Public Information

charts/database/templates/component.tpl

@@ -0,0 +1,2 @@
+{{- include "nplus.init" $ -}}
+{{- include "nplus.component" . -}}

charts/database/templates/config.tpl

@@ -0,0 +1,16 @@
+{{- include "nplus.init" $ -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .component.fullName }}-config
+  {{- if .this.utils.includeNamespace }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  labels:
+    {{- include "nplus.instanceLabels" . | nindent 4 }}
+  annotations:
+    {{- include "nplus.argoWave" . | nindent 4 }}
+    {{- include "nplus.annotations" . | nindent 4 }}
+    {{- include "nplus.securityAnnotations" . | nindent 4 }}
+data:
+{{ (.Files.Glob "config/*").AsConfig | indent 2 }}

charts/database/templates/networkpolicy.tpl

@@ -0,0 +1,33 @@
+{{- include "nplus.init" $ -}}
+{{- if ((.this.security).cni).createNetworkPolicy }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ .component.fullName }}
+  {{- if .this.utils.includeNamespace }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  labels:
+    {{- include "nplus.instanceLabels" . | nindent 4 }}
+  annotations:
+    {{- include "nplus.argoWave" . | nindent 4 }}
+    {{- include "nplus.annotations" . | nindent 4 }}
+    {{- include "nplus.securityAnnotations" . | nindent 4 }}
+spec:
+  podSelector:
+    matchLabels:
+      {{- include "nplus.selectorLabels" . | nindent 6 }}
+  policyTypes:
+  - Ingress
+  ingress:
+  - from:
+    # Allow access from NAPPL Cores
+    - podSelector:
+        matchLabels:
+          nplus/group: {{ .instance.group }}
+          nplus/type: core
+    {{- if ((.this.security).cni).excludeUnusedPorts }}
+    ports:
+    {{- include "nplus.defaultPolicyPorts" . | nindent 4 }}
+    {{- end }}
+{{- end }}

charts/database/templates/pdb.tpl

@@ -0,0 +1,2 @@
+{{- include "nplus.init" $ -}}
+{{- include "nplus.podDisruptionBudget" . -}}

charts/database/templates/priorityClass.tpl

@@ -0,0 +1,2 @@
+{{- include "nplus.init" $ -}}
+{{- include "nplus.priorityClass" . }}

charts/database/templates/pvc.tpl

@@ -0,0 +1,2 @@
+{{- include "nplus.init" $ -}}
+{{- include "nplus.pvc" . }}

charts/database/templates/service.tpl

@@ -0,0 +1,28 @@
+{{- include "nplus.init" $ -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .component.fullName }}
+  {{- if .this.utils.includeNamespace }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  labels:
+    {{- include "nplus.instanceLabels" . | nindent 4 }}
+  annotations:
+    {{- include "nplus.argoWave" . | nindent 4 }}
+    {{- include "nplus.annotations" . | nindent 4 }}
+    {{- include "nplus.securityAnnotations" . | nindent 4 }}
+    {{- include "nplus.serviceAnnotations" . | nindent 4 }}
+spec:
+  ports:
+    {{- include "nplus.defaultServicePorts" . | nindent 4 }}
+   
+  selector:
+  {{- if eq .this.service.selector "component" }}
+    {{- include "nplus.selectorLabels" . | nindent 4 }}
+  {{- else if eq .this.service.selector "type" }}
+    {{- include "nplus.selectorLabelsNc" . | nindent 4 }}
+  {{- else }}
+    {{- fail (printf "Unknown Service Selector Type: %s - must be component or type" .this.service.selector) }}
+  {{- end }}
+

charts/database/templates/statefulset.tpl

@@ -0,0 +1,119 @@
+{{- include "nplus.init" $ -}}
+# Component: {{ .component.chartName }}
+#
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ .component.fullName }}
+  {{- if .this.utils.includeNamespace }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  labels:
+    {{- include "nplus.instanceLabels" . | nindent 4 }}
+  annotations:
+    {{- include "nplus.argoWave" . | nindent 4 }}
+    {{- include "nplus.annotations" . | nindent 4 }}
+    {{- include "nplus.securityAnnotations" . | nindent 4 }}
+spec:
+  serviceName: {{ .component.fullName }}
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "nplus.selectorLabels" . | nindent 6 }}
+  podManagementPolicy: OrderedReady
+  updateStrategy:
+      type: OnDelete
+  minReadySeconds: 10
+
+  template:
+    metadata:
+      labels:
+        {{- include "nplus.templateLabels" . | nindent 8 }}
+      annotations:
+        {{- include "nplus.templateAnnotations" . | nindent 8 }}
+        {{- include "nplus.securityAnnotations" . | nindent 8 }}
+    spec:
+      {{- include "nplus.priorityClassName" . | nindent 6 }}
+      {{- include "nplus.securityIllumioReadinessGates" . | nindent 6 }}
+      {{- include "nplus.podSecurityContext" . | nindent 6 }}
+      {{- include "nplus.templateAffinity" . | nindent 6 }}
+      {{- include "nplus.imagePullSecrets" . | nindent 6 }}
+      {{- include "nplus.terminationGracePeriodSeconds" . | nindent 6 }}
+
+      initContainers:
+      {{- include "nplus.copyConfig" . | nindent 6 }}
+
+      containers:
+      - name: postgres
+        image: {{ include "nplus.image" (dict "global" .Values.global "image" .Values.image) }}
+        imagePullPolicy: {{ include "nplus.imagePullPolicy" .Values.image }}
+        {{- include "nplus.containerSecurityContext" . | nindent 8 }}
+        {{- include "nplus.resources" . | nindent 8 }}
+          
+        env:
+
+        # -- POSTGRES Admin Credentials
+          {{- include "nplus.envCredentials" (list
+            "POSTGRES_USERNAME"   ($.this.dbAdmin).account
+            "POSTGRES_PASSWORD"   ($.this.dbAdmin).password
+                                  ($.this.dbAdmin).secret
+          ) | nindent 10 }}
+
+        # -- NAPPL Postgres Connection Credentials
+          {{- include "nplus.envCredentials" (list
+            "NSCALE_USERNAME"   ($.this.database).account
+            "NSCALE_PASSWORD"   ($.this.database).password
+                                ($.this.database).secret
+          ) | nindent 10 }}
+
+          - name: NSCALE_DATABASE
+            value: {{ (.this.database).name }}
+
+        {{- include "nplus.environment" . | nindent 8 }}
+
+        ports:
+        {{- include "nplus.defaultContainerPorts" . | nindent 8 }}
+
+        {{- if .this.utils.maintenance }}
+          {{- include "nplus.idle" . | nindent 8 }}
+        {{- else }}
+        startupProbe:
+          initialDelaySeconds: 10
+          failureThreshold: 12
+          periodSeconds: 10
+          timeoutSeconds: 5
+          exec:
+            command:
+            - sh
+            - -c
+            - exec pg_isready -U "postgres" -h 127.0.0.1 -p {{ required "Postgres Port must be set" ((.this.meta).ports).tcp }}
+        livenessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - exec pg_isready -U "postgres" -h 127.0.0.1 -p {{ required "Postgres Port must be set" ((.this.meta).ports).tcp }}
+          periodSeconds: 30
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 6
+        readinessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - |
+              pg_isready -U "postgres" -h 127.0.0.1 -p 5432 -t 1
+              [ -f /opt/bitnami/postgresql/tmp/.initialized ]
+        {{- end }}
+        volumeMounts:
+        # Postgres requires this directory to be **completely** empty,
+        # so also no lost&found directory.
+        {{- include "nplus.defaultMounts" . | nindent 8 }}
+        - name: custom-init-scripts
+          mountPath: /docker-entrypoint-initdb.d/
+      volumes:
+      - name: custom-init-scripts
+        configMap:
+          name: {{ .component.fullName }}-config
+      {{- include "nplus.defaultVolumes" . | nindent 6 }}