fix: use statefulset template from mission control chart

flanksource · Feb 20, 2025 · 9c205f8 · 9c205f8
1 parent 3f3befb
commit 9c205f8
Show file tree

Hide file tree

Showing 4 changed files with 134 additions and 11 deletions.
diff --git a/chart/Makefile b/chart/Makefile
@@ -8,16 +8,13 @@ $(LOCALBIN):
 values.schema.json: .bin/helm-schema
 	.bin/helm-schema -r -f values.yaml
 
-
 .PHONY: chart
 chart: values.schema.deref.json  README.md
 
-
 .PHONY: README.md
 README.md: .bin/helm-docs
 	.bin/helm-docs   -t README.md.tpl
 
-
 .bin/helm-docs:
 	test -s $(LOCALBIN)/helm-docs  || \
 	GOBIN=$(LOCALBIN) go install github.com/norwoodj/helm-docs/cmd/helm-docs@latest
@@ -31,7 +28,6 @@ values.schema.deref.json: values.schema.json
 	npm i @apidevtools/json-schema-ref-parser
 	npx @digitak/esrun  deref.ts | jq > values.schema.deref.json
 
-
 .PHONY: lint
 lint: chart
 	ct lint --charts .
diff --git a/chart/templates/postgres-statefulset.yaml b/chart/templates/postgres-statefulset.yaml
@@ -18,13 +18,55 @@ spec:
         app: postgresql
         {{- include "postgresql.selectorLabels" . | nindent 8 }}
     spec:
+      volumes:
+        - name: dshm
+          emptyDir:
+            medium: Memory
+            sizeLimit: "{{- .Values.db.external.shmVolume }}"
+        - name: logs
+          emptyDir: {}
+      initContainers:
+        - image: busybox
+          name: postgres-perms
+          command:
+            - sh
+            - -c
+            - mkdir -p /postgres && chmod -R 0750 /postgres && chown 999:999 -R /postgres && chmod -R 777 /dev/shm
+          volumeMounts:
+            - mountPath: /postgres
+              name: postgresql
+            - name: dshm
+              mountPath: /dev/shm
       containers:
       - name: postgresql
         image: {{ include "canary-checker.postgres.imageString" . }}
+        command:
+          - /usr/local/bin/docker-entrypoint.sh
+          - -D
+          - /var/lib/postgresql/data
+          - --config-file=/etc/postgresql/postgresql.conf
+          {{- range $k, $v := .Values.db.external.conf }}
+          - '--{{ $k }}={{ $v }}'
+          {{- end }}
+        resources:
+            {{- toYaml .Values.db.external.resources | nindent 12 }}
+        env:
+          - name: PGDATA
+            value: /var/lib/postgresql/data
         volumeMounts:
           - mountPath: /var/lib/postgresql/data
             name: postgresql
             subPath: postgres
+          - name: dshm
+            mountPath: /dev/shm
+          - name: logs
+            mountPath: /var/log/postgresql
+        startupProbe:
+          initialDelaySeconds: 15
+          exec:
+            command:
+            - /post-startup.sh
+
         envFrom:
           - secretRef:
               name: {{ .Values.db.external.secretKeyRef.name }}

diff --git a/chart/values.schema.json b/chart/values.schema.json
@@ -73,6 +73,12 @@
         "external": {
           "additionalProperties": false,
           "properties": {
+            "conf": {
+              "additionalProperties": true,
+              "required": [],
+              "title": "conf",
+              "type": "object"
+            },
             "create": {
               "default": false,
               "description": "Setting create to true will create a postgres stateful set for config-db to connect to.\nIf create=true, the secretKeyRef will be created by helm with the specified name and key\n  Optionally populate a secret named 'postgres-connection' before install with `POSTGRES_USER` and `POSTGRES_PASSWORD` to set the created username and password, otherwise a random password will be created for a 'postgres' user\nIf false and an existing connection must be specified under secretKeyRef\nIf create=false, a prexisting secret containing the URI to an existing postgres database must be provided\n  The URI must be in the format `postgresql://$user:$password@$host/$database`",
@@ -87,6 +93,31 @@
               "title": "enabled",
               "type": "boolean"
             },
+            "resources": {
+              "additionalProperties": false,
+              "properties": {
+                "requests": {
+                  "additionalProperties": false,
+                  "properties": {
+                    "memory": {
+                      "default": "2Gi",
+                      "required": [],
+                      "title": "memory",
+                      "type": "string"
+                    }
+                  },
+                  "required": [
+                    "memory"
+                  ],
+                  "title": "requests",
+                  "type": "object"
+                }
+              },
+              "required": [
+                "requests"
+              ],
+              "title": "resources"
+            },
             "secretKeyRef": {
               "additionalProperties": false,
               "properties": {
@@ -111,6 +142,11 @@
               "title": "secretKeyRef",
               "type": "object"
             },
+            "shmVolume": {
+              "default": "256Mi",
+              "required": [],
+              "title": "shmVolume"
+            },
             "storage": {
               "default": "20Gi",
               "required": [],
@@ -490,6 +526,13 @@
               "title": "configmaps",
               "type": "boolean"
             },
+            "deploymentCreateAndDelete": {
+              "default": true,
+              "description": "for deployment canary",
+              "required": [],
+              "title": "deploymentCreateAndDelete",
+              "type": "boolean"
+            },
             "enabled": {
               "default": true,
               "description": "\nInstall (Cluster)Role and RoleBinding for the ServiceAccount",
@@ -527,13 +570,6 @@
               "title": "namespaceCreateAndDelete",
               "type": "boolean"
             },
-            "deploymentCreateAndDelete": {
-              "default": true,
-              "description": "for deployment canary",
-              "required": [],
-              "title": "deploymentCreateAndDelete",
-              "type": "boolean"
-            },
             "podsCreateAndDelete": {
               "default": true,
               "description": "for pod and junit canaries",

diff --git a/chart/values.yaml b/chart/values.yaml
@@ -218,6 +218,55 @@ db:
     storageClass: ""
     storage: 20Gi
 
+    # @schema
+    # type: object
+    # required: false
+    # additionalProperties: true
+    # properties: {}
+    # @schema
+    conf:
+      max_connections: 50
+      shared_buffers: 1GB
+      effective_cache_size: 3GB
+      maintenance_work_mem: 256MB
+      wal_buffers: 16MB
+      effective_io_concurrency: 200
+      work_mem: 10MB
+      max_wal_size: 4GB
+      log_autovacuum_min_duration: 0
+      log_connections: on
+      log_destination: "stderr"
+      log_directory: "/var/log/postgresql"
+      log_file_mode: 0644
+      log_filename: "postgresql-%d.log"
+      log_line_prefix: "%m [%p] %q[user=%u,db=%d,app=%a] "
+      log_lock_waits: on
+      log_min_duration_statement: "1s"
+      log_rotation_age: "1d"
+      log_rotation_size: "100MB"
+      log_truncate_on_rotation: on
+      log_statement: "all"
+      log_temp_files: 0
+      log_timezone: "UTC"
+      logging_collector: on
+      ssl: off
+      timezone: "UTC"
+      password_encryption: scram-sha-256
+      db_user_namespace: off
+      extra_float_digits: 0
+
+    # @schema
+    # required: false
+    # @schema
+    shmVolume: 256Mi
+
+    # @schema
+    # required: false
+    # @schema
+    resources:
+      requests:
+        memory: 2Gi
+
 # @schema
 # required: false
 # @schema