chore: Use bitnami instead of stock postgresql container (#960)
* chore: Setup all apps to use bitnami instead of stock postgresql container * Actually don't bump major as there is no breaking change (as people using it will default to the migration initscript)
This commit is contained in:
Kjeld Schouten-Lebbing
GitHub
parent
9e02fb55a6
commit
238e2bc0c6
|
|
@ -9,24 +9,33 @@ image:
|
|||
tag: v5.2.0@sha256:8fc7bb87b77d76d929bcd36403d4f27878fa3e99f5448fb05ed64829078665a4
|
||||
|
||||
postgresqlImage:
|
||||
repository: postgres
|
||||
repository: bitnami/postgresql
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 13.4-alpine@sha256:a70babcd0e8f86272c35d6efcf8070c597c1f31b3d19727eece213a09929dd55
|
||||
tag: 13.4.0@sha256:7fff0f7e827cd8e1daa3adbf0ca3f19e21006023c0f6d1c2d835718961516a87
|
||||
|
||||
initContainers:
|
||||
- name: init-postgresdb
|
||||
image: "{{ .Values.postgresqlImage.repository}}:{{ .Values.postgresqlImage.tag }}"
|
||||
migrate-db:
|
||||
image: "{{ .Values.alpineImage.repository}}:{{ .Values.alpineImage.tag }}"
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
privileged: true
|
||||
allowPrivilegeEscalation: true
|
||||
runAsNonRoot: false
|
||||
command:
|
||||
- "sh"
|
||||
- "-c"
|
||||
- "until pg_isready -U sogo -h ${pghost} ; do sleep 2 ; done"
|
||||
- /bin/sh
|
||||
- -cx
|
||||
- |
|
||||
echo 'trying to migrate old db to new location...'
|
||||
mkdir -p /bitnami/postgresql/data
|
||||
mv -f /bitnami/postgresql/old/* /bitnami/postgresql/data/ || true
|
||||
chown -R {{ .Values.podSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} /bitnami/postgresql/data
|
||||
chmod 775 /bitnami/postgresql/data
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: pghost
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dbcreds
|
||||
key: plainhost
|
||||
volumeMounts:
|
||||
- name: db
|
||||
mountPath: /bitnami/postgresql/old
|
||||
- name: data
|
||||
mountPath: /bitnami/postgresql
|
||||
|
||||
|
||||
# Enabled postgres
|
||||
|
|
|
|||
|
|
@ -5,9 +5,9 @@ image:
|
|||
tag: v5.2.0@sha256:8fc7bb87b77d76d929bcd36403d4f27878fa3e99f5448fb05ed64829078665a4
|
||||
|
||||
postgresqlImage:
|
||||
repository: postgres
|
||||
repository: bitnami/postgresql
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 13.4-alpine@sha256:a70babcd0e8f86272c35d6efcf8070c597c1f31b3d19727eece213a09929dd55
|
||||
tag: 13.4.0@sha256:7fff0f7e827cd8e1daa3adbf0ca3f19e21006023c0f6d1c2d835718961516a87
|
||||
|
||||
# -- services
|
||||
service:
|
||||
|
|
|
|||
|
|
@ -10,9 +10,9 @@ image:
|
|||
tag: "4.30.4"@sha256:42
|
||||
|
||||
postgresqlImage:
|
||||
repository: postgres
|
||||
repository: bitnami/postgresql
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 13.4-alpine@sha256:42
|
||||
tag: 13.4.0@sha256:7fff0f7e827cd8e1daa3adbf0ca3f19e21006023c0f6d1c2d835718961516a87
|
||||
|
||||
|
||||
enableServiceLinks: false
|
||||
|
|
|
|||
|
|
@ -19,9 +19,9 @@ podSecurityContext:
|
|||
fsGroupChangePolicy: "OnRootMismatch"
|
||||
|
||||
postgresqlImage:
|
||||
repository: docker.io/postgres
|
||||
repository: bitnami/postgresql
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 13.4-alpine@sha256:a70babcd0e8f86272c35d6efcf8070c597c1f31b3d19727eece213a09929dd55
|
||||
tag: 13.4.0@sha256:7fff0f7e827cd8e1daa3adbf0ca3f19e21006023c0f6d1c2d835718961516a87
|
||||
|
||||
command: ["authelia"]
|
||||
args: ["--config=/configuration.yaml"]
|
||||
|
|
|
|||
|
|
@ -11,9 +11,9 @@ image:
|
|||
|
||||
|
||||
postgresqlImage:
|
||||
repository: postgres
|
||||
repository: bitnami/postgresql
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 13.4-alpine@sha256:a70babcd0e8f86272c35d6efcf8070c597c1f31b3d19727eece213a09929dd55
|
||||
tag: 13.4.0@sha256:7fff0f7e827cd8e1daa3adbf0ca3f19e21006023c0f6d1c2d835718961516a87
|
||||
|
||||
initContainers:
|
||||
init-postgresdb:
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@ image:
|
|||
|
||||
|
||||
postgresqlImage:
|
||||
repository: postgres
|
||||
repository: bitnami/postgresql
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 13.4-alpine@sha256:a70babcd0e8f86272c35d6efcf8070c597c1f31b3d19727eece213a09929dd55
|
||||
tag: 13.4.0@sha256:7fff0f7e827cd8e1daa3adbf0ca3f19e21006023c0f6d1c2d835718961516a87
|
||||
|
||||
securityContext:
|
||||
privileged: false
|
||||
|
|
|
|||
|
|
@ -10,9 +10,9 @@ image:
|
|||
tag: 22.1.1@sha256:99d94124b2024c9f7f38dc12144a92bc0d68d110bcfd374169ebb7e8df0adf8e
|
||||
|
||||
postgresqlImage:
|
||||
repository: postgres
|
||||
repository: bitnami/postgresql
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 13.4-alpine@sha256:a70babcd0e8f86272c35d6efcf8070c597c1f31b3d19727eece213a09929dd55
|
||||
tag: 13.4.0@sha256:7fff0f7e827cd8e1daa3adbf0ca3f19e21006023c0f6d1c2d835718961516a87
|
||||
|
||||
strategy:
|
||||
type: Recreate
|
||||
|
|
|
|||
|
|
@ -13,10 +13,9 @@ podSecurityContext:
|
|||
fsGroupChangePolicy: "OnRootMismatch"
|
||||
|
||||
postgresqlImage:
|
||||
repository: docker.io/postgres
|
||||
repository: bitnami/postgresql
|
||||
pullPolicy: IfNotPresent
|
||||
tag: "13.1"@sha256:42
|
||||
|
||||
tag: 13.4.0@sha256:7fff0f7e827cd8e1daa3adbf0ca3f19e21006023c0f6d1c2d835718961516a87
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ appVersion: "13.4"
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org/
|
||||
version: 7.0.0
|
||||
version: 7.0.2
|
||||
deprecated: false
|
||||
description: PostgresSQL
|
||||
home: https://github.com/truecharts/apps/tree/master/stable/postgres
|
||||
|
|
@ -25,4 +25,4 @@ name: postgresql
|
|||
sources:
|
||||
- https://www.postgresql.org/
|
||||
type: application
|
||||
version: 2.0.0
|
||||
version: 2.1.0
|
||||
|
|
|
|||
|
|
@ -5,11 +5,39 @@
|
|||
##
|
||||
|
||||
image:
|
||||
repository: docker.io/postgres
|
||||
repository: bitnami/postgresql
|
||||
pullPolicy: IfNotPresent
|
||||
tag: "13.4"@sha256:42
|
||||
tag: 13.4.0@sha256:7fff0f7e827cd8e1daa3adbf0ca3f19e21006023c0f6d1c2d835718961516a87
|
||||
|
||||
|
||||
initContainers:
|
||||
migrate-db:
|
||||
image: "{{ .Values.alpineImage.repository}}:{{ .Values.alpineImage.tag }}"
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
privileged: true
|
||||
allowPrivilegeEscalation: true
|
||||
runAsNonRoot: false
|
||||
command:
|
||||
- /bin/sh
|
||||
- -cx
|
||||
- |
|
||||
echo 'trying to migrate old db to new location...'
|
||||
chown -R {{ .Values.podSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} /bitnami/postgresql/data /bitnami/postgresql/old
|
||||
chmod 775 /bitnami/postgresql/data/ bitnami/postgresql/data /bitnami/postgresql/old
|
||||
mkdir -p /bitnami/postgresql/data
|
||||
mkdir -p /bitnami/postgresql/conf
|
||||
mv -f /bitnami/postgresql/old/* /bitnami/postgresql/data/ || true
|
||||
mv -f /bitnami/postgresql/data/pg_hba.conf /bitnami/postgresql/conf/pg_hba.conf || true
|
||||
chown -R {{ .Values.podSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} /bitnami/postgresql/data
|
||||
chmod 775 /bitnami/postgresql/data
|
||||
imagePullPolicy: IfNotPresent
|
||||
volumeMounts:
|
||||
- name: db
|
||||
mountPath: /bitnami/postgresql/old
|
||||
- name: data
|
||||
mountPath: /bitnami/postgresql
|
||||
|
||||
envValueFrom:
|
||||
POSTGRES_PASSWORD:
|
||||
secretKeyRef:
|
||||
|
|
|
|||
|
|
@ -457,7 +457,118 @@ questions:
|
|||
type: dict
|
||||
attrs:
|
||||
- variable: db
|
||||
label: "App db Storage"
|
||||
label: "Old db Storage"
|
||||
description: "Stores the old Application Database."
|
||||
schema:
|
||||
type: dict
|
||||
hidden: true
|
||||
attrs:
|
||||
- variable: enabled
|
||||
label: "Enable the storage"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: type
|
||||
label: "(Advanced) Type of Storage"
|
||||
description: "Sets the persistence type"
|
||||
schema:
|
||||
type: string
|
||||
default: "pvc"
|
||||
enum:
|
||||
- value: "pvc"
|
||||
description: "pvc"
|
||||
- value: "emptyDir"
|
||||
description: "emptyDir"
|
||||
- value: "hostPath"
|
||||
description: "hostPath"
|
||||
- variable: storageClass
|
||||
label: "(Advanced) storageClass"
|
||||
description: " Warning: Anything other than SCALE-ZFS will break rollback!"
|
||||
schema:
|
||||
show_if: [["type", "=", "pvc"]]
|
||||
type: string
|
||||
default: "SCALE-ZFS"
|
||||
- variable: setPermissions
|
||||
label: "Automatic Permissions"
|
||||
description: "Automatically set permissions on install"
|
||||
schema:
|
||||
show_if: [["type", "=", "hostPath"]]
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: readOnly
|
||||
label: "readOnly"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: hostPath
|
||||
label: "hostPath"
|
||||
description: "Path inside the container the storage is mounted"
|
||||
schema:
|
||||
show_if: [["type", "=", "hostPath"]]
|
||||
type: hostpath
|
||||
- variable: hostPathType
|
||||
label: "hostPath Type"
|
||||
schema:
|
||||
show_if: [["type", "=", "hostPath"]]
|
||||
type: string
|
||||
default: ""
|
||||
enum:
|
||||
- value: ""
|
||||
description: "Default"
|
||||
- value: "DirectoryOrCreate"
|
||||
description: "DirectoryOrCreate"
|
||||
- value: "Directory"
|
||||
description: "Directory"
|
||||
- value: "FileOrCreate"
|
||||
description: "FileOrCreate"
|
||||
- value: "File"
|
||||
description: "File"
|
||||
- value: "Socket"
|
||||
description: "Socket"
|
||||
- value: "CharDevice"
|
||||
description: "CharDevice"
|
||||
- value: "BlockDevice"
|
||||
description: "BlockDevice"
|
||||
- variable: mountPath
|
||||
label: "mountPath"
|
||||
description: "Path inside the container the storage is mounted"
|
||||
schema:
|
||||
type: string
|
||||
default: "/var/lib/postgresql/data"
|
||||
hidden: true
|
||||
- variable: medium
|
||||
label: "EmptyDir Medium"
|
||||
schema:
|
||||
show_if: [["type", "=", "emptyDir"]]
|
||||
type: string
|
||||
default: ""
|
||||
enum:
|
||||
- value: ""
|
||||
description: "Default"
|
||||
- value: "Memory"
|
||||
description: "Memory"
|
||||
- variable: accessMode
|
||||
label: "Access Mode (Advanced)"
|
||||
description: "Allow or disallow multiple PVC's writhing to the same PV"
|
||||
schema:
|
||||
show_if: [["type", "=", "pvc"]]
|
||||
type: string
|
||||
default: "ReadWriteOnce"
|
||||
enum:
|
||||
- value: "ReadWriteOnce"
|
||||
description: "ReadWriteOnce"
|
||||
- value: "ReadOnlyMany"
|
||||
description: "ReadOnlyMany"
|
||||
- value: "ReadWriteMany"
|
||||
description: "ReadWriteMany"
|
||||
- variable: size
|
||||
label: "Size quotum of storage"
|
||||
schema:
|
||||
show_if: [["type", "=", "pvc"]]
|
||||
type: string
|
||||
default: "100Gi"
|
||||
- variable: data
|
||||
label: "App data Storage"
|
||||
description: "Stores the Application Database."
|
||||
schema:
|
||||
type: dict
|
||||
|
|
@ -533,7 +644,7 @@ questions:
|
|||
description: "Path inside the container the storage is mounted"
|
||||
schema:
|
||||
type: string
|
||||
default: "/var/lib/postgresql/data"
|
||||
default: "/bitnami/postgresql"
|
||||
hidden: true
|
||||
- variable: medium
|
||||
label: "EmptyDir Medium"
|
||||
|
|
@ -993,6 +1104,51 @@ questions:
|
|||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
- variable: podSecurityContext
|
||||
group: "Security and Permissions"
|
||||
label: "Pod Security Context"
|
||||
schema:
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: runAsUser
|
||||
label: "runAsUser"
|
||||
description: "The UserID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: The groupID this App of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: fsGroup
|
||||
label: "fsGroup"
|
||||
description: "The group that should own ALL storage."
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
- variable: supplementalGroups
|
||||
label: "supplemental Groups"
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: supplementalGroupsEntry
|
||||
label: "supplemental Group"
|
||||
schema:
|
||||
type: int
|
||||
- variable: fsGroupChangePolicy
|
||||
label: "When should we take ownership?"
|
||||
schema:
|
||||
type: string
|
||||
default: "OnRootMismatch"
|
||||
enum:
|
||||
- value: "OnRootMismatch"
|
||||
description: "OnRootMismatch"
|
||||
- value: "Always"
|
||||
description: "Always"
|
||||
- variable: resources
|
||||
group: "Resources and Devices"
|
||||
label: ""
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
image:
|
||||
repository: docker.io/postgres
|
||||
repository: bitnami/postgresql
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 13.4@sha256:97e5e91582e89514277912d4b7c95bceabdede3482e32395bcb40099abd9c506
|
||||
tag: 13.4.0@sha256:7fff0f7e827cd8e1daa3adbf0ca3f19e21006023c0f6d1c2d835718961516a87
|
||||
|
||||
|
||||
service:
|
||||
|
|
@ -14,19 +14,63 @@ service:
|
|||
## TODO: Fix the backup-on-upgrade system
|
||||
enableUpgradeBackup: false
|
||||
|
||||
initContainers:
|
||||
migrate-db:
|
||||
image: "{{ .Values.alpineImage.repository}}:{{ .Values.alpineImage.tag }}"
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
privileged: true
|
||||
allowPrivilegeEscalation: true
|
||||
runAsNonRoot: false
|
||||
command:
|
||||
- /bin/sh
|
||||
- -cx
|
||||
- |
|
||||
echo 'trying to migrate old db to new location...'
|
||||
mkdir -p /bitnami/postgresql/data
|
||||
mv -f /bitnami/postgresql/old/* /bitnami/postgresql/data/ || true
|
||||
chown -R {{ .Values.podSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} /bitnami/postgresql/data
|
||||
chmod 775 /bitnami/postgresql/data
|
||||
imagePullPolicy: IfNotPresent
|
||||
volumeMounts:
|
||||
- name: db
|
||||
mountPath: /bitnami/postgresql/old
|
||||
- name: data
|
||||
mountPath: /bitnami/postgresql
|
||||
|
||||
|
||||
securityContext:
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
allowPrivilegeEscalation: true
|
||||
runAsNonRoot: false
|
||||
|
||||
podSecurityContext:
|
||||
runAsUser: 568
|
||||
runAsGroup: 0
|
||||
fsGroup: 568
|
||||
supplementalGroups: []
|
||||
fsGroupChangePolicy: "OnRootMismatch"
|
||||
|
||||
persistence:
|
||||
db:
|
||||
enabled: true
|
||||
mountPath: "/var/lib/postgresql/data"
|
||||
mountPath: "/bitnami/postgresql/old"
|
||||
type: pvc
|
||||
accessMode: ReadWriteOnce
|
||||
size: "100Gi"
|
||||
size: "999Gi"
|
||||
data:
|
||||
enabled: true
|
||||
mountPath: "/bitnami/postgresql"
|
||||
type: pvc
|
||||
accessMode: ReadWriteOnce
|
||||
size: "999Gi"
|
||||
dbbackups:
|
||||
enabled: true
|
||||
mountPath: "/dbbackups"
|
||||
type: pvc
|
||||
accessMode: ReadWriteOnce
|
||||
size: "100Gi"
|
||||
size: "999Gi"
|
||||
|
||||
postgresqlPassword: "testpass"
|
||||
postgresqlUsername: "test"
|
||||
|
|
|
|||
|
|
@ -10,9 +10,9 @@ image:
|
|||
tag: v1.22.2@sha256:8693c057298731f507128a395395172d60093be9b299f6bf9e5c35512a74d457
|
||||
|
||||
postgresqlImage:
|
||||
repository: postgres
|
||||
repository: bitnami/postgresql
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 13.4-alpine@sha256:a70babcd0e8f86272c35d6efcf8070c597c1f31b3d19727eece213a09929dd55
|
||||
tag: 13.4.0@sha256:7fff0f7e827cd8e1daa3adbf0ca3f19e21006023c0f6d1c2d835718961516a87
|
||||
|
||||
|
||||
envTpl:
|
||||
|
|
|
|||
|
|
@ -19,9 +19,9 @@ podSecurityContext:
|
|||
fsGroupChangePolicy: "OnRootMismatch"
|
||||
|
||||
postgresqlImage:
|
||||
repository: postgres
|
||||
repository: bitnami/postgresql
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 13.4-alpine@sha256:a70babcd0e8f86272c35d6efcf8070c597c1f31b3d19727eece213a09929dd55
|
||||
tag: 13.4.0@sha256:7fff0f7e827cd8e1daa3adbf0ca3f19e21006023c0f6d1c2d835718961516a87
|
||||
|
||||
|
||||
service:
|
||||
|
|
|
|||
Loading…
Reference in New Issue