Skip to content
Snippets Groups Projects
Commit 387fe1e6 authored by garciadeblas's avatar garciadeblas
Browse files

Update fb_magma_knf to fix issues in orc8r helm chart 


Signed-off-by: default avatargarciadeblas <gerardo.garciadeblas@telefonica.com>
parent f293be5e
No related tags found
No related merge requests found
Pipeline #14590 failed with stage
Stage:
    Hide whitespace changes
    Inline Side-by-side
    Showing
    with 2241 additions and 0 deletions
    magma/fb_magma_knf/helm-chart-v3s/orc8r/charts/postgresql/templates/serviceaccount.yaml 0 → 100644
    + 11
    0
    View file @ 387fe1e6
    {{- if and (.Values.serviceAccount.enabled) (not .Values.serviceAccount.name) }}
    apiVersion: v1
    kind: ServiceAccount
    metadata:
    labels:
    app: {{ template "postgresql.name" . }}
    chart: {{ template "postgresql.chart" . }}
    release: {{ .Release.Name | quote }}
    heritage: {{ .Release.Service | quote }}
    name: {{ template "postgresql.fullname" . }}
    {{- end }}
    \ No newline at end of file
    magma/fb_magma_knf/helm-chart-v3s/orc8r/charts/postgresql/templates/servicemonitor.yaml 0 → 100644
    + 33
    0
    View file @ 387fe1e6
    {{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
    apiVersion: monitoring.coreos.com/v1
    kind: ServiceMonitor
    metadata:
    name: {{ include "postgresql.fullname" . }}
    {{- if .Values.metrics.serviceMonitor.namespace }}
    namespace: {{ .Release.Namespace }}
    {{- end }}
    labels:
    app: {{ template "postgresql.name" . }}
    chart: {{ template "postgresql.chart" . }}
    release: {{ .Release.Name | quote }}
    heritage: {{ .Release.Service | quote }}
    {{- if .Values.metrics.serviceMonitor.additionalLabels }}
    {{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }}
    {{- end }}
    spec:
    endpoints:
    - port: http-metrics
    {{- if .Values.metrics.serviceMonitor.interval }}
    interval: {{ .Values.metrics.serviceMonitor.interval }}
    {{- end }}
    {{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
    scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
    {{- end }}
    namespaceSelector:
    matchNames:
    - {{ .Release.Namespace }}
    selector:
    matchLabels:
    app: {{ template "postgresql.name" . }}
    release: orc8r
    {{- end }}
    magma/fb_magma_knf/helm-chart-v3s/orc8r/charts/postgresql/templates/statefulset-slaves.yaml 0 → 100644
    + 299
    0
    View file @ 387fe1e6
    {{- if .Values.replication.enabled }}
    apiVersion: {{ template "postgresql.statefulset.apiVersion" . }}
    kind: StatefulSet
    metadata:
    name: "{{ template "postgresql.fullname" . }}-slave"
    labels:
    app: {{ template "postgresql.name" . }}
    chart: {{ template "postgresql.chart" . }}
    release: {{ .Release.Name | quote }}
    heritage: {{ .Release.Service | quote }}
    {{- with .Values.slave.labels }}
    {{ toYaml . | indent 4 }}
    {{- end }}
    {{- with .Values.slave.annotations }}
    annotations:
    {{ toYaml . | indent 4 }}
    {{- end }}
    spec:
    serviceName: {{ template "postgresql.fullname" . }}-headless
    replicas: {{ .Values.replication.slaveReplicas }}
    selector:
    matchLabels:
    app: {{ template "postgresql.name" . }}
    release: {{ .Release.Name | quote }}
    role: slave
    template:
    metadata:
    name: {{ template "postgresql.fullname" . }}
    labels:
    app: {{ template "postgresql.name" . }}
    chart: {{ template "postgresql.chart" . }}
    release: {{ .Release.Name | quote }}
    heritage: {{ .Release.Service | quote }}
    role: slave
    {{- with .Values.slave.podLabels }}
    {{ toYaml . | indent 8 }}
    {{- end }}
    {{- with .Values.slave.podAnnotations }}
    annotations:
    {{ toYaml . | indent 8 }}
    {{- end }}
    spec:
    {{- if .Values.schedulerName }}
    schedulerName: "{{ .Values.schedulerName }}"
    {{- end }}
    {{- include "postgresql.imagePullSecrets" . | indent 6 }}
    {{- if .Values.slave.nodeSelector }}
    nodeSelector:
    {{ toYaml .Values.slave.nodeSelector | indent 8 }}
    {{- end }}
    {{- if .Values.slave.affinity }}
    affinity:
    {{ toYaml .Values.slave.affinity | indent 8 }}
    {{- end }}
    {{- if .Values.slave.tolerations }}
    tolerations:
    {{ toYaml .Values.slave.tolerations | indent 8 }}
    {{- end }}
    {{- if .Values.terminationGracePeriodSeconds }}
    terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
    {{- end }}
    {{- if .Values.securityContext.enabled }}
    securityContext:
    fsGroup: {{ .Values.securityContext.fsGroup }}
    {{- end }}
    {{- if .Values.serviceAccount.enabled }}
    serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name}}
    {{- end }}
    {{- if or .Values.slave.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }}
    initContainers:
    {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled)) }}
    - name: init-chmod-data
    image: {{ template "postgresql.volumePermissions.image" . }}
    imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
    {{- if .Values.resources }}
    resources: {{- toYaml .Values.resources | nindent 12 }}
    {{- end }}
    command:
    - /bin/sh
    - -cx
    - |
    {{ if .Values.persistence.enabled }}
    mkdir -p {{ .Values.persistence.mountPath }}/data
    chmod 700 {{ .Values.persistence.mountPath }}/data
    find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \
    {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
    xargs chown -R `id -u`:`id -G | cut -d " " -f2`
    {{- else }}
    xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }}
    {{- end }}
    {{- end }}
    {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }}
    chmod -R 777 /dev/shm
    {{- end }}
    {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
    securityContext:
    {{- else }}
    securityContext:
    runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }}
    {{- end }}
    volumeMounts:
    {{ if .Values.persistence.enabled }}
    - name: data
    mountPath: {{ .Values.persistence.mountPath }}
    subPath: {{ .Values.persistence.subPath }}
    {{- end }}
    {{- if .Values.shmVolume.enabled }}
    - name: dshm
    mountPath: /dev/shm
    {{- end }}
    {{- end }}
    {{- if .Values.slave.extraInitContainers }}
    {{ tpl .Values.slave.extraInitContainers . | indent 8 }}
    {{- end }}
    {{- end }}
    {{- if .Values.slave.priorityClassName }}
    priorityClassName: {{ .Values.slave.priorityClassName }}
    {{- end }}
    containers:
    - name: {{ template "postgresql.fullname" . }}
    image: {{ template "postgresql.image" . }}
    imagePullPolicy: "{{ .Values.image.pullPolicy }}"
    {{- if .Values.resources }}
    resources: {{- toYaml .Values.resources | nindent 12 }}
    {{- end }}
    {{- if .Values.securityContext.enabled }}
    securityContext:
    runAsUser: {{ .Values.securityContext.runAsUser }}
    {{- end }}
    env:
    - name: BITNAMI_DEBUG
    value: {{ ternary "true" "false" .Values.image.debug | quote }}
    - name: POSTGRESQL_VOLUME_DIR
    value: "{{ .Values.persistence.mountPath }}"
    - name: POSTGRESQL_PORT_NUMBER
    value: "{{ template "postgresql.port" . }}"
    {{- if .Values.persistence.mountPath }}
    - name: PGDATA
    value: {{ .Values.postgresqlDataDir | quote }}
    {{- end }}
    - name: POSTGRES_REPLICATION_MODE
    value: "slave"
    - name: POSTGRES_REPLICATION_USER
    value: {{ include "postgresql.replication.username" . | quote }}
    {{- if .Values.usePasswordFile }}
    - name: POSTGRES_REPLICATION_PASSWORD_FILE
    value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password"
    {{- else }}
    - name: POSTGRES_REPLICATION_PASSWORD
    valueFrom:
    secretKeyRef:
    name: {{ template "postgresql.secretName" . }}
    key: postgresql-replication-password
    {{- end }}
    - name: POSTGRES_CLUSTER_APP_NAME
    value: {{ .Values.replication.applicationName }}
    - name: POSTGRES_MASTER_HOST
    value: {{ template "postgresql.fullname" . }}
    - name: POSTGRES_MASTER_PORT_NUMBER
    value: {{ include "postgresql.port" . | quote }}
    {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }}
    {{- if .Values.usePasswordFile }}
    - name: POSTGRES_POSTGRES_PASSWORD_FILE
    value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password"
    {{- else }}
    - name: POSTGRES_POSTGRES_PASSWORD
    valueFrom:
    secretKeyRef:
    name: {{ template "postgresql.secretName" . }}
    key: postgresql-postgres-password
    {{- end }}
    {{- end }}
    {{- if .Values.usePasswordFile }}
    - name: POSTGRES_PASSWORD_FILE
    value: "/opt/bitnami/postgresql/secrets/postgresql-password"
    {{- else }}
    - name: POSTGRES_PASSWORD
    valueFrom:
    secretKeyRef:
    name: {{ template "postgresql.secretName" . }}
    key: postgresql-password
    {{- end }}
    ports:
    - name: tcp-postgresql
    containerPort: {{ template "postgresql.port" . }}
    {{- if .Values.livenessProbe.enabled }}
    livenessProbe:
    exec:
    command:
    - /bin/sh
    - -c
    {{- if (include "postgresql.database" .) }}
    - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
    {{- else }}
    - exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
    {{- end }}
    initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
    periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
    timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
    successThreshold: {{ .Values.livenessProbe.successThreshold }}
    failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
    {{- end }}
    {{- if .Values.readinessProbe.enabled }}
    readinessProbe:
    exec:
    command:
    - /bin/sh
    - -c
    - -e
    {{- include "postgresql.readinessProbeCommand" . | nindent 16 }}
    initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
    periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
    timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
    successThreshold: {{ .Values.readinessProbe.successThreshold }}
    failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
    {{- end }}
    volumeMounts:
    {{- if .Values.usePasswordFile }}
    - name: postgresql-password
    mountPath: /opt/bitnami/postgresql/secrets/
    {{- end }}
    {{- if .Values.shmVolume.enabled }}
    - name: dshm
    mountPath: /dev/shm
    {{- end }}
    {{- if .Values.persistence.enabled }}
    - name: data
    mountPath: {{ .Values.persistence.mountPath }}
    subPath: {{ .Values.persistence.subPath }}
    {{ end }}
    {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }}
    - name: postgresql-extended-config
    mountPath: /bitnami/postgresql/conf/conf.d/
    {{- end }}
    {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }}
    - name: postgresql-config
    mountPath: /bitnami/postgresql/conf
    {{- end }}
    {{- if .Values.slave.extraVolumeMounts }}
    {{- toYaml .Values.slave.extraVolumeMounts | nindent 12 }}
    {{- end }}
    {{- if .Values.slave.sidecars }}
    {{- include "postgresql.tplValue" ( dict "value" .Values.slave.sidecars "context" $ ) | nindent 8 }}
    {{- end }}
    volumes:
    {{- if .Values.usePasswordFile }}
    - name: postgresql-password
    secret:
    secretName: {{ template "postgresql.secretName" . }}
    {{- end }}
    {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}}
    - name: postgresql-config
    configMap:
    name: {{ template "postgresql.configurationCM" . }}
    {{- end }}
    {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }}
    - name: postgresql-extended-config
    configMap:
    name: {{ template "postgresql.extendedConfigurationCM" . }}
    {{- end }}
    {{- if .Values.shmVolume.enabled }}
    - name: dshm
    emptyDir:
    medium: Memory
    sizeLimit: 1Gi
    {{- end }}
    {{- if not .Values.persistence.enabled }}
    - name: data
    emptyDir: {}
    {{- end }}
    {{- if .Values.slave.extraVolumes }}
    {{- toYaml .Values.slave.extraVolumes | nindent 8 }}
    {{- end }}
    updateStrategy:
    type: {{ .Values.updateStrategy.type }}
    {{- if (eq "Recreate" .Values.updateStrategy.type) }}
    rollingUpdate: null
    {{- end }}
    {{- if .Values.persistence.enabled }}
    volumeClaimTemplates:
    - metadata:
    name: data
    {{- with .Values.persistence.annotations }}
    annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value }}
    {{- end }}
    {{- end }}
    spec:
    accessModes:
    {{- range .Values.persistence.accessModes }}
    - {{ . | quote }}
    {{- end }}
    resources:
    requests:
    storage: {{ .Values.persistence.size | quote }}
    {{ include "postgresql.storageClass" . }}
    {{- end }}
    {{- end }}
    magma/fb_magma_knf/helm-chart-v3s/orc8r/charts/postgresql/templates/statefulset.yaml 0 → 100644
    + 458
    0
    View file @ 387fe1e6
    apiVersion: {{ template "postgresql.statefulset.apiVersion" . }}
    kind: StatefulSet
    metadata:
    name: {{ template "postgresql.master.fullname" . }}
    labels:
    app: {{ template "postgresql.name" . }}
    chart: {{ template "postgresql.chart" . }}
    release: {{ .Release.Name | quote }}
    heritage: {{ .Release.Service | quote }}
    {{- with .Values.master.labels }}
    {{ toYaml . | indent 4 }}
    {{- end }}
    {{- with .Values.master.annotations }}
    annotations:
    {{ toYaml . | indent 4 }}
    {{- end }}
    spec:
    serviceName: {{ template "postgresql.fullname" . }}-headless
    replicas: 1
    updateStrategy:
    type: {{ .Values.updateStrategy.type }}
    {{- if (eq "Recreate" .Values.updateStrategy.type) }}
    rollingUpdate: null
    {{- end }}
    selector:
    matchLabels:
    app: {{ template "postgresql.name" . }}
    release: {{ .Release.Name | quote }}
    role: master
    template:
    metadata:
    name: {{ template "postgresql.fullname" . }}
    labels:
    app: {{ template "postgresql.name" . }}
    chart: {{ template "postgresql.chart" . }}
    release: {{ .Release.Name | quote }}
    heritage: {{ .Release.Service | quote }}
    role: master
    {{- with .Values.master.podLabels }}
    {{ toYaml . | indent 8 }}
    {{- end }}
    {{- with .Values.master.podAnnotations }}
    annotations:
    {{ toYaml . | indent 8 }}
    {{- end }}
    spec:
    {{- if .Values.schedulerName }}
    schedulerName: "{{ .Values.schedulerName }}"
    {{- end }}
    {{- include "postgresql.imagePullSecrets" . | indent 6 }}
    {{- if .Values.master.nodeSelector }}
    nodeSelector:
    {{ toYaml .Values.master.nodeSelector | indent 8 }}
    {{- end }}
    {{- if .Values.master.affinity }}
    affinity:
    {{ toYaml .Values.master.affinity | indent 8 }}
    {{- end }}
    {{- if .Values.master.tolerations }}
    tolerations:
    {{ toYaml .Values.master.tolerations | indent 8 }}
    {{- end }}
    {{- if .Values.terminationGracePeriodSeconds }}
    terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
    {{- end }}
    {{- if .Values.securityContext.enabled }}
    securityContext:
    fsGroup: {{ .Values.securityContext.fsGroup }}
    {{- end }}
    {{- if .Values.serviceAccount.enabled }}
    serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name }}
    {{- end }}
    {{- if or .Values.master.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }}
    initContainers:
    {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled)) }}
    - name: init-chmod-data
    image: {{ template "postgresql.volumePermissions.image" . }}
    imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
    {{- if .Values.resources }}
    resources: {{- toYaml .Values.resources | nindent 12 }}
    {{- end }}
    command:
    - /bin/sh
    - -cx
    - |
    {{ if .Values.persistence.enabled }}
    mkdir -p {{ .Values.persistence.mountPath }}/data
    chmod 700 {{ .Values.persistence.mountPath }}/data
    find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \
    {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
    xargs chown -R `id -u`:`id -G | cut -d " " -f2`
    {{- else }}
    xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }}
    {{- end }}
    {{- end }}
    {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }}
    chmod -R 777 /dev/shm
    {{- end }}
    {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
    securityContext:
    {{- else }}
    securityContext:
    runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }}
    {{- end }}
    volumeMounts:
    {{ if .Values.persistence.enabled }}
    - name: data
    mountPath: {{ .Values.persistence.mountPath }}
    subPath: {{ .Values.persistence.subPath }}
    {{- end }}
    {{- if .Values.shmVolume.enabled }}
    - name: dshm
    mountPath: /dev/shm
    {{- end }}
    {{- end }}
    {{- if .Values.master.extraInitContainers }}
    {{ tpl .Values.master.extraInitContainers . | indent 8 }}
    {{- end }}
    {{- end }}
    {{- if .Values.master.priorityClassName }}
    priorityClassName: {{ .Values.master.priorityClassName }}
    {{- end }}
    containers:
    - name: {{ template "postgresql.fullname" . }}
    image: {{ template "postgresql.image" . }}
    imagePullPolicy: "{{ .Values.image.pullPolicy }}"
    {{- if .Values.resources }}
    resources: {{- toYaml .Values.resources | nindent 12 }}
    {{- end }}
    {{- if .Values.securityContext.enabled }}
    securityContext:
    runAsUser: {{ .Values.securityContext.runAsUser }}
    {{- end }}
    env:
    - name: BITNAMI_DEBUG
    value: {{ ternary "true" "false" .Values.image.debug | quote }}
    - name: POSTGRESQL_PORT_NUMBER
    value: "{{ template "postgresql.port" . }}"
    - name: POSTGRESQL_VOLUME_DIR
    value: "{{ .Values.persistence.mountPath }}"
    {{- if .Values.postgresqlInitdbArgs }}
    - name: POSTGRES_INITDB_ARGS
    value: {{ .Values.postgresqlInitdbArgs | quote }}
    {{- end }}
    {{- if .Values.postgresqlInitdbWalDir }}
    - name: POSTGRES_INITDB_WALDIR
    value: {{ .Values.postgresqlInitdbWalDir | quote }}
    {{- end }}
    {{- if .Values.initdbUser }}
    - name: POSTGRESQL_INITSCRIPTS_USERNAME
    value: {{ .Values.initdbUser }}
    {{- end }}
    {{- if .Values.initdbPassword }}
    - name: POSTGRESQL_INITSCRIPTS_PASSWORD
    value: .Values.initdbPassword
    {{- end }}
    {{- if .Values.persistence.mountPath }}
    - name: PGDATA
    value: {{ .Values.postgresqlDataDir | quote }}
    {{- end }}
    {{- if .Values.replication.enabled }}
    - name: POSTGRES_REPLICATION_MODE
    value: "master"
    - name: POSTGRES_REPLICATION_USER
    value: {{ include "postgresql.replication.username" . | quote }}
    {{- if .Values.usePasswordFile }}
    - name: POSTGRES_REPLICATION_PASSWORD_FILE
    value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password"
    {{- else }}
    - name: POSTGRES_REPLICATION_PASSWORD
    valueFrom:
    secretKeyRef:
    name: {{ template "postgresql.secretName" . }}
    key: postgresql-replication-password
    {{- end }}
    {{- if not (eq .Values.replication.synchronousCommit "off")}}
    - name: POSTGRES_SYNCHRONOUS_COMMIT_MODE
    value: {{ .Values.replication.synchronousCommit | quote }}
    - name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS
    value: {{ .Values.replication.numSynchronousReplicas | quote }}
    {{- end }}
    - name: POSTGRES_CLUSTER_APP_NAME
    value: {{ .Values.replication.applicationName }}
    {{- end }}
    {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }}
    {{- if .Values.usePasswordFile }}
    - name: POSTGRES_POSTGRES_PASSWORD_FILE
    value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password"
    {{- else }}
    - name: POSTGRES_POSTGRES_PASSWORD
    valueFrom:
    secretKeyRef:
    name: {{ template "postgresql.secretName" . }}
    key: postgresql-postgres-password
    {{- end }}
    {{- end }}
    - name: POSTGRES_USER
    value: {{ include "postgresql.username" . | quote }}
    {{- if .Values.usePasswordFile }}
    - name: POSTGRES_PASSWORD_FILE
    value: "/opt/bitnami/postgresql/secrets/postgresql-password"
    {{- else }}
    - name: POSTGRES_PASSWORD
    valueFrom:
    secretKeyRef:
    name: {{ template "postgresql.secretName" . }}
    key: postgresql-password
    {{- end }}
    {{- if (include "postgresql.database" .) }}
    - name: POSTGRES_DB
    value: {{ (include "postgresql.database" .) | quote }}
    {{- end }}
    {{- if .Values.extraEnv }}
    {{- include "postgresql.tplValue" (dict "value" .Values.extraEnv "context" $) | nindent 12 }}
    {{- end }}
    - name: POSTGRESQL_ENABLE_LDAP
    value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }}
    {{- if .Values.ldap.enabled }}
    - name: POSTGRESQL_LDAP_SERVER
    value: {{ .Values.ldap.server }}
    - name: POSTGRESQL_LDAP_PORT
    value: {{ .Values.ldap.port | quote }}
    - name: POSTGRESQL_LDAP_SCHEME
    value: {{ .Values.ldap.scheme }}
    {{- if .Values.ldap.tls }}
    - name: POSTGRESQL_LDAP_TLS
    value: "1"
    {{- end}}
    - name: POSTGRESQL_LDAP_PREFIX
    value: {{ .Values.ldap.prefix | quote }}
    - name: POSTGRESQL_LDAP_SUFFIX
    value: {{ .Values.ldap.suffix | quote}}
    - name: POSTGRESQL_LDAP_BASE_DN
    value: {{ .Values.ldap.baseDN }}
    - name: POSTGRESQL_LDAP_BIND_DN
    value: {{ .Values.ldap.bindDN }}
    {{- if (not (empty .Values.ldap.bind_password)) }}
    - name: POSTGRESQL_LDAP_BIND_PASSWORD
    valueFrom:
    secretKeyRef:
    name: {{ template "postgresql.secretName" . }}
    key: postgresql-ldap-password
    {{- end}}
    - name: POSTGRESQL_LDAP_SEARCH_ATTR
    value: {{ .Values.ldap.search_attr }}
    - name: POSTGRESQL_LDAP_SEARCH_FILTER
    value: {{ .Values.ldap.search_filter }}
    - name: POSTGRESQL_LDAP_URL
    value: {{ .Values.ldap.url }}
    {{- end}}
    {{- if .Values.extraEnvVarsCM }}
    envFrom:
    - configMapRef:
    name: {{ .Values.extraEnvVarsCM }}
    {{- end }}
    ports:
    - name: tcp-postgresql
    containerPort: {{ template "postgresql.port" . }}
    {{- if .Values.livenessProbe.enabled }}
    livenessProbe:
    exec:
    command:
    - /bin/sh
    - -c
    {{- if (include "postgresql.database" .) }}
    - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
    {{- else }}
    - exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
    {{- end }}
    initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
    periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
    timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
    successThreshold: {{ .Values.livenessProbe.successThreshold }}
    failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
    {{- end }}
    {{- if .Values.readinessProbe.enabled }}
    readinessProbe:
    exec:
    command:
    - /bin/sh
    - -c
    - -e
    {{- include "postgresql.readinessProbeCommand" . | nindent 16 }}
    initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
    periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
    timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
    successThreshold: {{ .Values.readinessProbe.successThreshold }}
    failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
    {{- end }}
    volumeMounts:
    {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }}
    - name: custom-init-scripts
    mountPath: /docker-entrypoint-initdb.d/
    {{- end }}
    {{- if .Values.initdbScriptsSecret }}
    - name: custom-init-scripts-secret
    mountPath: /docker-entrypoint-initdb.d/secret
    {{- end }}
    {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }}
    - name: postgresql-extended-config
    mountPath: /bitnami/postgresql/conf/conf.d/
    {{- end }}
    {{- if .Values.usePasswordFile }}
    - name: postgresql-password
    mountPath: /opt/bitnami/postgresql/secrets/
    {{- end }}
    {{- if .Values.shmVolume.enabled }}
    - name: dshm
    mountPath: /dev/shm
    {{- end }}
    {{- if .Values.persistence.enabled }}
    - name: data
    mountPath: {{ .Values.persistence.mountPath }}
    subPath: {{ .Values.persistence.subPath }}
    {{- end }}
    {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }}
    - name: postgresql-config
    mountPath: /bitnami/postgresql/conf
    {{- end }}
    {{- if .Values.master.extraVolumeMounts }}
    {{- toYaml .Values.master.extraVolumeMounts | nindent 12 }}
    {{- end }}
    {{- if .Values.master.sidecars }}
    {{- include "postgresql.tplValue" ( dict "value" .Values.master.sidecars "context" $ ) | nindent 8 }}
    {{- end }}
    {{- if .Values.metrics.enabled }}
    - name: metrics
    image: {{ template "postgresql.metrics.image" . }}
    imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
    {{- if .Values.metrics.securityContext.enabled }}
    securityContext:
    runAsUser: {{ .Values.metrics.securityContext.runAsUser }}
    {{- end }}
    env:
    {{- $database := required "In order to enable metrics you need to specify a database (.Values.postgresqlDatabase or .Values.global.postgresql.postgresqlDatabase)" (include "postgresql.database" .) }}
    - name: DATA_SOURCE_URI
    value: {{ printf "127.0.0.1:%d/%s?sslmode=disable" (int (include "postgresql.port" .)) $database | quote }}
    {{- if .Values.usePasswordFile }}
    - name: DATA_SOURCE_PASS_FILE
    value: "/opt/bitnami/postgresql/secrets/postgresql-password"
    {{- else }}
    - name: DATA_SOURCE_PASS
    valueFrom:
    secretKeyRef:
    name: {{ template "postgresql.secretName" . }}
    key: postgresql-password
    {{- end }}
    - name: DATA_SOURCE_USER
    value: {{ template "postgresql.username" . }}
    {{- if .Values.livenessProbe.enabled }}
    livenessProbe:
    httpGet:
    path: /
    port: http-metrics
    initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }}
    periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }}
    timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }}
    successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }}
    failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }}
    {{- end }}
    {{- if .Values.readinessProbe.enabled }}
    readinessProbe:
    httpGet:
    path: /
    port: http-metrics
    initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }}
    periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }}
    timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }}
    successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }}
    failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }}
    {{- end }}
    volumeMounts:
    {{- if .Values.usePasswordFile }}
    - name: postgresql-password
    mountPath: /opt/bitnami/postgresql/secrets/
    {{- end }}
    {{- if .Values.metrics.customMetrics }}
    - name: custom-metrics
    mountPath: /conf
    readOnly: true
    args: ["--extend.query-path", "/conf/custom-metrics.yaml"]
    {{- end }}
    ports:
    - name: http-metrics
    containerPort: 9187
    {{- if .Values.metrics.resources }}
    resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
    {{- end }}
    {{- end }}
    volumes:
    {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}}
    - name: postgresql-config
    configMap:
    name: {{ template "postgresql.configurationCM" . }}
    {{- end }}
    {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }}
    - name: postgresql-extended-config
    configMap:
    name: {{ template "postgresql.extendedConfigurationCM" . }}
    {{- end }}
    {{- if .Values.usePasswordFile }}
    - name: postgresql-password
    secret:
    secretName: {{ template "postgresql.secretName" . }}
    {{- end }}
    {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }}
    - name: custom-init-scripts
    configMap:
    name: {{ template "postgresql.initdbScriptsCM" . }}
    {{- end }}
    {{- if .Values.initdbScriptsSecret }}
    - name: custom-init-scripts-secret
    secret:
    secretName: {{ template "postgresql.initdbScriptsSecret" . }}
    {{- end }}
    {{- if .Values.master.extraVolumes }}
    {{- toYaml .Values.master.extraVolumes | nindent 8 }}
    {{- end }}
    {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }}
    - name: custom-metrics
    configMap:
    name: {{ template "postgresql.metricsCM" . }}
    {{- end }}
    {{- if .Values.shmVolume.enabled }}
    - name: dshm
    emptyDir:
    medium: Memory
    sizeLimit: 1Gi
    {{- end }}
    {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
    - name: data
    persistentVolumeClaim:
    {{- with .Values.persistence.existingClaim }}
    claimName: {{ tpl . $ }}
    {{- end }}
    {{- else if not .Values.persistence.enabled }}
    - name: data
    emptyDir: {}
    {{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
    volumeClaimTemplates:
    - metadata:
    name: data
    {{- with .Values.persistence.annotations }}
    annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value }}
    {{- end }}
    {{- end }}
    spec:
    accessModes:
    {{- range .Values.persistence.accessModes }}
    - {{ . | quote }}
    {{- end }}
    resources:
    requests:
    storage: {{ .Values.persistence.size | quote }}
    {{ include "postgresql.storageClass" . }}
    {{- end }}
    magma/fb_magma_knf/helm-chart-v3s/orc8r/charts/postgresql/templates/svc-headless.yaml 0 → 100644
    + 20
    0
    View file @ 387fe1e6
    apiVersion: v1
    kind: Service
    metadata:
    #name: {{ template "postgresql.fullname" . }}-headless
    name: postgresql-headless
    labels:
    app: {{ template "postgresql.name" . }}
    chart: {{ template "postgresql.chart" . }}
    release: {{ .Release.Name | quote }}
    heritage: {{ .Release.Service | quote }}
    spec:
    type: ClusterIP
    clusterIP: None
    ports:
    - name: tcp-postgresql
    port: {{ template "postgresql.port" . }}
    targetPort: tcp-postgresql
    selector:
    app: {{ template "postgresql.name" . }}
    release: {{ .Release.Name | quote }}
    magma/fb_magma_knf/helm-chart-v3s/orc8r/charts/postgresql/templates/svc-read.yaml 0 → 100644
    + 32
    0
    View file @ 387fe1e6
    {{- if .Values.replication.enabled }}
    apiVersion: v1
    kind: Service
    metadata:
    # name: {{ template "postgresql.fullname" . }}-read
    name: postgresql
    labels:
    app: {{ template "postgresql.name" . }}
    chart: {{ template "postgresql.chart" . }}
    release: {{ .Release.Name | quote }}
    heritage: {{ .Release.Service | quote }}
    {{- with .Values.service.annotations }}
    annotations:
    {{ toYaml . | indent 4 }}
    {{- end }}
    spec:
    type: {{ .Values.service.type }}
    {{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }}
    loadBalancerIP: {{ .Values.service.loadBalancerIP }}
    {{- end }}
    ports:
    - name: tcp-postgresql
    port: {{ template "postgresql.port" . }}
    targetPort: tcp-postgresql
    {{- if .Values.service.nodePort }}
    nodePort: {{ .Values.service.nodePort }}
    {{- end }}
    selector:
    app: {{ template "postgresql.name" . }}
    release: {{ .Release.Name | quote }}
    role: slave
    {{- end }}
    magma/fb_magma_knf/helm-chart-v3s/orc8r/charts/postgresql/templates/svc.yaml 0 → 100644
    + 38
    0
    View file @ 387fe1e6
    apiVersion: v1
    kind: Service
    metadata:
    name: {{ template "postgresql.fullname" . }}
    labels:
    app: {{ template "postgresql.name" . }}
    chart: {{ template "postgresql.chart" . }}
    release: {{ .Release.Name | quote }}
    heritage: {{ .Release.Service | quote }}
    {{- with .Values.service.annotations }}
    annotations:
    {{ tpl (toYaml .) $ | indent 4 }}
    {{- end }}
    spec:
    type: {{ .Values.service.type }}
    {{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }}
    loadBalancerIP: {{ .Values.service.loadBalancerIP }}
    {{- end }}
    {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }}
    loadBalancerSourceRanges:
    {{ with .Values.service.loadBalancerSourceRanges }}
    {{ toYaml . | indent 4 }}
    {{- end }}
    {{- end }}
    {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }}
    clusterIP: {{ .Values.service.clusterIP }}
    {{- end }}
    ports:
    - name: tcp-postgresql
    port: {{ template "postgresql.port" . }}
    targetPort: tcp-postgresql
    {{- if .Values.service.nodePort }}
    nodePort: {{ .Values.service.nodePort }}
    {{- end }}
    selector:
    app: {{ template "postgresql.name" . }}
    release: {{ .Release.Name | quote }}
    role: master
    magma/fb_magma_knf/helm-chart-v3s/orc8r/charts/postgresql/values-production.yaml 0 → 100644
    + 520
    0
    View file @ 387fe1e6
    ## Global Docker image parameters
    ## Please, note that this will override the image parameters, including dependencies, configured to use the global value
    ## Current available global Docker image parameters: imageRegistry and imagePullSecrets
    ##
    global:
    postgresql: {}
    # imageRegistry: myRegistryName
    # imagePullSecrets:
    # - myRegistryKeySecretName
    # storageClass: myStorageClass
    ## Bitnami PostgreSQL image version
    ## ref: https://hub.docker.com/r/bitnami/postgresql/tags/
    ##
    image:
    registry: docker.io
    repository: bitnami/postgresql
    tag: 11.7.0-debian-10-r9
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
    ## Optionally specify an array of imagePullSecrets.
    ## Secrets must be manually created in the namespace.
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
    ##
    # pullSecrets:
    # - myRegistryKeySecretName
    ## Set to true if you would like to see extra information on logs
    ## It turns BASH and NAMI debugging in minideb
    ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
    debug: false
    ## String to partially override postgresql.fullname template (will maintain the release name)
    ##
    # nameOverride:
    ## String to fully override postgresql.fullname template
    ##
    # fullnameOverride:
    ##
    ## Init containers parameters:
    ## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup
    ##
    volumePermissions:
    enabled: false
    image:
    registry: docker.io
    repository: bitnami/minideb
    tag: buster
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: Always
    ## Optionally specify an array of imagePullSecrets.
    ## Secrets must be manually created in the namespace.
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
    ##
    # pullSecrets:
    # - myRegistryKeySecretName
    ## Init container Security Context
    ## Note: the chown of the data folder is done to securityContext.runAsUser
    ## and not the below volumePermissions.securityContext.runAsUser
    ## When runAsUser is set to special value "auto", init container will try to chwon the
    ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
    ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed).
    ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with
    ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false
    ##
    securityContext:
    runAsUser: 0
    ## Use an alternate scheduler, e.g. "stork".
    ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
    ##
    # schedulerName:
    ## Pod Security Context
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
    ##
    securityContext:
    enabled: true
    fsGroup: 1001
    runAsUser: 1001
    ## Pod Service Account
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
    serviceAccount:
    enabled: false
    ## Name of an already existing service account. Setting this value disables the automatic service account creation.
    # name:
    replication:
    enabled: true
    user: repl_user
    password: repl_password
    slaveReplicas: 2
    ## Set synchronous commit mode: on, off, remote_apply, remote_write and local
    ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL
    synchronousCommit: "on"
    ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication
    ## NOTE: It cannot be > slaveReplicas
    numSynchronousReplicas: 1
    ## Replication Cluster application name. Useful for defining multiple replication policies
    applicationName: my_application
    ## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`)
    ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!)
    # postgresqlPostgresPassword:
    ## PostgreSQL user (has superuser privileges if username is `postgres`)
    ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run
    postgresqlUsername: postgres
    ## PostgreSQL password
    ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run
    ##
    # postgresqlPassword:
    ## PostgreSQL password using existing secret
    ## existingSecret: secret
    ## Mount PostgreSQL secret as a file instead of passing environment variable
    # usePasswordFile: false
    ## Create a database
    ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run
    ##
    # postgresqlDatabase:
    ## PostgreSQL data dir
    ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md
    ##
    postgresqlDataDir: /bitnami/postgresql/data
    ## An array to add extra environment variables
    ## For example:
    ## extraEnv:
    ## - name: FOO
    ## value: "bar"
    ##
    # extraEnv:
    extraEnv: []
    ## Name of a ConfigMap containing extra env vars
    ##
    # extraEnvVarsCM:
    ## Specify extra initdb args
    ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md
    ##
    # postgresqlInitdbArgs:
    ## Specify a custom location for the PostgreSQL transaction log
    ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md
    ##
    # postgresqlInitdbWalDir:
    ## PostgreSQL configuration
    ## Specify runtime configuration parameters as a dict, using camelCase, e.g.
    ## {"sharedBuffers": "500MB"}
    ## Alternatively, you can put your postgresql.conf under the files/ directory
    ## ref: https://www.postgresql.org/docs/current/static/runtime-config.html
    ##
    # postgresqlConfiguration:
    ## PostgreSQL extended configuration
    ## As above, but _appended_ to the main configuration
    ## Alternatively, you can put your *.conf under the files/conf.d/ directory
    ## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf
    ##
    # postgresqlExtendedConf:
    ## PostgreSQL client authentication configuration
    ## Specify content for pg_hba.conf
    ## Default: do not create pg_hba.conf
    ## Alternatively, you can put your pg_hba.conf under the files/ directory
    # pgHbaConfiguration: |-
    # local all all trust
    # host all all localhost trust
    # host mydatabase mysuser 192.168.0.0/24 md5
    ## ConfigMap with PostgreSQL configuration
    ## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration
    # configurationConfigMap:
    ## ConfigMap with PostgreSQL extended configuration
    # extendedConfConfigMap:
    ## initdb scripts
    ## Specify dictionary of scripts to be run at first boot
    ## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory
    ##
    # initdbScripts:
    # my_init_script.sh: |
    # #!/bin/sh
    # echo "Do something."
    ## Specify the PostgreSQL username and password to execute the initdb scripts
    # initdbUser:
    # initdbPassword:
    ## ConfigMap with scripts to be run at first boot
    ## NOTE: This will override initdbScripts
    # initdbScriptsConfigMap:
    ## Secret with scripts to be run at first boot (in case it contains sensitive information)
    ## NOTE: This can work along initdbScripts or initdbScriptsConfigMap
    # initdbScriptsSecret:
    ## Optional duration in seconds the pod needs to terminate gracefully.
    ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
    ##
    # terminationGracePeriodSeconds: 30
    ## LDAP configuration
    ##
    ldap:
    enabled: false
    url: ""
    server: ""
    port: ""
    prefix: ""
    suffix: ""
    baseDN: ""
    bindDN: ""
    bind_password:
    search_attr: ""
    search_filter: ""
    scheme: ""
    tls: false
    ## PostgreSQL service configuration
    service:
    ## PosgresSQL service type
    type: ClusterIP
    # clusterIP: None
    port: 5432
    ## Specify the nodePort value for the LoadBalancer and NodePort service types.
    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
    ##
    # nodePort:
    ## Provide any additional annotations which may be required.
    ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart
    annotations: {}
    ## Set the LoadBalancer service type to internal only.
    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
    ##
    # loadBalancerIP:
    ## Load Balancer sources
    ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
    ##
    # loadBalancerSourceRanges:
    # - 10.10.10.0/24
    ## Start master and slave(s) pod(s) without limitations on shm memory.
    ## By default docker and containerd (and possibly other container runtimes)
    ## limit `/dev/shm` to `64M` (see e.g. the
    ## [docker issue](https://github.com/docker-library/postgres/issues/416) and the
    ## [containerd issue](https://github.com/containerd/containerd/issues/3654),
    ## which could be not enough if PostgreSQL uses parallel workers heavily.
    ##
    shmVolume:
    ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove
    ## this limitation.
    ##
    enabled: true
    ## Set to `true` to `chmod 777 /dev/shm` on a initContainer.
    ## This option is ingored if `volumePermissions.enabled` is `false`
    ##
    chmod:
    enabled: true
    ## PostgreSQL data Persistent Volume Storage Class
    ## If defined, storageClassName: <storageClass>
    ## If set to "-", storageClassName: "", which disables dynamic provisioning
    ## If undefined (the default) or set to null, no storageClassName spec is
    ## set, choosing the default provisioner. (gp2 on AWS, standard on
    ## GKE, AWS & OpenStack)
    ##
    persistence:
    enabled: true
    ## A manually managed Persistent Volume and Claim
    ## If defined, PVC must be created manually before volume will be bound
    ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart
    ##
    # existingClaim:
    ## The path the volume will be mounted at, useful when using different
    ## PostgreSQL images.
    ##
    mountPath: /bitnami/postgresql
    ## The subdirectory of the volume to mount to, useful in dev environments
    ## and one PV for multiple services.
    ##
    subPath: ""
    # storageClass: "-"
    accessModes:
    - ReadWriteOnce
    size: 8Gi
    annotations: {}
    ## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets
    ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
    updateStrategy:
    type: RollingUpdate
    ##
    ## PostgreSQL Master parameters
    ##
    master:
    ## Node, affinity, tolerations, and priorityclass settings for pod assignment
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
    ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption
    nodeSelector: {}
    affinity: {}
    tolerations: []
    labels: {}
    annotations: {}
    podLabels: {}
    podAnnotations: {}
    priorityClassName: ""
    ## Additional PostgreSQL Master Volume mounts
    ##
    extraVolumeMounts: []
    ## Additional PostgreSQL Master Volumes
    ##
    extraVolumes: []
    ## Add sidecars to the pod
    ##
    ## For example:
    ## sidecars:
    ## - name: your-image-name
    ## image: your-image
    ## imagePullPolicy: Always
    ## ports:
    ## - name: portname
    ## containerPort: 1234
    sidecars: []
    ##
    ## PostgreSQL Slave parameters
    ##
    slave:
    ## Node, affinity, tolerations, and priorityclass settings for pod assignment
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
    ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption
    nodeSelector: {}
    affinity: {}
    tolerations: []
    labels: {}
    annotations: {}
    podLabels: {}
    podAnnotations: {}
    priorityClassName: ""
    extraInitContainers: |
    # - name: do-something
    # image: busybox
    # command: ['do', 'something']
    ## Additional PostgreSQL Slave Volume mounts
    ##
    extraVolumeMounts: []
    ## Additional PostgreSQL Slave Volumes
    ##
    extraVolumes: []
    ## Add sidecars to the pod
    ##
    ## For example:
    ## sidecars:
    ## - name: your-image-name
    ## image: your-image
    ## imagePullPolicy: Always
    ## ports:
    ## - name: portname
    ## containerPort: 1234
    sidecars: []
    ## Configure resource requests and limits
    ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
    ##
    resources:
    requests:
    memory: 256Mi
    cpu: 250m
    networkPolicy:
    ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now.
    ##
    enabled: false
    ## The Policy model to apply. When set to false, only pods with the correct
    ## client label will have network access to the port PostgreSQL is listening
    ## on. When true, PostgreSQL will accept connections from any source
    ## (with the correct destination port).
    ##
    allowExternal: true
    ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace
    ## and that match other criteria, the ones that have the good label, can reach the DB.
    ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this
    ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added.
    ##
    # explicitNamespacesSelector:
    # matchLabels:
    # role: frontend
    # matchExpressions:
    # - {key: role, operator: In, values: [frontend]}
    ## Configure extra options for liveness and readiness probes
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
    livenessProbe:
    enabled: true
    initialDelaySeconds: 30
    periodSeconds: 10
    timeoutSeconds: 5
    failureThreshold: 6
    successThreshold: 1
    readinessProbe:
    enabled: true
    initialDelaySeconds: 5
    periodSeconds: 10
    timeoutSeconds: 5
    failureThreshold: 6
    successThreshold: 1
    ## Configure metrics exporter
    ##
    metrics:
    enabled: true
    # resources: {}
    service:
    type: ClusterIP
    annotations:
    prometheus.io/scrape: "true"
    prometheus.io/port: "9187"
    loadBalancerIP:
    serviceMonitor:
    enabled: false
    additionalLabels: {}
    # namespace: monitoring
    # interval: 30s
    # scrapeTimeout: 10s
    ## Custom PrometheusRule to be defined
    ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart
    ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
    prometheusRule:
    enabled: false
    additionalLabels: {}
    namespace: ""
    rules: []
    ## These are just examples rules, please adapt them to your needs.
    ## Make sure to constraint the rules to the current postgresql service.
    # - alert: HugeReplicationLag
    # expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1
    # for: 1m
    # labels:
    # severity: critical
    # annotations:
    # description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s).
    # summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s).
    image:
    registry: docker.io
    repository: bitnami/postgres-exporter
    tag: 0.8.0-debian-10-r28
    pullPolicy: IfNotPresent
    ## Optionally specify an array of imagePullSecrets.
    ## Secrets must be manually created in the namespace.
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
    ##
    # pullSecrets:
    # - myRegistryKeySecretName
    ## Define additional custom metrics
    ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file
    # customMetrics:
    # pg_database:
    # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')"
    # metrics:
    # - name:
    # usage: "LABEL"
    # description: "Name of the database"
    # - size_bytes:
    # usage: "GAUGE"
    # description: "Size of the database in bytes"
    ## Pod Security Context
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
    ##
    securityContext:
    enabled: false
    runAsUser: 1001
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
    ## Configure extra options for liveness and readiness probes
    livenessProbe:
    enabled: true
    initialDelaySeconds: 5
    periodSeconds: 10
    timeoutSeconds: 5
    failureThreshold: 6
    successThreshold: 1
    readinessProbe:
    enabled: true
    initialDelaySeconds: 5
    periodSeconds: 10
    timeoutSeconds: 5
    failureThreshold: 6
    successThreshold: 1
    magma/fb_magma_knf/helm-chart-v3s/orc8r/charts/postgresql/values.schema.json 0 → 100644
    + 103
    0
    View file @ 387fe1e6
    {
    "$schema": "http://json-schema.org/schema#",
    "type": "object",
    "properties": {
    "postgresqlUsername": {
    "type": "string",
    "title": "Admin user",
    "form": true
    },
    "postgresqlPassword": {
    "type": "string",
    "title": "Password",
    "form": true
    },
    "persistence": {
    "type": "object",
    "properties": {
    "size": {
    "type": "string",
    "title": "Persistent Volume Size",
    "form": true,
    "render": "slider",
    "sliderMin": 1,
    "sliderMax": 100,
    "sliderUnit": "Gi"
    }
    }
    },
    "resources": {
    "type": "object",
    "title": "Required Resources",
    "description": "Configure resource requests",
    "form": true,
    "properties": {
    "requests": {
    "type": "object",
    "properties": {
    "memory": {
    "type": "string",
    "form": true,
    "render": "slider",
    "title": "Memory Request",
    "sliderMin": 10,
    "sliderMax": 2048,
    "sliderUnit": "Mi"
    },
    "cpu": {
    "type": "string",
    "form": true,
    "render": "slider",
    "title": "CPU Request",
    "sliderMin": 10,
    "sliderMax": 2000,
    "sliderUnit": "m"
    }
    }
    }
    }
    },
    "replication": {
    "type": "object",
    "form": true,
    "title": "Replication Details",
    "properties": {
    "enabled": {
    "type": "boolean",
    "title": "Enable Replication",
    "form": true
    },
    "slaveReplicas": {
    "type": "integer",
    "title": "Slave Replicas",
    "form": true,
    "hidden": {
    "condition": false,
    "value": "replication.enabled"
    }
    }
    }
    },
    "volumePermissions": {
    "type": "object",
    "properties": {
    "enabled": {
    "type": "boolean",
    "form": true,
    "title": "Enable Init Containers",
    "description": "Change the owner of the persist volume mountpoint to RunAsUser:fsGroup"
    }
    }
    },
    "metrics": {
    "type": "object",
    "properties": {
    "enabled": {
    "type": "boolean",
    "title": "Configure metrics exporter",
    "form": true
    }
    }
    }
    }
    }
    magma/fb_magma_knf/helm-chart-v3s/orc8r/charts/postgresql/values.yaml 0 → 100644
    + 526
    0
    View file @ 387fe1e6
    ## Global Docker image parameters
    ## Please, note that this will override the image parameters, including dependencies, configured to use the global value
    ## Current available global Docker image parameters: imageRegistry and imagePullSecrets
    ##
    global:
    postgresql: {}
    # imageRegistry: myRegistryName
    # imagePullSecrets:
    # - myRegistryKeySecretName
    # storageClass: myStorageClass
    ## Bitnami PostgreSQL image version
    ## ref: https://hub.docker.com/r/bitnami/postgresql/tags/
    ##
    image:
    registry: docker.io
    repository: bitnami/postgresql
    tag: 11.7.0-debian-10-r9
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
    ## Optionally specify an array of imagePullSecrets.
    ## Secrets must be manually created in the namespace.
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
    ##
    # pullSecrets:
    # - myRegistryKeySecretName
    ## Set to true if you would like to see extra information on logs
    ## It turns BASH and NAMI debugging in minideb
    ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
    debug: false
    ## String to partially override postgresql.fullname template (will maintain the release name)
    ##
    # nameOverride:
    ## String to fully override postgresql.fullname template
    ##
    fullnameOverride: postgresql
    ##
    ## Init containers parameters:
    ## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup
    ##
    volumePermissions:
    enabled: false
    image:
    registry: docker.io
    repository: bitnami/minideb
    tag: buster
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: Always
    ## Optionally specify an array of imagePullSecrets.
    ## Secrets must be manually created in the namespace.
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
    ##
    # pullSecrets:
    # - myRegistryKeySecretName
    ## Init container Security Context
    ## Note: the chown of the data folder is done to securityContext.runAsUser
    ## and not the below volumePermissions.securityContext.runAsUser
    ## When runAsUser is set to special value "auto", init container will try to chwon the
    ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
    ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed).
    ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with
    ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false
    ##
    securityContext:
    runAsUser: 0
    ## Use an alternate scheduler, e.g. "stork".
    ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
    ##
    # schedulerName:
    ## Pod Security Context
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
    ##
    securityContext:
    enabled: true
    fsGroup: 1001
    runAsUser: 1001
    ## Pod Service Account
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
    serviceAccount:
    enabled: false
    ## Name of an already existing service account. Setting this value disables the automatic service account creation.
    # name:
    replication:
    enabled: false
    user: repl_user
    password: repl_password
    slaveReplicas: 1
    ## Set synchronous commit mode: on, off, remote_apply, remote_write and local
    ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL
    synchronousCommit: "off"
    ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication
    ## NOTE: It cannot be > slaveReplicas
    numSynchronousReplicas: 0
    ## Replication Cluster application name. Useful for defining multiple replication policies
    applicationName: my_application
    ## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`)
    ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!)
    # postgresqlPostgresPassword:
    ## PostgreSQL user (has superuser privileges if username is `postgres`)
    ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run
    postgresqlUsername: postgres
    ## PostgreSQL password
    ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run
    ##
    postgresqlPassword: postgres
    ## PostgreSQL password using existing secret
    ## existingSecret: secret
    ## Mount PostgreSQL secret as a file instead of passing environment variable
    # usePasswordFile: false
    ## Create a database
    ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run
    ##
    postgresqlDatabase: magma
    ## PostgreSQL data dir
    ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md
    ##
    postgresqlDataDir: /bitnami/postgresql/data
    ## An array to add extra environment variables
    ## For example:
    ## extraEnv:
    ## - name: FOO
    ## value: "bar"
    ##
    # extraEnv:
    extraEnv: []
    ## Name of a ConfigMap containing extra env vars
    ##
    # extraEnvVarsCM:
    ## Specify extra initdb args
    ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md
    ##
    # postgresqlInitdbArgs:
    ## Specify a custom location for the PostgreSQL transaction log
    ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md
    ##
    # postgresqlInitdbWalDir:
    ## PostgreSQL configuration
    ## Specify runtime configuration parameters as a dict, using camelCase, e.g.
    ## {"sharedBuffers": "500MB"}
    ## Alternatively, you can put your postgresql.conf under the files/ directory
    ## ref: https://www.postgresql.org/docs/current/static/runtime-config.html
    ##
    # postgresqlConfiguration:
    ## PostgreSQL extended configuration
    ## As above, but _appended_ to the main configuration
    ## Alternatively, you can put your *.conf under the files/conf.d/ directory
    ## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf
    ##
    # postgresqlExtendedConf:
    ## PostgreSQL client authentication configuration
    ## Specify content for pg_hba.conf
    ## Default: do not create pg_hba.conf
    ## Alternatively, you can put your pg_hba.conf under the files/ directory
    # pgHbaConfiguration: |-
    # local all all trust
    # host all all localhost trust
    # host mydatabase mysuser 192.168.0.0/24 md5
    ## ConfigMap with PostgreSQL configuration
    ## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration
    # configurationConfigMap:
    ## ConfigMap with PostgreSQL extended configuration
    # extendedConfConfigMap:
    ## initdb scripts
    ## Specify dictionary of scripts to be run at first boot
    ## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory
    ##
    # initdbScripts:
    # my_init_script.sh: |
    # #!/bin/sh
    # echo "Do something."
    ## ConfigMap with scripts to be run at first boot
    ## NOTE: This will override initdbScripts
    # initdbScriptsConfigMap:
    ## Secret with scripts to be run at first boot (in case it contains sensitive information)
    ## NOTE: This can work along initdbScripts or initdbScriptsConfigMap
    # initdbScriptsSecret:
    ## Specify the PostgreSQL username and password to execute the initdb scripts
    # initdbUser:
    # initdbPassword:
    ## Optional duration in seconds the pod needs to terminate gracefully.
    ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
    ##
    # terminationGracePeriodSeconds: 30
    ## LDAP configuration
    ##
    ldap:
    enabled: false
    url: ""
    server: ""
    port: ""
    prefix: ""
    suffix: ""
    baseDN: ""
    bindDN: ""
    bind_password:
    search_attr: ""
    search_filter: ""
    scheme: ""
    tls: false
    ## PostgreSQL service configuration
    service:
    ## PosgresSQL service type
    type: ClusterIP
    # clusterIP: None
    port: 5432
    ## Specify the nodePort value for the LoadBalancer and NodePort service types.
    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
    ##
    # nodePort:
    ## Provide any additional annotations which may be required.
    ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart
    annotations: {}
    ## Set the LoadBalancer service type to internal only.
    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
    ##
    # loadBalancerIP:
    ## Load Balancer sources
    ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
    ##
    # loadBalancerSourceRanges:
    # - 10.10.10.0/24
    ## Start master and slave(s) pod(s) without limitations on shm memory.
    ## By default docker and containerd (and possibly other container runtimes)
    ## limit `/dev/shm` to `64M` (see e.g. the
    ## [docker issue](https://github.com/docker-library/postgres/issues/416) and the
    ## [containerd issue](https://github.com/containerd/containerd/issues/3654),
    ## which could be not enough if PostgreSQL uses parallel workers heavily.
    ##
    shmVolume:
    ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove
    ## this limitation.
    ##
    enabled: true
    ## Set to `true` to `chmod 777 /dev/shm` on a initContainer.
    ## This option is ingored if `volumePermissions.enabled` is `false`
    ##
    chmod:
    enabled: true
    ## PostgreSQL data Persistent Volume Storage Class
    ## If defined, storageClassName: <storageClass>
    ## If set to "-", storageClassName: "", which disables dynamic provisioning
    ## If undefined (the default) or set to null, no storageClassName spec is
    ## set, choosing the default provisioner. (gp2 on AWS, standard on
    ## GKE, AWS & OpenStack)
    ##
    persistence:
    enabled: false
    ## A manually managed Persistent Volume and Claim
    ## If defined, PVC must be created manually before volume will be bound
    ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart
    ##
    # existingClaim:
    ## The path the volume will be mounted at, useful when using different
    ## PostgreSQL images.
    ##
    mountPath: /bitnami/postgresql
    ## The subdirectory of the volume to mount to, useful in dev environments
    ## and one PV for multiple services.
    ##
    subPath: ""
    # storageClass: "-"
    accessModes:
    - ReadWriteOnce
    size: 8Gi
    annotations: {}
    ## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets
    ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
    updateStrategy:
    type: RollingUpdate
    ##
    ## PostgreSQL Master parameters
    ##
    master:
    ## Node, affinity, tolerations, and priorityclass settings for pod assignment
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
    ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption
    nodeSelector: {}
    affinity: {}
    tolerations: []
    labels: {}
    annotations: {}
    podLabels: {}
    podAnnotations: {}
    priorityClassName: ""
    extraInitContainers: |
    # - name: do-something
    # image: busybox
    # command: ['do', 'something']
    ## Additional PostgreSQL Master Volume mounts
    ##
    extraVolumeMounts: []
    ## Additional PostgreSQL Master Volumes
    ##
    extraVolumes: []
    ## Add sidecars to the pod
    ##
    ## For example:
    ## sidecars:
    ## - name: your-image-name
    ## image: your-image
    ## imagePullPolicy: Always
    ## ports:
    ## - name: portname
    ## containerPort: 1234
    sidecars: []
    ##
    ## PostgreSQL Slave parameters
    ##
    slave:
    ## Node, affinity, tolerations, and priorityclass settings for pod assignment
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
    ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
    ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption
    nodeSelector: {}
    affinity: {}
    tolerations: []
    labels: {}
    annotations: {}
    podLabels: {}
    podAnnotations: {}
    priorityClassName: ""
    extraInitContainers: |
    # - name: do-something
    # image: busybox
    # command: ['do', 'something']
    ## Additional PostgreSQL Slave Volume mounts
    ##
    extraVolumeMounts: []
    ## Additional PostgreSQL Slave Volumes
    ##
    extraVolumes: []
    ## Add sidecars to the pod
    ##
    ## For example:
    ## sidecars:
    ## - name: your-image-name
    ## image: your-image
    ## imagePullPolicy: Always
    ## ports:
    ## - name: portname
    ## containerPort: 1234
    sidecars: []
    ## Configure resource requests and limits
    ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
    ##
    resources:
    requests:
    memory: 256Mi
    cpu: 250m
    networkPolicy:
    ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now.
    ##
    enabled: false
    ## The Policy model to apply. When set to false, only pods with the correct
    ## client label will have network access to the port PostgreSQL is listening
    ## on. When true, PostgreSQL will accept connections from any source
    ## (with the correct destination port).
    ##
    allowExternal: true
    ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace
    ## and that match other criteria, the ones that have the good label, can reach the DB.
    ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this
    ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added.
    ##
    # explicitNamespacesSelector:
    # matchLabels:
    # role: frontend
    # matchExpressions:
    # - {key: role, operator: In, values: [frontend]}
    ## Configure extra options for liveness and readiness probes
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
    livenessProbe:
    enabled: true
    initialDelaySeconds: 30
    periodSeconds: 10
    timeoutSeconds: 5
    failureThreshold: 6
    successThreshold: 1
    readinessProbe:
    enabled: true
    initialDelaySeconds: 5
    periodSeconds: 10
    timeoutSeconds: 5
    failureThreshold: 6
    successThreshold: 1
    ## Configure metrics exporter
    ##
    metrics:
    enabled: false
    # resources: {}
    service:
    type: ClusterIP
    annotations:
    prometheus.io/scrape: "true"
    prometheus.io/port: "9187"
    loadBalancerIP:
    serviceMonitor:
    enabled: false
    additionalLabels: {}
    # namespace: monitoring
    # interval: 30s
    # scrapeTimeout: 10s
    ## Custom PrometheusRule to be defined
    ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart
    ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
    prometheusRule:
    enabled: true
    additionalLabels: {}
    namespace: ""
    rules: []
    ## These are just examples rules, please adapt them to your needs.
    ## Make sure to constraint the rules to the current postgresql service.
    # - alert: HugeReplicationLag
    # expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1
    # for: 1m
    # labels:
    # severity: critical
    # annotations:
    # description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s).
    # summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s).
    image:
    registry: docker.io
    repository: bitnami/postgres-exporter
    tag: 0.8.0-debian-10-r28
    pullPolicy: IfNotPresent
    ## Optionally specify an array of imagePullSecrets.
    ## Secrets must be manually created in the namespace.
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
    ##
    # pullSecrets:
    # - myRegistryKeySecretName
    ## Define additional custom metrics
    ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file
    # customMetrics:
    # pg_database:
    # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')"
    # metrics:
    # - name:
    # usage: "LABEL"
    # description: "Name of the database"
    # - size_bytes:
    # usage: "GAUGE"
    # description: "Size of the database in bytes"
    ## Pod Security Context
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
    ##
    securityContext:
    enabled: false
    runAsUser: 1001
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
    ## Configure extra options for liveness and readiness probes
    livenessProbe:
    enabled: true
    initialDelaySeconds: 5
    periodSeconds: 10
    timeoutSeconds: 5
    failureThreshold: 6
    successThreshold: 1
    readinessProbe:
    enabled: true
    initialDelaySeconds: 5
    periodSeconds: 10
    timeoutSeconds: 5
    failureThreshold: 6
    successThreshold: 1
    magma/fb_magma_knf/helm-chart-v3s/orc8r/charts/secrets/.helmignore 0 → 100644
    + 22
    0
    View file @ 387fe1e6
    # Patterns to ignore when building packages.
    # This supports shell glob matching, relative path matching, and
    # negation (prefixed with !). Only one pattern per line.
    .DS_Store
    # Common VCS dirs
    .git/
    .gitignore
    .bzr/
    .bzrignore
    .hg/
    .hgignore
    .svn/
    # Common backup files
    *.swp
    *.bak
    *.tmp
    *~
    # Various IDEs
    .project
    .idea/
    *.tmproj
    .vscode/
    magma/fb_magma_knf/helm-chart-v3s/orc8r/charts/secrets/.secrets/certs/admin_operator.key.pem 0 → 100644
    + 27
    0
    View file @ 387fe1e6
    -----BEGIN RSA PRIVATE KEY-----
    MIIEowIBAAKCAQEAruWop4qVKPD/+3vfIfkCy7pAEhzmKQJVhXF2nTKmzBB+4n5D
    yZeZ7yODZOfM0xnHN31I+z7x0Lie+BBqUMnAGPV3vqeNlvG22NJzdy45xnKy5uWr
    JtCI6ENNicmYQ74zoA33A+ErKl3zRN0vSp3snt/U/xq7DG2Xan6150qpYGSQK+R/
    LY8pFd29mR8M0riHuFOlOkmbKjlFJ1nOirxTcYLazMdLzjBu1N3PgfiPUimQlevy
    PECnboZvYWi0JzIHTVD44c56y1YmHBtrhswNr9mtN8Tcvu3bBrO/DmAE3x0fp2zj
    jD+F86WfJL4r5nGH4RR6kAgzgjURFuZs8hUn/wIDAQABAoIBAFQHVRuB0p5EA8jQ
    v+izmatGBchuCArF607cr69hCZBbkIrDPVBavQOPHW7ai6cU6Ij5cZn8qPOt7/qg
    8GN2OwwCy5BXMgjGgyHzIrStCecVbmzPBYb1hAGLbHJ53+UUOft5GifMBBAr6Vg5
    qKIB9BB03AHg1uNmt+vbiwvf7Da57mhDoaJsbPEwb7BPTU5TkTRe4p925vWsIVya
    h0az/Mct/5P1Ri73G6T3MAOb11KVo1mGgn98DtFBF86HzFxTcZVV+HC7pBnokuBw
    3BEGQqjLDEXsH5Px0PCC5qKF2ZcX/xhMH5ev/M2uXbto+B2nDKQkxlSavOI31EU2
    upXcg6ECgYEA4Zniwwqv7+hjAuER0CSiADJbS8ReWwUqmHSJ9VhFAdTud14hFaBI
    0xkvDOQJNB6Xg1ZLJcMwR+TnAp4a8pT7iFYhQ4cTfgvYJxum8aclbAnCWQgS0bjY
    bz1Qm119T/1ynsMpj2g71Veizm4OG92XisblUrqLNX4/Yhq5UZnWFU8CgYEAxna8
    v/LrMkUejoQwN4UxhI5mij1kfq/RLSsLVLpF7E5mbfgxAOY1gh85SP0cI4NnE0ep
    e1Lz2XlQY6sJsqzj3jjwpr0MybnFY+6DcrILkGVRsBmcOazTWtcjECJQ7bzIM7t6
    vOKodJHOWMr924pArjyF+9iBCYUvhuTd1FqadlECgYAx8Cl0+Smm1m8MVRvnUiSW
    HI9+/xHP3h3mr21WZNqppCPBQpHaQqe8Ksfyd4veAKOTTAfIbSOD1pSYTL00U2w2
    arJkS0MyVJbdWU6kEVbESoi9wn6/88XdIdp0+cXibfzwTc0mVHFiMUr1nQD8hBmm
    e46JuIdWKQMIyVeaS45LGwKBgQCWCrC6gaG0+LKYVnHJl8YPDEWTn8R5TtzaxB8l
    6Eny1Hb2DtylbGXpwUdi2hDK/I4R8my8ksNOmDvhji6fybvghrXRqT2gyPTljy4L
    qXW6rg7rDwGgTPvhQqL8kKUUh1PoYIXzhXyL3KvfT2BK+SPbVmCJPW6YzvtWhXL8
    F5+NcQKBgGNWYSsBIscQ/tLK5iQUSDDlt+o8q0KowKy2965TPn7skR36MZDtbzH9
    IEk/R6I6xae23Hl3cT7TjzHel0v/hchjordiwJBQqIJX8TwY47lIGw53UHd82dRJ
    SGxpnTRTRzYXRDDpedqhVF2KluCvm+CFbqCOog1KbQBJyKZmwBsO
    -----END RSA PRIVATE KEY-----
    magma/fb_magma_knf/helm-chart-v3s/orc8r/charts/secrets/.secrets/certs/admin_operator.pem 0 → 100644
    + 18
    0
    View file @ 387fe1e6
    -----BEGIN CERTIFICATE-----
    MIIC2TCCAcECFFpPjiKSGkzqXqVKntjFSdnikqbIMA0GCSqGSIb3DQEBCwUAMCwx
    CzAJBgNVBAYTAlVTMR0wGwYDVQQDDBRjZXJ0aWZpZXIubWFnbWEudGVzdDAeFw0y
    MTAzMTMxMDE5MDRaFw0zMTAzMTExMDE5MDRaMCYxCzAJBgNVBAYTAlVTMRcwFQYD
    VQQDDA5hZG1pbl9vcGVyYXRvcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
    ggEBAK7lqKeKlSjw//t73yH5Asu6QBIc5ikCVYVxdp0ypswQfuJ+Q8mXme8jg2Tn
    zNMZxzd9SPs+8dC4nvgQalDJwBj1d76njZbxttjSc3cuOcZysublqybQiOhDTYnJ
    mEO+M6AN9wPhKypd80TdL0qd7J7f1P8auwxtl2p+tedKqWBkkCvkfy2PKRXdvZkf
    DNK4h7hTpTpJmyo5RSdZzoq8U3GC2szHS84wbtTdz4H4j1IpkJXr8jxAp26Gb2Fo
    tCcyB01Q+OHOestWJhwba4bMDa/ZrTfE3L7t2wazvw5gBN8dH6ds44w/hfOlnyS+
    K+Zxh+EUepAIM4I1ERbmbPIVJ/8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAinVM
    f0/+vEZKeNn42CilS0ffAWNXrY0MFG9Vmo79cE0E3292UuV+RD9NsXYFYtmV/PNt
    UAdVUzvXBxu1tUkFCb4e/Q+C9jRa/PQBUTjHiWuRlJLkyn80j7WjD1IGhQzaUB41
    C1Is/WCI60kbrw4pU/JI2LUHUdtGnW9tmfvaqhsIC1pfP/AlaR2w6JyF0sa//TUI
    7P8Kv5/h0FfQyWM/5HASlo3choe3cbYAqsVFgp2raaH+iwdoAPxLGu5n6YYPLWKl
    b6CN4Kn/i9CcJMdGS0OqatiQvXAHqKHMuKAA+n+4hiIsYnDMvXLnmPrcuqAsW5So
    noLfo+fxMtrtJ1327g==
    -----END CERTIFICATE-----
    magma/fb_magma_knf/helm-chart-v3s/orc8r/charts/secrets/.secrets/certs/admin_operator.pfx 0 → 100644
    + 0
    0
    View file @ 387fe1e6
    File added
    magma/fb_magma_knf/helm-chart-v3s/orc8r/charts/secrets/.secrets/certs/bootstrapper.key 0 → 100644
    + 27
    0
    View file @ 387fe1e6
    -----BEGIN RSA PRIVATE KEY-----
    MIIEpgIBAAKCAQEA0OcE4XQKXoJ0EyatSNRJioF7KD0H3WRn5C9LpCZAlnPqeLdN
    8v4LfkU6X8f7+g9aVbd2EOOqSYTjOXvT/S0FrKWm1rc3rfJI/E5wyJeLrkVSPVhw
    91hhqYxJbH92Rzglms2Vk8VdDapWt8eq6do/6tg1e0KUUvmsLn3GfKrIWsnGjYHR
    GjyaUVf8QnFXyIjDwZKf9yGp9WaBWS0IqbH9nSznQBTI//gkA5GdYmhtN8SLD3gP
    +rqu4rhH18r6qLplJ7sym1aS9SYgVMj6Iz6n9JbvEVw/FqzLuYgjdsG7jangeRpi
    jdwmelvZOCJZH5ieri2m1EcSIjE2fbUz4LZoTwIDAQABAoIBAQCGmPLqGIw9zKvh
    UwA/dphTp42kpX4VxYWy3k5MW2EuD025rdGJiOn617v+zqmpuo6nv+dQhn/Hktmc
    xg4WiBWp4amXmsFDUGJ6Pkgo1ovnIz8Ty5ItrEJwrbT5NT8OMDz6ew+vAHEuRtxM
    2VdkCX05YUlEO+e5dqjb46op1Rf2dfRBypxfQ0gBwavQWw58wjRICPXMf6u/3swK
    C26sMP84KFUPL2Lto1wNPrGzYRLWH/l2FBu431LfK51186/u6Fm3nMlT7KZqvJaW
    KIVVQpnD0DzzmkWs3M6Yo1w+Vy7kbtWlWRvMcfenDVRmErHS8CapSh87jjFh4CVy
    MjpNdWvBAoGBAP0fxoaELIty04aEZ+S65UeJurjdF3WVYcACoiRnwQ+lHFj/O+aF
    8I9Kujb6rVdIUN5OyPzMUO2BgRnvX1ZjD0gPQrtRAzqK2tk/QZBW15caVeWwutmJ
    Dkh+bnrupnN2HUoXk0Eh/MHxkMbJJbfqsb63aovbozJ5gwyiZDkxFhiRAoGBANNG
    n1qUg0bFuSimYy7i57UlB5SFIhPh2iwF2jLLhBjZVHYzJJsmXSBXJNaQKevOFyZR
    5fR2TzPjLtVV8NNviP1Nr2ZSpMOkcMj9QnjoZnD0YkeFLjxSDqAzjwA/VZvOka32
    o62zbM8GKYTNZj24qrlZM77etS7MxJM19FPL1+LfAoGBALJB02Rd5qTZ258K1cOd
    3uPPWcDgaqny5mD7Ocabjrl+1ITUUhHY132B6bvYM4SZN+Im56IoHQH1xr5F9gT3
    RAbCQIN73OM4cEC4LGsCzVbrQ/y6xgt2Wqmw6AsI0A3V63CHQ7uFvOO0Q/nKJBbu
    X/hoYM9XgQmFy0V1g1FHgUERAoGBAJZl9rhnclAmHpnmYEKXOjTESHIcl9apd0LR
    Y7O3FrENvMdrvspHdBG6lzm6ZG09R1N7B4SP1+/q8ILja81H36/Z5lujxzCSVctu
    Jiyl247bGT8qenBsRYcbTNfzPgDs+t1o7rmPOYziKRolkXusgrPw4Roltbq7/89/
    oA8q0+LnAoGBAPsdYH3743kKrrhDpUVZkwMWdEXt4rCSzEhM/tBTbIr7wObfYiMh
    28YpZAsG+65L4RJnSQYj9KZkGE0q/EbAqDwrlJ1ulOkvB02rHuuWZNjy+9HSGT8M
    Sk21b72hB2OLAWJWgU0Js+A7HYXmgR6RNFw7ePckitJmJ1C90RoroWLe
    -----END RSA PRIVATE KEY-----
    magma/fb_magma_knf/helm-chart-v3s/orc8r/charts/secrets/.secrets/certs/certifier.key 0 → 100644
    + 27
    0
    View file @ 387fe1e6
    -----BEGIN RSA PRIVATE KEY-----
    MIIEogIBAAKCAQEAzQyarOknGLpYAheUHpVtZopgzHrnfxKIiQrugy7IB/ydeeR/
    q0AINPmyt1kHFxVyjUirTagIVK8OgpJbYIMkOwBw93RONtHusqY5ZayaVhW44Uux
    goQ2fAT2yKOZNjdb3+OUpSPMaSDK1mRx8BoTFg4/2ARhX6SbqU/TCYruDVFK9InH
    urDSeT8p0Kk3HCnV28fnJemfAbIC0cfYjHUEpx8bDVnVH8dWA95GJJfwyaMOajeU
    IEXyxS0l1T/DW3cbGqL9qDw7DHqcnVpUusgD6zsosDXaH4WVJTda+Wg4BPlY0vVE
    cwYjcK+cUeHbJIvpcFy7PdUZ+rLH2IBjxWjEeQIDAQABAoIBACI4HUQH8N9ekbtf
    pfdopoY7R6Y4SJPbSu/b5Cv+TaGPldQ2vtucZwI4PYv9joJasPBFFVlzVliTkk9W
    D2vO1ugFzdRuE3Nwm24y8Vc3c9Yz79OhZzFJ0THnPiwDqVjz6iA2AaOBkuZkc5VN
    0/nm0BKZNCxfpsRoWxXpXWW1Sr7r6oKul1bPQfgV5ifDPLBBtBSf64DPSDNHn35m
    QWlYRr95wNTWAvdvuB44UJyH1Mu8Z1BhBbZsrypCLYeENgNwSMCmZSHS3TTnoNOf
    DlQNoMPzThkB0p2TU7A9gmhweq7ah8JPHvbqDKsXR922N+9OblFW1Bzi7tqr1Cla
    GLJgpFUCgYEA83PneiALrqoCuzzOfqaEjuTsGgZ6TyCOnoCJuvwbmWwigt8/vyCk
    ObBzHJJ/G7m3n/Kasy8tyEus+JQBsHQ5SbV2Rn352DUVkfQO3HECdxPkMTv2HyD5
    wjgAlISlYBIzUp02qC0WEjkhU2nsP8kuUlF97c3JmkMDbC5MsT7hZ38CgYEA154B
    02NMJwgYH1SBpaz+VQYqp92SuewkwTfmIkEr4/fqHottrRmwE6SzQlyyHZwlIMkD
    g+mqR9n5tbM9VfjQIRjLfSJxCPz3aRoSScy70TLnyIQk3khNZFD4E6EknF7KdQt5
    h9aXY4MROS1JzzDNsbdQtnV5ZlqUia2o/NS5EAcCgYAOsCV9FsXdqeA0T7zdo0pI
    HMOp5k4my/4Ozg6BO4imvwFuB+4ep+eAm4a2aJhGofPUMJzoxqXqebZb4QIhFUIH
    km0qX5tdUgaVIbZr0l2ltYuE9OsqgaDP+PUAAOjBXRe/mkCb8Oxt+Qhrse5RAuBK
    kyQX3tyU9AoW0sxJvVN4HQKBgHka7JeYrEs4BqSCSJePxQJohkjm8OSwuCw2g3I1
    /Lr8omkpkx6o0PcXiP/7JKfw7gGuJeVPty7IRbNCy26gY/ZTAOh2Edskiqpj1GXT
    MqLb3sgHQNYA8kcoG06bMf8KVtjK6yXa6AkisufUgiJ3nPD2r8Tr0pYkxk1WVxY7
    PP69AoGAAT00oRmQMgz+zJrPGpdCMVSNEAx57OWRAb5pDbU3ihy2G/EOEnlVJmFJ
    RTOoJ3AFqwRiOOBarsfBwc4D17xs7ojj8gsXa/0vIRXr+wghVnmewTNft4m0Yzsi
    x+WfPUOLiO2EIvDDGxYcFy/VdNAHYuRU8I2sVSt49p8ZUqwPlzE=
    -----END RSA PRIVATE KEY-----
    magma/fb_magma_knf/helm-chart-v3s/orc8r/charts/secrets/.secrets/certs/certifier.pem 0 → 100644
    + 20
    0
    View file @ 387fe1e6
    -----BEGIN CERTIFICATE-----
    MIIDOTCCAiGgAwIBAgIUGEBesQkIThAcN9is3I0bqw+RD60wDQYJKoZIhvcNAQEL
    BQAwLDELMAkGA1UEBhMCVVMxHTAbBgNVBAMMFGNlcnRpZmllci5tYWdtYS50ZXN0
    MB4XDTIxMDMxMzEwMTc0OFoXDTMxMDMxMTEwMTc0OFowLDELMAkGA1UEBhMCVVMx
    HTAbBgNVBAMMFGNlcnRpZmllci5tYWdtYS50ZXN0MIIBIjANBgkqhkiG9w0BAQEF
    AAOCAQ8AMIIBCgKCAQEAzQyarOknGLpYAheUHpVtZopgzHrnfxKIiQrugy7IB/yd
    eeR/q0AINPmyt1kHFxVyjUirTagIVK8OgpJbYIMkOwBw93RONtHusqY5ZayaVhW4
    4UuxgoQ2fAT2yKOZNjdb3+OUpSPMaSDK1mRx8BoTFg4/2ARhX6SbqU/TCYruDVFK
    9InHurDSeT8p0Kk3HCnV28fnJemfAbIC0cfYjHUEpx8bDVnVH8dWA95GJJfwyaMO
    ajeUIEXyxS0l1T/DW3cbGqL9qDw7DHqcnVpUusgD6zsosDXaH4WVJTda+Wg4BPlY
    0vVEcwYjcK+cUeHbJIvpcFy7PdUZ+rLH2IBjxWjEeQIDAQABo1MwUTAdBgNVHQ4E
    FgQUa7lHwng46+SoaY7nsE9AfAwLBLUwHwYDVR0jBBgwFoAUa7lHwng46+SoaY7n
    sE9AfAwLBLUwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADELJ
    AFMqYaONndO5rlTrjd5KZ7L5VKhRPDi5ZuajzOVqIs2JRs+memEUN0YZG5281YQm
    UWXlF6tVp07P2VbnAUCQ88QvM4B1IMpjZ++6XhfX2PIzY0NX8sdQLWI6593iEXNs
    KhT4ttBTMW3Rv4dAnWcsa3NZCfji0qmq68rGZQdMY6An3Ah7pmMfYFfcmvsbemsR
    +Xn32h7CDwL9Tsa34AUdjkq/x6MHKdcNTI6v7sWwSQ/M5IEIoqMmLWDjxGTzaDXC
    dd3nZwe89xBqIveXv9n84dja1/7bAzotIDA17Dr7Qt4qpVFKqrggtLNoPZMUrPFw
    Ke0esceFfcqOPBG9HA==
    -----END CERTIFICATE-----
    magma/fb_magma_knf/helm-chart-v3s/orc8r/charts/secrets/.secrets/certs/controller.crt 0 → 100644
    + 18
    0
    View file @ 387fe1e6
    -----BEGIN CERTIFICATE-----
    MIIC1DCCAbwCFCrTQmqWA2/pgQa9h4PgTufmG2MAMA0GCSqGSIb3DQEBCwUAMCkx
    CzAJBgNVBAYTAlVTMRowGAYDVQQDDBFyb290Y2EubWFnbWEudGVzdDAeFw0yMTAz
    MTMxMDIwNTVaFw0zMTAzMTExMDIwNTVaMCQxCzAJBgNVBAYTAlVTMRUwEwYDVQQD
    DAwqLm1hZ21hLnRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDg
    13Plcft3l+LSaThoJD5/LEWYlghOP7svEKnn0YfDe7O+ihscDMSmnhIFs7WxDj4o
    Y2FWeZWfRDU939QjpS2ELVWpUdVRObpzJtJxfFfzTknvMXRib5XQ6TjHcPg4f1wG
    /KsWumVpY4M0JRFKnKd9Mt7c6V0ZBadXTl1XPEcxq+4Rw80bJYUF61hYmYfcJNpV
    1/CWDAARq+19Zw4RnOsuLUuxNFdmR1iFqFDURiXrg4Hyt4MQX5Kijr8tz11eyk0C
    nj7KsOkv3JgW7etAyHcbaX5qynh8qRbgrson1uG4SOz7yN6kJMbGWGHO0L3IP+zU
    kK3WoRNRyzyHJgOtccNtAgMBAAEwDQYJKoZIhvcNAQELBQADggEBACLwxwfv2Zm9
    3AcjNESqw8sKH21kDckP1tnSsNoDXJ5Q5qmgWCcryCrfQdCree2LBM8pfEwSItcb
    014UDkhAcKNQgLQZwp/fHnwXEf2rN7ubhAgWz28W3TyE2pzXcOgTJD3RaNTJsQ3N
    xBaMdfbzzxN3c6JGVB5OKsGNdM7BFBUquLo0mTMSMKxR62T40oHR9aFbRlm95dr5
    8NBUrnfSJKudVcu2/fCCR3eO12mnM+mMRCdPFz5XuhSydlrk8Ylf7VIRY0l0Jx65
    fKUVyhWX8FqE3BA8XUGm4TYXdkvA9z0yguNmEW0t25Xn0tdEYSlMKIjO9ELM1Yt/
    CrzTPfou8rg=
    -----END CERTIFICATE-----
    magma/fb_magma_knf/helm-chart-v3s/orc8r/charts/secrets/.secrets/certs/controller.csr 0 → 100644
    + 15
    0
    View file @ 387fe1e6
    -----BEGIN CERTIFICATE REQUEST-----
    MIICaTCCAVECAQAwJDELMAkGA1UEBhMCVVMxFTATBgNVBAMMDCoubWFnbWEudGVz
    dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAODXc+Vx+3eX4tJpOGgk
    Pn8sRZiWCE4/uy8QqefRh8N7s76KGxwMxKaeEgWztbEOPihjYVZ5lZ9ENT3f1COl
    LYQtValR1VE5unMm0nF8V/NOSe8xdGJvldDpOMdw+Dh/XAb8qxa6ZWljgzQlEUqc
    p30y3tzpXRkFp1dOXVc8RzGr7hHDzRslhQXrWFiZh9wk2lXX8JYMABGr7X1nDhGc
    6y4tS7E0V2ZHWIWoUNRGJeuDgfK3gxBfkqKOvy3PXV7KTQKePsqw6S/cmBbt60DI
    dxtpfmrKeHypFuCuyifW4bhI7PvI3qQkxsZYYc7Qvcg/7NSQrdahE1HLPIcmA61x
    w20CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBR9zglGb+/XRH60RsoUnMKWF3D
    3p7vQXUgdy7VKMoQnNrbthEE+7EYBzWX3hYKVf6la+tRSlb749NxSzH8uK2Ohmdk
    scKjyKf4h74I0zMfmbDgIc2Y9EucbQwSVEm0C6S3GoJSV0OUhXq1Zw62Ec7eiEld
    LR57kfGRPaquVeUMNzIgob5EmzN+hpAH8lrXJ9cPC4KbiIZtlmFt5jQ/cBnx3OyC
    0QdIa6oQ7tIN7vcV9x+D7fgkvq+pOGhPCXbDzwc+PxVd+Cc3Y8nrfhls3bmZsina
    MzjvaAWQQ2DRasqxf2ZZUeoC6U7zgLP8+i0GkL/Klw2BYE7MfmFwo8LyNfdA
    -----END CERTIFICATE REQUEST-----
    magma/fb_magma_knf/helm-chart-v3s/orc8r/charts/secrets/.secrets/certs/controller.key 0 → 100644
    + 27
    0
    View file @ 387fe1e6
    -----BEGIN RSA PRIVATE KEY-----
    MIIEowIBAAKCAQEA4Ndz5XH7d5fi0mk4aCQ+fyxFmJYITj+7LxCp59GHw3uzvoob
    HAzEpp4SBbO1sQ4+KGNhVnmVn0Q1Pd/UI6UthC1VqVHVUTm6cybScXxX805J7zF0
    Ym+V0Ok4x3D4OH9cBvyrFrplaWODNCURSpynfTLe3OldGQWnV05dVzxHMavuEcPN
    GyWFBetYWJmH3CTaVdfwlgwAEavtfWcOEZzrLi1LsTRXZkdYhahQ1EYl64OB8reD
    EF+Soo6/Lc9dXspNAp4+yrDpL9yYFu3rQMh3G2l+asp4fKkW4K7KJ9bhuEjs+8je
    pCTGxlhhztC9yD/s1JCt1qETUcs8hyYDrXHDbQIDAQABAoIBAHo7JrpZmMePPrP8
    l7ml2oPwYXVuOt2vL+eKO5PXCONw4Gp5UfuRxWZ/EHUhGWlDwO7b+BK2zmxi/D7C
    6+Tk6zWsH6GI51rc80uek1E2s+mFahQq4oaQ+vUzlLZ357lvI2x499nHQ1Jj0vQK
    IrhZKYSanyWhiAcOV8bSx1OhZWLOfA1XrA9Olc31XpVgnhCo5V9Upg71SHSb6IGU
    KmybTbRJYvv4OOEtBC5geZ8GnfnWYOA8Hw2zll4N5fXTJAqz0x8PYpEAoJ8KvqF0
    t3JwtV6TFgOX+WNCiE5NGxDZAU+mJTZxBcTQpI9cmbAjr+hLyTEtSMUILKs+WIqM
    6GxC9gECgYEA9qv2kE4gWuGOuZNUA4TtBeD97cUJMD54dt6QSGc1m8/4sY6mGfF0
    jN8+Sw4fe5Xk98cMGh5yI0hdDvNl9VC6dlsO1pHGlvPm8otocMk1bDz6tsCpPIek
    SbyuC3s0B+3go7fcelzgnA4LVnUeRsB0dAfPmEL+aRDVpACXXc5Uv2ECgYEA6Vgm
    yScTq8pvjpHFy0Pwpsjghnva1jEneFzuFNe+wO2pGKx90pXrgN6DQe72UKhru+6W
    O4yYTWWaP+ibDuobdzZUY6ZPn4W28xaFCnBjTeYpMVPcyzW+u5o00II98+lzuBaN
    qI4KA1gYUzLbiUCtI5MUw+8y5/c+oRzkra5JO40CgYAL5rwctkhFWkCin4McMFun
    PvXBdRI+a6UwRwi7FY+2ltAu8Oz+r3GqIlNFF8dZFSBY/BePYwyquyESSZgPv/df
    IoGSxLHKMrZf2W4Okwaq1D5cduszam/4xsu27hjSkR2XiJVwqe6EWQEfCMOPMlXs
    Czxu4jyYISHNqeGjuwLHwQKBgQC5e/AAz8YsNZOt0aRXql7eRSls3YEb6CDG5Z//
    A2xHMePLkDnILpHwc3AE9i3n+akBz2quVVkvlMcjbAPtvBwvDAnS2H3MgV7nJoyE
    usfFQWKXKmGFSuidebvnzs/uVjE9MPhT9uxwshNL905ZcQbwE1dbVIWzrG6lZTFF
    +heOdQKBgBOWDLDMswyWtwl/1gG1CzvKDB9t7947yP2I++yJsPoWhlojoPsgjLK4
    YrrEU66xXd3b0s5s0UQtLN45nkd8kBOv/mYwrasWcb8mp4BsMVPLGwZ2puYHcDS1
    o0DYVYQTBmDF1ecqadXjJRKWkwnT4j3X2w4KbwXfUNmBRTf6Uy4s
    -----END RSA PRIVATE KEY-----
    0% or .
    You are about to add 0 people to the discussion. Proceed with caution.
    Finish editing this message first!
    Please register or to comment