[ { "path": ".github/ISSUE_TEMPLATE/issue.md", "content": "---\nname: Open an Issue for PGO Examples\nabout: Open an issue specific to the \"postgres-operator-examples\" repository. For all other issues please visit https://github.com/CrunchyData/postgres-operator\n---\n\nPlease report any bugs or feature requests specific to the PGO Examples that are in this repository. This includes anything around the examples for Kustomize and Helm.\n\nFor any bugs or feature request related to PGO itself, please visit https://github.com/CrunchyData/postgres-operator\n" }, { "path": "LICENSE.md", "content": " Apache License\n Version 2.0, January 2004\n http://www.apache.org/licenses/\n\n TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n 1. Definitions.\n\n \"License\" shall mean the terms and conditions for use, reproduction,\n and distribution as defined by Sections 1 through 9 of this document.\n\n \"Licensor\" shall mean the copyright owner or entity authorized by\n the copyright owner that is granting the License.\n\n \"Legal Entity\" shall mean the union of the acting entity and all\n other entities that control, are controlled by, or are under common\n control with that entity. For the purposes of this definition,\n \"control\" means (i) the power, direct or indirect, to cause the\n direction or management of such entity, whether by contract or\n otherwise, or (ii) ownership of fifty percent (50%) or more of the\n outstanding shares, or (iii) beneficial ownership of such entity.\n\n \"You\" (or \"Your\") shall mean an individual or Legal Entity\n exercising permissions granted by this License.\n\n \"Source\" form shall mean the preferred form for making modifications,\n including but not limited to software source code, documentation\n source, and configuration files.\n\n \"Object\" form shall mean any form resulting from mechanical\n transformation or translation of a Source form, including but\n not limited to compiled object code, generated documentation,\n and conversions to other media types.\n\n \"Work\" shall mean the work of authorship, whether in Source or\n Object form, made available under the License, as indicated by a\n copyright notice that is included in or attached to the work\n (an example is provided in the Appendix below).\n\n \"Derivative Works\" shall mean any work, whether in Source or Object\n form, that is based on (or derived from) the Work and for which the\n editorial revisions, annotations, elaborations, or other modifications\n represent, as a whole, an original work of authorship. For the purposes\n of this License, Derivative Works shall not include works that remain\n separable from, or merely link (or bind by name) to the interfaces of,\n the Work and Derivative Works thereof.\n\n \"Contribution\" shall mean any work of authorship, including\n the original version of the Work and any modifications or additions\n to that Work or Derivative Works thereof, that is intentionally\n submitted to Licensor for inclusion in the Work by the copyright owner\n or by an individual or Legal Entity authorized to submit on behalf of\n the copyright owner. For the purposes of this definition, \"submitted\"\n means any form of electronic, verbal, or written communication sent\n to the Licensor or its representatives, including but not limited to\n communication on electronic mailing lists, source code control systems,\n and issue tracking systems that are managed by, or on behalf of, the\n Licensor for the purpose of discussing and improving the Work, but\n excluding communication that is conspicuously marked or otherwise\n designated in writing by the copyright owner as \"Not a Contribution.\"\n\n \"Contributor\" shall mean Licensor and any individual or Legal Entity\n on behalf of whom a Contribution has been received by Licensor and\n subsequently incorporated within the Work.\n\n 2. Grant of Copyright License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n copyright license to reproduce, prepare Derivative Works of,\n publicly display, publicly perform, sublicense, and distribute the\n Work and such Derivative Works in Source or Object form.\n\n 3. Grant of Patent License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n (except as stated in this section) patent license to make, have made,\n use, offer to sell, sell, import, and otherwise transfer the Work,\n where such license applies only to those patent claims licensable\n by such Contributor that are necessarily infringed by their\n Contribution(s) alone or by combination of their Contribution(s)\n with the Work to which such Contribution(s) was submitted. If You\n institute patent litigation against any entity (including a\n cross-claim or counterclaim in a lawsuit) alleging that the Work\n or a Contribution incorporated within the Work constitutes direct\n or contributory patent infringement, then any patent licenses\n granted to You under this License for that Work shall terminate\n as of the date such litigation is filed.\n\n 4. Redistribution. You may reproduce and distribute copies of the\n Work or Derivative Works thereof in any medium, with or without\n modifications, and in Source or Object form, provided that You\n meet the following conditions:\n\n (a) You must give any other recipients of the Work or\n Derivative Works a copy of this License; and\n\n (b) You must cause any modified files to carry prominent notices\n stating that You changed the files; and\n\n (c) You must retain, in the Source form of any Derivative Works\n that You distribute, all copyright, patent, trademark, and\n attribution notices from the Source form of the Work,\n excluding those notices that do not pertain to any part of\n the Derivative Works; and\n\n (d) If the Work includes a \"NOTICE\" text file as part of its\n distribution, then any Derivative Works that You distribute must\n include a readable copy of the attribution notices contained\n within such NOTICE file, excluding those notices that do not\n pertain to any part of the Derivative Works, in at least one\n of the following places: within a NOTICE text file distributed\n as part of the Derivative Works; within the Source form or\n documentation, if provided along with the Derivative Works; or,\n within a display generated by the Derivative Works, if and\n wherever such third-party notices normally appear. The contents\n of the NOTICE file are for informational purposes only and\n do not modify the License. You may add Your own attribution\n notices within Derivative Works that You distribute, alongside\n or as an addendum to the NOTICE text from the Work, provided\n that such additional attribution notices cannot be construed\n as modifying the License.\n\n You may add Your own copyright statement to Your modifications and\n may provide additional or different license terms and conditions\n for use, reproduction, or distribution of Your modifications, or\n for any such Derivative Works as a whole, provided Your use,\n reproduction, and distribution of the Work otherwise complies with\n the conditions stated in this License.\n\n 5. Submission of Contributions. Unless You explicitly state otherwise,\n any Contribution intentionally submitted for inclusion in the Work\n by You to the Licensor shall be under the terms and conditions of\n this License, without any additional terms or conditions.\n Notwithstanding the above, nothing herein shall supersede or modify\n the terms of any separate license agreement you may have executed\n with Licensor regarding such Contributions.\n\n 6. Trademarks. This License does not grant permission to use the trade\n names, trademarks, service marks, or product names of the Licensor,\n except as required for reasonable and customary use in describing the\n origin of the Work and reproducing the content of the NOTICE file.\n\n 7. Disclaimer of Warranty. Unless required by applicable law or\n agreed to in writing, Licensor provides the Work (and each\n Contributor provides its Contributions) on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n implied, including, without limitation, any warranties or conditions\n of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n PARTICULAR PURPOSE. You are solely responsible for determining the\n appropriateness of using or redistributing the Work and assume any\n risks associated with Your exercise of permissions under this License.\n\n 8. Limitation of Liability. In no event and under no legal theory,\n whether in tort (including negligence), contract, or otherwise,\n unless required by applicable law (such as deliberate and grossly\n negligent acts) or agreed to in writing, shall any Contributor be\n liable to You for damages, including any direct, indirect, special,\n incidental, or consequential damages of any character arising as a\n result of this License or out of the use or inability to use the\n Work (including but not limited to damages for loss of goodwill,\n work stoppage, computer failure or malfunction, or any and all\n other commercial damages or losses), even if such Contributor\n has been advised of the possibility of such damages.\n\n 9. Accepting Warranty or Additional Liability. While redistributing\n the Work or Derivative Works thereof, You may choose to offer,\n and charge a fee for, acceptance of support, warranty, indemnity,\n or other liability obligations and/or rights consistent with this\n License. However, in accepting such obligations, You may act only\n on Your own behalf and on Your sole responsibility, not on behalf\n of any other Contributor, and only if You agree to indemnify,\n defend, and hold each Contributor harmless for any liability\n incurred by, or claims asserted against, such Contributor by reason\n of your accepting any such warranty or additional liability.\n\n END OF TERMS AND CONDITIONS\n\n Copyright 2017 - 2026 Crunchy Data Solutions, Inc.\n\n Licensed under the Apache License, Version 2.0 (the \"License\");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n" }, { "path": "README.md", "content": "# Examples for Using [PGO](https://github.com/CrunchyData/postgres-operator), the Postgres Operator from Crunchy Data\n\nThis repository contains a collection of examples for deploying, operating, and maintaining Postgres clusters using PGO, the Postgres Operator from Crunchy Data as part of [Crunchy Postgres for Kubernetes](https://www.crunchydata.com/products/crunchy-postgresql-for-kubernetes). Using these examples assumes that you already have PGO running. The kustomize installer for PGO can be found in the [postgres-operator](https://github.com/CrunchyData/postgres-operator) repo. The PGO helm installer can be [installed via the OCI registry](https://access.crunchydata.com/documentation/postgres-operator/latest/installation/helm).\n\nThe use of these examples with PGO and other container images (aside from those provided by Crunchy Data) will require modifications of the examples.\n\n### Using these Examples\n\nThe examples are grouped by various tools that can be used to deploy them.\nEach of the examples has its own README that guides you through the process of deploying it.\nThe best way to get started is to fork this repository and experiment with the examples.\nThe examples as provided are designed for the use of PGO along with Crunchy Data's Postgres distribution, Crunchy Postgres, as Crunchy Postgres for Kubernetes. For more information on the use of container images downloaded from the Crunchy Data Developer Portal or other third party sources, please see 'License and Terms' below.\n\nBy default, these examples are set to use the `v1` version of the PostgresCluster API, which is only available in PGO v6. If you plan to use these examples with PGO v5, or want to use the older API with PGO v6, you will need to change the version suffix in the `apiVersion` of the PostgresCluster manifests to `v1beta1`.\n\n### Help with the Examples\n\n* For general questions or community support, we welcome you to join our [community Discord](https://discord.gg/BnsMEeaPBV).\n* If you believe you have discovered a bug, please open an issue in the [PGO project](https://github.com/CrunchyData/postgres-operator).\n* You can find the full Crunchy Postgres for Kubernetes documentation [here](https://access.crunchydata.com/documentation/postgres-operator/v5/).\n* You can find out more information about PGO, the Postgres Operator from [Crunchy Data](https://www.crunchydata.com), at the [project page](https://github.com/CrunchyData/postgres-operator).\n\n### FAQs, License and Terms\n\nFor more information regarding PGO, the Postgres Operator project from Crunchy Data, and Crunchy Postgres for Kubernetes, please see the [frequently asked questions](https://access.crunchydata.com/documentation/postgres-operator/latest/faq).\n\nFor information regarding the software versions of the components included and Kubernetes version compatibility, please see the [components and compatibility section of the Crunchy Postgres for Kubernetes documentation](https://access.crunchydata.com/documentation/postgres-operator/latest/references/components).\n\nThe examples provided in this project repository are available subject to the [Apache 2.0](https://github.com/CrunchyData/postgres-operator-examples/blob/-/LICENSE.md) license with the PGO logo and branding assets covered by our [trademark guidelines](https://github.com/CrunchyData/postgres-operator/blob/-/docs/static/logos/TRADEMARKS.md).\n\nThe examples as provided in this repo are designed for the use of PGO along with Crunchy Data's Postgres distribution, Crunchy Postgres, as Crunchy Postgres for Kubernetes. The unmodified use of these examples will result in downloading container images from Crunchy Data repositories - specifically the Crunchy Data Developer Portal. The use of container images downloaded from the Crunchy Data Developer Portal are subject to the [Crunchy Data Developer Program terms](https://www.crunchydata.com/developers/terms-of-use).\n" }, { "path": "helm/postgres/Chart.yaml", "content": "apiVersion: v2\nname: postgrescluster\ndescription: A Helm chart for Kubernetes\ntype: application\n# The version below should match the version on the PostgresCluster CRD\nversion: 6.0.0\nappVersion: 6.0.0\n" }, { "path": "helm/postgres/templates/NOTES.txt", "content": "Thank you for deploying a Crunchy PostgreSQL cluster!\n\n ((((((((((((((((((((((\n (((((((((((((%%%%%%%(((((((((((((((\n (((((((((((%%% %%%%((((((((((((\n (((((((((((%%( (((( ( %%%(((((((((((\n (((((((((((((%% (( ,(( %%%(((((((((((\n (((((((((((((((%% *%%/ %%%%%%%((((((((((\n (((((((((((((((((((%%(( %%%%%%%%%%#(((((%%%%%%%%%%#((((((((((((\n ((((((((((((((((((%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%((((((((((((((\n *((((((((((((((((((((%%%%%% /%%%%%%%%%%%%%%%%%%%((((((((((((((((\n (((((((((((((((((((((((%%%/ .%, %%%((((((((((((((((((,\n ((((((((((((((((((((((% %#(((((((((((((((((\n(((((((((((((((%%%%%% #%(((((((((((((((((\n((((((((((((((%% %%(((((((((((((((,\n((((((((((((%%%#% % %%(((((((((((((((\n((((((((((((%. % % #((((((((((((((\n(((((((((((%% % %%* %(((((((((((((\n#(###(###(#%% %%% %% %%% #%%#(###(###(#\n###########%%%%% /%%%%%%%%%%%%% %% %%%%% ,%%#######\n###############%% %%%%%% %%% %%%%%%%% %%#####\n ################%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% %%##\n ################%% %%%%%%%%%%%%%%%%% %%%% %\n ##############%# %% (%%%%%%% %%%%%%\n #############% %%%%% %%%%%%%%%%%\n ###########% %%%%%%%%%%% %%%%%%%%%\n #########%% %% %%%%%%%%%%%%%%%#\n ########%% %% %%%%%%%%%\n ######%% %% %%%%%%\n ####%%% %%%%% %\n %% %%%%\n" }, { "path": "helm/postgres/templates/_azure.tpl", "content": "{{/* Allow for Azure secret information to be stored in a Secret */}}\n{{- define \"postgres.azure\" }}\n[global]\n{{- if .azure }}\n {{- if .azure.account }}\nrepo{{ add .index 1 }}-azure-account={{ .azure.account }}\n {{- end }}\n {{- if .azure.key }}\nrepo{{ add .index 1 }}-azure-key={{ .azure.key }}\n {{- end }}\n{{- end }}\n{{ end }}\n" }, { "path": "helm/postgres/templates/_gcs.tpl", "content": "{{/* Allow for GCS secret information to be stored in a Secret */}}\n{{- define \"postgres.gcs\" }}\n[global]\n{{- if .gcs }}\nrepo{{ add .index 1 }}-gcs-key=/etc/pgbackrest/conf.d/gcs-key.json\n{{- end }}\n{{ end }}\n" }, { "path": "helm/postgres/templates/_s3.tpl", "content": "{{/* Allow for S3 secret information to be stored in a Secret */}}\n{{- define \"postgres.s3\" }}\n[global]\n{{- if .s3 }}\n {{- if .s3.key }}\nrepo{{ add .index 1 }}-s3-key={{ .s3.key }}\n {{- end }}\n {{- if .s3.keySecret }}\nrepo{{ add .index 1 }}-s3-key-secret={{ .s3.keySecret }}\n {{- end }}\n {{- if .s3.keyType }}\nrepo{{ add .index 1 }}-s3-key-type={{ .s3.keyType }}\n {{- end }}\n {{- if .s3.encryptionPassphrase }}\nrepo{{ add .index 1 }}-cipher-pass={{ .s3.encryptionPassphrase }}\n {{- end }}\n{{- end }}\n{{ end }}\n" }, { "path": "helm/postgres/templates/pgbackrest-secret.yaml", "content": "{{- if or .Values.multiBackupRepos .Values.s3 .Values.gcs .Values.azure }}\napiVersion: v1\nkind: Secret\nmetadata:\n name: {{ default .Release.Name .Values.name }}-pgbackrest-secret\ntype: Opaque\ndata:\n{{- if .Values.multiBackupRepos }}\n {{- range $index, $repo := .Values.multiBackupRepos }}\n {{- if $repo.s3 }}\n {{- $args := dict \"s3\" $repo.s3 \"index\" $index }}\n s3.conf: |-\n {{ include \"postgres.s3\" $args | b64enc }}\n {{- else if $repo.gcs }}\n {{- $args := dict \"gcs\" $repo.gcs \"index\" $index }}\n gcs.conf: |-\n {{ include \"postgres.gcs\" $args | b64enc }}\n gcs-key.json: |-\n {{ $repo.gcs.key | b64enc }}\n {{- else if $repo.azure }}\n {{- $args := dict \"azure\" $repo.azure \"index\" $index }}\n azure.conf: |-\n {{ include \"postgres.azure\" $args | b64enc }}\n {{- end }}\n{{- end }}\n{{- else if .Values.s3 }}\n {{- $args := dict \"s3\" .Values.s3 \"index\" 0 }}\n s3.conf: |-\n {{ include \"postgres.s3\" $args | b64enc }}\n{{- else if .Values.gcs }}\n {{- $args := dict \"gcs\" .Values.gcs \"index\" 0 }}\n gcs.conf: |-\n {{ include \"postgres.gcs\" $args | b64enc }}\n gcs-key.json: |-\n {{ .Values.gcs.key | b64enc }}\n{{- else if .Values.azure }}\n {{- $args := dict \"azure\" .Values.azure \"index\" 0 }}\n azure.conf: |-\n {{ include \"postgres.azure\" $args | b64enc }}\n{{- end }}\n{{- end }}\n" }, { "path": "helm/postgres/templates/postgres.yaml", "content": "apiVersion: postgres-operator.crunchydata.com/{{ required \"You must set the PostgresCluster API version to deploy.\" .Values.apiVersion }}\nkind: PostgresCluster\nmetadata:\n name: {{ default .Release.Name .Values.name }}\nspec:\n postgresVersion: {{ required \"You must set the version of Postgres to deploy.\" .Values.postgresVersion }}\n {{- if .Values.postGISVersion }}\n postGISVersion: {{ quote .Values.postGISVersion }}\n {{- end }}\n {{- if .Values.imagePostgres }}\n image: {{ .Values.imagePostgres | quote }}\n {{- end }}\n {{- if .Values.port }}\n port: {{ .Values.port }}\n {{- end }}\n {{- if .Values.instances }}\n instances:\n{{ toYaml .Values.instances | indent 4 }}\n {{- else }}\n instances:\n - name: {{ default \"instance1\" .Values.instanceName | quote }}\n replicas: {{ default 1 .Values.instanceReplicas }}\n dataVolumeClaimSpec:\n {{- if .Values.instanceStorageClassName }}\n storageClassName: {{ .Values.instanceStorageClassName | quote }}\n {{- end }}\n accessModes:\n - \"ReadWriteOnce\"\n resources:\n requests:\n storage: {{ default \"1Gi\" .Values.instanceSize | quote }}\n {{- if or .Values.instanceMemory .Values.instanceCPU }}\n resources:\n limits:\n cpu: {{ default \"\" .Values.instanceCPU | quote }}\n memory: {{ default \"\" .Values.instanceMemory | quote }}\n {{- end }}\n {{- end }}\n backups:\n pgbackrest:\n {{- if .Values.imagePgBackRest }}\n image: {{ .Values.imagePgBackRest | quote }}\n {{- end }}\n {{- if .Values.pgBackRestConfig }}\n{{ toYaml .Values.pgBackRestConfig | indent 6 }}\n {{- else if .Values.multiBackupRepos }}\n configuration:\n - secret:\n name: {{ default .Release.Name .Values.name }}-pgbackrest-secret\n global:\n {{- range $index, $repo := .Values.multiBackupRepos }}\n {{- if or $repo.s3 $repo.gcs $repo.azure }}\n repo{{ add $index 1 }}-path: /pgbackrest/{{ $.Release.Namespace }}/{{ default $.Release.Name $.Values.name }}/repo{{ add $index 1 }}\n {{- end }}\n {{- end }}\n repos:\n {{- range $index, $repo := .Values.multiBackupRepos }}\n - name: repo{{ add $index 1 }}\n {{- if $repo.volume }}\n volume:\n volumeClaimSpec:\n {{- if $repo.volume.backupsStorageClassName }}\n storageClassName: {{ .Values.backupsStorageClassName | quote }}\n {{- end }}\n accessModes:\n - \"ReadWriteOnce\"\n resources:\n requests:\n storage: {{ default \"1Gi\" $repo.volume.backupsSize | quote }}\n {{- else if $repo.s3 }}\n s3:\n bucket: {{ $repo.s3.bucket | quote }}\n endpoint: {{ $repo.s3.endpoint | quote }}\n region: {{ $repo.s3.region | quote }}\n {{- else if $repo.gcs }}\n gcs:\n bucket: {{ $repo.gcs.bucket | quote }}\n {{- else if $repo.azure }}\n azure:\n container: {{ $repo.azure.container | quote }}\n {{- end }}\n {{- end }}\n {{- else if .Values.s3 }}\n configuration:\n - secret:\n name: {{ default .Release.Name .Values.name }}-pgbackrest-secret\n global:\n repo1-path: /pgbackrest/{{ .Release.Namespace }}/{{ default .Release.Name .Values.name }}/repo1\n {{- if .Values.s3.encryptionPassphrase }}\n repo1-cipher-type: aes-256-cbc\n {{- end }}\n repos:\n - name: repo1\n s3:\n bucket: {{ .Values.s3.bucket | quote }}\n endpoint: {{ .Values.s3.endpoint | quote }}\n region: {{ .Values.s3.region | quote }}\n {{- else if .Values.gcs }}\n configuration:\n - secret:\n name: {{ default .Release.Name .Values.name }}-pgbackrest-secret\n global:\n repo1-path: /pgbackrest/{{ .Release.Namespace }}/{{ default .Release.Name .Values.name }}/repo1\n repos:\n - name: repo1\n gcs:\n bucket: {{ .Values.gcs.bucket | quote }}\n {{- else if .Values.azure }}\n configuration:\n - secret:\n name: {{ default .Release.Name .Values.name }}-pgbackrest-secret\n global:\n repo1-path: /pgbackrest/{{ .Release.Namespace }}/{{ default .Release.Name .Values.name }}/repo1\n repos:\n - name: repo1\n azure:\n container: {{ .Values.azure.container | quote }}\n {{- else }}\n repos:\n - name: repo1\n volume:\n volumeClaimSpec:\n {{- if .Values.backupsStorageClassName }}\n storageClassName: {{ .Values.backupsStorageClassName | quote }}\n {{- end }}\n accessModes:\n - \"ReadWriteOnce\"\n resources:\n requests:\n storage: {{ default \"1Gi\" .Values.backupsSize | quote }}\n {{- end }}\n {{- if or .Values.pgBouncerReplicas .Values.pgBouncerConfig }}\n proxy:\n pgBouncer:\n {{- if .Values.imagePgBouncer }}\n image: {{ .Values.imagePgBouncer | quote }}\n {{- end }}\n {{- if .Values.pgBouncerConfig }}\n{{ toYaml .Values.pgBouncerConfig | indent 6 }}\n {{- else }}\n replicas: {{ .Values.pgBouncerReplicas }}\n {{- end }}\n {{- end }}\n {{- if .Values.patroni }}\n patroni:\n{{ toYaml .Values.patroni | indent 4 }}\n {{- end }}\n {{- if .Values.users }}\n users:\n{{ toYaml .Values.users | indent 4 }}\n {{- end }}\n {{- if .Values.service }}\n service:\n{{ toYaml .Values.service | indent 4 }}\n {{- end }}\n {{- if .Values.dataSource }}\n dataSource:\n{{ toYaml .Values.dataSource | indent 4 }}\n {{- end }}\n {{- if .Values.databaseInitSQL }}\n databaseInitSQL:\n name: {{ required \"A ConfigMap name is required for running bootstrap SQL.\" .Values.databaseInitSQL.name | quote }}\n key: {{ required \"A key in a ConfigMap containing any bootstrap SQL is required.\" .Values.databaseInitSQL.key | quote }}\n {{- end }}\n {{- if .Values.imagePullPolicy }}\n imagePullPolicy: {{ .Values.imagePullPolicy | quote }}\n {{- end }}\n {{- if .Values.imagePullSecrets }}\n imagePullSecrets:\n{{ toYaml .Values.imagePullSecrets | indent 4 }}\n {{- end }}\n {{- if .Values.disableDefaultPodScheduling }}\n disableDefaultPodScheduling: true\n {{- end }}\n {{- if .Values.metadata }}\n metadata:\n{{ toYaml .Values.metadata | indent 4 }}\n {{- end }}\n {{- if .Values.monitoring }}\n monitoring:\n pgmonitor:\n exporter:\n image: {{ default \"\" .Values.imageExporter | quote }}\n {{- if .Values.monitoringConfig }}\n{{ toYaml .Values.monitoringConfig | indent 8 }}\n {{- end }}\n {{- end }}\n {{- if .Values.instrumentation }}\n instrumentation:\n config:\n {{- if .Values.instrumentationConfig }}\n{{ toYaml .Values.instrumentationConfig | indent 6 }}\n {{- end }}\n image: {{ default \"\" .Values.instrumentationImage | quote }}\n logs:\n {{- if .Values.instrumentationLogs }}\n{{ toYaml .Values.instrumentationLogs | indent 6 }}\n {{- end }}\n metrics:\n {{- if .Values.instrumentationMetrics }}\n{{ toYaml .Values.instrumentationMetrics | indent 6 }}\n {{- end }}\n resources:\n {{- if .Values.instrumentationResources }}\n{{ toYaml .Values.instrumentationResources | indent 6 }}\n {{- end }}\n {{- end }}\n {{- if .Values.shutdown }}\n shutdown: true\n {{- end }}\n {{- if .Values.standby }}\n standby:\n enabled: {{ .Values.standby.enabled }}\n repoName: {{ .Values.standby.repoName }}\n host: {{ .Values.standby.host }}\n port: {{ .Values.standby.port }}\n {{- end }}\n {{- if .Values.supplementalGroups }}\n supplementalGroups:\n{{ toYaml .Values.supplementalGroups | indent 4 }}\n {{- end }}\n {{- if .Values.openshift }}\n openshift: true\n {{- else if eq .Values.openshift false }}\n openshift: false\n {{- end }}\n {{- if .Values.customTLSSecret }}\n customTLSSecret:\n{{ toYaml .Values.customTLSSecret | indent 4 }}\n {{- end }}\n {{- if .Values.customReplicationTLSSecret }}\n customReplicationTLSSecret:\n{{ toYaml .Values.customReplicationTLSSecret | indent 4 }}\n {{- end }}\n" }, { "path": "helm/postgres/values.yaml", "content": "---\n# For a full explanation of how to set up the custom resource, please refer to\n# the documentation:\n# https://access.crunchydata.com/documentation/postgres-operator/v5/\n\n###########\n# General #\n###########\n\n# name is the name of the cluster. This defaults to the name of the Helm\n# release.\n# name: hippo\n\n# postgresVersion sets the version to deploy. This version number needs to be\n# available as one of the \"RELATED_IMAGE_POSTGRES_...\" images as part of the PGO\n# installation if you want to deploy the image without setting the \"postgres\"\n# image variable. This value is required.\npostgresVersion: 18\n\n# apiVersion sets the PostgresCluster API version to use. When deploying a\n# PostgresCluster with PGO v6, you can use the newer v1 API version or the older\n# v1beta1. When deploying a PostgresCluster with PGO v5, you must use the older\n# PostgresCluster API version, v1beta1.\napiVersion: v1\n\n# postGISVersion if set and coupled with a PostGIS enabled container, enables\n# PostGIS. This version number needs to be available as one of the\n# \"RELATED_IMAGE_POSTGRES_...\" images as part of the PGO installation if you\n# want to deploy the image without setting the \"postgres\" image variable.\n# postGISVersion: 3.4\n\n# NOTE: pgBackRest is enabled by default. It must be set in\n# \"RELATED_IMAGE_PGBACKREST\" on the PGO deployment, otherwise you will need to\n# override the \"pgBackRest\" image.\n\n# pgBouncerReplicas sets the number of pgBouncer instances to deploy. The\n# default is 0. You need to set this to at least 1 to deploy pgBouncer or set\n# \"pgBouncerConfig\". Setting \"pgBouncerConfig\" will override the value of\n# pgBouncerReplicas. The \"RELATED_IMAGE_PGBOUNCER\" in the PGO deployment must be\n# set if you want to enable this without explicitly setting \"pgBouncer\".\n# pgBouncerReplicas: 1\n\n# monitoring enables the ability to monitor the Postgres cluster through a\n# metrics exporter that can be scraped by Prometheus. This defaults to the value\n# below.\n# monitoring: false\n\n# instrumentation enables the ability to monitor the Postgres cluster through an\n# OpenTelemetry collector. This defaults to the value below.\n# This feature is currently behind the feature gates OpenTelemetryLogs and\n# OpenTelemetryMetrics; at least one of these feature gates must be turned\n# on for `instrumentation` to be turned on.\n# instrumentation: false\n\n###################\n# Image Overrides #\n###################\n\n# imagePostgres can be a Postgres or GIS-enabled Postgres image. This defaults to the\n# below value. \"postgresVersion\" needs to match the version of Postgres that is\n# used here. If using the GIS-enabled Postgres image, you need to ensure\n# \"postGISVersion\" matches the version of PostGIS used.\n# imagePostgres: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-17.4-0\n\n# imagePgBackRest is the pgBackRest backup utility image. This defaults to the\n# below value.\n# imagePgBackRest: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.54.1-1\n\n# imagePgBouncer is the image for the PgBouncer connection pooler. This defaults\n# to the below value.\n# imagePgBouncer: registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi8-1.23-4\n\n# imageExporter is the image name for the exporter used as a part of monitoring.\n# This defaults to the value below.\n# imageExporter: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi8-0.16.0-1\n\n###########################\n# Basic Postgres Settings #\n###########################\n\n# instanceName lets you set the name of your instances. This defaults to\n# the value below. Setting \"instances\" overrides this value.\n# instanceName: instance1\n\n# instanceSize sets the size of the volume that contains the data. This defaults\n# to the value below. Settings \"instances\" overrides this value.\n# instanceSize: 1Gi\n\n# instanceStorageClassName sets the storage class for the volume that contains the data.\n# This defaults to the \"default\" storage class defined in the cluster.\n# See: 'kubectl get storageclasses.storage.k8s.io | grep default'\n# Settings \"instances\" overrides this value.\n# instanceStorageClassName: \"hostpath\"\n\n# instanceMemory sets the memory limit for the Postgres instances. This defaults\n# to no limit being set, but an example value is set below. Settings \"instances\"\n# overrides this value.\n# instanceMemory: 2Gi\n\n# instanceCPU sets the CPU limit for the Postgres instances. This defaults to\n# no limit being set, but an example value is set below. Setting \"instances\"\n# overrides this value.\n# instanceCPU: 1000m\n\n# instanceReplicas lets you set the total number of Postgres replicas. This\n# defaults to the value below. More than on replica enables high availability\n# (HA). Settings \"instances\" overrides this value.\n# instanceReplicas: 1\n\n##############################\n# Advanced Postgres Settings #\n##############################\n\n# instances allows you to define one or more Postgres instance sets. By default,\n# PGO will only deploy a single instance. Each instance set has similar\n# characteristics to the other instances in the set, e.g. storage size, resource\n# etc. You can have multiple replicas within an instance set.\n#\n# This allows you to fully customize the topology of your Postgres instances.\n#\n# For example, to set up an instance set with HA (due to the default pod\n# topology spread constraints)\n#\n# instances:\n# - name: pgha1\n# replicas: 2\n# dataVolumeClaimSpec:\n# accessModes:\n# - \"ReadWriteOnce\"\n# resources:\n# requests:\n# storage: 1Gi\n# instances: {}\n\n# port sets the port that Postgres listens on. Defaults to 5432.\n# port: 5432\n\n# patroni lets you set the Patroni configuration for the Postgres cluster.\n# for example, to set up synchronous replication:\n# patroni:\n# dynamicConfiguration:\n# synchronous_mode: true\n# postgresql:\n# parameters:\n# synchronous_commit: \"on\"\n# patroni: {}\n\n# users sets any custom Postgres users and databases that they have access to\n# as well as any permissions associated with the user account.\n# users: {}\n\n# dataSource specifies a data source for bootstrapping a Postgres cluster.\n# dataSource: {}\n\n# customTLSSecret references a Secret that contains the relevant information for\n# bringing external TLS artifacts to a PostgreSQL cluster. This provides the\n# TLS for the cluster itself.\n# customTLSSecret: {}\n\n# customReplicationTLSSecret references a Secret that contains the relevant\n# information for bringing external TLS artifacts to a PostgreSQL cluster. This\n# provides the information for the replication user.\n# customReplicationTLSSecret: {}\n\n# databaseInitSQL references a ConfigMap that contains a SQL file that should be\n# run a cluster bootstrap.\n# databaseInitSQL:\n# name: bootstrap-sql\n# key: bootstrap.sql\n\n# standby sets whether to run this as a standby cluster. Setting \"enabled\" to\n# \"true\" enables the standby cluster while \"repoName\" points to a pgBackRest\n# archive to replay WAL files from, and \"host\" and \"port\" point to a primary\n# cluster from which to stream data.\n# standby:\n# enabled: false\n# repoName: repo1\n# host: \"192.0.2.2\"\n# port: 5432\n\n# shutdown when set scales the entire workload to zero. By default, this is not\n# set.\n# shutdown: true\n\n#################################\n# Backups / pgBackRest Settings #\n#################################\n\n# backupsSize sets the storage size of the backups to a volume in Kubernetes.\n# can be overridden by \"pgBackRestConfig\", if set. Defaults to the value below.\n# backupsSize: 1Gi\n\n# backupsStorageClassName sets the storage class to a class existing in Kubernetes.\n# Defaults to the \"default\" storage class defined in the cluster.\n# Can be overridden by \"pgBackRestConfig\", if set.\n# backupsStorageClassName: \"hostpath\"\n\n# s3 allows for AWS S3 or an S3 compatible storage system to be used for\n# backups. This allows for a quick setup with S3; if you need more advanced\n# setup, use pgBackRestConfig.\n# s3:\n# # bucket specifies the S3 bucket to use,\n# bucket: \"\"\n# # endpoint specifies the S3 endpoint to use.\n# endpoint: \"\"\n# # region specifies the S3 region to use. If your S3 storage system does not\n# # use \"region\", fill this in with a random value.\n# region: \"\"\n# # key is the S3 key. This is stored in a Secret.\n# key: \"\"\n# # keySecret is the S3 key secret. This is stored in a Secret.\n# keySecret: \"\"\n# # keyType can be configured to enable IAM integration via AssumeRole\n# # For more info, see the documentation at https://access.crunchydata.com/documentation/postgres-operator/latest/tutorials/backups-disaster-recovery/backups#using-an-aws-integrated-identity-provider-and-role\n# keyType: \"\"\n# # encryptionPassphrase is an optional parameter to enable encrypted backups\n# # with pgBackRest. This is encrypted by pgBackRest and does not use S3's\n# # built-in encryption system.\n# encryptionPassphrase: \"\"\n\n# gcs allows for Google Cloud Storage (GCS) to be used for backups. This allows\n# for a quick setup with GCS; if you need a more advanced setup, use\n# \"pgBackRestConfig\".\n# gcs:\n# # bucket is the name of the GCS bucket that the backups will be stored in.\n# bucket: \"\"\n# # key is a multi-line string that contains the GCS key, which is a JSON\n# # structure.\n# key: |\n# {}\n\n# azure allows for Azure Blob Storage to be used for backups. This allows\n# for a quick setup with Azure Blob Storage; if you need a more advanced setup,\n# use \"pgBackRestConfig\".\n# azure:\n# # account is the name of the Azure account to be used.\n# account: \"\"\n# # key is the Secret key used associated with the Azure account.\n# key: \"\"\n# # container is the Azure container that the backups will be stored in.\n# container: \"\"\n\n# multiBackupRepos allows for backing up to multiple repositories. This is\n# effectively uses the \"quickstarts\" for each of the backup types (volume, s3,\n# gcs, azure). You can have any permutation of these types. You can set up to 4.\n# can be overwritten by \"pgBackRestConfig\".\n#\n# You can't set \"multiBackupRepos\" and any of the individual quickstarts at the\n# same time. \"multiBackupRepos\" will take precedence.\n#\n# Below is an example that enables one of each backup type.\n# All available quickstart options are presented below; please see the backup types\n# if you want to see how each option works.\n# multiBackupRepos:\n# - volume:\n# backupsSize: 1Gi\n# - s3:\n# bucket: \"\"\n# endpoint: \"\"\n# region: \"\"\n# key: \"\"\n# keySecret: \"\"\n# keyType: \"\"\n# - gcs:\n# bucket: \"\"\n# key: |\n# {}\n# - azure:\n# account: \"\"\n# key: \"\"\n# container: \"\"\n\n# pgBackRestConfig allows for the configuration of every pgBackRest option\n# except for \"image\", which is set by \"pgBackRest\".\n# pgBackRestConfig: {}\n\n################################\n# Pooling / pgBouncer Settings #\n################################\n\n# pgBouncerConfig sets all of the pgBouncer portions of the spec except for\n# image. To set image, you need to set the \"pgBouncer\" setting.\n# pgBouncerConfig: {}\n\n#######################\n# Monitoring Settings #\n#######################\n\n# monitoringConfig sets all of the monitoring portions of the spec except for the\n# image. To set the image, which also enables monitoring, you need to set the\n# \"monitoring\" setting.\n# monitoringConfig: {}\n\n# The following \"instrumentation_\" fields will set the specified parts of the instrumentation\n# spec. To enable instrumentation, you need to set the \"instrumentation\" setting to \"true\".\n# This feature is currently behind the feature gates OpenTelemetryMetrics and OpenTelemetryLogs.\n\n# instrumentationConfig: {}\n# instrumentationImage: \"\"\n# instrumentationLogs: {}\n# instrumentationMetrics: {}\n# instrumentationResources: {}\n\n#######################\n# Kubernetes Settings #\n#######################\n\n# metadata contains any metadata that should be applied to all PGO managed\n# objects in this Postgres cluster. This includes \"annotations\" and \"labels\" as\n# sub-keys.\n# metadata: {}\n\n# service customizes the Service that exposes the Postgres primary.\n# service: {}\n\n# imagePullPolicy sets the pull policy for all the images. This defaults to\n# the Kubernetes heuristic:\n# https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting\n# imagePullPolicy: IfNotPresent\n\n# imagePullSecrets references Secrets that credentials for pulling image from\n# private repositories\n# imagePullSecrets: []\n\n# supplementalGroups sets any group IDs that should be assigned to\n# Pods, particularly around file system constraints within a system\n# supplementalGroups: []\n\n# disableDefaultPodScheduling if set to true, will disable any of the default\n# scheduling constraints for Pods, such as the default Pod Topology Spread\n# Constraints. If set to false or unset, the default scheduling constraints will\n# be used in addition to any customizations that are added in.\n# disableDefaultPodScheduling: false\n\n# openshift can be set explicitly if this is an OpenShift cluster or a cluster\n# that uses a SecurityContextConstraint. This usually does not need to be set,\n# but you may want to explicitly set it to \"false\" when using an SCC like\n# \"anyuid\"\n# openshift: false\n" }, { "path": "kustomize/azure/.gitignore", "content": "azure.conf\n" }, { "path": "kustomize/azure/azure.conf.example", "content": "[global]\nrepo1-azure-account=\nrepo1-azure-key=\n" }, { "path": "kustomize/azure/kustomization.yaml", "content": "apiVersion: kustomize.config.k8s.io/v1beta1\nkind: Kustomization\n\nnamespace: postgres-operator\n\nsecretGenerator:\n- name: pgo-azure-creds\n files:\n - azure.conf\n\ngeneratorOptions:\n disableNameSuffixHash: true\n\nresources:\n- postgres.yaml\n" }, { "path": "kustomize/azure/postgres.yaml", "content": "apiVersion: postgres-operator.crunchydata.com/v1\nkind: PostgresCluster\nmetadata:\n name: hippo-azure\nspec:\n postgresVersion: 18\n instances:\n - dataVolumeClaimSpec:\n accessModes:\n - \"ReadWriteOnce\"\n resources:\n requests:\n storage: 1Gi\n backups:\n pgbackrest:\n configuration:\n - secret:\n name: pgo-azure-creds\n global:\n repo1-path: /pgbackrest/postgres-operator/hippo-azure/repo1\n repos:\n - name: repo1\n azure:\n container: \"\"\n" }, { "path": "kustomize/certmanager/README.md", "content": "# Using Cert-Manager with Postgres Operator 5.x\n\n## Introduction\nStarting with version 5.0 of PGO, the Postgres Operator from Crunchy Data, TLS is on by default to secure all communication to/from the postgres cluster. By default, the Operator will generate the necessary certificates for the Postgres cluster and components. It is possible to provide custom certificates by storing the certificates in a Kubernetes Secret and pointing the Operator to those secrets in the Postgres manifest.\n\nCert-Manager can be used to dynamically generate and manage certificates in Kubernetes. Cert-Manager can generate self-signed certificates or certificates from several certificate authorities.\n\nThis example shows how to use custom self-signed certificates generated by Cert-Manager.\n\n## Cert-Manager Installation\nThe first step is to deploy Cert-Manager to the Kubernetes cluster. To do this, follow the instructions on the Cert-Manager website (https://cert-manager.io/docs/installation/).\n\n## Setup Certificate Issuer\nAfter Cert-Manager has been deployed, the next step used in this example is to set up a Certificate Issuer. The Certificate Issuer can be configured to be local to a namespace or cluster wide. In the examples provided here, a cluster wide issuer is created.\n\n### Configure Issuer\n\n```\nkubectl apply -k certman\n```\n\nThis Kustomize deployment performs the following actions:\n\n* Creates a cluster wide (ClusterIssuer) self-signed certificate issuer.\n* Generates a common CA certificate.\n* Creates a cluster wide (ClusterIssuer) CA certificate issuer using the generated CA certificate.\n\nBy default, the issues are created in the cert-manager namespace which is the default namespace for Cert-Manager.\n\nThe CA certificate issuer is important as the Postgres components require that the ca.crt be the same for the certificates generated to support Postgres.\n\n## Deploy Postgres with Custom Certificates\n\nWith the cluster wide certificate issuer in place, the next step is to generate certificates and then instruct the Operator to use these certicates.\n\nTwo certificates will be generated by the Kustomize deployment. The first certificate secret is named -tls (hippo-tls in this example) and the second certificate -repl-tls (hippo-repl-tls). The critical different between the two certificates is the Common Name (CN). For the replication certificate (-repl-tls), the Common Name must be _crunchyrepl. If the Common Name is not set properly then the replicas will fail doing bootstrap process.\n\nIn the Postgres manifest, two entries are added to point to the newly created Secrets. The customTLSSecret key references the -tls secret while the customReplicationTLSSecret references the -repl-tls secret.\n\n### Deploy Postgres\n\n```shell\nkubectl apply -k postgres\n```\n\nThe following process takes place during the deployment:\n* Custom certificate is generated for Postgres using the CA ClusterIssuer created in the previous steps.\n* Custom certificate is generated for Postgres replication using the CA ClusterIssuer.\n* Postgres cluster deployed using the custom certificates.\n" }, { "path": "kustomize/certmanager/certman/ca-cert.yaml", "content": "---\napiVersion: cert-manager.io/v1\nkind: Certificate\nmetadata:\n name: selfsigned-ca\n namespace: cert-manager\nspec:\n isCA: true\n commonName: postgres-operator\n secretName: root-secret\n privateKey:\n algorithm: ECDSA\n size: 256\n issuerRef:\n name: selfsigned-cluster-issuer\n kind: ClusterIssuer\n group: cert-manager.io" }, { "path": "kustomize/certmanager/certman/ca-issuer.yaml", "content": "---\napiVersion: cert-manager.io/v1\nkind: ClusterIssuer\nmetadata:\n name: ca-issuer\n namespace: cert-manager\nspec:\n ca:\n secretName: root-secret\n" }, { "path": "kustomize/certmanager/certman/kustomization.yaml", "content": "apiVersion: kustomize.config.k8s.io/v1beta1\nkind: Kustomization\n\nresources:\n- selfsigned-clusterissuer.yaml\n- ca-cert.yaml\n- ca-issuer.yaml\n" }, { "path": "kustomize/certmanager/certman/selfsigned-clusterissuer.yaml", "content": "---\napiVersion: cert-manager.io/v1\nkind: ClusterIssuer\nmetadata:\n name: selfsigned-cluster-issuer\n namespace: cert-manager\nspec:\n selfSigned: {}\n" }, { "path": "kustomize/certmanager/certman/selfsigned-issuer.yaml", "content": "---\napiVersion: cert-manager.io/v1\nkind: Issuer\nmetadata:\n name: selfsigned-issuer\nspec:\n selfSigned: {}\n" }, { "path": "kustomize/certmanager/postgres/cert-repl.yaml", "content": "apiVersion: cert-manager.io/v1\nkind: Certificate\nmetadata:\n name: hippo-repl-certmanager\nspec:\n # Secret names are always required.\n secretName: hippo-repl-tls\n duration: 2160h # 90d\n renewBefore: 360h # 15d\n subject:\n organizations:\n - hippo-org\n # The use of the common name field has been deprecated since 2000 and is\n # discouraged from being used.\n commonName: _crunchyrepl\n isCA: false\n privateKey:\n algorithm: ECDSA\n size: 256\n usages:\n - digital signature\n - key encipherment\n # At least one of a DNS Name, URI, or IP address is required.\n dnsNames:\n - _crunchyrepl\n issuerRef:\n name: ca-issuer\n # We can reference ClusterIssuers by changing the kind here.\n # The default value is Issuer (i.e. a locally namespaced Issuer)\n kind: ClusterIssuer\n # This is optional since cert-manager will default to this value however\n # if you are using an external issuer, change this to that issuer group.\n group: cert-manager.io\n" }, { "path": "kustomize/certmanager/postgres/cert.yaml", "content": "apiVersion: cert-manager.io/v1\nkind: Certificate\nmetadata:\n name: hippo-certmanager\nspec:\n # Secret names are always required.\n secretName: hippo-tls\n duration: 2160h # 90d\n renewBefore: 360h # 15d\n subject:\n organizations:\n - hippo-org\n # The use of the common name field has been deprecated since 2000 and is\n # discouraged from being used.\n commonName: hippo-primary\n isCA: false\n privateKey:\n algorithm: ECDSA\n size: 256\n usages:\n - digital signature\n - key encipherment\n # At least one of a DNS Name, URI, or IP address is required.\n dnsNames:\n - hippo-primary\n - hippo-primary.postgres-operator\n - hippo-primary.postgres-operator.svc\n - hippo-primary.postgres-operator.svc.cluster.local\n issuerRef:\n name: ca-issuer\n # We can reference ClusterIssuers by changing the kind here.\n # The default value is Issuer (i.e. a locally namespaced Issuer)\n kind: ClusterIssuer\n # This is optional since cert-manager will default to this value however\n # if you are using an external issuer, change this to that issuer group.\n group: cert-manager.io\n" }, { "path": "kustomize/certmanager/postgres/kustomization.yaml", "content": "apiVersion: kustomize.config.k8s.io/v1beta1\nkind: Kustomization\n\nnamespace: postgres-operator\n\nresources:\n- cert.yaml\n- cert-repl.yaml\n- postgres.yaml\n" }, { "path": "kustomize/certmanager/postgres/postgres.yaml", "content": "apiVersion: postgres-operator.crunchydata.com/v1\nkind: PostgresCluster\nmetadata:\n name: hippo\nspec:\n postgresVersion: 18\n customReplicationTLSSecret:\n name: hippo-repl-tls\n customTLSSecret:\n name: hippo-tls\n instances:\n - replicas: 2\n dataVolumeClaimSpec:\n accessModes:\n - \"ReadWriteOnce\"\n resources:\n requests:\n storage: 1Gi\n backups:\n pgbackrest:\n repos:\n - name: repo1\n volume:\n volumeClaimSpec:\n accessModes:\n - \"ReadWriteOnce\"\n resources:\n requests:\n storage: 1Gi\n" }, { "path": "kustomize/gcs/.gitignore", "content": "gcs-key.json\n" }, { "path": "kustomize/gcs/gcs.conf", "content": "[global]\nrepo1-gcs-key=/etc/pgbackrest/conf.d/gcs-key.json\n" }, { "path": "kustomize/gcs/kustomization.yaml", "content": "apiVersion: kustomize.config.k8s.io/v1beta1\nkind: Kustomization\n\nnamespace: postgres-operator\n\nsecretGenerator:\n- name: pgo-gcs-creds\n files:\n - gcs.conf\n - gcs-key.json\n\ngeneratorOptions:\n disableNameSuffixHash: true\n\nresources:\n- postgres.yaml\n" }, { "path": "kustomize/gcs/postgres.yaml", "content": "apiVersion: postgres-operator.crunchydata.com/v1\nkind: PostgresCluster\nmetadata:\n name: hippo-gcs\nspec:\n postgresVersion: 18\n instances:\n - dataVolumeClaimSpec:\n accessModes:\n - \"ReadWriteOnce\"\n resources:\n requests:\n storage: 1Gi\n backups:\n pgbackrest:\n configuration:\n - secret:\n name: pgo-gcs-creds\n global:\n repo1-path: /pgbackrest/postgres-operator/hippo-gcs/repo1\n repos:\n - name: repo1\n gcs:\n bucket: \"\"\n" }, { "path": "kustomize/high-availability/ha-postgres.yaml", "content": "apiVersion: postgres-operator.crunchydata.com/v1\nkind: PostgresCluster\nmetadata:\n name: hippo-ha\nspec:\n postgresVersion: 18\n instances:\n - name: pgha1\n replicas: 2\n dataVolumeClaimSpec:\n accessModes:\n - \"ReadWriteOnce\"\n resources:\n requests:\n storage: 1Gi\n affinity:\n podAntiAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - weight: 1\n podAffinityTerm:\n topologyKey: kubernetes.io/hostname\n labelSelector:\n matchLabels:\n postgres-operator.crunchydata.com/cluster: hippo-ha\n postgres-operator.crunchydata.com/instance-set: pgha1\n backups:\n pgbackrest:\n repos:\n - name: repo1\n volume:\n volumeClaimSpec:\n accessModes:\n - \"ReadWriteOnce\"\n resources:\n requests:\n storage: 1Gi\n proxy:\n pgBouncer:\n replicas: 2\n affinity:\n podAntiAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - weight: 1\n podAffinityTerm:\n topologyKey: kubernetes.io/hostname\n labelSelector:\n matchLabels:\n postgres-operator.crunchydata.com/cluster: hippo-ha\n postgres-operator.crunchydata.com/role: pgbouncer\n" }, { "path": "kustomize/high-availability/kustomization.yaml", "content": "apiVersion: kustomize.config.k8s.io/v1beta1\nkind: Kustomization\n\nnamespace: postgres-operator\n\nresources:\n- ha-postgres.yaml\n" }, { "path": "kustomize/keycloak/keycloak.yaml", "content": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: keycloak\n namespace: postgres-operator\n labels:\n app.kubernetes.io/name: keycloak\nspec:\n selector:\n matchLabels:\n app.kubernetes.io/name: keycloak\n template:\n metadata:\n labels:\n app.kubernetes.io/name: keycloak\n spec:\n containers:\n - image: quay.io/keycloak/keycloak:latest\n args: [\"start-dev\"]\n name: keycloak\n env:\n - name: KC_DB\n value: \"postgres\"\n - name: KC_DB_URL_HOST\n valueFrom: { secretKeyRef: { name: keycloakdb-pguser-keycloakdb, key: host } }\n - name: KC_DB_URL_PORT\n valueFrom: { secretKeyRef: { name: keycloakdb-pguser-keycloakdb, key: port } }\n - name: KC_DB_URL_DATABASE\n valueFrom: { secretKeyRef: { name: keycloakdb-pguser-keycloakdb, key: dbname } }\n - name: KC_DB_USERNAME\n valueFrom: { secretKeyRef: { name: keycloakdb-pguser-keycloakdb, key: user } }\n - name: KC_DB_PASSWORD\n valueFrom: { secretKeyRef: { name: keycloakdb-pguser-keycloakdb, key: password } }\n - name: KC_BOOTSTRAP_ADMIN_USERNAME\n value: \"admin\"\n - name: KC_BOOTSTRAP_ADMIN_PASSWORD\n value: \"admin\"\n - name: KC_PROXY_HEADERS\n value: \"xforwarded\"\n ports:\n - name: http\n containerPort: 8080\n - name: https\n containerPort: 8443\n readinessProbe:\n httpGet:\n path: /realms/master\n port: 8080\n restartPolicy: Always\n" }, { "path": "kustomize/keycloak/kustomization.yaml", "content": "apiVersion: kustomize.config.k8s.io/v1beta1\nkind: Kustomization\n\nnamespace: postgres-operator\n\nresources:\n- postgres.yaml\n- keycloak.yaml\n" }, { "path": "kustomize/keycloak/postgres.yaml", "content": "apiVersion: postgres-operator.crunchydata.com/v1\nkind: PostgresCluster\nmetadata:\n name: keycloakdb\n annotations:\n postgres-operator.crunchydata.com/autoCreateUserSchema: \"true\"\nspec:\n postgresVersion: 18\n instances:\n - replicas: 2\n dataVolumeClaimSpec:\n accessModes:\n - \"ReadWriteOnce\"\n resources:\n requests:\n storage: 1Gi\n affinity:\n podAntiAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - weight: 1\n podAffinityTerm:\n topologyKey: kubernetes.io/hostname\n labelSelector:\n matchLabels:\n postgres-operator.crunchydata.com/cluster: keycloakdb\n postgres-operator.crunchydata.com/instance-set: \"00\"\n backups:\n pgbackrest:\n repos:\n - name: repo1\n volume:\n volumeClaimSpec:\n accessModes:\n - \"ReadWriteOnce\"\n resources:\n requests:\n storage: 1Gi\n" }, { "path": "kustomize/multi-backup-repo/.gitignore", "content": "azure.conf\ngcs-key.json\ns3.conf\n" }, { "path": "kustomize/multi-backup-repo/azure.conf.example", "content": "[global]\nrepo4-azure-account=\nrepo4-azure-key=\n" }, { "path": "kustomize/multi-backup-repo/gcs.conf", "content": "[global]\nrepo3-gcs-key=/etc/pgbackrest/conf.d/gcs-key.json\n" }, { "path": "kustomize/multi-backup-repo/kustomization.yaml", "content": "apiVersion: kustomize.config.k8s.io/v1beta1\nkind: Kustomization\n\nnamespace: postgres-operator\n\nsecretGenerator:\n- name: pgo-multi-repo-creds\n files:\n - azure.conf\n - gcs.conf\n - gcs-key.json\n - s3.conf\n\ngeneratorOptions:\n disableNameSuffixHash: true\n\nresources:\n- postgres.yaml\n" }, { "path": "kustomize/multi-backup-repo/postgres.yaml", "content": "apiVersion: postgres-operator.crunchydata.com/v1\nkind: PostgresCluster\nmetadata:\n name: hippo-multi-repo\nspec:\n postgresVersion: 18\n instances:\n - dataVolumeClaimSpec:\n accessModes:\n - \"ReadWriteOnce\"\n resources:\n requests:\n storage: 1Gi\n backups:\n pgbackrest:\n configuration:\n - secret:\n name: pgo-multi-repo-creds\n global:\n repo2-path: /pgbackrest/postgres-operator/hippo-multi-repo/repo2\n repo3-path: /pgbackrest/postgres-operator/hippo-multi-repo/repo3\n repo4-path: /pgbackrest/postgres-operator/hippo-multi-repo/repo4\n repos:\n - name: repo1\n volume:\n volumeClaimSpec:\n accessModes:\n - \"ReadWriteOnce\"\n resources:\n requests:\n storage: 1Gi\n - name: repo2\n s3:\n bucket: \"\"\n endpoint: \"\"\n region: \"\"\n - name: repo3\n gcs:\n bucket: \"\"\n - name: repo4\n azure:\n container: \"\"\n" }, { "path": "kustomize/multi-backup-repo/s3.conf.example", "content": "[global]\nrepo2-s3-key=\nrepo2-s3-key-secret=\n" }, { "path": "kustomize/pgadmin/README.md", "content": "# Pgadmin considerations\n\nStarting with **PGO v5.5.0** the user interface has its own CRD. You have better control and can fully customize your user interface via PGAdmin.spec.config.settings as demonstrated in the included pgadmin.yaml\n\nFor more architectural insights please refer to [docs](https://access.crunchydata.com/documentation/postgres-operator/latest/guides/pgadmin)\n\nFor a list of possible pgadmin settings refer to [pgadmin docs](https://www.pgadmin.org/docs/pgadmin4/latest/config_py.html)\n\n" }, { "path": "kustomize/pgadmin/kustomization.yaml", "content": "apiVersion: kustomize.config.k8s.io/v1beta1\nkind: Kustomization\n\nnamespace: postgres-operator\n\nresources:\n- pgadmin.yaml\n\nsecretGenerator:\n- name: pgadmin-password-secret\n literals:\n - rhino-password=pgadmin\n type: Opaque\n\ngeneratorOptions:\n disableNameSuffixHash: true\n" }, { "path": "kustomize/pgadmin/pgadmin.yaml", "content": "apiVersion: postgres-operator.crunchydata.com/v1beta1\nkind: PGAdmin\nmetadata:\n name: rhino\nspec:\n users:\n - username: rhino@example.com\n role: Administrator\n passwordRef:\n name: pgadmin-password-secret\n key: rhino-password\n dataVolumeClaimSpec:\n accessModes:\n - \"ReadWriteOnce\"\n resources:\n requests:\n storage: 1Gi\n serverGroups:\n - name: supply\n # An empty selector selects all postgresclusters in the Namespace\n postgresClusterSelector: {}\n config:\n settings:\n AUTHENTICATION_SOURCES: ['internal']\n # Uncomment DEBUG to enable debug logging in pgAdmin\n # DEBUG: \"True\"\n # Configure OAUTH by setting the following *AND* adding\n # `oauth` to AUTHENTICATION_SOURCES\n #OAUTH2_CONFIG:\n # - OAUTH2_NAME: \"google\"\n # OAUTH2_DISPLAY_NAME: \"Google\"\n # OAUTH2_CLIENT_ID: \"XXXXXXX\"\n # OAUTH2_CLIENT_SECRET: \"XXXXXXX\"\n # OAUTH2_TOKEN_URL: \"https://oauth2.googleapis.com/token\"\n # OAUTH2_AUTHORIZATION_URL: \"https://accounts.google.com/o/oauth2/auth\"\n # OAUTH2_API_BASE_URL: \"https://openidconnect.googleapis.com/v1/\"\n # OAUTH2_SERVER_METADATA_URL: \"https://accounts.google.com/.well-known/openid-configuration\"\n # OAUTH2_SCOPE: \"openid email profile\"\n # OAUTH2_USERINFO_ENDPOINT: \"userinfo\"\n # OAUTH2_SSL_CERT_VERIFICATION: \"False\" # for testing purposes\n # OAUTH2_BUTTON_COLOR: \"red\" \n #OAUTH2_AUTO_CREATE_USER : \"True\"\n" }, { "path": "kustomize/postgres/kustomization.yaml", "content": "apiVersion: kustomize.config.k8s.io/v1beta1\nkind: Kustomization\n\nnamespace: postgres-operator\n\nresources:\n- postgres.yaml\n" }, { "path": "kustomize/postgres/postgres.yaml", "content": "apiVersion: postgres-operator.crunchydata.com/v1\nkind: PostgresCluster\nmetadata:\n name: hippo\n annotations:\n postgres-operator.crunchydata.com/autoCreateUserSchema: \"true\"\nspec:\n postgresVersion: 18\n users:\n - name: hippo\n databases:\n - zoo\n instances:\n - name: instance1\n dataVolumeClaimSpec:\n accessModes:\n - \"ReadWriteOnce\"\n resources:\n requests:\n storage: 1Gi\n backups:\n pgbackrest:\n repos:\n - name: repo1\n volume:\n volumeClaimSpec:\n accessModes:\n - \"ReadWriteOnce\"\n resources:\n requests:\n storage: 1Gi\n" }, { "path": "kustomize/s3/.gitignore", "content": "s3.conf\n" }, { "path": "kustomize/s3/kustomization.yaml", "content": "apiVersion: kustomize.config.k8s.io/v1beta1\nkind: Kustomization\n\nnamespace: postgres-operator\n\nsecretGenerator:\n- name: pgo-s3-creds\n files:\n - s3.conf\n\ngeneratorOptions:\n disableNameSuffixHash: true\n\nresources:\n- postgres.yaml\n" }, { "path": "kustomize/s3/postgres.yaml", "content": "apiVersion: postgres-operator.crunchydata.com/v1\nkind: PostgresCluster\nmetadata:\n name: hippo-s3\nspec:\n postgresVersion: 18\n instances:\n - dataVolumeClaimSpec:\n accessModes:\n - \"ReadWriteOnce\"\n resources:\n requests:\n storage: 1Gi\n backups:\n pgbackrest:\n configuration:\n - secret:\n name: pgo-s3-creds\n global:\n repo1-path: /pgbackrest/postgres-operator/hippo-s3/repo1\n repos:\n - name: repo1\n s3:\n bucket: \"\"\n endpoint: \"\"\n region: \"\"\n" }, { "path": "kustomize/s3/s3.conf.example", "content": "[global]\nrepo1-s3-key=\nrepo1-s3-key-secret=\n" } ]