Thank you for reading this post, don't forget to subscribe!
charts/postgresql/Chart.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
apiVersion: v2 name: postgresql description: A Helm chart for Kubernetes # A chart can be either an 'application' or a 'library' chart. # # Application charts are a collection of templates that can be packaged into versioned archives # to be deployed. # # Library charts provide useful utilities or functions for the chart developer. They're included as # a dependency of application charts to inject those utilities and functions into the rendering # pipeline. Library charts do not define any templates and therefore cannot be deployed. type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) version: 10.12.7 dependencies: - name: postgresql version: 10.12.7 repository: "@bitnami" |
charts/postgresql/Chart.lock
1 2 3 4 5 6 7 |
dependencies: - name: postgresql repository: https://charts.bitnami.com/bitnami version: 10.12.7 digest: sha256:2ccb1a7c273df18afecc0478c90efd2c7385ee09d02463dfb2457fcb68897417 generated: "2021-10-29T13:49:17.564337685+06:00" |
charts/postgresql/templates/_helpers.tpl
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 |
{{/* Expand the name of the chart. */}} {{- define "postgresql.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} {{- define "postgresql.fullname" -}} {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} {{- $name := default .Chart.Name .Values.nameOverride }} {{- if contains $name .Release.Name }} {{- .Release.Name | trunc 63 | trimSuffix "-" }} {{- else }} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} {{- end }} {{- end }} {{- end }} {{/* Create chart name and version as used by the chart label. */}} {{- define "postgresql.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Common labels */}} {{- define "postgresql.labels" -}} helm.sh/chart: {{ include "postgresql.chart" . }} {{ include "postgresql.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* Selector labels */}} {{- define "postgresql.selectorLabels" -}} app.kubernetes.io/name: {{ include "postgresql.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* Create the name of the service account to use */}} {{- define "postgresql.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} {{- default (include "postgresql.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} |
charts/postgresql/templates/external-secrets.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 |
{{- if .Values.ExternalSecrets }} apiVersion: kubernetes-client.io/v1 kind: ExternalSecret metadata: name: {{ include "postgresql.name" . }} labels: {{- include "postgresql.labels" . | nindent 4 }} spec: backendType: secretsManager dataFrom: - {{ .Values.ExternalSecrets }} {{- end }} |
charts/postgresql/templates/job.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
apiVersion: batch/v1 kind: Job metadata: name: create-database-postgres annotations: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-weight": "1" "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded spec: template: spec: containers: - name: create-database-postgres image: "postgres:12-alpine" {{- if .Values.ExternalSecrets }} envFrom: - secretRef: name: postgresql {{- end }} command: ["/bin/sh"] args: ["-c", "echo \"SELECT 'CREATE USER $PG_DB_USER_AIRFLOW WITH ENCRYPTED PASSWORD ''$PG_DB_PASS_AIRFLOW''' WHERE NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '$PG_DB_USER_AIRFLOW')\\gexec\" >> sql.sql; echo \"GRANT $PG_DB_USER_AIRFLOW TO $PG_USER ;\" >> sql.sql; echo \"SELECT 'CREATE USER $PG_DB_USER_KETO WITH ENCRYPTED PASSWORD ''$PG_DB_PASS_KETO''' WHERE NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '$PG_DB_USER_KETO')\\gexec\" >> sql.sql; echo \"GRANT $PG_DB_USER_KETO TO $PG_USER ;\" >> sql.sql; echo \"SELECT 'CREATE USER $PG_DB_USER_KRATOS WITH ENCRYPTED PASSWORD ''$PG_DB_PASS_KRATOS''' WHERE NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '$PG_DB_USER_KRATOS')\\gexec\" >> sql.sql; echo \"GRANT $PG_DB_USER_KRATOS TO $PG_USER ;\" >> sql.sql; echo \"SELECT 'CREATE USER $PG_DB_USER_METABASE WITH ENCRYPTED PASSWORD ''$PG_DB_PASS_METABASE''' WHERE NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '$PG_DB_USER_METABASE')\\gexec\" >> sql.sql; echo \"GRANT $PG_DB_USER_METABASE TO $PG_USER ;\" >> sql.sql; echo \"SELECT 'CREATE USER $PG_DB_USER_TEST WITH ENCRYPTED PASSWORD ''$PG_DB_PASS_TEST''' WHERE NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '$PG_DB_USER_TEST')\\gexec\" >> sql.sql; echo \"GRANT $PG_DB_USER_TEST TO $PG_USER ;\" >> sql.sql; echo \"SELECT 'CREATE USER $PG_DB_USER_UNLEASH WITH ENCRYPTED PASSWORD ''$PG_DB_PASS_UNLEASH''' WHERE NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '$PG_DB_USER_UNLEASH')\\gexec\" >> sql.sql; echo \"GRANT $PG_DB_USER_UNLEASH TO $PG_USER ;\" >> sql.sql; echo \"SELECT 'CREATE USER $PG_DB_USER_COMEDIAN WITH ENCRYPTED PASSWORD ''$PG_DB_PASS_COMEDIAN''' WHERE NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '$PG_DB_USER_COMEDIAN')\\gexec\" >> sql.sql; echo \"GRANT $PG_DB_USER_COMEDIAN TO $PG_USER ;\" >> sql.sql; PGPASSWORD=$PG_PASS psql -U $PG_USER -h $PG_HOST postgres -f sql.sql && echo \"SELECT 'CREATE DATABASE $PG_DB_AIRFLOW OWNER $PG_DB_USER_AIRFLOW' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '$PG_DB_AIRFLOW')\\gexec\" >> sql_db.sql; echo \"SELECT 'CREATE DATABASE $PG_DB_TEST OWNER $PG_DB_USER_TEST' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '$PG_DB_TEST')\\gexec\" >> sql_db.sql; echo \"SELECT 'CREATE DATABASE $PG_DB_KETO OWNER $PG_DB_USER_KETO' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '$PG_DB_KETO')\\gexec\" >> sql_db.sql; echo \"SELECT 'CREATE DATABASE $PG_DB_KRATOS OWNER $PG_DB_USER_KRATOS' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '$PG_DB_KRATOS')\\gexec\" >> sql_db.sql; echo \"SELECT 'CREATE DATABASE $PG_DB_METABASE OWNER $PG_DB_USER_METABASE' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '$PG_DB_METABASE')\\gexec\" >> sql_db.sql; echo \"SELECT 'CREATE DATABASE $PG_DB_UNLEASH OWNER $PG_DB_USER_UNLEASH' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '$PG_DB_UNLEASH')\\gexec\" >> sql_db.sql; echo \"SELECT 'CREATE DATABASE $PG_DB_COMEDIAN OWNER $PG_DB_USER_COMEDIAN' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '$PG_DB_COMEDIAN')\\gexec\" >> sql_db.sql; echo \"SELECT 'ALTER DATABASE $PG_DB_TEST OWNER TO $PG_DB_USER_TEST' WHERE NOT EXISTS (SELECT FROM pg_catalog.pg_database d WHERE d.datname = '$PG_DB_TEST' AND pg_catalog.pg_get_userbyid(d.datdba) = '$PG_DB_USER_TEST')\\gexec\" >> sql_db.sql; PGPASSWORD=$PG_PASS psql -U $PG_USER -h $PG_HOST postgres -f sql_db.sql"] restartPolicy: Never |
charts/helmfile.d/helmfile.yaml
1 2 3 4 5 6 7 8 9 10 |
repositories: - name: "stable" url: "https://charts.helm.sh/stable" - name: "bitnami" url: "https://charts.bitnami.com/bitnami" helmfiles: - "releases/postgres.yaml" - "releases/rabbitmq.yaml" |
charts/helmfile.d/releases/postgres.yaml
Тут ENVIRONMENT_NAME - это в gitlab-ci имя окружения dev/prod/staging
INSTALL_POSTGRES - так же в gitlab-ci переменная указывающая ставить или нет этот чарт
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
releases: - name: "postgresql" createNamespace: false namespace: {{ requiredEnv "ENVIRONMENT_NAME" }} labels: chart: "bitnami/postgresql" component: "postgresql" namespace: {{ requiredEnv "ENVIRONMENT_NAME" }} chart: "../../postgresql" wait: true installed: {{ env "INSTALL_POSTGRES" | default "false" }} values: - ../values/{{ requiredEnv "ENVIRONMENT_NAME" }}/postgres.yaml.gotmpl - ../values/nodeSelector.yaml.gotmpl |
charts/helmfile.d/values/dev/postgres.yaml.gotmpl
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
postgresql: image: registry: docker.io repository: bitnami/postgresql tag: 12.8.0-debian-10-r73 pullPolicy: IfNotPresent persistence: enabled: true storageClass: "gp2" size: 8Gi resources: requests: memory: 3Gi cpu: 1400m limits: memory: 3Gi cpu: 1400m existingSecret: "postgresql" ExternalSecrets: "/dev/external-secret-postgresdb-dev" |
.gitlab-ci.yml это часть gitlab.ci
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
deploy_dev: stage: deploy image: quay.io/roboll/helmfile:helm3-v0.140.0 variables: ENVIRONMENT_NAME: dev INSTALL_POSTGRES: "true" INSTALL_RABBITMQ: "true" INSTALL_AIRFLOW_EXPORTER: "false" before_script: - source variables script: - helmfile -f charts/helmfile.d repos - helmfile -f charts/helmfile.d sync --concurrency=4 artifacts: paths: - variables only: - dev tags: - ci-k8s |
чтобы поставить postgres используем команду:
INSTALL_POSTGRES=true ENVIRONMENT_NAME=dev helmfile -l component=postgresql sync