215 lines
6.8 KiB
YAML
215 lines
6.8 KiB
YAML
|
---
|
||
|
## Set default image, imageTag, and imagePullPolicy.
|
||
|
## ref: https://hub.docker.com/_/postgres
|
||
|
##
|
||
|
image:
|
||
|
repository: postgres
|
||
|
tag: "11.5"
|
||
|
pullPolicy: IfNotPresent
|
||
|
|
||
|
## Optionally specify an imagePullSecret.
|
||
|
## Secret must be manually created in the namespace.
|
||
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||
|
##
|
||
|
# pullSecret: myRegistrKeySecretName
|
||
|
|
||
|
## Expose the nifi service to be accessed from outside the cluster (LoadBalancer service).
|
||
|
## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it.
|
||
|
## ref: http://kubernetes.io/docs/user-guide/services/
|
||
|
##
|
||
|
service:
|
||
|
type: ClusterIP
|
||
|
annotations: {}
|
||
|
## clusterIP:
|
||
|
|
||
|
## Set the LoadBalancer service type to internal only.
|
||
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
||
|
##
|
||
|
# loadBalancerIP:
|
||
|
|
||
|
## Load Balancer sources
|
||
|
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
||
|
##
|
||
|
# loadBalancerSourceRanges:
|
||
|
# - 10.10.10.0/24
|
||
|
|
||
|
## Postgresql values
|
||
|
postgresql:
|
||
|
username: dsmr
|
||
|
password: dsmr
|
||
|
database: dsmr
|
||
|
port: 5432
|
||
|
# initdbArgs
|
||
|
# initdbWalDir
|
||
|
dataDir: /var/lib/postgresql/data
|
||
|
# extraEnv
|
||
|
|
||
|
## PostgreSQL configuration
|
||
|
## Specify runtime configuration parameters as a dict, using camelCase, e.g.
|
||
|
## {"sharedBuffers": "500MB"}
|
||
|
## Alternatively, you can put your postgresql.conf under the configs/ directory
|
||
|
## ref: https://www.postgresql.org/docs/current/static/runtime-config.html
|
||
|
##
|
||
|
# config: {"sharedBuffers": "500MB"}
|
||
|
## PostgreSQL client authentication configuration
|
||
|
## Specify content for pg_hba.conf
|
||
|
## Default: do not create pg_hba.conf
|
||
|
## Alternatively, you can put your pg_hba.conf under the files/ directory
|
||
|
# pghba: |-
|
||
|
# local all all trust
|
||
|
# host all all localhost trust
|
||
|
# host mydatabase mysuser 192.168.0.0/24 md5
|
||
|
#initdbscripts: |-
|
||
|
#!/bin/sh
|
||
|
#echo "helloworld"
|
||
|
## ConfigMap with PostgreSQL configuration
|
||
|
## NOTE: This will override postgresql.config and postgresql.pghba
|
||
|
# configMap:
|
||
|
|
||
|
##
|
||
|
## Init containers parameters:
|
||
|
## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup
|
||
|
##
|
||
|
volumePermissions:
|
||
|
enabled: true
|
||
|
image:
|
||
|
registry: docker.io
|
||
|
repository: debian
|
||
|
tag: buster-slim
|
||
|
## Specify a imagePullPolicy
|
||
|
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||
|
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
||
|
##
|
||
|
pullPolicy: Always
|
||
|
## Optionally specify an array of imagePullSecrets.
|
||
|
## Secrets must be manually created in the namespace.
|
||
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||
|
##
|
||
|
# pullSecrets:
|
||
|
# - myRegistryKeySecretName
|
||
|
## Init container Security Context
|
||
|
securityContext:
|
||
|
runAsUser: 0
|
||
|
|
||
|
## Pod Security Context
|
||
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
||
|
##
|
||
|
securityContext:
|
||
|
enabled: true
|
||
|
fsGroup: 1001
|
||
|
runAsUser: 1001
|
||
|
|
||
|
ldap:
|
||
|
enabled: false
|
||
|
pgldapconfig: |-
|
||
|
# Reference: https://github.com/larskanis/pg-ldap-sync/blob/master/config/sample-config.yaml
|
||
|
# Connection parameters to LDAP server
|
||
|
ldap_connection:
|
||
|
host: example.com
|
||
|
port: 389
|
||
|
auth:
|
||
|
method: :simple
|
||
|
username: cn=admin,dc=example,dc=com
|
||
|
password: -password-goes-here-
|
||
|
|
||
|
# Search parameters for LDAP users which should be synchronized
|
||
|
ldap_users:
|
||
|
base: OU=People,dc=example,dc=com
|
||
|
# LDAP filter (according to RFC 2254)
|
||
|
# defines to users in LDAP to be synchronized
|
||
|
filter: (&(objectClass=person)(objectClass=organizationalPerson)(givenName=*)(sn=*))
|
||
|
# this attribute is used as PG role name
|
||
|
name_attribute: sAMAccountName
|
||
|
# lowercase name for use as PG role name
|
||
|
lowercase_name: true
|
||
|
ldap_groups:
|
||
|
base: OU=people,dc=example,dc=com
|
||
|
filter: (|(cn=group1)(cn=group2)(cn=group3))
|
||
|
# this attribute is used as PG role name
|
||
|
name_attribute: cn
|
||
|
# this attribute must reference to all member DN's of the given group
|
||
|
member_attribute: member
|
||
|
# Connection parameters to PostgreSQL server
|
||
|
# see also: http://rubydoc.info/gems/pg/PG/Connection#initialize-instance_method
|
||
|
pg_connection:
|
||
|
host:
|
||
|
dbname: postgres # the db name is usually "postgres"
|
||
|
user: postgres # the user name is usually "postgres"
|
||
|
password: postgres # kubectl get secret --namespace fadi <pod_name> -o jsonpath="{.data.postgresql-password}" | base64 --decode
|
||
|
pg_users:
|
||
|
# Filter for identifying LDAP generated users in the database.
|
||
|
# It's the WHERE-condition to "SELECT rolname, oid FROM pg_roles"
|
||
|
filter: rolcanlogin AND NOT rolsuper
|
||
|
# Options for CREATE RULE statements
|
||
|
create_options: LOGIN
|
||
|
pg_groups:
|
||
|
# Filter for identifying LDAP generated groups in the database.
|
||
|
# It's the WHERE-condition to "SELECT rolname, oid FROM pg_roles"
|
||
|
filter: NOT rolcanlogin AND NOT rolsuper
|
||
|
# Options for CREATE RULE statements
|
||
|
create_options: NOLOGIN
|
||
|
grant_options:
|
||
|
|
||
|
cron:
|
||
|
schedule: "*/1 * * * *"
|
||
|
repo: ceticasbl/pg-ldap-sync
|
||
|
tag: latest
|
||
|
restartPolicy: Never
|
||
|
mountPath: /workspace
|
||
|
subPath: ""
|
||
|
|
||
|
## Enable persistence using Persistent Volume Claims
|
||
|
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
|
||
|
##
|
||
|
persistence:
|
||
|
enabled: true
|
||
|
mountPath: /var/lib/postgresql
|
||
|
subPath: ""
|
||
|
accessModes: [ReadWriteOnce]
|
||
|
## Storage Capacity for persistent volume
|
||
|
size: 10Gi
|
||
|
annotations: {}
|
||
|
existingClaim: nfs-postgres-claim
|
||
|
|
||
|
## Configure liveness and readiness probes
|
||
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
|
||
|
##
|
||
|
#readinessProbe:
|
||
|
# httpGet:
|
||
|
# path: /
|
||
|
# port: http
|
||
|
# initialDelaySeconds: 60
|
||
|
# periodSeconds: 15
|
||
|
# timeoutSeconds: 10
|
||
|
#livenessProbe:
|
||
|
# httpGet:
|
||
|
# path: /
|
||
|
# port: http
|
||
|
# initialDelaySeconds: 60
|
||
|
# periodSeconds: 30
|
||
|
# timeoutSeconds: 10
|
||
|
|
||
|
## Configure resource requests and limits
|
||
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
||
|
##
|
||
|
|
||
|
## initdb scripts
|
||
|
## Specify dictionary of scripts to be run at first boot
|
||
|
## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory
|
||
|
##
|
||
|
resources: {}
|
||
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
||
|
# choice for the user. This also increases chances charts run on environments with little
|
||
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||
|
# limits:
|
||
|
# cpu: 100m
|
||
|
# memory: 128Mi
|
||
|
# requests:
|
||
|
# cpu: 100m
|
||
|
# memory: 128Mi
|
||
|
|
||
|
nodeSelector: {}
|
||
|
tolerations: []
|
||
|
|