+  {{- end }}

charts/cloud-native-pg/templates/postgres-superuser-secret.yaml

@@ -0,0 +1,10 @@
+{{- if (include "cloud-native-pg.createSuperuserSecret" .) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "cloud-native-pg.fullname" . }}-frinx-superuser
+type: kubernetes.io/basic-auth
+data:
+  username: {{ required "Required value for secrets.superuserSecret.username" .Values.secrets.superuserSecret.username | b64enc | quote }}
+  password: {{ required "Required value for secrets.superuserSecret.password" .Values.secrets.superuserSecret.password | b64enc | quote }}
+{{ end }}

charts/cloud-native-pg/templates/postgres-user-secret.yaml

@@ -0,0 +1,10 @@
+{{- if (include "cloud-native-pg.createUserSecret" .) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "cloud-native-pg.fullname" . }}-frinx-user
+type: kubernetes.io/basic-auth
+data:
+  username: {{ required "Required value for secrets.userSecret.username" .Values.secrets.userSecret.username | b64enc | quote }}
+  password: {{ required "Required value for secrets.userSecret.password" .Values.secrets.userSecret.password | b64enc | quote }}
+{{ end }}