builderadmin
/
codermanifests
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add bitnamipostgresql.yaml

This commit is contained in:
builderadmin 2025-05-21 23:29:04 +00:00
parent a05380c125
commit 9ca01b0648
1 changed files with 326 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

326
bitnamipostgresql.yaml Normal file
View File

@ -0,0 +1,326 @@
---
# Source: postgresql/templates/primary/networkpolicy.yaml
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: coder-db-postgresql
namespace: "coder"
labels:
app.kubernetes.io/instance: coder-db
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: postgresql
app.kubernetes.io/version: 17.5.0
helm.sh/chart: postgresql-16.7.4
app.kubernetes.io/component: primary
spec:
podSelector:
matchLabels:
app.kubernetes.io/instance: coder-db
app.kubernetes.io/name: postgresql
app.kubernetes.io/component: primary
policyTypes:
- Ingress
- Egress
egress:
- {}
ingress:
- ports:
- port: 5432
---
# Source: postgresql/templates/primary/pdb.yaml
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: coder-db-postgresql
namespace: "coder"
labels:
app.kubernetes.io/instance: coder-db
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: postgresql
app.kubernetes.io/version: 17.5.0
helm.sh/chart: postgresql-16.7.4
app.kubernetes.io/component: primary
spec:
maxUnavailable: 1
selector:
matchLabels:
app.kubernetes.io/instance: coder-db
app.kubernetes.io/name: postgresql
app.kubernetes.io/component: primary
---
# Source: postgresql/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: coder-db-postgresql
namespace: "coder"
labels:
app.kubernetes.io/instance: coder-db
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: postgresql
app.kubernetes.io/version: 17.5.0
helm.sh/chart: postgresql-16.7.4
automountServiceAccountToken: false
---
# Source: postgresql/templates/secrets.yaml
apiVersion: v1
kind: Secret
metadata:
name: coder-db-postgresql
namespace: "coder"
labels:
app.kubernetes.io/instance: coder-db
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: postgresql
app.kubernetes.io/version: 17.5.0
helm.sh/chart: postgresql-16.7.4
type: Opaque
data:
postgres-password: "bGpmalNLbjJaQw=="
password: "Y29kZXI="
# We don't auto-generate LDAP password when it's not provided as we do for other passwords
---
# Source: postgresql/templates/primary/svc-headless.yaml
apiVersion: v1
kind: Service
metadata:
name: coder-db-postgresql-hl
namespace: "coder"
labels:
app.kubernetes.io/instance: coder-db
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: postgresql
app.kubernetes.io/version: 17.5.0
helm.sh/chart: postgresql-16.7.4
app.kubernetes.io/component: primary
annotations:
spec:
type: ClusterIP
clusterIP: None
# We want all pods in the StatefulSet to have their addresses published for
# the sake of the other Postgresql pods even before they're ready, since they
# have to be able to talk to each other in order to become ready.
publishNotReadyAddresses: true
ports:
- name: tcp-postgresql
port: 5432
targetPort: tcp-postgresql
selector:
app.kubernetes.io/instance: coder-db
app.kubernetes.io/name: postgresql
app.kubernetes.io/component: primary
---
# Source: postgresql/templates/primary/svc.yaml
apiVersion: v1
kind: Service
metadata:
name: coder-db-postgresql
namespace: "coder"
labels:
app.kubernetes.io/instance: coder-db
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: postgresql
app.kubernetes.io/version: 17.5.0
helm.sh/chart: postgresql-16.7.4
app.kubernetes.io/component: primary
spec:
type: ClusterIP
sessionAffinity: None
ports:
- name: tcp-postgresql
port: 5432
targetPort: tcp-postgresql
nodePort: null
selector:
app.kubernetes.io/instance: coder-db
app.kubernetes.io/name: postgresql
app.kubernetes.io/component: primary
---
# Source: postgresql/templates/primary/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: coder-db-postgresql
namespace: "coder"
labels:
app.kubernetes.io/instance: coder-db
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: postgresql
app.kubernetes.io/version: 17.5.0
helm.sh/chart: postgresql-16.7.4
app.kubernetes.io/component: primary
spec:
replicas: 1
serviceName: coder-db-postgresql-hl
updateStrategy:
rollingUpdate: {}
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/instance: coder-db
app.kubernetes.io/name: postgresql
app.kubernetes.io/component: primary
template:
metadata:
name: coder-db-postgresql
labels:
app.kubernetes.io/instance: coder-db
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: postgresql
app.kubernetes.io/version: 17.5.0
helm.sh/chart: postgresql-16.7.4
app.kubernetes.io/component: primary
spec:
serviceAccountName: coder-db-postgresql
automountServiceAccountToken: false
affinity:
podAffinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/instance: coder-db
app.kubernetes.io/name: postgresql
app.kubernetes.io/component: primary
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
securityContext:
fsGroup: 1001
fsGroupChangePolicy: Always
supplementalGroups: []
sysctls: []
hostNetwork: false
hostIPC: false
containers:
- name: postgresql
image: docker.io/bitnami/postgresql:17.5.0-debian-12-r3
imagePullPolicy: "IfNotPresent"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
seLinuxOptions: {}
seccompProfile:
type: RuntimeDefault
env:
- name: BITNAMI_DEBUG
value: "false"
- name: POSTGRESQL_PORT_NUMBER
value: "5432"
- name: POSTGRESQL_VOLUME_DIR
value: "/bitnami/postgresql"
- name: PGDATA
value: "/bitnami/postgresql/data"
# Authentication
- name: POSTGRES_USER
value: "coder"
- name: POSTGRES_PASSWORD_FILE
value: /opt/bitnami/postgresql/secrets/password
- name: POSTGRES_POSTGRES_PASSWORD_FILE
value: /opt/bitnami/postgresql/secrets/postgres-password
- name: POSTGRES_DATABASE
value: "coder"
# LDAP
- name: POSTGRESQL_ENABLE_LDAP
value: "no"
# TLS
- name: POSTGRESQL_ENABLE_TLS
value: "no"
# Audit
- name: POSTGRESQL_LOG_HOSTNAME
value: "false"
- name: POSTGRESQL_LOG_CONNECTIONS
value: "false"
- name: POSTGRESQL_LOG_DISCONNECTIONS
value: "false"
- name: POSTGRESQL_PGAUDIT_LOG_CATALOG
value: "off"
# Others
- name: POSTGRESQL_CLIENT_MIN_MESSAGES
value: "error"
- name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES
value: "pgaudit"
ports:
- name: tcp-postgresql
containerPort: 5432
livenessProbe:
failureThreshold: 6
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "coder" -d "dbname=coder" -h 127.0.0.1 -p 5432
readinessProbe:
failureThreshold: 6
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
exec:
command:
- /bin/sh
- -c
- -e
- |
exec pg_isready -U "coder" -d "dbname=coder" -h 127.0.0.1 -p 5432
[ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
resources:
limits:
cpu: 150m
ephemeral-storage: 2Gi
memory: 192Mi
requests:
cpu: 100m
ephemeral-storage: 50Mi
memory: 128Mi
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
- name: empty-dir
mountPath: /opt/bitnami/postgresql/conf
subPath: app-conf-dir
- name: empty-dir
mountPath: /opt/bitnami/postgresql/tmp
subPath: app-tmp-dir
- name: postgresql-password
mountPath: /opt/bitnami/postgresql/secrets/
- name: dshm
mountPath: /dev/shm
- name: data
mountPath: /bitnami/postgresql
volumes:
- name: empty-dir
emptyDir: {}
- name: postgresql-password
secret:
secretName: coder-db-postgresql
- name: dshm
emptyDir:
medium: Memory
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "8Gi"