You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dubbo.apache.org by li...@apache.org on 2023/03/10 02:57:09 UTC
[dubbo-admin] branch refactor-with-go updated: update charts (#1020)
This is an automated email from the ASF dual-hosted git repository.
liujun pushed a commit to branch refactor-with-go
in repository https://gitbox.apache.org/repos/asf/dubbo-admin.git
The following commit(s) were added to refs/heads/refactor-with-go by this push:
new c0feb057 update charts (#1020)
c0feb057 is described below
commit c0feb0574937d5d816f8c1273dea08e8c2f70833
Author: Mford Jody <11...@qq.com>
AuthorDate: Fri Mar 10 10:56:59 2023 +0800
update charts (#1020)
---
.../admin-stack/charts/skywalking/.helmignore | 23 +
.../admin-stack/charts/skywalking/Chart.yaml | 25 +
.../skywalking/charts/elasticsearch/.helmignore | 2 +
.../skywalking/charts/elasticsearch/Chart.yaml | 27 +
.../skywalking/charts/elasticsearch/Makefile | 16 +
.../skywalking/charts/elasticsearch/README.md | 490 +++++++
.../charts/elasticsearch/examples/config/Makefile | 36 +
.../charts/elasticsearch/examples/config/README.md | 27 +
.../elasticsearch/examples/config/test/goss.yaml | 46 +
.../elasticsearch/examples/config/values.yaml | 44 +
.../examples/config/watcher_encryption_key | 16 +
.../charts/elasticsearch/examples/default/Makefile | 29 +
.../elasticsearch/examples/default/README.md | 25 +
.../examples/default/rolling_upgrade.sh | 34 +
.../elasticsearch/examples/default/test/goss.yaml | 59 +
.../elasticsearch/examples/docker-for-mac/Makefile | 28 +
.../examples/docker-for-mac/README.md | 23 +
.../examples/docker-for-mac/values.yaml | 38 +
.../examples/kubernetes-kind/Makefile | 32 +
.../examples/kubernetes-kind/README.md | 36 +
.../kubernetes-kind/values-local-path.yaml | 38 +
.../examples/kubernetes-kind/values.yaml | 38 +
.../elasticsearch/examples/microk8s/Makefile | 28 +
.../elasticsearch/examples/microk8s/README.md | 32 +
.../elasticsearch/examples/microk8s/values.yaml | 47 +
.../elasticsearch/examples/migration/Makefile | 25 +
.../elasticsearch/examples/migration/README.md | 167 +++
.../elasticsearch/examples/migration/client.yaml | 34 +
.../elasticsearch/examples/migration/data.yaml | 29 +
.../elasticsearch/examples/migration/master.yaml | 38 +
.../elasticsearch/examples/minikube/Makefile | 28 +
.../elasticsearch/examples/minikube/README.md | 38 +
.../elasticsearch/examples/minikube/values.yaml | 38 +
.../charts/elasticsearch/examples/multi/Makefile | 34 +
.../charts/elasticsearch/examples/multi/README.md | 29 +
.../elasticsearch/examples/multi/client.yaml | 65 +
.../charts/elasticsearch/examples/multi/data.yaml | 63 +
.../elasticsearch/examples/multi/master.yaml | 21 +
.../elasticsearch/examples/multi/test/goss.yaml | 27 +
.../elasticsearch/examples/networkpolicy/Makefile | 29 +
.../examples/networkpolicy/values.yaml | 52 +
.../elasticsearch/examples/openshift/Makefile | 28 +
.../elasticsearch/examples/openshift/README.md | 24 +
.../examples/openshift/test/goss.yaml | 35 +
.../elasticsearch/examples/openshift/values.yaml | 26 +
.../elasticsearch/examples/security/Makefile | 51 +
.../elasticsearch/examples/security/README.md | 29 +
.../elasticsearch/examples/security/test/goss.yaml | 59 +
.../elasticsearch/examples/security/values.yaml | 43 +
.../charts/elasticsearch/examples/upgrade/Makefile | 34 +
.../elasticsearch/examples/upgrade/README.md | 17 +
.../elasticsearch/examples/upgrade/test/goss.yaml | 37 +
.../elasticsearch/examples/upgrade/values.yaml | 21 +
.../charts/elasticsearch/templates/NOTES.txt | 8 +
.../charts/elasticsearch/templates/_helpers.tpl | 97 ++
.../charts/elasticsearch/templates/configmap.yaml | 48 +
.../charts/elasticsearch/templates/ingress.yaml | 79 ++
.../elasticsearch/templates/networkpolicy.yaml | 76 ++
.../templates/poddisruptionbudget.yaml | 30 +
.../elasticsearch/templates/podsecuritypolicy.yaml | 29 +
.../charts/elasticsearch/templates/role.yaml | 40 +
.../elasticsearch/templates/rolebinding.yaml | 35 +
.../elasticsearch/templates/secret-cert.yaml | 29 +
.../charts/elasticsearch/templates/secret.yaml | 38 +
.../charts/elasticsearch/templates/service.yaml | 92 ++
.../elasticsearch/templates/serviceaccount.yaml | 31 +
.../elasticsearch/templates/statefulset.yaml | 441 ++++++
.../templates/test/test-elasticsearch-health.yaml | 64 +
.../skywalking/charts/elasticsearch/values.yaml | 370 +++++
.../skywalking/charts/postgresql/.helmignore | 21 +
.../charts/skywalking/charts/postgresql/Chart.lock | 21 +
.../charts/skywalking/charts/postgresql/Chart.yaml | 46 +
.../charts/skywalking/charts/postgresql/README.md | 684 ++++++++++
.../charts/postgresql/charts/common/.helmignore | 22 +
.../charts/postgresql/charts/common/Chart.yaml | 39 +
.../charts/postgresql/charts/common/README.md | 351 +++++
.../charts/common/templates/_affinities.tpl | 106 ++
.../charts/common/templates/_capabilities.tpl | 154 +++
.../postgresql/charts/common/templates/_errors.tpl | 23 +
.../postgresql/charts/common/templates/_images.tpl | 76 ++
.../charts/common/templates/_ingress.tpl | 68 +
.../postgresql/charts/common/templates/_labels.tpl | 18 +
.../postgresql/charts/common/templates/_names.tpl | 66 +
.../charts/common/templates/_secrets.tpl | 165 +++
.../charts/common/templates/_storage.tpl | 23 +
.../charts/common/templates/_tplvalues.tpl | 13 +
.../postgresql/charts/common/templates/_utils.tpl | 62 +
.../charts/common/templates/_warnings.tpl | 14 +
.../common/templates/validations/_cassandra.tpl | 72 +
.../common/templates/validations/_mariadb.tpl | 103 ++
.../common/templates/validations/_mongodb.tpl | 108 ++
.../charts/common/templates/validations/_mysql.tpl | 103 ++
.../common/templates/validations/_postgresql.tpl | 129 ++
.../charts/common/templates/validations/_redis.tpl | 76 ++
.../common/templates/validations/_validations.tpl | 46 +
.../charts/postgresql/charts/common/values.yaml | 20 +
.../charts/postgresql/templates/NOTES.txt | 91 ++
.../charts/postgresql/templates/_helpers.tpl | 399 ++++++
.../charts/postgresql/templates/extra-list.yaml | 18 +
.../postgresql/templates/networkpolicy-egress.yaml | 47 +
.../postgresql/templates/primary/configmap.yaml | 39 +
.../templates/primary/extended-configmap.yaml | 33 +
.../primary/initialization-configmap.yaml | 30 +
.../templates/primary/metrics-configmap.yaml | 31 +
.../postgresql/templates/primary/metrics-svc.yaml | 48 +
.../templates/primary/networkpolicy.yaml | 72 +
.../templates/primary/servicemonitor.yaml | 63 +
.../postgresql/templates/primary/statefulset.yaml | 655 +++++++++
.../postgresql/templates/primary/svc-headless.yaml | 52 +
.../charts/postgresql/templates/primary/svc.yaml | 68 +
.../postgresql/templates/prometheusrule.yaml | 37 +
.../charts/postgresql/templates/psp.yaml | 56 +
.../templates/read/extended-configmap.yaml | 33 +
.../templates/read/metrics-configmap.yaml | 31 +
.../postgresql/templates/read/metrics-svc.yaml | 48 +
.../postgresql/templates/read/networkpolicy.yaml | 51 +
.../postgresql/templates/read/servicemonitor.yaml | 63 +
.../postgresql/templates/read/statefulset.yaml | 552 ++++++++
.../postgresql/templates/read/svc-headless.yaml | 54 +
.../charts/postgresql/templates/read/svc.yaml | 70 +
.../charts/postgresql/templates/role.yaml | 46 +
.../charts/postgresql/templates/rolebinding.yaml | 37 +
.../charts/postgresql/templates/secrets.yaml | 118 ++
.../postgresql/templates/serviceaccount.yaml | 34 +
.../charts/postgresql/templates/tls-secrets.yaml | 43 +
.../charts/postgresql/values.schema.json | 156 +++
.../skywalking/charts/postgresql/values.yaml | 1440 ++++++++++++++++++++
.../charts/skywalking/templates/_charts.tpl | 138 ++
.../skywalking/templates/oap-clusterrole.yaml | 33 +
.../templates/oap-clusterrolebinding.yaml | 34 +
.../skywalking/templates/oap-cm-dynamic.yaml | 27 +
.../skywalking/templates/oap-cm-override.yaml | 37 +
.../skywalking/templates/oap-deployment.yaml | 112 ++
.../charts/skywalking/templates/oap-role.yaml | 30 +
.../skywalking/templates/oap-rolebinding.yaml | 34 +
.../skywalking/templates/oap-serviceaccount.yaml | 25 +
.../charts/skywalking/templates/oap-svc.yaml | 36 +
.../templates/satellite-cm-override.yaml | 37 +
.../skywalking/templates/satellite-deployment.yaml | 144 ++
.../skywalking/templates/satellite-role.yaml | 31 +
.../templates/satellite-rolebinding.yaml | 35 +
.../templates/satellite-serviceaccount.yaml | 27 +
.../charts/skywalking/templates/satellite-svc.yaml | 38 +
.../charts/skywalking/templates/ui-deployment.yaml | 61 +
.../charts/skywalking/templates/ui-ingress.yaml | 65 +
.../charts/skywalking/templates/ui-svc.yaml | 63 +
.../admin-stack/charts/skywalking/values.yaml | 529 +++++++
deploy/charts/admin-stack/values.yaml | 14 +
148 files changed, 12561 insertions(+)
diff --git a/deploy/charts/admin-stack/charts/skywalking/.helmignore b/deploy/charts/admin-stack/charts/skywalking/.helmignore
new file mode 100644
index 00000000..0e8a0eb3
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/deploy/charts/admin-stack/charts/skywalking/Chart.yaml b/deploy/charts/admin-stack/charts/skywalking/Chart.yaml
new file mode 100644
index 00000000..9c8dbae1
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/Chart.yaml
@@ -0,0 +1,25 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+name: skywalking
+home: https://skywalking.apache.org
+version: 4.4.0
+description: Helm Chart for Apache SkyWalking
+sources:
+ - https://github.com/apache/skywalking-kubernetes
+maintainers:
+ - email: dev@dubbo.apache.org
+ name: dubbo
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/.helmignore b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/.helmignore
new file mode 100644
index 00000000..e12c0b4b
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/.helmignore
@@ -0,0 +1,2 @@
+tests/
+.pytest_cache/
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/Chart.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/Chart.yaml
new file mode 100644
index 00000000..03d6fb83
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/Chart.yaml
@@ -0,0 +1,27 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+appVersion: 8.5.1
+description: Official Elastic helm chart for Elasticsearch
+home: https://github.com/elastic/helm-charts
+icon: https://helm.elastic.co/icons/elasticsearch.png
+maintainers:
+- email: helm-charts@elastic.co
+ name: Elastic
+name: elasticsearch
+sources:
+- https://github.com/elastic/elasticsearch
+version: 8.5.1
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/Makefile b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/Makefile
new file mode 100644
index 00000000..c4d80e85
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/Makefile
@@ -0,0 +1,16 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+include ../helpers/common.mk
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/README.md b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/README.md
new file mode 100644
index 00000000..a4948bda
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/README.md
@@ -0,0 +1,490 @@
+# Elasticsearch Helm Chart
+
+[](https://devops-ci.elastic.co/job/elastic+helm-charts+main/) [](https://artifacthub.io/packages/search?repo=elastic)
+
+This Helm chart is a lightweight way to configure and run our official
+[Elasticsearch Docker image][].
+
+> **Warning**
+> When it comes to running the Elastic on Kubernetes infrastructure, we
+> recommend [Elastic Cloud on Kubernetes][] (ECK) as the best way to run and manage
+> the Elastic Stack.
+>
+> ECK offers many operational benefits for both our basic-tier and our
+> enterprise-tier customers, such as spinning up cluster nodes that were lost on
+> failed infrastructure, seamless upgrades, rolling cluster changes, and much
+> much more.
+>
+> With the release of the Elastic Stack Helm charts for Elastic version 8.5.1,
+> we are handing over the ongoing maintenance of our Elastic Stack Helm charts
+> to the community and contributors. This repository will finally be archived
+> after 6 months time. Elastic Stacks deployed on Kubernetes through Helm charts
+> will still be fully supported under EOL limitations.
+>
+> Since we want to provide an even better experience for our customers by
+> running the Elastic Stack on Kubernetes, we will continue maintaining the
+> Helm charts applicable to ECK Custom Resources. These charts can be found in
+> the [ECK repository][eck-charts].
+>
+> Helm charts will currently be maintained for ECK Enterprise-tier customers,
+> however, we encourage the community to engage with the existing Helm charts
+> for the Elastic Stack and continue supporting their ongoing maintenance.
+>
+> See <https://github.com/elastic/helm-charts/issues/1731> for more details.
+
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+
+
+- [Requirements](#requirements)
+- [Installing](#installing)
+ - [Install a released version using the Helm repository](#install-a-released-version-using-the-helm-repository)
+ - [Install a development version using the main branch](#install-a-development-version-using-the-main-branch)
+- [Upgrading](#upgrading)
+- [Usage notes](#usage-notes)
+- [Configuration](#configuration)
+- [FAQ](#faq)
+ - [How to deploy this chart on a specific K8S distribution?](#how-to-deploy-this-chart-on-a-specific-k8s-distribution)
+ - [How to deploy dedicated nodes types?](#how-to-deploy-dedicated-nodes-types)
+ - [Coordinating nodes](#coordinating-nodes)
+ - [Clustering and Node Discovery](#clustering-and-node-discovery)
+ - [How to deploy clusters with security (authentication and TLS) enabled?](#how-to-deploy-clusters-with-security-authentication-and-tls-enabled)
+ - [How to migrate from helm/charts stable chart?](#how-to-migrate-from-helmcharts-stable-chart)
+ - [How to install plugins?](#how-to-install-plugins)
+ - [How to use the keystore?](#how-to-use-the-keystore)
+ - [Basic example](#basic-example)
+ - [Multiple keys](#multiple-keys)
+ - [Custom paths and keys](#custom-paths-and-keys)
+ - [How to enable snapshotting?](#how-to-enable-snapshotting)
+ - [How to configure templates post-deployment?](#how-to-configure-templates-post-deployment)
+- [Contributing](#contributing)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+<!-- Use this to update TOC: -->
+<!-- docker run --entrypoint doctoc --rm -it -v $(pwd):/usr/src jorgeandrada/doctoc README.md --github --no-title -->
+
+
+## Requirements
+
+* Minimum cluster requirements include the following to run this chart with
+default settings. All of these settings are configurable.
+ * Three Kubernetes nodes to respect the default "hard" affinity settings
+ * 1GB of RAM for the JVM heap
+
+See [supported configurations][] for more details.
+
+
+## Installing
+
+### Install a released version using the Helm repository
+
+* Add the Elastic Helm charts repo:
+`helm repo add elastic https://helm.elastic.co`
+
+* Install it: `helm install elasticsearch elastic/elasticsearch`
+
+### Install a development version using the main branch
+
+* Clone the git repo: `git clone git@github.com:elastic/helm-charts.git`
+
+* Install it: `helm install elasticsearch ./helm-charts/elasticsearch --set imageTag=8.5.1`
+
+## Upgrading
+
+Please always check [CHANGELOG.md][] and [BREAKING_CHANGES.md][] before
+upgrading to a new chart version.
+
+
+## Usage notes
+
+* This repo includes several [examples][] of configurations that can be used
+as a reference. They are also used in the automated testing of this chart.
+* Automated testing of this chart is currently only run against GKE (Google
+Kubernetes Engine).
+* The chart deploys a StatefulSet and by default will do an automated rolling
+update of your cluster. It does this by waiting for the cluster health to become
+green after each instance is updated. If you prefer to update manually you can
+set `OnDelete` [updateStrategy][].
+* It is important to verify that the JVM heap size in `esJavaOpts` and to set
+the CPU/Memory `resources` to something suitable for your cluster.
+* To simplify chart and maintenance each set of node groups is deployed as a
+separate Helm release. Take a look at the [multi][] example to get an idea for
+how this works. Without doing this it isn't possible to resize persistent
+volumes in a StatefulSet. By setting it up this way it makes it possible to add
+more nodes with a new storage size then drain the old ones. It also solves the
+problem of allowing the user to determine which node groups to update first when
+doing upgrades or changes.
+* We have designed this chart to be very un-opinionated about how to configure
+Elasticsearch. It exposes ways to set environment variables and mount secrets
+inside of the container. Doing this makes it much easier for this chart to
+support multiple versions with minimal changes.
+
+
+## Configuration
+
+| Parameter | Description | Default |
+|------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|
+| `antiAffinityTopologyKey` | The [anti-affinity][] topology key. By default this will prevent multiple Elasticsearch nodes from running on the same Kubernetes node | `kubernetes.io/hostname` |
+| `antiAffinity` | Setting this to hard enforces the [anti-affinity][] rules. If it is set to soft it will be done "best effort". Other values will be ignored | `hard` |
+| `clusterHealthCheckParams` | The [Elasticsearch cluster health status params][] that will be used by readiness [probe][] command | `wait_for_status=green&timeout=1s` |
+| `clusterName` | This will be used as the Elasticsearch [cluster.name][] and should be unique per cluster in the namespace | `elasticsearch` |
+| `createCert` | This will automatically create the SSL certificates | `true` |
+| `enableServiceLinks` | Set to false to disabling service links, which can cause slow pod startup times when there are many services in the current namespace. | `true` |
+| `envFrom` | Templatable string to be passed to the [environment from variables][] which will be appended to the `envFrom:` definition for the container | `[]` |
+| `esConfig` | Allows you to add any config files in `/usr/share/elasticsearch/config/` such as `elasticsearch.yml` and `log4j2.properties`. See [values.yaml][] for an example of the formatting | `{}` |
+| `esJavaOpts` | [Java options][] for Elasticsearch. This is where you could configure the [jvm heap size][] | `""` |
+| `esJvmOptions` | [Java options][] for Elasticsearch. Override the default JVM options by adding custom options files . See [values.yaml][] for an example of the formatting | `{}` |
+| `esMajorVersion` | Deprecated. Instead, use the version of the chart corresponding to your ES minor version. Used to set major version specific configuration. If you are using a custom image and not running the default Elasticsearch version you will need to set this to the version you are running (e.g. `esMajorVersion: 6`) | `""` |
+| `extraContainers` | Templatable string of additional `containers` to be passed to the `tpl` function | `""` |
+| `extraEnvs` | Extra [environment variables][] which will be appended to the `env:` definition for the container | `[]` |
+| `extraInitContainers` | Templatable string of additional `initContainers` to be passed to the `tpl` function | `""` |
+| `extraVolumeMounts` | Templatable string of additional `volumeMounts` to be passed to the `tpl` function | `""` |
+| `extraVolumes` | Templatable string of additional `volumes` to be passed to the `tpl` function | `""` |
+| `fullnameOverride` | Overrides the `clusterName` and `nodeGroup` when used in the naming of resources. This should only be used when using a single `nodeGroup`, otherwise you will have name conflicts | `""` |
+| `healthNameOverride` | Overrides `test-elasticsearch-health` pod name | `""` |
+| `hostAliases` | Configurable [hostAliases][] | `[]` |
+| `httpPort` | The http port that Kubernetes will use for the healthchecks and the service. If you change this you will also need to set [http.port][] in `extraEnvs` | `9200` |
+| `imagePullPolicy` | The Kubernetes [imagePullPolicy][] value | `IfNotPresent` |
+| `imagePullSecrets` | Configuration for [imagePullSecrets][] so that you can use a private registry for your image | `[]` |
+| `imageTag` | The Elasticsearch Docker image tag | `8.5.1` |
+| `image` | The Elasticsearch Docker image | `docker.elastic.co/elasticsearch/elasticsearch` |
+| `ingress` | Configurable [ingress][] to expose the Elasticsearch service. See [values.yaml][] for an example | see [values.yaml][] |
+| `initResources` | Allows you to set the [resources][] for the `initContainer` in the StatefulSet | `{}` |
+| `keystore` | Allows you map Kubernetes secrets into the keystore. See the [config example][] and [how to use the keystore][] | `[]` |
+| `labels` | Configurable [labels][] applied to all Elasticsearch pods | `{}` |
+| `lifecycle` | Allows you to add [lifecycle hooks][]. See [values.yaml][] for an example of the formatting | `{}` |
+| `masterService` | The service name used to connect to the masters. You only need to set this if your master `nodeGroup` is set to something other than `master`. See [Clustering and Node Discovery][] for more information | `""` |
+| `maxUnavailable` | The [maxUnavailable][] value for the pod disruption budget. By default this will prevent Kubernetes from having more than 1 unhealthy pod in the node group | `1` |
+| `minimumMasterNodes` | The value for [discovery.zen.minimum_master_nodes][]. Should be set to `(master_eligible_nodes / 2) + 1`. Ignored in Elasticsearch versions >= 7 | `2` |
+| `nameOverride` | Overrides the `clusterName` when used in the naming of resources | `""` |
+| `networkHost` | Value for the [network.host Elasticsearch setting][] | `0.0.0.0` |
+| `networkPolicy` | The [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) to set. See [`values.yaml`](./values.yaml) for an example | `{http.enabled: false,transport.enabled: false}` |
+| `nodeAffinity` | Value for the [node affinity settings][] | `{}` |
+| `nodeGroup` | This is the name that will be used for each group of nodes in the cluster. The name will be `clusterName-nodeGroup-X` , `nameOverride-nodeGroup-X` if a `nameOverride` is specified, and `fullnameOverride-X` if a `fullnameOverride` is specified | `master` |
+| `nodeSelector` | Configurable [nodeSelector][] so that you can target specific nodes for your Elasticsearch cluster | `{}` |
+| `persistence` | Enables a persistent volume for Elasticsearch data. Can be disabled for nodes that only have [roles][] which don't require persistent data | see [values.yaml][] |
+| `podAnnotations` | Configurable [annotations][] applied to all Elasticsearch pods | `{}` |
+| `podManagementPolicy` | By default Kubernetes [deploys StatefulSets serially][]. This deploys them in parallel so that they can discover each other | `Parallel` |
+| `podSecurityContext` | Allows you to set the [securityContext][] for the pod | see [values.yaml][] |
+| `podSecurityPolicy` | Configuration for create a pod security policy with minimal permissions to run this Helm chart with `create: true`. Also can be used to reference an external pod security policy with `name: "externalPodSecurityPolicy"` | see [values.yaml][] |
+| `priorityClassName` | The name of the [PriorityClass][]. No default is supplied as the PriorityClass must be created first | `""` |
+| `protocol` | The protocol that will be used for the readiness [probe][]. Change this to `https` if you have `xpack.security.http.ssl.enabled` set | `http` |
+| `rbac` | Configuration for creating a role, role binding and ServiceAccount as part of this Helm chart with `create: true`. Also can be used to reference an external ServiceAccount with `serviceAccountName: "externalServiceAccountName"`, or automount the service account token | see [values.yaml][] |
+| `readinessProbe` | Configuration fields for the readiness [probe][] | see [values.yaml][] |
+| `replicas` | Kubernetes replica count for the StatefulSet (i.e. how many pods) | `3` |
+| `resources` | Allows you to set the [resources][] for the StatefulSet | see [values.yaml][] |
+| `roles` | A list with the specific [roles][] for the `nodeGroup` | see [values.yaml][] |
+| `schedulerName` | Name of the [alternate scheduler][] | `""` |
+| `secret.enabled` | Enable Secret creation for Elasticsearch credentials | `true` |
+| `secret.password` | Initial password for the elastic user | `""` (generated randomly) |
+| `secretMounts` | Allows you easily mount a secret as a file inside the StatefulSet. Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` |
+| `securityContext` | Allows you to set the [securityContext][] for the container | see [values.yaml][] |
+| `service.annotations` | [LoadBalancer annotations][] that Kubernetes will use for the service. This will configure load balancer if `service.type` is `LoadBalancer` | `{}` |
+| `service.enabled` | Enable non-headless service | `true` |
+| `service.externalTrafficPolicy` | Some cloud providers allow you to specify the [LoadBalancer externalTrafficPolicy][]. Kubernetes will use this to preserve the client source IP. This will configure load balancer if `service.type` is `LoadBalancer` | `""` |
+| `service.httpPortName` | The name of the http port within the service | `http` |
+| `service.labelsHeadless` | Labels to be added to headless service | `{}` |
+| `service.labels` | Labels to be added to non-headless service | `{}` |
+| `service.loadBalancerIP` | Some cloud providers allow you to specify the [loadBalancer][] IP. If the `loadBalancerIP` field is not specified, the IP is dynamically assigned. If you specify a `loadBalancerIP` but your cloud provider does not support the feature, it is ignored. | `""` |
+| `service.loadBalancerSourceRanges` | The IP ranges that are allowed to access | `[]` |
+| `service.nodePort` | Custom [nodePort][] port that can be set if you are using `service.type: nodePort` | `""` |
+| `service.transportPortName` | The name of the transport port within the service | `transport` |
+| `service.publishNotReadyAddresses` | Consider that all endpoints are considered "ready" even if the Pods themselves are not | `false` |
+| `service.type` | Elasticsearch [Service Types][] | `ClusterIP` |
+| `sysctlInitContainer` | Allows you to disable the `sysctlInitContainer` if you are setting [sysctl vm.max_map_count][] with another method | `enabled: true` |
+| `sysctlVmMaxMapCount` | Sets the [sysctl vm.max_map_count][] needed for Elasticsearch | `262144` |
+| `terminationGracePeriod` | The [terminationGracePeriod][] in seconds used when trying to stop the pod | `120` |
+| `tests.enabled` | Enable creating test related resources when running `helm template` or `helm test` | `true` |
+| `tolerations` | Configurable [tolerations][] | `[]` |
+| `transportPort` | The transport port that Kubernetes will use for the service. If you change this you will also need to set [transport port configuration][] in `extraEnvs` | `9300` |
+| `updateStrategy` | The [updateStrategy][] for the StatefulSet. By default Kubernetes will wait for the cluster to be green after upgrading each pod. Setting this to `OnDelete` will allow you to manually delete each pod during upgrades | `RollingUpdate` |
+| `volumeClaimTemplate` | Configuration for the [volumeClaimTemplate for StatefulSets][]. You will want to adjust the storage (default `30Gi` ) and the `storageClassName` if you are using a different storage class | see [values.yaml][] |
+
+
+## FAQ
+
+### How to deploy this chart on a specific K8S distribution?
+
+This chart is designed to run on production scale Kubernetes clusters with
+multiple nodes, lots of memory and persistent storage. For that reason it can be
+a bit tricky to run them against local Kubernetes environments such as
+[Minikube][].
+
+This chart is highly tested with [GKE][], but some K8S distribution also
+requires specific configurations.
+
+We provide examples of configuration for the following K8S providers:
+
+- [Docker for Mac][]
+- [KIND][]
+- [Minikube][]
+- [MicroK8S][]
+- [OpenShift][]
+
+### How to deploy dedicated nodes types?
+
+All the Elasticsearch pods deployed share the same configuration. If you need to
+deploy dedicated [nodes types][] (for example dedicated master and data nodes),
+you can deploy multiple releases of this chart with different configurations
+while they share the same `clusterName` value.
+
+For each Helm release, the nodes types can then be defined using `roles` value.
+
+An example of Elasticsearch cluster using 2 different Helm releases for master,
+data and coordinating nodes can be found in [examples/multi][].
+
+#### Coordinating nodes
+
+Every node is implicitly a coordinating node. This means that a node that has an
+explicit empty list of roles will only act as a coordinating node.
+
+When deploying coordinating-only node with Elasticsearch chart, it is required
+to define the empty list of roles in both `roles` value and `node.roles`
+settings:
+
+```yaml
+roles: []
+
+esConfig:
+ elasticsearch.yml: |
+ node.roles: []
+```
+
+More details in [#1186 (comment)][]
+
+#### Clustering and Node Discovery
+
+This chart facilitates Elasticsearch node discovery and services by creating two
+`Service` definitions in Kubernetes, one with the name `$clusterName-$nodeGroup`
+and another named `$clusterName-$nodeGroup-headless`.
+Only `Ready` pods are a part of the `$clusterName-$nodeGroup` service, while all
+pods ( `Ready` or not) are a part of `$clusterName-$nodeGroup-headless`.
+
+If your group of master nodes has the default `nodeGroup: master` then you can
+just add new groups of nodes with a different `nodeGroup` and they will
+automatically discover the correct master. If your master nodes have a different
+`nodeGroup` name then you will need to set `masterService` to
+`$clusterName-$masterNodeGroup`.
+
+The chart value for `masterService` is used to populate
+`discovery.zen.ping.unicast.hosts` , which Elasticsearch nodes will use to
+contact master nodes and form a cluster.
+Therefore, to add a group of nodes to an existing cluster, setting
+`masterService` to the desired `Service` name of the related cluster is
+sufficient.
+
+### How to deploy clusters with security (authentication and TLS) enabled?
+
+This Helm chart can generate a [Kubernetes Secret][] or use an existing one to
+setup Elastic credentials.
+
+This Helm chart can use existing [Kubernetes Secret][] to setup Elastic
+certificates for example. These secrets should be created outside of this chart
+and accessed using [environment variables][] and volumes.
+
+This chart is setting TLS and creating a certificate by default, but you can also provide your own certs as a K8S secret. An example of configuration for providing existing certificates can be found in [examples/security][].
+
+### How to migrate from helm/charts stable chart?
+
+If you currently have a cluster deployed with the [helm/charts stable][] chart
+you can follow the [migration guide][].
+
+### How to install plugins?
+
+The recommended way to install plugins into our Docker images is to create a
+[custom Docker image][].
+
+The Dockerfile would look something like:
+
+```
+ARG elasticsearch_version
+FROM docker.elastic.co/elasticsearch/elasticsearch:${elasticsearch_version}
+
+RUN bin/elasticsearch-plugin install --batch repository-gcs
+```
+
+And then updating the `image` in values to point to your custom image.
+
+There are a couple reasons we recommend this.
+
+1. Tying the availability of Elasticsearch to the download service to install
+plugins is not a great idea or something that we recommend. Especially in
+Kubernetes where it is normal and expected for a container to be moved to
+another host at random times.
+2. Mutating the state of a running Docker image (by installing plugins) goes
+against best practices of containers and immutable infrastructure.
+
+### How to use the keystore?
+
+#### Basic example
+
+Create the secret, the key name needs to be the keystore key path. In this
+example we will create a secret from a file and from a literal string.
+
+```
+kubectl create secret generic encryption-key --from-file=xpack.watcher.encryption_key=./watcher_encryption_key
+kubectl create secret generic slack-hook --from-literal=xpack.notification.slack.account.monitoring.secure_url='https://hooks.slack.com/services/asdasdasd/asdasdas/asdasd'
+```
+
+To add these secrets to the keystore:
+
+```
+keystore:
+ - secretName: encryption-key
+ - secretName: slack-hook
+```
+
+#### Multiple keys
+
+All keys in the secret will be added to the keystore. To create the previous
+example in one secret you could also do:
+
+```
+kubectl create secret generic keystore-secrets --from-file=xpack.watcher.encryption_key=./watcher_encryption_key --from-literal=xpack.notification.slack.account.monitoring.secure_url='https://hooks.slack.com/services/asdasdasd/asdasdas/asdasd'
+```
+
+```
+keystore:
+ - secretName: keystore-secrets
+```
+
+#### Custom paths and keys
+
+If you are using these secrets for other applications (besides the Elasticsearch
+keystore) then it is also possible to specify the keystore path and which keys
+you want to add. Everything specified under each `keystore` item will be passed
+through to the `volumeMounts` section for mounting the [secret][]. In this
+example we will only add the `slack_hook` key from a secret that also has other
+keys. Our secret looks like this:
+
+```
+kubectl create secret generic slack-secrets --from-literal=slack_channel='#general' --from-literal=slack_hook='https://hooks.slack.com/services/asdasdasd/asdasdas/asdasd'
+```
+
+We only want to add the `slack_hook` key to the keystore at path
+`xpack.notification.slack.account.monitoring.secure_url`:
+
+```
+keystore:
+ - secretName: slack-secrets
+ items:
+ - key: slack_hook
+ path: xpack.notification.slack.account.monitoring.secure_url
+```
+
+You can also take a look at the [config example][] which is used as part of the
+automated testing pipeline.
+
+### How to enable snapshotting?
+
+1. Install your [snapshot plugin][] into a custom Docker image following the
+[how to install plugins guide][].
+2. Add any required secrets or credentials into an Elasticsearch keystore
+following the [how to use the keystore][] guide.
+3. Configure the [snapshot repository][] as you normally would.
+4. To automate snapshots you can use [Snapshot Lifecycle Management][] or a tool
+like [curator][].
+
+### How to configure templates post-deployment?
+
+You can use `postStart` [lifecycle hooks][] to run code triggered after a
+container is created.
+
+Here is an example of `postStart` hook to configure templates:
+
+```yaml
+lifecycle:
+ postStart:
+ exec:
+ command:
+ - bash
+ - -c
+ - |
+ #!/bin/bash
+ # Add a template to adjust number of shards/replicas
+ TEMPLATE_NAME=my_template
+ INDEX_PATTERN="logstash-*"
+ SHARD_COUNT=8
+ REPLICA_COUNT=1
+ ES_URL=http://localhost:9200
+ while [[ "$(curl -s -o /dev/null -w '%{http_code}\n' $ES_URL)" != "200" ]]; do sleep 1; done
+ curl -XPUT "$ES_URL/_template/$TEMPLATE_NAME" -H 'Content-Type: application/json' -d'{"index_patterns":['\""$INDEX_PATTERN"\"'],"settings":{"number_of_shards":'$SHARD_COUNT',"number_of_replicas":'$REPLICA_COUNT'}}'
+```
+
+
+## Contributing
+
+Please check [CONTRIBUTING.md][] before any contribution or for any questions
+about our development and testing process.
+
+[#1186 (comment)]: https://github.com/elastic/helm-charts/pull/1186#discussion_r631166442
+[alternate scheduler]: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/#specify-schedulers-for-pods
+[annotations]: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+[anti-affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+[BREAKING_CHANGES.md]: https://github.com/elastic/helm-charts/blob/main/BREAKING_CHANGES.md
+[CHANGELOG.md]: https://github.com/elastic/helm-charts/blob/main/CHANGELOG.md
+[cluster.name]: https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster.name.html
+[clustering and node discovery]: https://github.com/elastic/helm-charts/blob/main/elasticsearch/README.md#clustering-and-node-discovery
+[config example]: https://github.com/elastic/helm-charts/blob/main/elasticsearch/examples/config/values.yaml
+[CONTRIBUTING.md]: https://github.com/elastic/helm-charts/blob/main/CONTRIBUTING.md
+[curator]: https://www.elastic.co/guide/en/elasticsearch/client/curator/current/snapshot.html
+[custom docker image]: https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html#_c_customized_image
+[deploys statefulsets serially]: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
+[discovery.zen.minimum_master_nodes]: https://www.elastic.co/guide/en/elasticsearch/reference/current/discovery-settings.html#minimum_master_nodes
+[docker for mac]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/docker-for-mac
+[eck-charts]: https://github.com/elastic/cloud-on-k8s/tree/master/deploy
+[elastic cloud on kubernetes]: https://github.com/elastic/cloud-on-k8s
+[elasticsearch cluster health status params]: https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-health.html#request-params
+[elasticsearch docker image]: https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html
+[environment from variables]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables
+[environment variables]: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config
+[examples]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/
+[examples/multi]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/multi
+[examples/security]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/security
+[gke]: https://cloud.google.com/kubernetes-engine
+[helm]: https://helm.sh
+[helm/charts stable]: https://github.com/helm/charts/tree/master/stable/elasticsearch/
+[hostAliases]: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+[how to install plugins guide]: https://github.com/elastic/helm-charts/blob/main/elasticsearch/README.md#how-to-install-plugins
+[how to use the keystore]: https://github.com/elastic/helm-charts/blob/main/elasticsearch/README.md#how-to-use-the-keystore
+[http.port]: https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-http.html#_settings
+[imagePullPolicy]: https://kubernetes.io/docs/concepts/containers/images/#updating-images
+[imagePullSecrets]: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret
+[ingress]: https://kubernetes.io/docs/concepts/services-networking/ingress/
+[java options]: https://www.elastic.co/guide/en/elasticsearch/reference/current/jvm-options.html
+[jvm heap size]: https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html
+[kind]: https://github.com/elastic/helm-charts/tree/main//elasticsearch/examples/kubernetes-kind
+[labels]: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+[lifecycle hooks]: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+[loadBalancer annotations]: https://kubernetes.io/docs/concepts/services-networking/service/#ssl-support-on-aws
+[loadBalancer externalTrafficPolicy]: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+[loadBalancer]: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
+[maxUnavailable]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
+[microk8s]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/microk8s
+[migration guide]: https://github.com/elastic/helm-charts/blob/main/elasticsearch/examples/migration/README.md
+[minikube]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/minikube
+[multi]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/multi/
+[network.host elasticsearch setting]: https://www.elastic.co/guide/en/elasticsearch/reference/current/network.host.html
+[node affinity settings]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature
+[nodePort]: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport
+[nodes types]: https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html
+[nodeSelector]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+[openshift]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/openshift
+[priorityClass]: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
+[probe]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
+[resources]: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+[roles]: https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html
+[secret]: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets
+[securityContext]: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+[service types]: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+[snapshot lifecycle management]: https://www.elastic.co/guide/en/elasticsearch/reference/current/snapshot-lifecycle-management.html
+[snapshot plugin]: https://www.elastic.co/guide/en/elasticsearch/plugins/current/repository.html
+[snapshot repository]: https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-snapshots.html
+[supported configurations]: https://github.com/elastic/helm-charts/blob/main/README.md#supported-configurations
+[sysctl vm.max_map_count]: https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html#vm-max-map-count
+[terminationGracePeriod]: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
+[tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+[transport port configuration]: https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-transport.html#_transport_settings
+[updateStrategy]: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/
+[values.yaml]: https://github.com/elastic/helm-charts/blob/main/elasticsearch/values.yaml
+[volumeClaimTemplate for statefulsets]: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-storage
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/config/Makefile b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/config/Makefile
new file mode 100644
index 00000000..4216974b
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/config/Makefile
@@ -0,0 +1,36 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+default: test
+
+include ../../../helpers/examples.mk
+
+RELEASE := helm-es-config
+TIMEOUT := 1200s
+
+install:
+ helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../
+
+secrets:
+ kubectl delete secret elastic-config-credentials elastic-config-secret elastic-config-slack elastic-config-custom-path || true
+ kubectl create secret generic elastic-config-credentials --from-literal=password=changeme --from-literal=username=elastic
+ kubectl create secret generic elastic-config-slack --from-literal=xpack.notification.slack.account.monitoring.secure_url='https://hooks.slack.com/services/asdasdasd/asdasdas/asdasd'
+ kubectl create secret generic elastic-config-secret --from-file=xpack.watcher.encryption_key=./watcher_encryption_key
+ kubectl create secret generic elastic-config-custom-path --from-literal=slack_url='https://hooks.slack.com/services/asdasdasd/asdasdas/asdasd' --from-literal=thing_i_don_tcare_about=test
+
+test: secrets install goss
+
+purge:
+ helm del $(RELEASE)
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/config/README.md b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/config/README.md
new file mode 100644
index 00000000..76dd0451
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/config/README.md
@@ -0,0 +1,27 @@
+# Config
+
+This example deploy a single node Elasticsearch 8.5.1 with authentication and
+custom [values][].
+
+
+## Usage
+
+* Create the required secrets: `make secrets`
+
+* Deploy Elasticsearch chart with the default values: `make install`
+
+* You can now setup a port forward to query Elasticsearch API:
+
+ ```
+ kubectl port-forward svc/config-master 9200
+ curl -u elastic:changeme http://localhost:9200/_cat/indices
+ ```
+
+
+## Testing
+
+You can also run [goss integration tests][] using `make test`
+
+
+[goss integration tests]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/config/test/goss.yaml
+[values]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/config/values.yaml
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/config/test/goss.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/config/test/goss.yaml
new file mode 100644
index 00000000..9f2f5c58
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/config/test/goss.yaml
@@ -0,0 +1,46 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+http:
+ https://localhost:9200/_cluster/health:
+ status: 200
+ timeout: 2000
+ allow-insecure: true
+ username: elastic
+ password: "{{ .Env.ELASTIC_PASSWORD }}"
+ body:
+ - "green"
+ - '"number_of_nodes":1'
+ - '"number_of_data_nodes":1'
+
+ https://localhost:9200:
+ status: 200
+ timeout: 2000
+ username: elastic
+ allow-insecure: true
+ password: "{{ .Env.ELASTIC_PASSWORD }}"
+ body:
+ - '"cluster_name" : "config"'
+ - "You Know, for Search"
+
+command:
+ "elasticsearch-keystore list":
+ exit-status: 0
+ stdout:
+ - keystore.seed
+ - bootstrap.password
+ - xpack.notification.slack.account.monitoring.secure_url
+ - xpack.notification.slack.account.otheraccount.secure_url
+ - xpack.watcher.encryption_key
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/config/values.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/config/values.yaml
new file mode 100644
index 00000000..2790e661
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/config/values.yaml
@@ -0,0 +1,44 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+clusterName: "config"
+replicas: 1
+
+extraEnvs:
+ - name: ELASTIC_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: elastic-config-credentials
+ key: password
+
+# This is just a dummy file to make sure that
+# the keystore can be mounted at the same time
+# as a custom elasticsearch.yml
+esConfig:
+ elasticsearch.yml: |
+ xpack.security.enabled: true
+ path.data: /usr/share/elasticsearch/data
+
+keystore:
+ - secretName: elastic-config-secret
+ - secretName: elastic-config-slack
+ - secretName: elastic-config-custom-path
+ items:
+ - key: slack_url
+ path: xpack.notification.slack.account.otheraccount.secure_url
+
+secret:
+ enabled: false
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/config/watcher_encryption_key b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/config/watcher_encryption_key
new file mode 100644
index 00000000..4c18d6aa
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/config/watcher_encryption_key
@@ -0,0 +1,16 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+supersecret
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/default/Makefile b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/default/Makefile
new file mode 100644
index 00000000..58e6ab1b
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/default/Makefile
@@ -0,0 +1,29 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+default: test
+
+include ../../../helpers/examples.mk
+
+RELEASE := helm-es-default
+TIMEOUT := 1200s
+
+install:
+ helm upgrade --wait --timeout=$(TIMEOUT) --install $(RELEASE) ../../
+
+test: install goss
+
+purge:
+ helm del $(RELEASE)
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/default/README.md b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/default/README.md
new file mode 100644
index 00000000..6a82ee20
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/default/README.md
@@ -0,0 +1,25 @@
+# Default
+
+This example deploy a 3 nodes Elasticsearch 8.5.1 cluster using
+[default values][].
+
+
+## Usage
+
+* Deploy Elasticsearch chart with the default values: `make install`
+
+* You can now setup a port forward to query Elasticsearch API:
+
+ ```
+ kubectl port-forward svc/elasticsearch-master 9200
+ curl localhost:9200/_cat/indices
+ ```
+
+
+## Testing
+
+You can also run [goss integration tests][] using `make test`
+
+
+[goss integration tests]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/default/test/goss.yaml
+[default values]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/values.yaml
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/default/rolling_upgrade.sh b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/default/rolling_upgrade.sh
new file mode 100644
index 00000000..36509c46
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/default/rolling_upgrade.sh
@@ -0,0 +1,34 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#!/usr/bin/env bash -x
+
+kubectl proxy || true &
+
+make &
+PROC_ID=$!
+
+while kill -0 "$PROC_ID" >/dev/null 2>&1; do
+ echo "PROCESS IS RUNNING"
+ if curl --fail 'http://localhost:8001/api/v1/proxy/namespaces/default/services/elasticsearch-master:9200/_search' ; then
+ echo "cluster is healthy"
+ else
+ echo "cluster not healthy!"
+ exit 1
+ fi
+ sleep 1
+done
+echo "PROCESS TERMINATED"
+exit 0
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/default/test/goss.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/default/test/goss.yaml
new file mode 100644
index 00000000..1c0edea5
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/default/test/goss.yaml
@@ -0,0 +1,59 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+kernel-param:
+ vm.max_map_count:
+ value: "262144"
+
+http:
+ https://elasticsearch-master:9200/_cluster/health:
+ status: 200
+ timeout: 2000
+ username: elastic
+ allow-insecure: true
+ password: "{{ .Env.ELASTIC_PASSWORD }}"
+ body:
+ - "green"
+ - '"number_of_nodes":3'
+ - '"number_of_data_nodes":3'
+
+ https://localhost:9200:
+ status: 200
+ timeout: 2000
+ allow-insecure: true
+ username: elastic
+ password: "{{ .Env.ELASTIC_PASSWORD }}"
+ body:
+ - '"number" : "8.5.1"'
+ - '"cluster_name" : "elasticsearch"'
+ - "You Know, for Search"
+
+file:
+ /usr/share/elasticsearch/data:
+ exists: true
+ mode: "2775"
+ owner: root
+ group: elasticsearch
+ filetype: directory
+
+mount:
+ /usr/share/elasticsearch/data:
+ exists: true
+
+user:
+ elasticsearch:
+ exists: true
+ uid: 1000
+ gid: 1000
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/docker-for-mac/Makefile b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/docker-for-mac/Makefile
new file mode 100644
index 00000000..b29c59dd
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/docker-for-mac/Makefile
@@ -0,0 +1,28 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+default: test
+
+RELEASE := helm-es-docker-for-mac
+TIMEOUT := 1200s
+
+install:
+ helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../
+
+test: install
+ helm test $(RELEASE)
+
+purge:
+ helm del $(RELEASE)
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/docker-for-mac/README.md b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/docker-for-mac/README.md
new file mode 100644
index 00000000..3fec05d1
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/docker-for-mac/README.md
@@ -0,0 +1,23 @@
+# Docker for Mac
+
+This example deploy a 3 nodes Elasticsearch 8.5.1 cluster on [Docker for Mac][]
+using [custom values][].
+
+Note that this configuration should be used for test only and isn't recommended
+for production.
+
+
+## Usage
+
+* Deploy Elasticsearch chart with the default values: `make install`
+
+* You can now setup a port forward to query Elasticsearch API:
+
+ ```
+ kubectl port-forward svc/elasticsearch-master 9200
+ curl localhost:9200/_cat/indices
+ ```
+
+
+[custom values]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/docker-for-mac/values.yaml
+[docker for mac]: https://docs.docker.com/docker-for-mac/kubernetes/
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/docker-for-mac/values.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/docker-for-mac/values.yaml
new file mode 100644
index 00000000..6aecc93b
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/docker-for-mac/values.yaml
@@ -0,0 +1,38 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+# Permit co-located instances for solitary minikube virtual machines.
+antiAffinity: "soft"
+
+# Shrink default JVM heap.
+esJavaOpts: "-Xmx128m -Xms128m"
+
+# Allocate smaller chunks of memory per pod.
+resources:
+ requests:
+ cpu: "100m"
+ memory: "512M"
+ limits:
+ cpu: "1000m"
+ memory: "512M"
+
+# Request smaller persistent volumes.
+volumeClaimTemplate:
+ accessModes: [ "ReadWriteOnce" ]
+ storageClassName: "hostpath"
+ resources:
+ requests:
+ storage: 100M
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/kubernetes-kind/Makefile b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/kubernetes-kind/Makefile
new file mode 100644
index 00000000..e81476ea
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/kubernetes-kind/Makefile
@@ -0,0 +1,32 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+default: test
+
+RELEASE := helm-es-kind
+TIMEOUT := 1200s
+
+install:
+ helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../
+
+install-local-path:
+ kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/master/deploy/local-path-storage.yaml
+ helm upgrade --wait --timeout=$(TIMEOUT) --install --values values-local-path.yaml $(RELEASE) ../../
+
+test: install
+ helm test $(RELEASE)
+
+purge:
+ helm del $(RELEASE)
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/kubernetes-kind/README.md b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/kubernetes-kind/README.md
new file mode 100644
index 00000000..431cde3a
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/kubernetes-kind/README.md
@@ -0,0 +1,36 @@
+# KIND
+
+This example deploy a 3 nodes Elasticsearch 8.5.1 cluster on [Kind][]
+using [custom values][].
+
+Note that this configuration should be used for test only and isn't recommended
+for production.
+
+Note that Kind < 0.7.0 are affected by a [kind issue][] with mount points
+created from PVCs not writable by non-root users. [kubernetes-sigs/kind#1157][]
+fix it in Kind 0.7.0.
+
+The workaround for Kind < 0.7.0 is to install manually
+[Rancher Local Path Provisioner][] and use `local-path` storage class for
+Elasticsearch volumes (see [Makefile][] instructions).
+
+
+## Usage
+
+* For Kind >= 0.7.0: Deploy Elasticsearch chart with the default values: `make install`
+* For Kind < 0.7.0: Deploy Elasticsearch chart with `local-path` storage class: `make install-local-path`
+
+* You can now setup a port forward to query Elasticsearch API:
+
+ ```
+ kubectl port-forward svc/elasticsearch-master 9200
+ curl localhost:9200/_cat/indices
+ ```
+
+
+[custom values]: https://github.com/elastic/helm-charts/blob/main/elasticsearch/examples/kubernetes-kind/values.yaml
+[kind]: https://kind.sigs.k8s.io/
+[kind issue]: https://github.com/kubernetes-sigs/kind/issues/830
+[kubernetes-sigs/kind#1157]: https://github.com/kubernetes-sigs/kind/pull/1157
+[rancher local path provisioner]: https://github.com/rancher/local-path-provisioner
+[Makefile]: https://github.com/elastic/helm-charts/blob/main/elasticsearch/examples/kubernetes-kind/Makefile
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/kubernetes-kind/values-local-path.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/kubernetes-kind/values-local-path.yaml
new file mode 100644
index 00000000..d73ab22d
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/kubernetes-kind/values-local-path.yaml
@@ -0,0 +1,38 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+# Permit co-located instances for solitary minikube virtual machines.
+antiAffinity: "soft"
+
+# Shrink default JVM heap.
+esJavaOpts: "-Xmx128m -Xms128m"
+
+# Allocate smaller chunks of memory per pod.
+resources:
+ requests:
+ cpu: "100m"
+ memory: "512M"
+ limits:
+ cpu: "1000m"
+ memory: "512M"
+
+# Request smaller persistent volumes.
+volumeClaimTemplate:
+ accessModes: [ "ReadWriteOnce" ]
+ storageClassName: "local-path"
+ resources:
+ requests:
+ storage: 100M
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/kubernetes-kind/values.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/kubernetes-kind/values.yaml
new file mode 100644
index 00000000..d73ab22d
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/kubernetes-kind/values.yaml
@@ -0,0 +1,38 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+# Permit co-located instances for solitary minikube virtual machines.
+antiAffinity: "soft"
+
+# Shrink default JVM heap.
+esJavaOpts: "-Xmx128m -Xms128m"
+
+# Allocate smaller chunks of memory per pod.
+resources:
+ requests:
+ cpu: "100m"
+ memory: "512M"
+ limits:
+ cpu: "1000m"
+ memory: "512M"
+
+# Request smaller persistent volumes.
+volumeClaimTemplate:
+ accessModes: [ "ReadWriteOnce" ]
+ storageClassName: "local-path"
+ resources:
+ requests:
+ storage: 100M
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/microk8s/Makefile b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/microk8s/Makefile
new file mode 100644
index 00000000..fe24a712
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/microk8s/Makefile
@@ -0,0 +1,28 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+default: test
+
+RELEASE := helm-es-microk8s
+TIMEOUT := 1200s
+
+install:
+ helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../
+
+test: install
+ helm test $(RELEASE)
+
+purge:
+ helm del $(RELEASE)
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/microk8s/README.md b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/microk8s/README.md
new file mode 100644
index 00000000..db5d6588
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/microk8s/README.md
@@ -0,0 +1,32 @@
+# MicroK8S
+
+This example deploy a 3 nodes Elasticsearch 8.5.1 cluster on [MicroK8S][]
+using [custom values][].
+
+Note that this configuration should be used for test only and isn't recommended
+for production.
+
+
+## Requirements
+
+The following MicroK8S [addons][] need to be enabled:
+- `dns`
+- `helm`
+- `storage`
+
+
+## Usage
+
+* Deploy Elasticsearch chart with the default values: `make install`
+
+* You can now setup a port forward to query Elasticsearch API:
+
+ ```
+ kubectl port-forward svc/elasticsearch-master 9200
+ curl localhost:9200/_cat/indices
+ ```
+
+
+[addons]: https://microk8s.io/docs/addons
+[custom values]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/microk8s/values.yaml
+[MicroK8S]: https://microk8s.io
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/microk8s/values.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/microk8s/values.yaml
new file mode 100644
index 00000000..5fba3783
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/microk8s/values.yaml
@@ -0,0 +1,47 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+# Disable privileged init Container creation.
+sysctlInitContainer:
+ enabled: false
+
+# Restrict the use of the memory-mapping when sysctlInitContainer is disabled.
+esConfig:
+ elasticsearch.yml: |
+ node.store.allow_mmap: false
+
+# Permit co-located instances for solitary minikube virtual machines.
+antiAffinity: "soft"
+
+# Shrink default JVM heap.
+esJavaOpts: "-Xmx128m -Xms128m"
+
+# Allocate smaller chunks of memory per pod.
+resources:
+ requests:
+ cpu: "100m"
+ memory: "512M"
+ limits:
+ cpu: "1000m"
+ memory: "512M"
+
+# Request smaller persistent volumes.
+volumeClaimTemplate:
+ accessModes: [ "ReadWriteOnce" ]
+ storageClassName: "microk8s-hostpath"
+ resources:
+ requests:
+ storage: 100M
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/migration/Makefile b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/migration/Makefile
new file mode 100644
index 00000000..30d75e16
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/migration/Makefile
@@ -0,0 +1,25 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+PREFIX := helm-es-migration
+
+data:
+ helm upgrade --wait --timeout=$(TIMEOUT) --install --values data.yaml $(PREFIX)-data ../../
+
+master:
+ helm upgrade --wait --timeout=$(TIMEOUT) --install --values master.yaml $(PREFIX)-master ../../
+
+client:
+ helm upgrade --wait --timeout=$(TIMEOUT) --install --values client.yaml $(PREFIX)-client ../../
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/migration/README.md b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/migration/README.md
new file mode 100644
index 00000000..8124dca3
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/migration/README.md
@@ -0,0 +1,167 @@
+# Migration Guide from helm/charts
+
+There are two viable options for migrating from the community Elasticsearch Helm
+chart from the [helm/charts][] repo.
+
+1. Restoring from Snapshot to a fresh cluster
+2. Live migration by joining a new cluster to the existing cluster.
+
+## Restoring from Snapshot
+
+This is the recommended and preferred option. The downside is that it will
+involve a period of write downtime during the migration. If you have a way to
+temporarily stop writes to your cluster then this is the way to go. This is also
+a lot simpler as it just involves launching a fresh cluster and restoring a
+snapshot following the [restoring to a different cluster guide][].
+
+## Live migration
+
+If restoring from a snapshot is not possible due to the write downtime then a
+live migration is also possible. It is very important to first test this in a
+testing environment to make sure you are comfortable with the process and fully
+understand what is happening.
+
+This process will involve joining a new set of master, data and client nodes to
+an existing cluster that has been deployed using the [helm/charts][] community
+chart. Nodes will then be replaced one by one in a controlled fashion to
+decommission the old cluster.
+
+This example will be using the default values for the existing helm/charts
+release and for the Elastic helm-charts release. If you have changed any of the
+default values then you will need to first make sure that your values are
+configured in a compatible way before starting the migration.
+
+The process will involve a re-sync and a rolling restart of all of your data
+nodes. Therefore it is important to disable shard allocation and perform a synced
+flush like you normally would during any other rolling upgrade. See the
+[rolling upgrades guide][] for more information.
+
+* The default image for this chart is
+`docker.elastic.co/elasticsearch/elasticsearch` which contains the default
+distribution of Elasticsearch with a [basic license][]. Make sure to update the
+`image` and `imageTag` values to the correct Docker image and Elasticsearch
+version that you currently have deployed.
+
+* Convert your current helm/charts configuration into something that is
+compatible with this chart.
+
+* Take a fresh snapshot of your cluster. If something goes wrong you want to be
+able to restore your data no matter what.
+
+* Check that your clusters health is green. If not abort and make sure your
+cluster is healthy before continuing:
+
+ ```
+ curl localhost:9200/_cluster/health
+ ```
+
+* Deploy new data nodes which will join the existing cluster. Take a look at the
+configuration in [data.yaml][]:
+
+ ```
+ make data
+ ```
+
+* Check that the new nodes have joined the cluster (run this and any other curl
+commands from within one of your pods):
+
+ ```
+ curl localhost:9200/_cat/nodes
+ ```
+
+* Check that your cluster is still green. If so we can now start to scale down
+the existing data nodes. Assuming you have the default amount of data nodes (2)
+we now want to scale it down to 1:
+
+ ```
+ kubectl scale statefulsets my-release-elasticsearch-data --replicas=1
+ ```
+
+* Wait for your cluster to become green again:
+
+ ```
+ watch 'curl -s localhost:9200/_cluster/health'
+ ```
+
+* Once the cluster is green we can scale down again:
+
+ ```
+ kubectl scale statefulsets my-release-elasticsearch-data --replicas=0
+ ```
+
+* Wait for the cluster to be green again.
+* OK. We now have all data nodes running in the new cluster. Time to replace the
+masters by firstly scaling down the masters from 3 to 2. Between each step make
+sure to wait for the cluster to become green again, and check with
+`curl localhost:9200/_cat/nodes` that you see the correct amount of master
+nodes. During this process we will always make sure to keep at least 2 master
+nodes as to not lose quorum:
+
+ ```
+ kubectl scale statefulsets my-release-elasticsearch-master --replicas=2
+ ```
+
+* Now deploy a single new master so that we have 3 masters again. See
+[master.yaml][] for the configuration:
+
+ ```
+ make master
+ ```
+
+* Scale down old masters to 1:
+
+ ```
+ kubectl scale statefulsets my-release-elasticsearch-master --replicas=1
+ ```
+
+* Edit the masters in [masters.yaml][] to 2 and redeploy:
+
+ ```
+ make master
+ ```
+
+* Scale down the old masters to 0:
+
+ ```
+ kubectl scale statefulsets my-release-elasticsearch-master --replicas=0
+ ```
+
+* Edit the [masters.yaml][] to have 3 replicas and remove the
+`discovery.zen.ping.unicast.hosts` entry from `extraEnvs` then redeploy the
+masters. This will make sure all 3 masters are running in the new cluster and
+are pointing at each other for discovery:
+
+ ```
+ make master
+ ```
+
+* Remove the `discovery.zen.ping.unicast.hosts` entry from `extraEnvs` then
+redeploy the data nodes to make sure they are pointing at the new masters:
+
+ ```
+ make data
+ ```
+
+* Deploy the client nodes:
+
+ ```
+ make client
+ ```
+
+* Update any processes that are talking to the existing client nodes and point
+them to the new client nodes. Once this is done you can scale down the old
+client nodes:
+
+ ```
+ kubectl scale deployment my-release-elasticsearch-client --replicas=0
+ ```
+
+* The migration should now be complete. After verifying that everything is
+working correctly you can cleanup leftover resources from your old cluster.
+
+[basic license]: https://www.elastic.co/subscriptions
+[data.yaml]: https://github.com/elastic/helm-charts/blob/main/elasticsearch/examples/migration/data.yaml
+[helm/charts]: https://github.com/helm/charts/tree/master/stable/elasticsearch
+[master.yaml]: https://github.com/elastic/helm-charts/blob/main/elasticsearch/examples/migration/master.yaml
+[restoring to a different cluster guide]: https://www.elastic.co/guide/en/elasticsearch/reference/6.8/modules-snapshots.html#_restoring_to_a_different_cluster
+[rolling upgrades guide]: https://www.elastic.co/guide/en/elasticsearch/reference/6.8/rolling-upgrades.html
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/migration/client.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/migration/client.yaml
new file mode 100644
index 00000000..e0653225
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/migration/client.yaml
@@ -0,0 +1,34 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+replicas: 2
+
+clusterName: "elasticsearch"
+nodeGroup: "client"
+
+esMajorVersion: 6
+
+roles: []
+
+volumeClaimTemplate:
+ accessModes: ["ReadWriteOnce"]
+ storageClassName: "standard"
+ resources:
+ requests:
+ storage: 1Gi # Currently needed till pvcs are made optional
+
+persistence:
+ enabled: false
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/migration/data.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/migration/data.yaml
new file mode 100644
index 00000000..a0e99e2c
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/migration/data.yaml
@@ -0,0 +1,29 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+replicas: 2
+
+esMajorVersion: 6
+
+extraEnvs:
+ - name: discovery.zen.ping.unicast.hosts
+ value: "my-release-elasticsearch-discovery"
+
+clusterName: "elasticsearch"
+nodeGroup: "data"
+
+roles:
+ - data
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/migration/master.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/migration/master.yaml
new file mode 100644
index 00000000..c47a50f6
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/migration/master.yaml
@@ -0,0 +1,38 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+# Temporarily set to 3 so we can scale up/down the old a new cluster
+# one at a time whilst always keeping 3 masters running
+replicas: 1
+
+esMajorVersion: 6
+
+extraEnvs:
+ - name: discovery.zen.ping.unicast.hosts
+ value: "my-release-elasticsearch-discovery"
+
+clusterName: "elasticsearch"
+nodeGroup: "master"
+
+roles:
+ - master
+
+volumeClaimTemplate:
+ accessModes: ["ReadWriteOnce"]
+ storageClassName: "standard"
+ resources:
+ requests:
+ storage: 4Gi
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/minikube/Makefile b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/minikube/Makefile
new file mode 100644
index 00000000..f48dcfa7
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/minikube/Makefile
@@ -0,0 +1,28 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+default: test
+
+RELEASE := helm-es-minikube
+TIMEOUT := 1200s
+
+install:
+ helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../
+
+test: install
+ helm test $(RELEASE)
+
+purge:
+ helm del $(RELEASE)
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/minikube/README.md b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/minikube/README.md
new file mode 100644
index 00000000..5d7e6e2f
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/minikube/README.md
@@ -0,0 +1,38 @@
+# Minikube
+
+This example deploy a 3 nodes Elasticsearch 8.5.1 cluster on [Minikube][]
+using [custom values][].
+
+If helm or kubectl timeouts occur, you may consider creating a minikube VM with
+more CPU cores or memory allocated.
+
+Note that this configuration should be used for test only and isn't recommended
+for production.
+
+
+## Requirements
+
+In order to properly support the required persistent volume claims for the
+Elasticsearch StatefulSet, the `default-storageclass` and `storage-provisioner`
+minikube addons must be enabled.
+
+```
+minikube addons enable default-storageclass
+minikube addons enable storage-provisioner
+```
+
+
+## Usage
+
+* Deploy Elasticsearch chart with the default values: `make install`
+
+* You can now setup a port forward to query Elasticsearch API:
+
+ ```
+ kubectl port-forward svc/elasticsearch-master 9200
+ curl localhost:9200/_cat/indices
+ ```
+
+
+[custom values]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/minikube/values.yaml
+[minikube]: https://minikube.sigs.k8s.io/docs/
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/minikube/values.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/minikube/values.yaml
new file mode 100644
index 00000000..e83b8716
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/minikube/values.yaml
@@ -0,0 +1,38 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+# Permit co-located instances for solitary minikube virtual machines.
+antiAffinity: "soft"
+
+# Shrink default JVM heap.
+esJavaOpts: "-Xmx128m -Xms128m"
+
+# Allocate smaller chunks of memory per pod.
+resources:
+ requests:
+ cpu: "100m"
+ memory: "512M"
+ limits:
+ cpu: "1000m"
+ memory: "512M"
+
+# Request smaller persistent volumes.
+volumeClaimTemplate:
+ accessModes: [ "ReadWriteOnce" ]
+ storageClassName: "standard"
+ resources:
+ requests:
+ storage: 100M
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/multi/Makefile b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/multi/Makefile
new file mode 100644
index 00000000..d2ff31e5
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/multi/Makefile
@@ -0,0 +1,34 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+default: test
+
+include ../../../helpers/examples.mk
+
+PREFIX := helm-es-multi
+RELEASE := helm-es-multi-master
+TIMEOUT := 1200s
+
+install:
+ helm upgrade --wait --timeout=$(TIMEOUT) --install --values master.yaml $(PREFIX)-master ../../
+ helm upgrade --wait --timeout=$(TIMEOUT) --install --values data.yaml $(PREFIX)-data ../../
+ helm upgrade --wait --timeout=$(TIMEOUT) --install --values client.yaml $(PREFIX)-client ../../
+
+test: install goss
+
+purge:
+ helm del $(PREFIX)-master
+ helm del $(PREFIX)-data
+ helm del $(PREFIX)-client
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/multi/README.md b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/multi/README.md
new file mode 100644
index 00000000..bfc5e30f
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/multi/README.md
@@ -0,0 +1,29 @@
+# Multi
+
+This example deploy an Elasticsearch 8.5.1 cluster composed of 3 different Helm
+releases:
+
+- `helm-es-multi-master` for the 3 master nodes using [master values][]
+- `helm-es-multi-data` for the 3 data nodes using [data values][]
+- `helm-es-multi-client` for the 3 client nodes using [client values][]
+
+## Usage
+
+* Deploy the 3 Elasticsearch releases: `make install`
+
+* You can now setup a port forward to query Elasticsearch API:
+
+ ```
+ kubectl port-forward svc/multi-master 9200
+ curl -u elastic:changeme http://localhost:9200/_cat/indices
+ ```
+
+## Testing
+
+You can also run [goss integration tests][] using `make test`
+
+
+[client values]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/multi/client.yaml
+[data values]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/multi/data.yaml
+[goss integration tests]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/multi/test/goss.yaml
+[master values]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/multi/master.yaml
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/multi/client.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/multi/client.yaml
new file mode 100644
index 00000000..038573aa
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/multi/client.yaml
@@ -0,0 +1,65 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+clusterName: "multi"
+nodeGroup: "client"
+
+extraEnvs:
+ - name: ELASTIC_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: multi-master-credentials
+ key: password
+ - name: xpack.security.enabled
+ value: "true"
+ - name: xpack.security.transport.ssl.enabled
+ value: "true"
+ - name: xpack.security.http.ssl.enabled
+ value: "true"
+ - name: xpack.security.transport.ssl.verification_mode
+ value: "certificate"
+ - name: xpack.security.transport.ssl.key
+ value: "/usr/share/elasticsearch/config/certs/tls.key"
+ - name: xpack.security.transport.ssl.certificate
+ value: "/usr/share/elasticsearch/config/certs/tls.crt"
+ - name: xpack.security.transport.ssl.certificate_authorities
+ value: "/usr/share/elasticsearch/config/certs/ca.crt"
+ - name: xpack.security.http.ssl.key
+ value: "/usr/share/elasticsearch/config/certs/tls.key"
+ - name: xpack.security.http.ssl.certificate
+ value: "/usr/share/elasticsearch/config/certs/tls.crt"
+ - name: xpack.security.http.ssl.certificate_authorities
+ value: "/usr/share/elasticsearch/config/certs/ca.crt"
+
+roles: []
+
+persistence:
+ enabled: false
+
+# For client nodes, we also need to add an empty node.roles in elasticsearch.yml
+# This is due to https://github.com/elastic/helm-charts/pull/1186#discussion_r631225687
+esConfig:
+ elasticsearch.yml: |
+ node.roles: []
+
+secret:
+ enabled: false
+
+createCert: false
+secretMounts:
+ - name: elastic-certificates
+ secretName: multi-master-certs
+ path: /usr/share/elasticsearch/config/certs
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/multi/data.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/multi/data.yaml
new file mode 100644
index 00000000..96867970
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/multi/data.yaml
@@ -0,0 +1,63 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+clusterName: "multi"
+nodeGroup: "data"
+
+extraEnvs:
+ - name: ELASTIC_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: multi-master-credentials
+ key: password
+ - name: xpack.security.enabled
+ value: "true"
+ - name: xpack.security.transport.ssl.enabled
+ value: "true"
+ - name: xpack.security.http.ssl.enabled
+ value: "true"
+ - name: xpack.security.transport.ssl.verification_mode
+ value: "certificate"
+ - name: xpack.security.transport.ssl.key
+ value: "/usr/share/elasticsearch/config/certs/tls.key"
+ - name: xpack.security.transport.ssl.certificate
+ value: "/usr/share/elasticsearch/config/certs/tls.crt"
+ - name: xpack.security.transport.ssl.certificate_authorities
+ value: "/usr/share/elasticsearch/config/certs/ca.crt"
+ - name: xpack.security.http.ssl.key
+ value: "/usr/share/elasticsearch/config/certs/tls.key"
+ - name: xpack.security.http.ssl.certificate
+ value: "/usr/share/elasticsearch/config/certs/tls.crt"
+ - name: xpack.security.http.ssl.certificate_authorities
+ value: "/usr/share/elasticsearch/config/certs/ca.crt"
+
+roles:
+ - data
+ - data_content
+ - data_hot
+ - data_warm
+ - data_cold
+ - data_frozen
+ - ingest
+
+secret:
+ enabled: false
+
+createCert: false
+secretMounts:
+ - name: elastic-certificates
+ secretName: multi-master-certs
+ path: /usr/share/elasticsearch/config/certs
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/multi/master.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/multi/master.yaml
new file mode 100644
index 00000000..4666292e
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/multi/master.yaml
@@ -0,0 +1,21 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+clusterName: "multi"
+nodeGroup: "master"
+
+roles:
+ - master
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/multi/test/goss.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/multi/test/goss.yaml
new file mode 100644
index 00000000..93e60244
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/multi/test/goss.yaml
@@ -0,0 +1,27 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+http:
+ https://localhost:9200/_cluster/health:
+ status: 200
+ timeout: 2000
+ allow-insecure: true
+ username: elastic
+ password: "{{ .Env.ELASTIC_PASSWORD }}"
+ body:
+ - "green"
+ - '"cluster_name":"multi"'
+ - '"number_of_nodes":9'
+ - '"number_of_data_nodes":3'
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/networkpolicy/Makefile b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/networkpolicy/Makefile
new file mode 100644
index 00000000..651f4155
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/networkpolicy/Makefile
@@ -0,0 +1,29 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+default: test
+
+include ../../../helpers/examples.mk
+
+RELEASE := helm-es-networkpolicy
+TIMEOUT := 1200s
+
+install:
+ helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../
+
+test: install goss
+
+purge:
+ helm del $(RELEASE)
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/networkpolicy/values.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/networkpolicy/values.yaml
new file mode 100644
index 00000000..9561d6e7
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/networkpolicy/values.yaml
@@ -0,0 +1,52 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+networkPolicy:
+ http:
+ enabled: true
+ explicitNamespacesSelector:
+ # Accept from namespaces with all those different rules (from whitelisted Pods)
+ matchLabels:
+ role: frontend-http
+ matchExpressions:
+ - {key: role, operator: In, values: [frontend-http]}
+ additionalRules:
+ - podSelector:
+ matchLabels:
+ role: frontend-http
+ - podSelector:
+ matchExpressions:
+ - key: role
+ operator: In
+ values:
+ - frontend-http
+ transport:
+ enabled: true
+ allowExternal: true
+ explicitNamespacesSelector:
+ matchLabels:
+ role: frontend-transport
+ matchExpressions:
+ - {key: role, operator: In, values: [frontend-transport]}
+ additionalRules:
+ - podSelector:
+ matchLabels:
+ role: frontend-transport
+ - podSelector:
+ matchExpressions:
+ - key: role
+ operator: In
+ values:
+ - frontend-transport
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/openshift/Makefile b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/openshift/Makefile
new file mode 100644
index 00000000..b7caf0ce
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/openshift/Makefile
@@ -0,0 +1,28 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+default: test
+
+include ../../../helpers/examples.mk
+
+RELEASE := elasticsearch
+
+install:
+ helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../
+
+test: install goss
+
+purge:
+ helm del $(RELEASE)
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/openshift/README.md b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/openshift/README.md
new file mode 100644
index 00000000..22ccf72d
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/openshift/README.md
@@ -0,0 +1,24 @@
+# OpenShift
+
+This example deploy a 3 nodes Elasticsearch 8.5.1 cluster on [OpenShift][]
+using [custom values][].
+
+## Usage
+
+* Deploy Elasticsearch chart with the default values: `make install`
+
+* You can now setup a port forward to query Elasticsearch API:
+
+ ```
+ kubectl port-forward svc/elasticsearch-master 9200
+ curl localhost:9200/_cat/indices
+ ```
+
+## Testing
+
+You can also run [goss integration tests][] using `make test`
+
+
+[custom values]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/openshift/values.yaml
+[goss integration tests]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/openshift/test/goss.yaml
+[openshift]: https://www.openshift.com/
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/openshift/test/goss.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/openshift/test/goss.yaml
new file mode 100644
index 00000000..9af19e64
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/openshift/test/goss.yaml
@@ -0,0 +1,35 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+http:
+ https://localhost:9200/_cluster/health:
+ status: 200
+ timeout: 2000
+ username: elastic
+ password: "{{ .Env.ELASTIC_PASSWORD }}"
+ body:
+ - "green"
+ - '"number_of_nodes":3'
+ - '"number_of_data_nodes":3'
+
+ https://localhost:9200:
+ status: 200
+ timeout: 2000
+ username: elastic
+ password: "{{ .Env.ELASTIC_PASSWORD }}"
+ body:
+ - '"number" : "8.5.1"'
+ - '"cluster_name" : "elasticsearch"'
+ - "You Know, for Search"
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/openshift/values.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/openshift/values.yaml
new file mode 100644
index 00000000..518997c5
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/openshift/values.yaml
@@ -0,0 +1,26 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+
+securityContext:
+ runAsUser: null
+
+podSecurityContext:
+ fsGroup: null
+ runAsUser: null
+
+sysctlInitContainer:
+ enabled: false
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/security/Makefile b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/security/Makefile
new file mode 100644
index 00000000..48e2cdb6
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/security/Makefile
@@ -0,0 +1,51 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+default: test
+
+include ../../../helpers/examples.mk
+
+RELEASE := helm-es-security
+ELASTICSEARCH_IMAGE := docker.elastic.co/elasticsearch/elasticsearch:$(STACK_VERSION)
+TIMEOUT := 1200s
+
+install:
+ helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../
+
+test: secrets install goss
+
+purge:
+ kubectl delete secrets elastic-certificates elastic-certificate-pem elastic-certificate-crt|| true
+ helm del $(RELEASE)
+
+pull-elasticsearch-image:
+ docker pull $(ELASTICSEARCH_IMAGE)
+
+secrets:
+ docker rm -f elastic-helm-charts-certs || true
+ rm -f elastic-certificates.p12 elastic-certificate.pem elastic-certificate.crt elastic-stack-ca.p12 || true
+ docker run --name elastic-helm-charts-certs -i -w /tmp \
+ $(ELASTICSEARCH_IMAGE) \
+ /bin/sh -c " \
+ elasticsearch-certutil ca --out /tmp/elastic-stack-ca.p12 --pass '' && \
+ elasticsearch-certutil cert --name security-master --dns security-master --ca /tmp/elastic-stack-ca.p12 --pass '' --ca-pass '' --out /tmp/elastic-certificates.p12" && \
+ docker cp elastic-helm-charts-certs:/tmp/elastic-certificates.p12 ./ && \
+ docker rm -f elastic-helm-charts-certs && \
+ openssl pkcs12 -nodes -passin pass:'' -in elastic-certificates.p12 -out elastic-certificate.pem && \
+ openssl x509 -outform der -in elastic-certificate.pem -out elastic-certificate.crt && \
+ kubectl create secret generic elastic-certificates --from-file=elastic-certificates.p12 && \
+ kubectl create secret generic elastic-certificate-pem --from-file=elastic-certificate.pem && \
+ kubectl create secret generic elastic-certificate-crt --from-file=elastic-certificate.crt && \
+ rm -f elastic-certificates.p12 elastic-certificate.pem elastic-certificate.crt elastic-stack-ca.p12
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/security/README.md b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/security/README.md
new file mode 100644
index 00000000..328fefa7
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/security/README.md
@@ -0,0 +1,29 @@
+# Security
+
+This example deploy a 3 nodes Elasticsearch 8.5.1 with authentication and
+autogenerated certificates for TLS (see [values][]).
+
+Note that this configuration should be used for test only. For a production
+deployment you should generate SSL certificates following the [official docs][].
+
+## Usage
+
+* Create the required secrets: `make secrets`
+
+* Deploy Elasticsearch chart with the default values: `make install`
+
+* You can now setup a port forward to query Elasticsearch API:
+
+ ```
+ kubectl port-forward svc/security-master 9200
+ curl -u elastic:changeme https://localhost:9200/_cat/indices
+ ```
+
+## Testing
+
+You can also run [goss integration tests][] using `make test`
+
+
+[goss integration tests]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/security/test/goss.yaml
+[official docs]: https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-tls.html#node-certificates
+[values]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/security/values.yaml
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/security/test/goss.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/security/test/goss.yaml
new file mode 100644
index 00000000..5a13cef3
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/security/test/goss.yaml
@@ -0,0 +1,59 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+http:
+ https://security-master:9200/_cluster/health:
+ status: 200
+ timeout: 2000
+ allow-insecure: true
+ username: elastic
+ password: "{{ .Env.ELASTIC_PASSWORD }}"
+ body:
+ - "green"
+ - '"number_of_nodes":3'
+ - '"number_of_data_nodes":3'
+
+ https://localhost:9200/:
+ status: 200
+ timeout: 2000
+ allow-insecure: true
+ username: elastic
+ password: "{{ .Env.ELASTIC_PASSWORD }}"
+ body:
+ - '"cluster_name" : "security"'
+ - "You Know, for Search"
+
+ https://localhost:9200/_license:
+ status: 200
+ timeout: 2000
+ allow-insecure: true
+ username: elastic
+ password: "{{ .Env.ELASTIC_PASSWORD }}"
+ body:
+ - "active"
+ - "basic"
+
+file:
+ /usr/share/elasticsearch/config/elasticsearch.yml:
+ exists: true
+ contains:
+ - "xpack.security.enabled: true"
+ - "xpack.security.transport.ssl.enabled: true"
+ - "xpack.security.transport.ssl.verification_mode: certificate"
+ - "xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12"
+ - "xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12"
+ - "xpack.security.http.ssl.enabled: true"
+ - "xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12"
+ - "xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12"
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/security/values.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/security/values.yaml
new file mode 100644
index 00000000..ea08048a
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/security/values.yaml
@@ -0,0 +1,43 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+clusterName: "security"
+nodeGroup: "master"
+
+createCert: false
+
+roles:
+ - master
+ - ingest
+ - data
+
+protocol: https
+
+esConfig:
+ elasticsearch.yml: |
+ xpack.security.enabled: true
+ xpack.security.transport.ssl.enabled: true
+ xpack.security.transport.ssl.verification_mode: certificate
+ xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
+ xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
+ xpack.security.http.ssl.enabled: true
+ xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
+ xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
+
+secretMounts:
+ - name: elastic-certificates
+ secretName: elastic-certificates
+ path: /usr/share/elasticsearch/config/certs
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/upgrade/Makefile b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/upgrade/Makefile
new file mode 100644
index 00000000..5ff699cc
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/upgrade/Makefile
@@ -0,0 +1,34 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+default: test
+
+include ../../../helpers/examples.mk
+
+CHART := elasticsearch
+RELEASE := helm-es-upgrade
+FROM := 7.17.1 # upgrade from versions before 7.17.1 isn't compatible with 8.x
+
+install:
+ ../../../helpers/upgrade.sh --chart $(CHART) --release $(RELEASE) --from $(FROM)
+ # Rolling upgrade doesn't work when upgrading from clusters with security disabled.
+ # This is because nodes with security enabled can't join a cluster with security disabled.
+ # Every nodes need to be recreated at the same time so they can recreate a cluster with security enabled
+ kubectl delete pod --selector=app=upgrade-master
+
+test: install goss
+
+purge:
+ helm del $(RELEASE)
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/upgrade/README.md b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/upgrade/README.md
new file mode 100644
index 00000000..ab19df77
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/upgrade/README.md
@@ -0,0 +1,17 @@
+# Upgrade
+
+This example will deploy a 3 node Elasticsearch cluster chart using an old chart
+version, then upgrade it.
+
+
+## Usage
+
+* Deploy and upgrade Elasticsearch chart with the default values: `make install`
+
+
+## Testing
+
+You can also run [goss integration tests][] using `make test`.
+
+
+[goss integration tests]: https://github.com/elastic/helm-charts/tree/main/elasticsearch/examples/upgrade/test/goss.yaml
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/upgrade/test/goss.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/upgrade/test/goss.yaml
new file mode 100644
index 00000000..aca0bd73
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/upgrade/test/goss.yaml
@@ -0,0 +1,37 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+http:
+ https://localhost:9200/_cluster/health:
+ status: 200
+ username: elastic
+ password: "{{ .Env.ELASTIC_PASSWORD }}"
+ allow-insecure: true
+ timeout: 2000
+ body:
+ - "green"
+ - '"number_of_nodes":3'
+ - '"number_of_data_nodes":3'
+
+ https://localhost:9200:
+ status: 200
+ username: elastic
+ password: "{{ .Env.ELASTIC_PASSWORD }}"
+ allow-insecure: true
+ timeout: 2000
+ body:
+ - '"number" : "8.5.1"'
+ - '"cluster_name" : "upgrade"'
+ - "You Know, for Search"
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/upgrade/values.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/upgrade/values.yaml
new file mode 100644
index 00000000..f1daa024
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/examples/upgrade/values.yaml
@@ -0,0 +1,21 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+clusterName: upgrade
+# Rolling upgrade doesn't work when upgrading from clusters with security disabled.
+# This is because nodes with security enabled can't join a cluster with security disabled.
+# Every nodes need to be recreated at the same time so they can recreate a cluster with security enabled
+updateStrategy: OnDelete
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/NOTES.txt b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/NOTES.txt
new file mode 100644
index 00000000..752526f3
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/NOTES.txt
@@ -0,0 +1,8 @@
+1. Watch all cluster members come up.
+ $ kubectl get pods --namespace={{ .Release.Namespace }} -l app={{ template "elasticsearch.uname" . }} -w
+2. Retrieve elastic user's password.
+ $ kubectl get secrets --namespace={{ .Release.Namespace }} {{ template "elasticsearch.uname" . }}-credentials -ojsonpath='{.data.password}' | base64 -d
+{{- if .Values.tests.enabled }}
+3. Test cluster health using Helm test.
+ $ helm --namespace={{ .Release.Namespace }} test {{ .Release.Name }}
+{{- end -}}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/_helpers.tpl b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/_helpers.tpl
new file mode 100644
index 00000000..b47e2fed
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/_helpers.tpl
@@ -0,0 +1,97 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "elasticsearch.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "elasticsearch.fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "elasticsearch.uname" -}}
+{{- if empty .Values.fullnameOverride -}}
+{{- if empty .Values.nameOverride -}}
+{{ .Values.clusterName }}-{{ .Values.nodeGroup }}
+{{- else -}}
+{{ .Values.nameOverride }}-{{ .Values.nodeGroup }}
+{{- end -}}
+{{- else -}}
+{{ .Values.fullnameOverride }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Generate certificates when the secret doesn't exist
+*/}}
+{{- define "elasticsearch.gen-certs" -}}
+{{- $certs := lookup "v1" "Secret" .Release.Namespace ( printf "%s-certs" (include "elasticsearch.uname" . ) ) -}}
+{{- if $certs -}}
+tls.crt: {{ index $certs.data "tls.crt" }}
+tls.key: {{ index $certs.data "tls.key" }}
+ca.crt: {{ index $certs.data "ca.crt" }}
+{{- else -}}
+{{- $altNames := list ( include "elasticsearch.masterService" . ) ( printf "%s.%s" (include "elasticsearch.masterService" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "elasticsearch.masterService" .) .Release.Namespace ) -}}
+{{- $ca := genCA "elasticsearch-ca" 365 -}}
+{{- $cert := genSignedCert ( include "elasticsearch.masterService" . ) nil $altNames 365 $ca -}}
+tls.crt: {{ $cert.Cert | toString | b64enc }}
+tls.key: {{ $cert.Key | toString | b64enc }}
+ca.crt: {{ $ca.Cert | toString | b64enc }}
+{{- end -}}
+{{- end -}}
+
+{{- define "elasticsearch.masterService" -}}
+{{- if empty .Values.masterService -}}
+{{- if empty .Values.fullnameOverride -}}
+{{- if empty .Values.nameOverride -}}
+{{ .Values.clusterName }}-master
+{{- else -}}
+{{ .Values.nameOverride }}-master
+{{- end -}}
+{{- else -}}
+{{ .Values.fullnameOverride }}
+{{- end -}}
+{{- else -}}
+{{ .Values.masterService }}
+{{- end -}}
+{{- end -}}
+
+{{- define "elasticsearch.endpoints" -}}
+{{- $replicas := int (toString (.Values.replicas)) }}
+{{- $uname := (include "elasticsearch.uname" .) }}
+ {{- range $i, $e := untilStep 0 $replicas 1 -}}
+{{ $uname }}-{{ $i }},
+ {{- end -}}
+{{- end -}}
+
+{{- define "elasticsearch.roles" -}}
+{{- range $.Values.roles -}}
+{{ . }},
+{{- end -}}
+{{- end -}}
+
+{{- define "elasticsearch.esMajorVersion" -}}
+{{- if .Values.esMajorVersion -}}
+{{ .Values.esMajorVersion }}
+{{- else -}}
+{{- $version := int (index (.Values.imageTag | splitList ".") 0) -}}
+ {{- if and (contains "docker.elastic.co/elasticsearch/elasticsearch" .Values.image) (not (eq $version 0)) -}}
+{{ $version }}
+ {{- else -}}
+8
+ {{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Use the fullname if the serviceAccount value is not set
+*/}}
+{{- define "elasticsearch.serviceAccount" -}}
+{{- .Values.rbac.serviceAccountName | default (include "elasticsearch.uname" .) -}}
+{{- end -}}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/configmap.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/configmap.yaml
new file mode 100644
index 00000000..65a6d004
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/configmap.yaml
@@ -0,0 +1,48 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.esConfig }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "elasticsearch.uname" . }}-config
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: "{{ .Chart.Name }}"
+ app: "{{ template "elasticsearch.uname" . }}"
+data:
+{{- range $path, $config := .Values.esConfig }}
+ {{ $path }}: |
+{{ $config | indent 4 -}}
+{{- end -}}
+{{- end -}}
+{{- if .Values.esJvmOptions }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "elasticsearch.uname" . }}-jvm-options
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: "{{ .Chart.Name }}"
+ app: "{{ template "elasticsearch.uname" . }}"
+data:
+{{- range $path, $config := .Values.esJvmOptions }}
+ {{ $path }}: |
+{{ $config | indent 4 -}}
+{{- end -}}
+{{- end -}}
\ No newline at end of file
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/ingress.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/ingress.yaml
new file mode 100644
index 00000000..f5b7cc41
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/ingress.yaml
@@ -0,0 +1,79 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "elasticsearch.uname" . -}}
+{{- $httpPort := .Values.httpPort -}}
+{{- $pathtype := .Values.ingress.pathtype -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: {{ $fullName }}
+ labels:
+ app: {{ .Chart.Name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+{{- with .Values.ingress.annotations }}
+ annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+ {{- if .Values.ingress.className }}
+ ingressClassName: {{ .Values.ingress.className | quote }}
+ {{- end }}
+{{- if .Values.ingress.tls }}
+ tls:
+ {{- if .ingressPath }}
+ {{- range .Values.ingress.tls }}
+ - hosts:
+ {{- range .hosts }}
+ - {{ . }}
+ {{- end }}
+ secretName: {{ .secretName }}
+ {{- end }}
+{{- else }}
+{{ toYaml .Values.ingress.tls | indent 4 }}
+ {{- end }}
+{{- end}}
+ rules:
+ {{- range .Values.ingress.hosts }}
+ {{- if $ingressPath }}
+ - host: {{ . }}
+ http:
+ paths:
+ - path: {{ $ingressPath }}
+ pathType: {{ $pathtype }}
+ backend:
+ service:
+ name: {{ $fullName }}
+ port:
+ number: {{ $httpPort }}
+ {{- else }}
+ - host: {{ .host }}
+ http:
+ paths:
+ {{- range .paths }}
+ - path: {{ .path }}
+ pathType: {{ $pathtype }}
+ backend:
+ service:
+ name: {{ $fullName }}
+ port:
+ number: {{ .servicePort | default $httpPort }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/networkpolicy.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/networkpolicy.yaml
new file mode 100644
index 00000000..00853304
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/networkpolicy.yaml
@@ -0,0 +1,76 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if (or .Values.networkPolicy.http.enabled .Values.networkPolicy.transport.enabled) }}
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: {{ template "elasticsearch.uname" . }}
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: "{{ .Chart.Name }}"
+ app: "{{ template "elasticsearch.uname" . }}"
+spec:
+ podSelector:
+ matchLabels:
+ app: "{{ template "elasticsearch.uname" . }}"
+ ingress: # Allow inbound connections
+
+{{- if .Values.networkPolicy.http.enabled }}
+ # For HTTP access
+ - ports:
+ - port: {{ .Values.httpPort }}
+ from:
+ # From authorized Pods (having the correct label)
+ - podSelector:
+ matchLabels:
+ {{ template "elasticsearch.uname" . }}-http-client: "true"
+{{- with .Values.networkPolicy.http.explicitNamespacesSelector }}
+ # From authorized namespaces
+ namespaceSelector:
+{{ toYaml . | indent 12 }}
+{{- end }}
+{{- with .Values.networkPolicy.http.additionalRules }}
+ # Or from custom additional rules
+{{ toYaml . | indent 8 }}
+{{- end }}
+{{- end }}
+
+{{- if .Values.networkPolicy.transport.enabled }}
+ # For transport access
+ - ports:
+ - port: {{ .Values.transportPort }}
+ from:
+ # From authorized Pods (having the correct label)
+ - podSelector:
+ matchLabels:
+ {{ template "elasticsearch.uname" . }}-transport-client: "true"
+{{- with .Values.networkPolicy.transport.explicitNamespacesSelector }}
+ # From authorized namespaces
+ namespaceSelector:
+{{ toYaml . | indent 12 }}
+{{- end }}
+{{- with .Values.networkPolicy.transport.additionalRules }}
+ # Or from custom additional rules
+{{ toYaml . | indent 8 }}
+{{- end }}
+ # Or from other ElasticSearch Pods
+ - podSelector:
+ matchLabels:
+ app: "{{ template "elasticsearch.uname" . }}"
+{{- end }}
+
+{{- end }}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/poddisruptionbudget.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/poddisruptionbudget.yaml
new file mode 100644
index 00000000..429d59d7
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/poddisruptionbudget.yaml
@@ -0,0 +1,30 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.maxUnavailable }}
+{{- if .Capabilities.APIVersions.Has "policy/v1" -}}
+apiVersion: policy/v1
+{{- else}}
+apiVersion: policy/v1beta1
+{{- end }}
+kind: PodDisruptionBudget
+metadata:
+ name: "{{ template "elasticsearch.uname" . }}-pdb"
+spec:
+ maxUnavailable: {{ .Values.maxUnavailable }}
+ selector:
+ matchLabels:
+ app: "{{ template "elasticsearch.uname" . }}"
+{{- end }}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/podsecuritypolicy.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/podsecuritypolicy.yaml
new file mode 100644
index 00000000..ce26cee5
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/podsecuritypolicy.yaml
@@ -0,0 +1,29 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.podSecurityPolicy.create -}}
+{{- $fullName := include "elasticsearch.uname" . -}}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ default $fullName .Values.podSecurityPolicy.name | quote }}
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ app: {{ $fullName | quote }}
+spec:
+{{ toYaml .Values.podSecurityPolicy.spec | indent 2 }}
+{{- end -}}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/role.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/role.yaml
new file mode 100644
index 00000000..cacd2920
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/role.yaml
@@ -0,0 +1,40 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.rbac.create -}}
+{{- $fullName := include "elasticsearch.uname" . -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ $fullName | quote }}
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ app: {{ $fullName | quote }}
+rules:
+ - apiGroups:
+ - extensions
+ resources:
+ - podsecuritypolicies
+ resourceNames:
+ {{- if eq .Values.podSecurityPolicy.name "" }}
+ - {{ $fullName | quote }}
+ {{- else }}
+ - {{ .Values.podSecurityPolicy.name | quote }}
+ {{- end }}
+ verbs:
+ - use
+{{- end -}}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/rolebinding.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/rolebinding.yaml
new file mode 100644
index 00000000..13eb1b8b
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/rolebinding.yaml
@@ -0,0 +1,35 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.rbac.create -}}
+{{- $fullName := include "elasticsearch.uname" . -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ $fullName | quote }}
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ app: {{ $fullName | quote }}
+subjects:
+ - kind: ServiceAccount
+ name: "{{ template "elasticsearch.serviceAccount" . }}"
+ namespace: {{ .Release.Namespace | quote }}
+roleRef:
+ kind: Role
+ name: {{ $fullName | quote }}
+ apiGroup: rbac.authorization.k8s.io
+{{- end -}}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/secret-cert.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/secret-cert.yaml
new file mode 100644
index 00000000..04339a9f
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/secret-cert.yaml
@@ -0,0 +1,29 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.createCert }}
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/tls
+metadata:
+ name: {{ template "elasticsearch.uname" . }}-certs
+ labels:
+ app: {{ template "elasticsearch.uname" . }}
+ chart: "{{ .Chart.Name }}"
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+data:
+{{ ( include "elasticsearch.gen-certs" . ) | indent 2 }}
+{{- end }}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/secret.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/secret.yaml
new file mode 100644
index 00000000..649c127b
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/secret.yaml
@@ -0,0 +1,38 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.secret.enabled -}}
+{{- $passwordValue := (randAlphaNum 16) | b64enc | quote }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "elasticsearch.uname" . }}-credentials
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: "{{ .Chart.Name }}"
+ app: "{{ template "elasticsearch.uname" . }}"
+ {{- range $key, $value := .Values.labels }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+type: Opaque
+data:
+ username: {{ "elastic" | b64enc }}
+ {{- if .Values.secret.password }}
+ password: {{ .Values.secret.password | b64enc }}
+ {{- else }}
+ password: {{ $passwordValue }}
+ {{- end }}
+{{- end }}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/service.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/service.yaml
new file mode 100644
index 00000000..4cb66b56
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/service.yaml
@@ -0,0 +1,92 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.service.enabled -}}
+kind: Service
+apiVersion: v1
+metadata:
+{{- if eq .Values.nodeGroup "master" }}
+ name: {{ template "elasticsearch.masterService" . }}
+{{- else }}
+ name: {{ template "elasticsearch.uname" . }}
+{{- end }}
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: "{{ .Chart.Name }}"
+ app: "{{ template "elasticsearch.uname" . }}"
+{{- if .Values.service.labels }}
+{{ toYaml .Values.service.labels | indent 4}}
+{{- end }}
+ annotations:
+{{ toYaml .Values.service.annotations | indent 4 }}
+spec:
+ type: {{ .Values.service.type }}
+ selector:
+ release: {{ .Release.Name | quote }}
+ chart: "{{ .Chart.Name }}"
+ app: "{{ template "elasticsearch.uname" . }}"
+ publishNotReadyAddresses: {{ .Values.service.publishNotReadyAddresses }}
+ ports:
+ - name: {{ .Values.service.httpPortName | default "http" }}
+ protocol: TCP
+ port: {{ .Values.httpPort }}
+{{- if .Values.service.nodePort }}
+ nodePort: {{ .Values.service.nodePort }}
+{{- end }}
+ - name: {{ .Values.service.transportPortName | default "transport" }}
+ protocol: TCP
+ port: {{ .Values.transportPort }}
+{{- if .Values.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+{{- end }}
+{{- with .Values.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges:
+{{ toYaml . | indent 4 }}
+{{- end }}
+{{- if .Values.service.externalTrafficPolicy }}
+ externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
+{{- end }}
+{{- end }}
+---
+kind: Service
+apiVersion: v1
+metadata:
+{{- if eq .Values.nodeGroup "master" }}
+ name: {{ template "elasticsearch.masterService" . }}-headless
+{{- else }}
+ name: {{ template "elasticsearch.uname" . }}-headless
+{{- end }}
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: "{{ .Chart.Name }}"
+ app: "{{ template "elasticsearch.uname" . }}"
+{{- if .Values.service.labelsHeadless }}
+{{ toYaml .Values.service.labelsHeadless | indent 4 }}
+{{- end }}
+ annotations:
+ service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+spec:
+ clusterIP: None # This is needed for statefulset hostnames like elasticsearch-0 to resolve
+ # Create endpoints also if the related pod isn't ready
+ publishNotReadyAddresses: true
+ selector:
+ app: "{{ template "elasticsearch.uname" . }}"
+ ports:
+ - name: {{ .Values.service.httpPortName | default "http" }}
+ port: {{ .Values.httpPort }}
+ - name: {{ .Values.service.transportPortName | default "transport" }}
+ port: {{ .Values.transportPort }}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/serviceaccount.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/serviceaccount.yaml
new file mode 100644
index 00000000..1928ccfa
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/serviceaccount.yaml
@@ -0,0 +1,31 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.rbac.create -}}
+{{- $fullName := include "elasticsearch.uname" . -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: "{{ template "elasticsearch.serviceAccount" . }}"
+ annotations:
+ {{- with .Values.rbac.serviceAccountAnnotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ app: {{ $fullName | quote }}
+{{- end -}}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/statefulset.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/statefulset.yaml
new file mode 100644
index 00000000..47c8a98b
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/statefulset.yaml
@@ -0,0 +1,441 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: {{ template "elasticsearch.uname" . }}
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: "{{ .Chart.Name }}"
+ app: "{{ template "elasticsearch.uname" . }}"
+ {{- range $key, $value := .Values.labels }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ annotations:
+ esMajorVersion: "{{ include "elasticsearch.esMajorVersion" . }}"
+spec:
+ serviceName: {{ template "elasticsearch.uname" . }}-headless
+ selector:
+ matchLabels:
+ app: "{{ template "elasticsearch.uname" . }}"
+ replicas: {{ .Values.replicas }}
+ podManagementPolicy: {{ .Values.podManagementPolicy }}
+ updateStrategy:
+ type: {{ .Values.updateStrategy }}
+ {{- if .Values.persistence.enabled }}
+ volumeClaimTemplates:
+ - metadata:
+ name: {{ template "elasticsearch.uname" . }}
+ {{- if .Values.persistence.labels.enabled }}
+ labels:
+ release: {{ .Release.Name | quote }}
+ chart: "{{ .Chart.Name }}"
+ app: "{{ template "elasticsearch.uname" . }}"
+ {{- range $key, $value := .Values.labels }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.persistence.annotations }}
+ annotations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ spec:
+{{ toYaml .Values.volumeClaimTemplate | indent 6 }}
+ {{- end }}
+ template:
+ metadata:
+ name: "{{ template "elasticsearch.uname" . }}"
+ labels:
+ release: {{ .Release.Name | quote }}
+ chart: "{{ .Chart.Name }}"
+ app: "{{ template "elasticsearch.uname" . }}"
+ {{- range $key, $value := .Values.labels }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ annotations:
+ {{- range $key, $value := .Values.podAnnotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ {{/* This forces a restart if the configmap has changed */}}
+ {{- if or .Values.esConfig .Values.esJvmOptions }}
+ configchecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }}
+ {{- end }}
+ spec:
+ {{- if .Values.schedulerName }}
+ schedulerName: "{{ .Values.schedulerName }}"
+ {{- end }}
+ securityContext:
+{{ toYaml .Values.podSecurityContext | indent 8 }}
+ {{- if .Values.fsGroup }}
+ fsGroup: {{ .Values.fsGroup }} # Deprecated value, please use .Values.podSecurityContext.fsGroup
+ {{- end }}
+ {{- if or .Values.rbac.create .Values.rbac.serviceAccountName }}
+ serviceAccountName: "{{ template "elasticsearch.serviceAccount" . }}"
+ {{- end }}
+ automountServiceAccountToken: {{ .Values.rbac.automountToken }}
+ {{- with .Values.tolerations }}
+ tolerations:
+{{ toYaml . | indent 6 }}
+ {{- end }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- if or (eq .Values.antiAffinity "hard") (eq .Values.antiAffinity "soft") .Values.nodeAffinity }}
+ {{- if .Values.priorityClassName }}
+ priorityClassName: {{ .Values.priorityClassName }}
+ {{- end }}
+ affinity:
+ {{- end }}
+ {{- if eq .Values.antiAffinity "hard" }}
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchExpressions:
+ - key: app
+ operator: In
+ values:
+ - "{{ template "elasticsearch.uname" .}}"
+ topologyKey: {{ .Values.antiAffinityTopologyKey }}
+ {{- else if eq .Values.antiAffinity "soft" }}
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 1
+ podAffinityTerm:
+ topologyKey: {{ .Values.antiAffinityTopologyKey }}
+ labelSelector:
+ matchExpressions:
+ - key: app
+ operator: In
+ values:
+ - "{{ template "elasticsearch.uname" . }}"
+ {{- end }}
+ {{- with .Values.nodeAffinity }}
+ nodeAffinity:
+{{ toYaml . | indent 10 }}
+ {{- end }}
+ terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }}
+ volumes:
+ {{- range .Values.secretMounts }}
+ - name: {{ .name }}
+ secret:
+ secretName: {{ .secretName }}
+ {{- if .defaultMode }}
+ defaultMode: {{ .defaultMode }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.esConfig }}
+ - name: esconfig
+ configMap:
+ name: {{ template "elasticsearch.uname" . }}-config
+ {{- end }}
+ {{- if .Values.esJvmOptions }}
+ - name: esjvmoptions
+ configMap:
+ name: {{ template "elasticsearch.uname" . }}-jvm-options
+ {{- end }}
+ {{- if .Values.createCert }}
+ - name: elasticsearch-certs
+ secret:
+ secretName: {{ template "elasticsearch.uname" . }}-certs
+ {{- end }}
+{{- if .Values.keystore }}
+ - name: keystore
+ emptyDir: {}
+ {{- range .Values.keystore }}
+ - name: keystore-{{ .secretName }}
+ secret: {{ toYaml . | nindent 12 }}
+ {{- end }}
+{{ end }}
+ {{- if .Values.extraVolumes }}
+ # Currently some extra blocks accept strings
+ # to continue with backwards compatibility this is being kept
+ # whilst also allowing for yaml to be specified too.
+ {{- if eq "string" (printf "%T" .Values.extraVolumes) }}
+{{ tpl .Values.extraVolumes . | indent 8 }}
+ {{- else }}
+{{ toYaml .Values.extraVolumes | indent 8 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+ {{- end }}
+ enableServiceLinks: {{ .Values.enableServiceLinks }}
+ {{- if .Values.hostAliases }}
+ hostAliases: {{ toYaml .Values.hostAliases | nindent 8 }}
+ {{- end }}
+ {{- if or (.Values.extraInitContainers) (.Values.sysctlInitContainer.enabled) (.Values.keystore) }}
+ initContainers:
+ {{- if .Values.sysctlInitContainer.enabled }}
+ - name: configure-sysctl
+ securityContext:
+ runAsUser: 0
+ privileged: true
+ image: "{{ .Values.image }}:{{ .Values.imageTag }}"
+ imagePullPolicy: "{{ .Values.imagePullPolicy }}"
+ command: ["sysctl", "-w", "vm.max_map_count={{ .Values.sysctlVmMaxMapCount}}"]
+ resources:
+{{ toYaml .Values.initResources | indent 10 }}
+ {{- end }}
+{{ if .Values.keystore }}
+ - name: keystore
+ securityContext:
+{{ toYaml .Values.securityContext | indent 10 }}
+ image: "{{ .Values.image }}:{{ .Values.imageTag }}"
+ imagePullPolicy: "{{ .Values.imagePullPolicy }}"
+ command:
+ - bash
+ - -c
+ - |
+ set -euo pipefail
+
+ elasticsearch-keystore create
+
+ for i in /tmp/keystoreSecrets/*/*; do
+ key=$(basename $i)
+ echo "Adding file $i to keystore key $key"
+ elasticsearch-keystore add-file "$key" "$i"
+ done
+
+ # Add the bootstrap password since otherwise the Elasticsearch entrypoint tries to do this on startup
+ if [ ! -z ${ELASTIC_PASSWORD+x} ]; then
+ echo 'Adding env $ELASTIC_PASSWORD to keystore as key bootstrap.password'
+ echo "$ELASTIC_PASSWORD" | elasticsearch-keystore add -x bootstrap.password
+ fi
+
+ cp -a /usr/share/elasticsearch/config/elasticsearch.keystore /tmp/keystore/
+ env: {{ toYaml .Values.extraEnvs | nindent 10 }}
+ envFrom: {{ toYaml .Values.envFrom | nindent 10 }}
+ resources: {{ toYaml .Values.initResources | nindent 10 }}
+ volumeMounts:
+ - name: keystore
+ mountPath: /tmp/keystore
+ {{- range .Values.keystore }}
+ - name: keystore-{{ .secretName }}
+ mountPath: /tmp/keystoreSecrets/{{ .secretName }}
+ {{- end }}
+{{ end }}
+ {{- if .Values.extraInitContainers }}
+ # Currently some extra blocks accept strings
+ # to continue with backwards compatibility this is being kept
+ # whilst also allowing for yaml to be specified too.
+ {{- if eq "string" (printf "%T" .Values.extraInitContainers) }}
+{{ tpl .Values.extraInitContainers . | indent 6 }}
+ {{- else }}
+{{ toYaml .Values.extraInitContainers | indent 6 }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ containers:
+ - name: "{{ template "elasticsearch.name" . }}"
+ securityContext:
+{{ toYaml .Values.securityContext | indent 10 }}
+ image: "{{ .Values.image }}:{{ .Values.imageTag }}"
+ imagePullPolicy: "{{ .Values.imagePullPolicy }}"
+ readinessProbe:
+ exec:
+ command:
+ - bash
+ - -c
+ - |
+ set -e
+
+ # Exit if ELASTIC_PASSWORD in unset
+ if [ -z "${ELASTIC_PASSWORD}" ]; then
+ echo "ELASTIC_PASSWORD variable is missing, exiting"
+ exit 1
+ fi
+
+ # If the node is starting up wait for the cluster to be ready (request params: "{{ .Values.clusterHealthCheckParams }}" )
+ # Once it has started only check that the node itself is responding
+ START_FILE=/tmp/.es_start_file
+
+ # Disable nss cache to avoid filling dentry cache when calling curl
+ # This is required with Elasticsearch Docker using nss < 3.52
+ export NSS_SDB_USE_CACHE=no
+
+ http () {
+ local path="${1}"
+ local args="${2}"
+ set -- -XGET -s
+
+ if [ "$args" != "" ]; then
+ set -- "$@" $args
+ fi
+
+ set -- "$@" -u "elastic:${ELASTIC_PASSWORD}"
+
+ curl --output /dev/null -k "$@" "{{ .Values.protocol }}://127.0.0.1:{{ .Values.httpPort }}${path}"
+ }
+
+ if [ -f "${START_FILE}" ]; then
+ echo 'Elasticsearch is already running, lets check the node is healthy'
+ HTTP_CODE=$(http "/" "-w %{http_code}")
+ RC=$?
+ if [[ ${RC} -ne 0 ]]; then
+ echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} {{ .Values.protocol }}://127.0.0.1:{{ .Values.httpPort }}/ failed with RC ${RC}"
+ exit ${RC}
+ fi
+ # ready if HTTP code 200, 503 is tolerable if ES version is 6.x
+ if [[ ${HTTP_CODE} == "200" ]]; then
+ exit 0
+ elif [[ ${HTTP_CODE} == "503" && "{{ include "elasticsearch.esMajorVersion" . }}" == "6" ]]; then
+ exit 0
+ else
+ echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} {{ .Values.protocol }}://127.0.0.1:{{ .Values.httpPort }}/ failed with HTTP code ${HTTP_CODE}"
+ exit 1
+ fi
+
+ else
+ echo 'Waiting for elasticsearch cluster to become ready (request params: "{{ .Values.clusterHealthCheckParams }}" )'
+ if http "/_cluster/health?{{ .Values.clusterHealthCheckParams }}" "--fail" ; then
+ touch ${START_FILE}
+ exit 0
+ else
+ echo 'Cluster is not yet ready (request params: "{{ .Values.clusterHealthCheckParams }}" )'
+ exit 1
+ fi
+ fi
+{{ toYaml .Values.readinessProbe | indent 10 }}
+ ports:
+ - name: http
+ containerPort: {{ .Values.httpPort }}
+ - name: transport
+ containerPort: {{ .Values.transportPort }}
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ env:
+ - name: node.name
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ {{- if has "master" .Values.roles }}
+ - name: cluster.initial_master_nodes
+ value: "{{ template "elasticsearch.endpoints" . }}"
+ {{- end }}
+ {{- if gt (len (include "elasticsearch.roles" .)) 0 }}
+ - name: node.roles
+ value: "{{ template "elasticsearch.roles" . }}"
+ {{- end }}
+ {{- if lt (int (include "elasticsearch.esMajorVersion" .)) 7 }}
+ - name: discovery.zen.ping.unicast.hosts
+ value: "{{ template "elasticsearch.masterService" . }}-headless"
+ {{- else }}
+ - name: discovery.seed_hosts
+ value: "{{ template "elasticsearch.masterService" . }}-headless"
+ {{- end }}
+ - name: cluster.name
+ value: "{{ .Values.clusterName }}"
+ - name: network.host
+ value: "{{ .Values.networkHost }}"
+ {{- if .Values.secret.enabled }}
+ - name: ELASTIC_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "elasticsearch.uname" . }}-credentials
+ key: password
+ {{- end }}
+ {{- if .Values.esJavaOpts }}
+ - name: ES_JAVA_OPTS
+ value: "{{ .Values.esJavaOpts }}"
+ {{- end }}
+ {{- if .Values.createCert }}
+ - name: xpack.security.enabled
+ value: "true"
+ - name: xpack.security.transport.ssl.enabled
+ value: "true"
+ - name: xpack.security.http.ssl.enabled
+ value: "true"
+ - name: xpack.security.transport.ssl.verification_mode
+ value: "certificate"
+ - name: xpack.security.transport.ssl.key
+ value: "/usr/share/elasticsearch/config/certs/tls.key"
+ - name: xpack.security.transport.ssl.certificate
+ value: "/usr/share/elasticsearch/config/certs/tls.crt"
+ - name: xpack.security.transport.ssl.certificate_authorities
+ value: "/usr/share/elasticsearch/config/certs/ca.crt"
+ - name: xpack.security.http.ssl.key
+ value: "/usr/share/elasticsearch/config/certs/tls.key"
+ - name: xpack.security.http.ssl.certificate
+ value: "/usr/share/elasticsearch/config/certs/tls.crt"
+ - name: xpack.security.http.ssl.certificate_authorities
+ value: "/usr/share/elasticsearch/config/certs/ca.crt"
+ {{- end }}
+{{- if .Values.extraEnvs }}
+{{ toYaml .Values.extraEnvs | indent 10 }}
+{{- end }}
+{{- if .Values.envFrom }}
+ envFrom:
+{{ toYaml .Values.envFrom | indent 10 }}
+{{- end }}
+ volumeMounts:
+ {{- if .Values.persistence.enabled }}
+ - name: "{{ template "elasticsearch.uname" . }}"
+ mountPath: /usr/share/elasticsearch/data
+ {{- end }}
+ {{- if .Values.createCert }}
+ - name: elasticsearch-certs
+ mountPath: /usr/share/elasticsearch/config/certs
+ readOnly: true
+ {{- end }}
+{{ if .Values.keystore }}
+ - name: keystore
+ mountPath: /usr/share/elasticsearch/config/elasticsearch.keystore
+ subPath: elasticsearch.keystore
+{{ end }}
+ {{- range .Values.secretMounts }}
+ - name: {{ .name }}
+ mountPath: {{ .path }}
+ {{- if .subPath }}
+ subPath: {{ .subPath }}
+ {{- end }}
+ {{- end }}
+ {{- range $path, $config := .Values.esConfig }}
+ - name: esconfig
+ mountPath: /usr/share/elasticsearch/config/{{ $path }}
+ subPath: {{ $path }}
+ {{- end -}}
+ {{- range $path, $config := .Values.esJvmOptions }}
+ - name: esjvmoptions
+ mountPath: /usr/share/elasticsearch/config/jvm.options.d/{{ $path }}
+ subPath: {{ $path }}
+ {{- end -}}
+ {{- if .Values.extraVolumeMounts }}
+ # Currently some extra blocks accept strings
+ # to continue with backwards compatibility this is being kept
+ # whilst also allowing for yaml to be specified too.
+ {{- if eq "string" (printf "%T" .Values.extraVolumeMounts) }}
+{{ tpl .Values.extraVolumeMounts . | indent 10 }}
+ {{- else }}
+{{ toYaml .Values.extraVolumeMounts | indent 10 }}
+ {{- end }}
+ {{- end }}
+{{- if .Values.lifecycle }}
+ lifecycle:
+{{ toYaml .Values.lifecycle | indent 10 }}
+{{- end }}
+ {{- if .Values.extraContainers }}
+ # Currently some extra blocks accept strings
+ # to continue with backwards compatibility this is being kept
+ # whilst also allowing for yaml to be specified too.
+ {{- if eq "string" (printf "%T" .Values.extraContainers) }}
+{{ tpl .Values.extraContainers . | indent 6 }}
+ {{- else }}
+{{ toYaml .Values.extraContainers | indent 6 }}
+ {{- end }}
+ {{- end }}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/test/test-elasticsearch-health.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/test/test-elasticsearch-health.yaml
new file mode 100644
index 00000000..280f2393
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/templates/test/test-elasticsearch-health.yaml
@@ -0,0 +1,64 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.tests.enabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+{{- if .Values.healthNameOverride }}
+ name: {{ .Values.healthNameOverride | quote }}
+{{- else }}
+ name: "{{ .Release.Name }}-{{ randAlpha 5 | lower }}-test"
+{{- end }}
+ annotations:
+ "helm.sh/hook": test
+ "helm.sh/hook-delete-policy": hook-succeeded
+spec:
+ securityContext:
+{{ toYaml .Values.podSecurityContext | indent 4 }}
+ containers:
+{{- if .Values.healthNameOverride }}
+ - name: {{ .Values.healthNameOverride | quote }}
+{{- else }}
+ - name: "{{ .Release.Name }}-{{ randAlpha 5 | lower }}-test"
+{{- end }}
+ env:
+ - name: ELASTIC_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "elasticsearch.uname" . }}-credentials
+ key: password
+ image: "{{ .Values.image }}:{{ .Values.imageTag }}"
+ imagePullPolicy: "{{ .Values.imagePullPolicy }}"
+ command:
+ - "sh"
+ - "-c"
+ - |
+ #!/usr/bin/env bash -e
+ curl -XGET --fail --cacert /usr/share/elasticsearch/config/certs/tls.crt -u "elastic:${ELASTIC_PASSWORD}" https://'{{ template "elasticsearch.uname" . }}:{{ .Values.httpPort }}/_cluster/health?{{ .Values.clusterHealthCheckParams }}'
+ volumeMounts:
+ - name: elasticsearch-certs
+ mountPath: /usr/share/elasticsearch/config/certs
+ readOnly: true
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 4 }}
+ {{- end }}
+ restartPolicy: Never
+ volumes:
+ - name: elasticsearch-certs
+ secret:
+ secretName: {{ template "elasticsearch.uname" . }}-certs
+{{- end -}}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/values.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/values.yaml
new file mode 100644
index 00000000..2d9f5adb
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/elasticsearch/values.yaml
@@ -0,0 +1,370 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+clusterName: "elasticsearch"
+nodeGroup: "master"
+
+# The service that non master groups will try to connect to when joining the cluster
+# This should be set to clusterName + "-" + nodeGroup for your master group
+masterService: ""
+
+# Elasticsearch roles that will be applied to this nodeGroup
+# These will be set as environment variables. E.g. node.roles=master
+# https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html#node-roles
+roles:
+ - master
+ - data
+ - data_content
+ - data_hot
+ - data_warm
+ - data_cold
+ - ingest
+ - ml
+ - remote_cluster_client
+ - transform
+
+replicas: 1
+minimumMasterNodes: 2
+
+esMajorVersion: ""
+
+# Allows you to add any config files in /usr/share/elasticsearch/config/
+# such as elasticsearch.yml and log4j2.properties
+esConfig: {}
+# elasticsearch.yml: |
+# key:
+# nestedkey: value
+# log4j2.properties: |
+# key = value
+
+createCert: true
+
+esJvmOptions: {}
+# processors.options: |
+# -XX:ActiveProcessorCount=3
+
+# Extra environment variables to append to this nodeGroup
+# This will be appended to the current 'env:' key. You can use any of the kubernetes env
+# syntax here
+extraEnvs: []
+# - name: MY_ENVIRONMENT_VAR
+# value: the_value_goes_here
+
+# Allows you to load environment variables from kubernetes secret or config map
+envFrom: []
+# - secretRef:
+# name: env-secret
+# - configMapRef:
+# name: config-map
+
+# Disable it to use your own elastic-credential Secret.
+secret:
+ enabled: true
+ password: "" # generated randomly if not defined
+
+# A list of secrets and their paths to mount inside the pod
+# This is useful for mounting certificates for security and for mounting
+# the X-Pack license
+secretMounts: []
+# - name: elastic-certificates
+# secretName: elastic-certificates
+# path: /usr/share/elasticsearch/config/certs
+# defaultMode: 0755
+
+hostAliases: []
+#- ip: "127.0.0.1"
+# hostnames:
+# - "foo.local"
+# - "bar.local"
+
+image: "docker.elastic.co/elasticsearch/elasticsearch"
+imageTag: "8.5.1"
+imagePullPolicy: "IfNotPresent"
+
+podAnnotations: {}
+# iam.amazonaws.com/role: es-cluster
+
+# additionals labels
+labels: {}
+
+esJavaOpts: "" # example: "-Xmx1g -Xms1g"
+
+resources:
+ requests:
+ cpu: "1000m"
+ memory: "2Gi"
+ limits:
+ cpu: "1000m"
+ memory: "2Gi"
+
+initResources: {}
+# limits:
+# cpu: "25m"
+# # memory: "128Mi"
+# requests:
+# cpu: "25m"
+# memory: "128Mi"
+
+networkHost: "0.0.0.0"
+
+volumeClaimTemplate:
+ accessModes: ["ReadWriteOnce"]
+ resources:
+ requests:
+ storage: 30Gi
+
+rbac:
+ create: false
+ serviceAccountAnnotations: {}
+ serviceAccountName: ""
+ automountToken: true
+
+podSecurityPolicy:
+ create: false
+ name: ""
+ spec:
+ privileged: true
+ fsGroup:
+ rule: RunAsAny
+ runAsUser:
+ rule: RunAsAny
+ seLinux:
+ rule: RunAsAny
+ supplementalGroups:
+ rule: RunAsAny
+ volumes:
+ - secret
+ - configMap
+ - persistentVolumeClaim
+ - emptyDir
+
+persistence:
+ enabled: false
+ labels:
+ # Add default labels for the volumeClaimTemplate of the StatefulSet
+ enabled: false
+ annotations: {}
+
+extraVolumes: []
+# - name: extras
+# emptyDir: {}
+
+extraVolumeMounts: []
+# - name: extras
+# mountPath: /usr/share/extras
+# readOnly: true
+
+extraContainers: []
+# - name: do-something
+# image: busybox
+# command: ['do', 'something']
+
+extraInitContainers: []
+# - name: do-something
+# image: busybox
+# command: ['do', 'something']
+
+# This is the PriorityClass settings as defined in
+# https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
+priorityClassName: ""
+
+# By default this will make sure two pods don't end up on the same node
+# Changing this to a region would allow you to spread pods across regions
+antiAffinityTopologyKey: "kubernetes.io/hostname"
+
+# Hard means that by default pods will only be scheduled if there are enough nodes for them
+# and that they will never end up on the same node. Setting this to soft will do this "best effort"
+antiAffinity: "hard"
+
+# This is the node affinity settings as defined in
+# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature
+nodeAffinity: {}
+
+# The default is to deploy all pods serially. By setting this to parallel all pods are started at
+# the same time when bootstrapping the cluster
+podManagementPolicy: "Parallel"
+
+# The environment variables injected by service links are not used, but can lead to slow Elasticsearch boot times when
+# there are many services in the current namespace.
+# If you experience slow pod startups you probably want to set this to `false`.
+enableServiceLinks: true
+
+protocol: https
+httpPort: 9200
+transportPort: 9300
+
+service:
+ enabled: true
+ labels: {}
+ labelsHeadless: {}
+ type: ClusterIP
+ # Consider that all endpoints are considered "ready" even if the Pods themselves are not
+ # https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#ServiceSpec
+ publishNotReadyAddresses: false
+ nodePort: ""
+ annotations: {}
+ httpPortName: http
+ transportPortName: transport
+ loadBalancerIP: ""
+ loadBalancerSourceRanges: []
+ externalTrafficPolicy: ""
+
+updateStrategy: RollingUpdate
+
+# This is the max unavailable setting for the pod disruption budget
+# The default value of 1 will make sure that kubernetes won't allow more than 1
+# of your pods to be unavailable during maintenance
+maxUnavailable: 1
+
+podSecurityContext:
+ fsGroup: 1000
+ runAsUser: 1000
+
+securityContext:
+ capabilities:
+ drop:
+ - ALL
+ # readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 1000
+
+# How long to wait for elasticsearch to stop gracefully
+terminationGracePeriod: 120
+
+sysctlVmMaxMapCount: 262144
+
+readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 3
+ timeoutSeconds: 5
+
+# https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-health.html#request-params wait_for_status
+clusterHealthCheckParams: "wait_for_status=green&timeout=1s"
+
+## Use an alternate scheduler.
+## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+##
+schedulerName: ""
+
+imagePullSecrets: []
+nodeSelector: {}
+tolerations: []
+
+# Enabling this will publicly expose your Elasticsearch instance.
+# Only enable this if you have security enabled on your cluster
+ingress:
+ enabled: false
+ annotations: {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ className: "nginx"
+ pathtype: ImplementationSpecific
+ hosts:
+ - host: chart-example.local
+ paths:
+ - path: /
+ tls: []
+ # - secretName: chart-example-tls
+ # hosts:
+ # - chart-example.local
+
+nameOverride: ""
+fullnameOverride: ""
+healthNameOverride: ""
+
+lifecycle: {}
+# preStop:
+# exec:
+# command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
+# postStart:
+# exec:
+# command:
+# - bash
+# - -c
+# - |
+# #!/bin/bash
+# # Add a template to adjust number of shards/replicas
+# TEMPLATE_NAME=my_template
+# INDEX_PATTERN="logstash-*"
+# SHARD_COUNT=8
+# REPLICA_COUNT=1
+# ES_URL=http://localhost:9200
+# while [[ "$(curl -s -o /dev/null -w '%{http_code}\n' $ES_URL)" != "200" ]]; do sleep 1; done
+# curl -XPUT "$ES_URL/_template/$TEMPLATE_NAME" -H 'Content-Type: application/json' -d'{"index_patterns":['\""$INDEX_PATTERN"\"'],"settings":{"number_of_shards":'$SHARD_COUNT',"number_of_replicas":'$REPLICA_COUNT'}}'
+
+sysctlInitContainer:
+ enabled: true
+
+keystore: []
+
+networkPolicy:
+ ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now.
+ ## In order for a Pod to access Elasticsearch, it needs to have the following label:
+ ## {{ template "uname" . }}-client: "true"
+ ## Example for default configuration to access HTTP port:
+ ## elasticsearch-master-http-client: "true"
+ ## Example for default configuration to access transport port:
+ ## elasticsearch-master-transport-client: "true"
+
+ http:
+ enabled: false
+ ## if explicitNamespacesSelector is not set or set to {}, only client Pods being in the networkPolicy's namespace
+ ## and matching all criteria can reach the DB.
+ ## But sometimes, we want the Pods to be accessible to clients from other namespaces, in this case, we can use this
+ ## parameter to select these namespaces
+ ##
+ # explicitNamespacesSelector:
+ # # Accept from namespaces with all those different rules (only from whitelisted Pods)
+ # matchLabels:
+ # role: frontend
+ # matchExpressions:
+ # - {key: role, operator: In, values: [frontend]}
+
+ ## Additional NetworkPolicy Ingress "from" rules to set. Note that all rules are OR-ed.
+ ##
+ # additionalRules:
+ # - podSelector:
+ # matchLabels:
+ # role: frontend
+ # - podSelector:
+ # matchExpressions:
+ # - key: role
+ # operator: In
+ # values:
+ # - frontend
+
+ transport:
+ ## Note that all Elasticsearch Pods can talk to themselves using transport port even if enabled.
+ enabled: false
+ # explicitNamespacesSelector:
+ # matchLabels:
+ # role: frontend
+ # matchExpressions:
+ # - {key: role, operator: In, values: [frontend]}
+ # additionalRules:
+ # - podSelector:
+ # matchLabels:
+ # role: frontend
+ # - podSelector:
+ # matchExpressions:
+ # - key: role
+ # operator: In
+ # values:
+ # - frontend
+
+tests:
+ enabled: true
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/.helmignore b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/.helmignore
new file mode 100644
index 00000000..f0c13194
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/Chart.lock b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/Chart.lock
new file mode 100644
index 00000000..b7967a0a
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/Chart.lock
@@ -0,0 +1,21 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+- name: common
+ repository: https://charts.bitnami.com/bitnami
+ version: 2.2.3
+digest: sha256:2c7165542fc01b9e98b577cd8b1095d0ed8267d34b97b6e581a1176bfb8e4dcb
+generated: "2023-02-09T18:59:17.379982577Z"
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/Chart.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/Chart.yaml
new file mode 100644
index 00000000..be867706
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/Chart.yaml
@@ -0,0 +1,46 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+annotations:
+ category: Database
+ licenses: Apache-2.0
+apiVersion: v2
+appVersion: 15.2.0
+dependencies:
+- name: common
+ repository: https://charts.bitnami.com/bitnami
+ tags:
+ - bitnami-common
+ version: 2.x.x
+description: PostgreSQL (Postgres) is an open source object-relational database known
+ for reliability and data integrity. ACID-compliant, it supports foreign keys, joins,
+ views, triggers and stored procedures.
+home: https://github.com/bitnami/charts/tree/main/bitnami/postgresql
+icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-220x234.png
+keywords:
+- postgresql
+- postgres
+- database
+- sql
+- replication
+- cluster
+maintainers:
+- name: Bitnami
+ url: https://github.com/bitnami/charts
+name: postgresql
+sources:
+- https://github.com/bitnami/containers/tree/main/bitnami/postgresql
+- https://www.postgresql.org/
+version: 12.2.2
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/README.md b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/README.md
new file mode 100644
index 00000000..55048e98
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/README.md
@@ -0,0 +1,684 @@
+<!--- app-name: PostgreSQL -->
+
+# PostgreSQL packaged by Bitnami
+
+PostgreSQL (Postgres) is an open source object-relational database known for reliability and data integrity. ACID-compliant, it supports foreign keys, joins, views, triggers and stored procedures.
+
+[Overview of PostgreSQL](http://www.postgresql.org)
+
+Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
+
+## TL;DR
+
+```console
+helm repo add my-repo https://charts.bitnami.com/bitnami
+helm install my-release my-repo/postgresql
+```
+
+## Introduction
+
+This chart bootstraps a [PostgreSQL](https://github.com/bitnami/containers/tree/main/bitnami/postgresql) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+For HA, please see [this repo](https://github.com/bitnami/charts/tree/main/bitnami/postgresql-ha)
+
+Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
+
+## Prerequisites
+
+- Kubernetes 1.19+
+- Helm 3.2.0+
+- PV provisioner support in the underlying infrastructure
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm repo add my-repo https://charts.bitnami.com/bitnami
+helm install my-release my-repo/postgresql
+```
+
+The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
+
+> **Tip**: List all releases using `helm list`
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release
+```
+
+The command removes all the Kubernetes components but PVC's associated with the chart and deletes the release.
+
+To delete the PVC's associated with `my-release`:
+
+```console
+kubectl delete pvc -l release=my-release
+```
+
+> **Note**: Deleting the PVC's will delete postgresql data as well. Please be cautious before doing it.
+
+## Parameters
+
+### Global parameters
+
+| Name | Description | Value |
+| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----- |
+| `global.imageRegistry` | Global Docker image registry | `""` |
+| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
+| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
+| `global.postgresql.auth.postgresPassword` | Password for the "postgres" admin user (overrides `auth.postgresPassword`) | `""` |
+| `global.postgresql.auth.username` | Name for a custom user to create (overrides `auth.username`) | `""` |
+| `global.postgresql.auth.password` | Password for the custom user to create (overrides `auth.password`) | `""` |
+| `global.postgresql.auth.database` | Name for a custom database to create (overrides `auth.database`) | `""` |
+| `global.postgresql.auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials (overrides `auth.existingSecret`). | `""` |
+| `global.postgresql.auth.secretKeys.adminPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.adminPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set. | `""` |
+| `global.postgresql.auth.secretKeys.userPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.userPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set. | `""` |
+| `global.postgresql.auth.secretKeys.replicationPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.replicationPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set. | `""` |
+| `global.postgresql.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `""` |
+
+### Common parameters
+
+| Name | Description | Value |
+| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- |
+| `kubeVersion` | Override Kubernetes version | `""` |
+| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` |
+| `fullnameOverride` | String to fully override common.names.fullname template | `""` |
+| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` |
+| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `[]` |
+| `commonLabels` | Add labels to all the deployed resources | `{}` |
+| `commonAnnotations` | Add annotations to all the deployed resources | `{}` |
+| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` |
+| `diagnosticMode.command` | Command to override all containers in the statefulset | `["sleep"]` |
+| `diagnosticMode.args` | Args to override all containers in the statefulset | `["infinity"]` |
+
+### PostgreSQL common parameters
+
+| Name | Description | Value |
+| ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
+| `image.registry` | PostgreSQL image registry | `docker.io` |
+| `image.repository` | PostgreSQL image repository | `bitnami/postgresql` |
+| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.2.0-debian-11-r5` |
+| `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
+| `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` |
+| `image.pullSecrets` | Specify image pull secrets | `[]` |
+| `image.debug` | Specify if debug values should be set | `false` |
+| `auth.enablePostgresUser` | Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user | `true` |
+| `auth.postgresPassword` | Password for the "postgres" admin user. Ignored if `auth.existingSecret` is provided | `""` |
+| `auth.username` | Name for a custom user to create | `""` |
+| `auth.password` | Password for the custom user to create. Ignored if `auth.existingSecret` is provided | `""` |
+| `auth.database` | Name for a custom database to create | `""` |
+| `auth.replicationUsername` | Name of the replication user | `repl_user` |
+| `auth.replicationPassword` | Password for the replication user. Ignored if `auth.existingSecret` is provided | `""` |
+| `auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials. `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret. The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case. | `""` |
+| `auth.secretKeys.adminPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `postgres-password` |
+| `auth.secretKeys.userPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `password` |
+| `auth.secretKeys.replicationPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `replication-password` |
+| `auth.usePasswordFiles` | Mount credentials as a files instead of using an environment variable | `false` |
+| `architecture` | PostgreSQL architecture (`standalone` or `replication`) | `standalone` |
+| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` |
+| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `readReplicas.replicaCount`. | `0` |
+| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` |
+| `containerPorts.postgresql` | PostgreSQL container port | `5432` |
+| `audit.logHostname` | Log client hostnames | `false` |
+| `audit.logConnections` | Add client log-in operations to the log file | `false` |
+| `audit.logDisconnections` | Add client log-outs operations to the log file | `false` |
+| `audit.pgAuditLog` | Add operations to log using the pgAudit extension | `""` |
+| `audit.pgAuditLogCatalog` | Log catalog using pgAudit | `off` |
+| `audit.clientMinMessages` | Message log level to share with the user | `error` |
+| `audit.logLinePrefix` | Template for log line prefix (default if not set) | `""` |
+| `audit.logTimezone` | Timezone for the log timestamps | `""` |
+| `ldap.enabled` | Enable LDAP support | `false` |
+| `ldap.server` | IP address or name of the LDAP server. | `""` |
+| `ldap.port` | Port number on the LDAP server to connect to | `""` |
+| `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `""` |
+| `ldap.suffix` | String to append to the user name when forming the DN to bind | `""` |
+| `ldap.basedn` | Root DN to begin the search for the user in | `""` |
+| `ldap.binddn` | DN of user to bind to LDAP | `""` |
+| `ldap.bindpw` | Password for the user to bind to LDAP | `""` |
+| `ldap.searchAttribute` | Attribute to match against the user name in the search | `""` |
+| `ldap.searchFilter` | The search filter to use when doing search+bind authentication | `""` |
+| `ldap.scheme` | Set to `ldaps` to use LDAPS | `""` |
+| `ldap.tls.enabled` | Se to true to enable TLS encryption | `false` |
+| `ldap.uri` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn`. If provided, all the other LDAP parameters will be ignored. | `""` |
+| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql/data` |
+| `postgresqlSharedPreloadLibraries` | Shared preload libraries (comma-separated list) | `pgaudit` |
+| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for PostgreSQL pod(s) | `true` |
+| `shmVolume.sizeLimit` | Set this to enable a size limit on the shm tmpfs | `""` |
+| `tls.enabled` | Enable TLS traffic support | `false` |
+| `tls.autoGenerated` | Generate automatically self-signed TLS certificates | `false` |
+| `tls.preferServerCiphers` | Whether to use the server's TLS cipher preferences rather than the client's | `true` |
+| `tls.certificatesSecret` | Name of an existing secret that contains the certificates | `""` |
+| `tls.certFilename` | Certificate filename | `""` |
+| `tls.certKeyFilename` | Certificate key filename | `""` |
+| `tls.certCAFilename` | CA Certificate filename | `""` |
+| `tls.crlFilename` | File containing a Certificate Revocation List | `""` |
+
+### PostgreSQL Primary parameters
+
+| Name | Description | Value |
+| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------- |
+| `primary.name` | Name of the primary database (eg primary, master, leader, ...) | `primary` |
+| `primary.configuration` | PostgreSQL Primary main configuration to be injected as ConfigMap | `""` |
+| `primary.pgHbaConfiguration` | PostgreSQL Primary client authentication configuration | `""` |
+| `primary.existingConfigmap` | Name of an existing ConfigMap with PostgreSQL Primary configuration | `""` |
+| `primary.extendedConfiguration` | Extended PostgreSQL Primary configuration (appended to main or default configuration) | `""` |
+| `primary.existingExtendedConfigmap` | Name of an existing ConfigMap with PostgreSQL Primary extended configuration | `""` |
+| `primary.initdb.args` | PostgreSQL initdb extra arguments | `""` |
+| `primary.initdb.postgresqlWalDir` | Specify a custom location for the PostgreSQL transaction log | `""` |
+| `primary.initdb.scripts` | Dictionary of initdb scripts | `{}` |
+| `primary.initdb.scriptsConfigMap` | ConfigMap with scripts to be run at first boot | `""` |
+| `primary.initdb.scriptsSecret` | Secret with scripts to be run at first boot (in case it contains sensitive information) | `""` |
+| `primary.initdb.user` | Specify the PostgreSQL username to execute the initdb scripts | `""` |
+| `primary.initdb.password` | Specify the PostgreSQL password to execute the initdb scripts | `""` |
+| `primary.standby.enabled` | Whether to enable current cluster's primary as standby server of another cluster or not | `false` |
+| `primary.standby.primaryHost` | The Host of replication primary in the other cluster | `""` |
+| `primary.standby.primaryPort` | The Port of replication primary in the other cluster | `""` |
+| `primary.extraEnvVars` | Array with extra environment variables to add to PostgreSQL Primary nodes | `[]` |
+| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for PostgreSQL Primary nodes | `""` |
+| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for PostgreSQL Primary nodes | `""` |
+| `primary.command` | Override default container command (useful when using custom images) | `[]` |
+| `primary.args` | Override default container args (useful when using custom images) | `[]` |
+| `primary.livenessProbe.enabled` | Enable livenessProbe on PostgreSQL Primary containers | `true` |
+| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
+| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
+| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
+| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
+| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
+| `primary.readinessProbe.enabled` | Enable readinessProbe on PostgreSQL Primary containers | `true` |
+| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
+| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
+| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
+| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
+| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
+| `primary.startupProbe.enabled` | Enable startupProbe on PostgreSQL Primary containers | `false` |
+| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` |
+| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
+| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
+| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
+| `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
+| `primary.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
+| `primary.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
+| `primary.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
+| `primary.lifecycleHooks` | for the PostgreSQL Primary container to automate configuration before or after startup | `{}` |
+| `primary.resources.limits` | The resources limits for the PostgreSQL Primary containers | `{}` |
+| `primary.resources.requests.memory` | The requested memory for the PostgreSQL Primary containers | `256Mi` |
+| `primary.resources.requests.cpu` | The requested cpu for the PostgreSQL Primary containers | `250m` |
+| `primary.podSecurityContext.enabled` | Enable security context | `true` |
+| `primary.podSecurityContext.fsGroup` | Group ID for the pod | `1001` |
+| `primary.containerSecurityContext.enabled` | Enable container security context | `true` |
+| `primary.containerSecurityContext.runAsUser` | User ID for the container | `1001` |
+| `primary.hostAliases` | PostgreSQL primary pods host aliases | `[]` |
+| `primary.hostNetwork` | Specify if host network should be enabled for PostgreSQL pod (postgresql primary) | `false` |
+| `primary.hostIPC` | Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) | `false` |
+| `primary.labels` | Map of labels to add to the statefulset (postgresql primary) | `{}` |
+| `primary.annotations` | Annotations for PostgreSQL primary pods | `{}` |
+| `primary.podLabels` | Map of labels to add to the pods (postgresql primary) | `{}` |
+| `primary.podAnnotations` | Map of annotations to add to the pods (postgresql primary) | `{}` |
+| `primary.podAffinityPreset` | PostgreSQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `primary.podAntiAffinityPreset` | PostgreSQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
+| `primary.nodeAffinityPreset.type` | PostgreSQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `primary.nodeAffinityPreset.key` | PostgreSQL primary node label key to match Ignored if `primary.affinity` is set. | `""` |
+| `primary.nodeAffinityPreset.values` | PostgreSQL primary node label values to match. Ignored if `primary.affinity` is set. | `[]` |
+| `primary.affinity` | Affinity for PostgreSQL primary pods assignment | `{}` |
+| `primary.nodeSelector` | Node labels for PostgreSQL primary pods assignment | `{}` |
+| `primary.tolerations` | Tolerations for PostgreSQL primary pods assignment | `[]` |
+| `primary.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
+| `primary.priorityClassName` | Priority Class to use for each pod (postgresql primary) | `""` |
+| `primary.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
+| `primary.terminationGracePeriodSeconds` | Seconds PostgreSQL primary pod needs to terminate gracefully | `""` |
+| `primary.updateStrategy.type` | PostgreSQL Primary statefulset strategy type | `RollingUpdate` |
+| `primary.updateStrategy.rollingUpdate` | PostgreSQL Primary statefulset rolling update configuration parameters | `{}` |
+| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the PostgreSQL Primary container(s) | `[]` |
+| `primary.extraVolumes` | Optionally specify extra list of additional volumes for the PostgreSQL Primary pod(s) | `[]` |
+| `primary.sidecars` | Add additional sidecar containers to the PostgreSQL Primary pod(s) | `[]` |
+| `primary.initContainers` | Add additional init containers to the PostgreSQL Primary pod(s) | `[]` |
+| `primary.extraPodSpec` | Optionally specify extra PodSpec for the PostgreSQL Primary pod(s) | `{}` |
+| `primary.service.type` | Kubernetes Service type | `ClusterIP` |
+| `primary.service.ports.postgresql` | PostgreSQL service port | `5432` |
+| `primary.service.nodePorts.postgresql` | Node port for PostgreSQL | `""` |
+| `primary.service.clusterIP` | Static clusterIP or None for headless services | `""` |
+| `primary.service.annotations` | Annotations for PostgreSQL primary service | `{}` |
+| `primary.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` |
+| `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
+| `primary.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` |
+| `primary.service.extraPorts` | Extra ports to expose in the PostgreSQL primary service | `[]` |
+| `primary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
+| `primary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
+| `primary.service.headless.annotations` | Additional custom annotations for headless PostgreSQL primary service | `{}` |
+| `primary.persistence.enabled` | Enable PostgreSQL Primary data persistence using PVC | `true` |
+| `primary.persistence.existingClaim` | Name of an existing PVC to use | `""` |
+| `primary.persistence.mountPath` | The path the volume will be mounted at | `/bitnami/postgresql` |
+| `primary.persistence.subPath` | The subdirectory of the volume to mount to | `""` |
+| `primary.persistence.storageClass` | PVC Storage Class for PostgreSQL Primary data volume | `""` |
+| `primary.persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `["ReadWriteOnce"]` |
+| `primary.persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` |
+| `primary.persistence.annotations` | Annotations for the PVC | `{}` |
+| `primary.persistence.labels` | Labels for the PVC | `{}` |
+| `primary.persistence.selector` | Selector to match an existing Persistent Volume (this value is evaluated as a template) | `{}` |
+| `primary.persistence.dataSource` | Custom PVC data source | `{}` |
+
+### PostgreSQL read only replica parameters (only used when `architecture` is set to `replication`)
+
+| Name | Description | Value |
+| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------- |
+| `readReplicas.name` | Name of the read replicas database (eg secondary, slave, ...) | `read` |
+| `readReplicas.replicaCount` | Number of PostgreSQL read only replicas | `1` |
+| `readReplicas.extendedConfiguration` | Extended PostgreSQL read only replicas configuration (appended to main or default configuration) | `""` |
+| `readReplicas.extraEnvVars` | Array with extra environment variables to add to PostgreSQL read only nodes | `[]` |
+| `readReplicas.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for PostgreSQL read only nodes | `""` |
+| `readReplicas.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for PostgreSQL read only nodes | `""` |
+| `readReplicas.command` | Override default container command (useful when using custom images) | `[]` |
+| `readReplicas.args` | Override default container args (useful when using custom images) | `[]` |
+| `readReplicas.livenessProbe.enabled` | Enable livenessProbe on PostgreSQL read only containers | `true` |
+| `readReplicas.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
+| `readReplicas.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
+| `readReplicas.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
+| `readReplicas.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
+| `readReplicas.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
+| `readReplicas.readinessProbe.enabled` | Enable readinessProbe on PostgreSQL read only containers | `true` |
+| `readReplicas.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
+| `readReplicas.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
+| `readReplicas.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
+| `readReplicas.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
+| `readReplicas.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
+| `readReplicas.startupProbe.enabled` | Enable startupProbe on PostgreSQL read only containers | `false` |
+| `readReplicas.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` |
+| `readReplicas.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
+| `readReplicas.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
+| `readReplicas.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
+| `readReplicas.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
+| `readReplicas.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
+| `readReplicas.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
+| `readReplicas.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
+| `readReplicas.lifecycleHooks` | for the PostgreSQL read only container to automate configuration before or after startup | `{}` |
+| `readReplicas.resources.limits` | The resources limits for the PostgreSQL read only containers | `{}` |
+| `readReplicas.resources.requests.memory` | The requested memory for the PostgreSQL read only containers | `256Mi` |
+| `readReplicas.resources.requests.cpu` | The requested cpu for the PostgreSQL read only containers | `250m` |
+| `readReplicas.podSecurityContext.enabled` | Enable security context | `true` |
+| `readReplicas.podSecurityContext.fsGroup` | Group ID for the pod | `1001` |
+| `readReplicas.containerSecurityContext.enabled` | Enable container security context | `true` |
+| `readReplicas.containerSecurityContext.runAsUser` | User ID for the container | `1001` |
+| `readReplicas.hostAliases` | PostgreSQL read only pods host aliases | `[]` |
+| `readReplicas.hostNetwork` | Specify if host network should be enabled for PostgreSQL pod (PostgreSQL read only) | `false` |
+| `readReplicas.hostIPC` | Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) | `false` |
+| `readReplicas.labels` | Map of labels to add to the statefulset (PostgreSQL read only) | `{}` |
+| `readReplicas.annotations` | Annotations for PostgreSQL read only pods | `{}` |
+| `readReplicas.podLabels` | Map of labels to add to the pods (PostgreSQL read only) | `{}` |
+| `readReplicas.podAnnotations` | Map of annotations to add to the pods (PostgreSQL read only) | `{}` |
+| `readReplicas.podAffinityPreset` | PostgreSQL read only pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `readReplicas.podAntiAffinityPreset` | PostgreSQL read only pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
+| `readReplicas.nodeAffinityPreset.type` | PostgreSQL read only node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `readReplicas.nodeAffinityPreset.key` | PostgreSQL read only node label key to match Ignored if `primary.affinity` is set. | `""` |
+| `readReplicas.nodeAffinityPreset.values` | PostgreSQL read only node label values to match. Ignored if `primary.affinity` is set. | `[]` |
+| `readReplicas.affinity` | Affinity for PostgreSQL read only pods assignment | `{}` |
+| `readReplicas.nodeSelector` | Node labels for PostgreSQL read only pods assignment | `{}` |
+| `readReplicas.tolerations` | Tolerations for PostgreSQL read only pods assignment | `[]` |
+| `readReplicas.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
+| `readReplicas.priorityClassName` | Priority Class to use for each pod (PostgreSQL read only) | `""` |
+| `readReplicas.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
+| `readReplicas.terminationGracePeriodSeconds` | Seconds PostgreSQL read only pod needs to terminate gracefully | `""` |
+| `readReplicas.updateStrategy.type` | PostgreSQL read only statefulset strategy type | `RollingUpdate` |
+| `readReplicas.updateStrategy.rollingUpdate` | PostgreSQL read only statefulset rolling update configuration parameters | `{}` |
+| `readReplicas.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the PostgreSQL read only container(s) | `[]` |
+| `readReplicas.extraVolumes` | Optionally specify extra list of additional volumes for the PostgreSQL read only pod(s) | `[]` |
+| `readReplicas.sidecars` | Add additional sidecar containers to the PostgreSQL read only pod(s) | `[]` |
+| `readReplicas.initContainers` | Add additional init containers to the PostgreSQL read only pod(s) | `[]` |
+| `readReplicas.extraPodSpec` | Optionally specify extra PodSpec for the PostgreSQL read only pod(s) | `{}` |
+| `readReplicas.service.type` | Kubernetes Service type | `ClusterIP` |
+| `readReplicas.service.ports.postgresql` | PostgreSQL service port | `5432` |
+| `readReplicas.service.nodePorts.postgresql` | Node port for PostgreSQL | `""` |
+| `readReplicas.service.clusterIP` | Static clusterIP or None for headless services | `""` |
+| `readReplicas.service.annotations` | Annotations for PostgreSQL read only service | `{}` |
+| `readReplicas.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` |
+| `readReplicas.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
+| `readReplicas.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` |
+| `readReplicas.service.extraPorts` | Extra ports to expose in the PostgreSQL read only service | `[]` |
+| `readReplicas.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
+| `readReplicas.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
+| `readReplicas.service.headless.annotations` | Additional custom annotations for headless PostgreSQL read only service | `{}` |
+| `readReplicas.persistence.enabled` | Enable PostgreSQL read only data persistence using PVC | `true` |
+| `readReplicas.persistence.existingClaim` | Name of an existing PVC to use | `""` |
+| `readReplicas.persistence.mountPath` | The path the volume will be mounted at | `/bitnami/postgresql` |
+| `readReplicas.persistence.subPath` | The subdirectory of the volume to mount to | `""` |
+| `readReplicas.persistence.storageClass` | PVC Storage Class for PostgreSQL read only data volume | `""` |
+| `readReplicas.persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `["ReadWriteOnce"]` |
+| `readReplicas.persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` |
+| `readReplicas.persistence.annotations` | Annotations for the PVC | `{}` |
+| `readReplicas.persistence.labels` | Labels for the PVC | `{}` |
+| `readReplicas.persistence.selector` | Selector to match an existing Persistent Volume (this value is evaluated as a template) | `{}` |
+| `readReplicas.persistence.dataSource` | Custom PVC data source | `{}` |
+
+### NetworkPolicy parameters
+
+| Name | Description | Value |
+| ------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
+| `networkPolicy.enabled` | Enable network policies | `false` |
+| `networkPolicy.metrics.enabled` | Enable network policies for metrics (prometheus) | `false` |
+| `networkPolicy.metrics.namespaceSelector` | Monitoring namespace selector labels. These labels will be used to identify the prometheus' namespace. | `{}` |
+| `networkPolicy.metrics.podSelector` | Monitoring pod selector labels. These labels will be used to identify the Prometheus pods. | `{}` |
+| `networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled` | Enable ingress rule that makes PostgreSQL primary node only accessible from a particular origin. | `false` |
+| `networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector` | Namespace selector label that is allowed to access the PostgreSQL primary node. This label will be used to identified the allowed namespace(s). | `{}` |
+| `networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector` | Pods selector label that is allowed to access the PostgreSQL primary node. This label will be used to identified the allowed pod(s). | `{}` |
+| `networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules` | Custom network policy for the PostgreSQL primary node. | `{}` |
+| `networkPolicy.ingressRules.readReplicasAccessOnlyFrom.enabled` | Enable ingress rule that makes PostgreSQL read-only nodes only accessible from a particular origin. | `false` |
+| `networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector` | Namespace selector label that is allowed to access the PostgreSQL read-only nodes. This label will be used to identified the allowed namespace(s). | `{}` |
+| `networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector` | Pods selector label that is allowed to access the PostgreSQL read-only nodes. This label will be used to identified the allowed pod(s). | `{}` |
+| `networkPolicy.ingressRules.readReplicasAccessOnlyFrom.customRules` | Custom network policy for the PostgreSQL read-only nodes. | `{}` |
+| `networkPolicy.egressRules.denyConnectionsToExternal` | Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). | `false` |
+| `networkPolicy.egressRules.customRules` | Custom network policy rule | `{}` |
+
+### Volume Permissions parameters
+
+| Name | Description | Value |
+| ------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
+| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
+| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
+| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
+| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r90` |
+| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
+| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
+| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
+| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` |
+| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` |
+| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` |
+
+### Other Parameters
+
+| Name | Description | Value |
+| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
+| `serviceBindings.enabled` | Create secret for service binding (Experimental) | `false` |
+| `serviceAccount.create` | Enable creation of ServiceAccount for PostgreSQL pod | `false` |
+| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
+| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `true` |
+| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` |
+| `rbac.create` | Create Role and RoleBinding (required for PSP to work) | `false` |
+| `rbac.rules` | Custom RBAC rules to set | `[]` |
+| `psp.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` |
+
+### Metrics Parameters
+
+| Name | Description | Value |
+| ----------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | --------------------------- |
+| `metrics.enabled` | Start a prometheus exporter | `false` |
+| `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `docker.io` |
+| `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `bitnami/postgres-exporter` |
+| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.11.1-debian-11-r64` |
+| `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
+| `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` |
+| `metrics.image.pullSecrets` | Specify image pull secrets | `[]` |
+| `metrics.customMetrics` | Define additional custom metrics | `{}` |
+| `metrics.extraEnvVars` | Extra environment variables to add to PostgreSQL Prometheus exporter | `[]` |
+| `metrics.containerSecurityContext.enabled` | Enable PostgreSQL Prometheus exporter containers' Security Context | `true` |
+| `metrics.containerSecurityContext.runAsUser` | Set PostgreSQL Prometheus exporter containers' Security Context runAsUser | `1001` |
+| `metrics.containerSecurityContext.runAsNonRoot` | Set PostgreSQL Prometheus exporter containers' Security Context runAsNonRoot | `true` |
+| `metrics.livenessProbe.enabled` | Enable livenessProbe on PostgreSQL Prometheus exporter containers | `true` |
+| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
+| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
+| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
+| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
+| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
+| `metrics.readinessProbe.enabled` | Enable readinessProbe on PostgreSQL Prometheus exporter containers | `true` |
+| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
+| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
+| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
+| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
+| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
+| `metrics.startupProbe.enabled` | Enable startupProbe on PostgreSQL Prometheus exporter containers | `false` |
+| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
+| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
+| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
+| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
+| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
+| `metrics.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
+| `metrics.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
+| `metrics.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
+| `metrics.containerPorts.metrics` | PostgreSQL Prometheus exporter metrics container port | `9187` |
+| `metrics.resources.limits` | The resources limits for the PostgreSQL Prometheus exporter container | `{}` |
+| `metrics.resources.requests` | The requested resources for the PostgreSQL Prometheus exporter container | `{}` |
+| `metrics.service.ports.metrics` | PostgreSQL Prometheus Exporter service port | `9187` |
+| `metrics.service.clusterIP` | Static clusterIP or None for headless services | `""` |
+| `metrics.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
+| `metrics.service.annotations` | Annotations for Prometheus to auto-discover the metrics endpoint | `{}` |
+| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using Prometheus Operator | `false` |
+| `metrics.serviceMonitor.namespace` | Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) | `""` |
+| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` |
+| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
+| `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` |
+| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
+| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
+| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
+| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
+| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
+| `metrics.prometheusRule.enabled` | Create a PrometheusRule for Prometheus Operator | `false` |
+| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` |
+| `metrics.prometheusRule.labels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` |
+| `metrics.prometheusRule.rules` | PrometheusRule definitions | `[]` |
+
+
+```console
+helm install my-release \
+ --set auth.postgresPassword=secretpassword
+ my-repo/postgresql
+```
+
+The above command sets the PostgreSQL `postgres` account password to `secretpassword`.
+
+> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
+> **Warning** Setting a password will be ignored on new installation in case when previous Posgresql release was deleted through the helm command. In that case, old PVC will have an old password, and setting it through helm won't take effect. Deleting persistent volumes (PVs) will solve the issue. Refer to [issue 2061](https://github.com/bitnami/charts/issues/2061) for more details
+
+Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
+
+```console
+helm install my-release -f values.yaml my-repo/postgresql
+```
+
+> **Tip**: You can use the default [values.yaml](values.yaml)
+
+## Configuration and installation details
+
+### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/)
+
+It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
+
+Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
+
+### Customizing primary and read replica services in a replicated configuration
+
+At the top level, there is a service object which defines the services for both primary and readReplicas. For deeper customization, there are service objects for both the primary and read types individually. This allows you to override the values in the top level service object so that the primary and read can be of different service types and with different clusterIPs / nodePorts. Also in the case you want the primary and read to be of type nodePort, you will need to set the nodePorts t [...]
+
+### Use a different PostgreSQL version
+
+To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. Refer to the [chart documentation for more information on these parameters and how to use them with images from a private registry](https://docs.bitnami.com/kubernetes/infrastructure/postgresql/configuration/change-image-version/).
+
+### postgresql.conf / pg_hba.conf files as configMap
+
+This helm chart also supports to customize the PostgreSQL configuration file. You can add additional PostgreSQL configuration parameters using the `primary.extendedConfiguration`/`readReplicas.extendedConfiguration` parameters as a string. Alternatively, to replace the entire default configuration use `primary.configuration`.
+
+You can also add a custom pg_hba.conf using the `primary.pgHbaConfiguration` parameter.
+
+In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `primary.existingConfigmap` parameter. Note that this will override the two previous options.
+
+### Initialize a fresh instance
+
+The [Bitnami PostgreSQL](https://github.com/bitnami/containers/tree/main/bitnami/postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, you can specify custom scripts using the `primary.initdb.scripts` parameter as a string.
+
+In addition, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `primary.initdb.scriptsConfigMap` parameter. Note that this will override the two previous options. If your initialization scripts contain sensitive information such as credentials or passwords, you can use the `primary.initdb.scriptsSecret` parameter.
+
+The allowed extensions are `.sh`, `.sql` and `.sql.gz`.
+
+### Securing traffic using TLS
+
+TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the chart:
+
+- `tls.enabled`: Enable TLS support. Defaults to `false`
+- `tls.certificatesSecret`: Name of an existing secret that contains the certificates. No defaults.
+- `tls.certFilename`: Certificate filename. No defaults.
+- `tls.certKeyFilename`: Certificate key filename. No defaults.
+
+For example:
+
+- First, create the secret with the cetificates files:
+
+ ```console
+ kubectl create secret generic certificates-tls-secret --from-file=./cert.crt --from-file=./cert.key --from-file=./ca.crt
+ ```
+
+- Then, use the following parameters:
+
+ ```console
+ volumePermissions.enabled=true
+ tls.enabled=true
+ tls.certificatesSecret="certificates-tls-secret"
+ tls.certFilename="cert.crt"
+ tls.certKeyFilename="cert.key"
+ ```
+
+ > Note TLS and VolumePermissions: PostgreSQL requires certain permissions on sensitive files (such as certificate keys) to start up. Due to an on-going [issue](https://github.com/kubernetes/kubernetes/issues/57923) regarding kubernetes permissions and the use of `containerSecurityContext.runAsUser`, you must enable `volumePermissions` to ensure everything works as expected.
+
+### Sidecars
+
+If you need additional containers to run within the same pod as PostgreSQL (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec.
+
+```yaml
+# For the PostgreSQL primary
+primary:
+ sidecars:
+ - name: your-image-name
+ image: your-image
+ imagePullPolicy: Always
+ ports:
+ - name: portname
+ containerPort: 1234
+# For the PostgreSQL replicas
+readReplicas:
+ sidecars:
+ - name: your-image-name
+ image: your-image
+ imagePullPolicy: Always
+ ports:
+ - name: portname
+ containerPort: 1234
+```
+
+### Metrics
+
+The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml).
+
+The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details.
+
+### Use of global variables
+
+In more complex scenarios, we may have the following tree of dependencies
+
+```text
+ +--------------+
+ | |
+ +------------+ Chart 1 +-----------+
+ | | | |
+ | --------+------+ |
+ | | |
+ | | |
+ | | |
+ | | |
+ v v v
++-------+------+ +--------+------+ +--------+------+
+| | | | | |
+| PostgreSQL | | Sub-chart 1 | | Sub-chart 2 |
+| | | | | |
++--------------+ +---------------+ +---------------+
+```
+
+The three charts below depend on the parent chart Chart 1. However, subcharts 1 and 2 may need to connect to PostgreSQL as well. In order to do so, subcharts 1 and 2 need to know the PostgreSQL credentials, so one option for deploying could be deploy Chart 1 with the following parameters:
+
+```text
+postgresql.auth.username=testuser
+subchart1.postgresql.auth.username=testuser
+subchart2.postgresql.auth.username=testuser
+postgresql.auth.password=testpass
+subchart1.postgresql.auth.password=testpass
+subchart2.postgresql.auth.password=testpass
+postgresql.auth.database=testdb
+subchart1.postgresql.auth.database=testdb
+subchart2.postgresql.auth.database=testdb
+```
+
+If the number of dependent sub-charts increases, installing the chart with parameters can become increasingly difficult. An alternative would be to set the credentials using global variables as follows:
+
+```text
+global.postgresql.auth.username=testuser
+global.postgresql.auth.password=testpass
+global.postgresql.auth.database=testdb
+```
+
+This way, the credentials will be available in all of the subcharts.
+
+## Persistence
+
+The [Bitnami PostgreSQL](https://github.com/bitnami/containers/tree/main/bitnami/postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container.
+
+Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube.
+See the [Parameters](#parameters) section to configure the PVC or to disable persistence.
+
+If you already have data in it, you will fail to sync to standby nodes for all commits, details can refer to the [code present in the container repository](https://github.com/bitnami/containers/tree/main/bitnami/postgresql). If you need to use those data, please covert them to sql and import after `helm install` finished.
+
+## NetworkPolicy
+
+To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`.
+
+For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace:
+
+```console
+kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}"
+```
+
+With NetworkPolicy enabled, traffic will be limited to just port 5432.
+
+For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL.
+This label will be displayed in the output of a successful install.
+
+## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image
+
+- The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image.
+- The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift.
+- For OpenShift up to 4.10, let set the volume permissions, security context, runAsUser and fsGroup automatically by OpenShift and disable the predefined settings of the helm chart: primary.securityContext.enabled=false,primary.containerSecurityContext.enabled=false,volumePermissions.enabled=false,shmVolume.enabled=false
+- For OpenShift 4.11 and higher, let set OpenShift the runAsUser and fsGroup automatically. Configure the pod and container security context to restrictive defaults and disable the volume permissions setup: primary.
+ podSecurityContext.fsGroup=null,primary.podSecurityContext.seccompProfile.type=RuntimeDefault,primary.containerSecurityContext.runAsUser=null,primary.containerSecurityContext.allowPrivilegeEscalation=false,primary.containerSecurityContext.runAsNonRoot=true,primary.containerSecurityContext.seccompProfile.type=RuntimeDefault,primary.containerSecurityContext.capabilities.drop=['ALL'],volumePermissions.enabled=false,shmVolume.enabled=false
+
+### Setting Pod's affinity
+
+This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity).
+
+As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters.
+
+## Troubleshooting
+
+Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
+
+## Upgrading
+
+### To 12.0.0
+
+This major version changes the default PostgreSQL image from 14.x to 15.x. Follow the [official instructions](https://www.postgresql.org/docs/15/upgrading.html) to upgrade to 15.x.
+
+### To any previous version
+
+Refer to the [chart documentation for more information about how to upgrade from previous releases](https://docs.bitnami.com/kubernetes/infrastructure/postgresql/administration/upgrade/).
+
+## License
+
+Copyright © 2023 Bitnami
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+<http://www.apache.org/licenses/LICENSE-2.0>
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
\ No newline at end of file
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/.helmignore b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/.helmignore
new file mode 100644
index 00000000..50af0317
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/Chart.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/Chart.yaml
new file mode 100644
index 00000000..90540b84
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/Chart.yaml
@@ -0,0 +1,39 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+annotations:
+ category: Infrastructure
+ licenses: Apache-2.0
+apiVersion: v2
+appVersion: 2.2.3
+description: A Library Helm Chart for grouping common logic between bitnami charts.
+ This chart is not deployable by itself.
+home: https://github.com/bitnami/charts/tree/main/bitnami/common
+icon: https://bitnami.com/downloads/logos/bitnami-mark.png
+keywords:
+- common
+- helper
+- template
+- function
+- bitnami
+maintainers:
+- name: Bitnami
+ url: https://github.com/bitnami/charts
+name: common
+sources:
+- https://github.com/bitnami/charts
+- https://www.bitnami.com/
+type: library
+version: 2.2.3
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/README.md b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/README.md
new file mode 100644
index 00000000..8f3bda37
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/README.md
@@ -0,0 +1,351 @@
+# Bitnami Common Library Chart
+
+A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts.
+
+## TL;DR
+
+```yaml
+dependencies:
+ - name: common
+ version: 1.x.x
+ repository: https://charts.bitnami.com/bitnami
+```
+
+```console
+$ helm dependency update
+```
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.names.fullname" . }}
+data:
+ myvalue: "Hello World"
+```
+
+## Introduction
+
+This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager.
+
+Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
+
+## Prerequisites
+
+- Kubernetes 1.19+
+- Helm 3.2.0+
+
+## Parameters
+
+The following table lists the helpers available in the library which are scoped in different sections.
+
+### Affinities
+
+| Helper identifier | Description | Expected Input |
+|-------------------------------|------------------------------------------------------|------------------------------------------------|
+| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
+| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
+| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
+| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
+| `common.affinities.topologyKey` | Return a topologyKey definition | `dict "topologyKey" "FOO"` |
+
+### Capabilities
+
+| Helper identifier | Description | Expected Input |
+|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------|
+| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context |
+| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context |
+| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context |
+| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context |
+| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context |
+| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context |
+| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context |
+| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context |
+| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context |
+| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context |
+| `common.capabilities.hpa.apiVersion` | Return the appropriate apiVersion for Horizontal Pod Autoscaler | `.` Chart context |
+| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context |
+
+### Errors
+
+| Helper identifier | Description | Expected Input |
+|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------|
+| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` |
+
+### Images
+
+| Helper identifier | Description | Expected Input |
+|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------|
+| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. |
+| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` |
+| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` |
+
+### Ingress
+
+| Helper identifier | Description | Expected Input |
+|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences |
+| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context |
+| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context |
+| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` |
+
+### Labels
+
+| Helper identifier | Description | Expected Input |
+|-----------------------------|-----------------------------------------------------------------------------|-------------------|
+| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context |
+| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context |
+
+### Names
+
+| Helper identifier | Description | Expected Input |
+|-----------------------------------|-----------------------------------------------------------------------|-------------------|
+| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context |
+| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context |
+| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context |
+| `common.names.fullname.namespace` | Create a fully qualified app name adding the installation's namespace | `.` Chart context |
+| `common.names.chart` | Chart name plus version | `.` Chart context |
+
+### Secrets
+
+| Helper identifier | Description | Expected Input |
+|-----------------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. |
+| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. |
+| `common.secrets.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. |
+| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` |
+
+### Storage
+
+| Helper identifier | Description | Expected Input |
+|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------|
+| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. |
+
+### TplValues
+
+| Helper identifier | Description | Expected Input |
+|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` |
+
+### Utils
+
+| Helper identifier | Description | Expected Input |
+|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------|
+| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` |
+| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` |
+| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` |
+| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` |
+
+### Validations
+
+| Helper identifier | Description | Expected Input |
+|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) |
+| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) |
+| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. |
+| `common.validations.values.mysql.passwords` | This helper will ensure required password for MySQL are not empty. It returns a shared error for all the values. | `dict "secret" "mysql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mysql chart and the helper. |
+| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. |
+| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis® are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. |
+| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. |
+| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. |
+
+### Warnings
+
+| Helper identifier | Description | Expected Input |
+|------------------------------|----------------------------------|------------------------------------------------------------|
+| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. |
+
+## Special input schemas
+
+### ImageRoot
+
+```yaml
+registry:
+ type: string
+ description: Docker registry where the image is located
+ example: docker.io
+
+repository:
+ type: string
+ description: Repository and image name
+ example: bitnami/nginx
+
+tag:
+ type: string
+ description: image tag
+ example: 1.16.1-debian-10-r63
+
+pullPolicy:
+ type: string
+ description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+
+pullSecrets:
+ type: array
+ items:
+ type: string
+ description: Optionally specify an array of imagePullSecrets (evaluated as templates).
+
+debug:
+ type: boolean
+ description: Set to true if you would like to see extra information on logs
+ example: false
+
+## An instance would be:
+# registry: docker.io
+# repository: bitnami/nginx
+# tag: 1.16.1-debian-10-r63
+# pullPolicy: IfNotPresent
+# debug: false
+```
+
+### Persistence
+
+```yaml
+enabled:
+ type: boolean
+ description: Whether enable persistence.
+ example: true
+
+storageClass:
+ type: string
+ description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning.
+ example: "-"
+
+accessMode:
+ type: string
+ description: Access mode for the Persistent Volume Storage.
+ example: ReadWriteOnce
+
+size:
+ type: string
+ description: Size the Persistent Volume Storage.
+ example: 8Gi
+
+path:
+ type: string
+ description: Path to be persisted.
+ example: /bitnami
+
+## An instance would be:
+# enabled: true
+# storageClass: "-"
+# accessMode: ReadWriteOnce
+# size: 8Gi
+# path: /bitnami
+```
+
+### ExistingSecret
+
+```yaml
+name:
+ type: string
+ description: Name of the existing secret.
+ example: mySecret
+keyMapping:
+ description: Mapping between the expected key name and the name of the key in the existing secret.
+ type: object
+
+## An instance would be:
+# name: mySecret
+# keyMapping:
+# password: myPasswordKey
+```
+
+#### Example of use
+
+When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets.
+
+```yaml
+# templates/secret.yaml
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.names.fullname" . }}
+ labels:
+ app: {{ include "common.names.fullname" . }}
+type: Opaque
+data:
+ password: {{ .Values.password | b64enc | quote }}
+
+# templates/dpl.yaml
+---
+...
+ env:
+ - name: PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }}
+ key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }}
+...
+
+# values.yaml
+---
+name: mySecret
+keyMapping:
+ password: myPasswordKey
+```
+
+### ValidateValue
+
+#### NOTES.txt
+
+```console
+{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}}
+{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}}
+
+{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }}
+```
+
+If we force those values to be empty we will see some alerts
+
+```console
+$ helm install test mychart --set path.to.value00="",path.to.value01=""
+ 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value:
+
+ export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d)
+
+ 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value:
+
+ export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d)
+```
+
+## Upgrading
+
+### To 1.0.0
+
+[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
+
+**What changes were introduced in this major version?**
+
+- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
+- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information.
+- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
+
+**Considerations when upgrading to this version**
+
+- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues
+- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore
+- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3
+
+**Useful links**
+
+- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/
+- https://helm.sh/docs/topics/v2_v3_migration/
+- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/
+
+## License
+
+Copyright © 2023 Bitnami
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_affinities.tpl b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_affinities.tpl
new file mode 100644
index 00000000..81902a68
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_affinities.tpl
@@ -0,0 +1,106 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Return a soft nodeAffinity definition
+{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}}
+*/}}
+{{- define "common.affinities.nodes.soft" -}}
+preferredDuringSchedulingIgnoredDuringExecution:
+ - preference:
+ matchExpressions:
+ - key: {{ .key }}
+ operator: In
+ values:
+ {{- range .values }}
+ - {{ . | quote }}
+ {{- end }}
+ weight: 1
+{{- end -}}
+
+{{/*
+Return a hard nodeAffinity definition
+{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}}
+*/}}
+{{- define "common.affinities.nodes.hard" -}}
+requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: {{ .key }}
+ operator: In
+ values:
+ {{- range .values }}
+ - {{ . | quote }}
+ {{- end }}
+{{- end -}}
+
+{{/*
+Return a nodeAffinity definition
+{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}}
+*/}}
+{{- define "common.affinities.nodes" -}}
+ {{- if eq .type "soft" }}
+ {{- include "common.affinities.nodes.soft" . -}}
+ {{- else if eq .type "hard" }}
+ {{- include "common.affinities.nodes.hard" . -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Return a topologyKey definition
+{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}}
+*/}}
+{{- define "common.affinities.topologyKey" -}}
+{{ .topologyKey | default "kubernetes.io/hostname" -}}
+{{- end -}}
+
+{{/*
+Return a soft podAffinity/podAntiAffinity definition
+{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}}
+*/}}
+{{- define "common.affinities.pods.soft" -}}
+{{- $component := default "" .component -}}
+{{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
+preferredDuringSchedulingIgnoredDuringExecution:
+ - podAffinityTerm:
+ labelSelector:
+ matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }}
+ {{- if not (empty $component) }}
+ {{ printf "app.kubernetes.io/component: %s" $component }}
+ {{- end }}
+ {{- range $key, $value := $extraMatchLabels }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
+ weight: 1
+{{- end -}}
+
+{{/*
+Return a hard podAffinity/podAntiAffinity definition
+{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}}
+*/}}
+{{- define "common.affinities.pods.hard" -}}
+{{- $component := default "" .component -}}
+{{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
+requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }}
+ {{- if not (empty $component) }}
+ {{ printf "app.kubernetes.io/component: %s" $component }}
+ {{- end }}
+ {{- range $key, $value := $extraMatchLabels }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
+{{- end -}}
+
+{{/*
+Return a podAffinity/podAntiAffinity definition
+{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}}
+*/}}
+{{- define "common.affinities.pods" -}}
+ {{- if eq .type "soft" }}
+ {{- include "common.affinities.pods.soft" . -}}
+ {{- else if eq .type "hard" }}
+ {{- include "common.affinities.pods.hard" . -}}
+ {{- end -}}
+{{- end -}}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_capabilities.tpl b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_capabilities.tpl
new file mode 100644
index 00000000..9d9b7600
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_capabilities.tpl
@@ -0,0 +1,154 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Return the target Kubernetes version
+*/}}
+{{- define "common.capabilities.kubeVersion" -}}
+{{- if .Values.global }}
+ {{- if .Values.global.kubeVersion }}
+ {{- .Values.global.kubeVersion -}}
+ {{- else }}
+ {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}}
+ {{- end -}}
+{{- else }}
+{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for poddisruptionbudget.
+*/}}
+{{- define "common.capabilities.policy.apiVersion" -}}
+{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "policy/v1beta1" -}}
+{{- else -}}
+{{- print "policy/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for networkpolicy.
+*/}}
+{{- define "common.capabilities.networkPolicy.apiVersion" -}}
+{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "extensions/v1beta1" -}}
+{{- else -}}
+{{- print "networking.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for cronjob.
+*/}}
+{{- define "common.capabilities.cronjob.apiVersion" -}}
+{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "batch/v1beta1" -}}
+{{- else -}}
+{{- print "batch/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for deployment.
+*/}}
+{{- define "common.capabilities.deployment.apiVersion" -}}
+{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "extensions/v1beta1" -}}
+{{- else -}}
+{{- print "apps/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for statefulset.
+*/}}
+{{- define "common.capabilities.statefulset.apiVersion" -}}
+{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "apps/v1beta1" -}}
+{{- else -}}
+{{- print "apps/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for ingress.
+*/}}
+{{- define "common.capabilities.ingress.apiVersion" -}}
+{{- if .Values.ingress -}}
+{{- if .Values.ingress.apiVersion -}}
+{{- .Values.ingress.apiVersion -}}
+{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "extensions/v1beta1" -}}
+{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "networking.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "networking.k8s.io/v1" -}}
+{{- end }}
+{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "extensions/v1beta1" -}}
+{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "networking.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "networking.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for RBAC resources.
+*/}}
+{{- define "common.capabilities.rbac.apiVersion" -}}
+{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "rbac.authorization.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "rbac.authorization.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for CRDs.
+*/}}
+{{- define "common.capabilities.crd.apiVersion" -}}
+{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "apiextensions.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "apiextensions.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for APIService.
+*/}}
+{{- define "common.capabilities.apiService.apiVersion" -}}
+{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "apiregistration.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "apiregistration.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for Horizontal Pod Autoscaler.
+*/}}
+{{- define "common.capabilities.hpa.apiVersion" -}}
+{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}}
+{{- if .beta2 -}}
+{{- print "autoscaling/v2beta2" -}}
+{{- else -}}
+{{- print "autoscaling/v2beta1" -}}
+{{- end -}}
+{{- else -}}
+{{- print "autoscaling/v2" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Returns true if the used Helm version is 3.3+.
+A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure.
+This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error.
+**To be removed when the catalog's minimun Helm version is 3.3**
+*/}}
+{{- define "common.capabilities.supportsHelmVersion" -}}
+{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }}
+ {{- true -}}
+{{- end -}}
+{{- end -}}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_errors.tpl b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_errors.tpl
new file mode 100644
index 00000000..a79cc2e3
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_errors.tpl
@@ -0,0 +1,23 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Through error when upgrading using empty passwords values that must not be empty.
+
+Usage:
+{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}}
+{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}}
+{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }}
+
+Required password params:
+ - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error.
+ - context - Context - Required. Parent context.
+*/}}
+{{- define "common.errors.upgrade.passwords.empty" -}}
+ {{- $validationErrors := join "" .validationErrors -}}
+ {{- if and $validationErrors .context.Release.IsUpgrade -}}
+ {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}}
+ {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}}
+ {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}}
+ {{- $errorString = print $errorString "\n%s" -}}
+ {{- printf $errorString $validationErrors | fail -}}
+ {{- end -}}
+{{- end -}}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_images.tpl b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_images.tpl
new file mode 100644
index 00000000..b0607149
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_images.tpl
@@ -0,0 +1,76 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Return the proper image name
+{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }}
+*/}}
+{{- define "common.images.image" -}}
+{{- $registryName := .imageRoot.registry -}}
+{{- $repositoryName := .imageRoot.repository -}}
+{{- $separator := ":" -}}
+{{- $termination := .imageRoot.tag | toString -}}
+{{- if .global }}
+ {{- if .global.imageRegistry }}
+ {{- $registryName = .global.imageRegistry -}}
+ {{- end -}}
+{{- end -}}
+{{- if .imageRoot.digest }}
+ {{- $separator = "@" -}}
+ {{- $termination = .imageRoot.digest | toString -}}
+{{- end -}}
+{{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead)
+{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }}
+*/}}
+{{- define "common.images.pullSecrets" -}}
+ {{- $pullSecrets := list }}
+
+ {{- if .global }}
+ {{- range .global.imagePullSecrets -}}
+ {{- $pullSecrets = append $pullSecrets . -}}
+ {{- end -}}
+ {{- end -}}
+
+ {{- range .images -}}
+ {{- range .pullSecrets -}}
+ {{- $pullSecrets = append $pullSecrets . -}}
+ {{- end -}}
+ {{- end -}}
+
+ {{- if (not (empty $pullSecrets)) }}
+imagePullSecrets:
+ {{- range $pullSecrets }}
+ - name: {{ . }}
+ {{- end }}
+ {{- end }}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names evaluating values as templates
+{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }}
+*/}}
+{{- define "common.images.renderPullSecrets" -}}
+ {{- $pullSecrets := list }}
+ {{- $context := .context }}
+
+ {{- if $context.Values.global }}
+ {{- range $context.Values.global.imagePullSecrets -}}
+ {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}}
+ {{- end -}}
+ {{- end -}}
+
+ {{- range .images -}}
+ {{- range .pullSecrets -}}
+ {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}}
+ {{- end -}}
+ {{- end -}}
+
+ {{- if (not (empty $pullSecrets)) }}
+imagePullSecrets:
+ {{- range $pullSecrets }}
+ - name: {{ . }}
+ {{- end }}
+ {{- end }}
+{{- end -}}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_ingress.tpl b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_ingress.tpl
new file mode 100644
index 00000000..831da9ca
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_ingress.tpl
@@ -0,0 +1,68 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Generate backend entry that is compatible with all Kubernetes API versions.
+
+Usage:
+{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }}
+
+Params:
+ - serviceName - String. Name of an existing service backend
+ - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer.
+ - context - Dict - Required. The context for the template evaluation.
+*/}}
+{{- define "common.ingress.backend" -}}
+{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}}
+{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}}
+serviceName: {{ .serviceName }}
+servicePort: {{ .servicePort }}
+{{- else -}}
+service:
+ name: {{ .serviceName }}
+ port:
+ {{- if typeIs "string" .servicePort }}
+ name: {{ .servicePort }}
+ {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }}
+ number: {{ .servicePort | int }}
+ {{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Print "true" if the API pathType field is supported
+Usage:
+{{ include "common.ingress.supportsPathType" . }}
+*/}}
+{{- define "common.ingress.supportsPathType" -}}
+{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}}
+{{- print "false" -}}
+{{- else -}}
+{{- print "true" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Returns true if the ingressClassname field is supported
+Usage:
+{{ include "common.ingress.supportsIngressClassname" . }}
+*/}}
+{{- define "common.ingress.supportsIngressClassname" -}}
+{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "false" -}}
+{{- else -}}
+{{- print "true" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return true if cert-manager required annotations for TLS signed
+certificates are set in the Ingress annotations
+Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
+Usage:
+{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }}
+*/}}
+{{- define "common.ingress.certManagerRequest" -}}
+{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") (hasKey .annotations "kubernetes.io/tls-acme") }}
+ {{- true -}}
+{{- end -}}
+{{- end -}}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_labels.tpl b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_labels.tpl
new file mode 100644
index 00000000..252066c7
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_labels.tpl
@@ -0,0 +1,18 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Kubernetes standard labels
+*/}}
+{{- define "common.labels.standard" -}}
+app.kubernetes.io/name: {{ include "common.names.name" . }}
+helm.sh/chart: {{ include "common.names.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
+*/}}
+{{- define "common.labels.matchLabels" -}}
+app.kubernetes.io/name: {{ include "common.names.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_names.tpl b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_names.tpl
new file mode 100644
index 00000000..617a2348
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_names.tpl
@@ -0,0 +1,66 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "common.names.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "common.names.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "common.names.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified dependency name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+Usage:
+{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }}
+*/}}
+{{- define "common.names.dependency.fullname" -}}
+{{- if .chartValues.fullnameOverride -}}
+{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .chartName .chartValues.nameOverride -}}
+{{- if contains $name .context.Release.Name -}}
+{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Allow the release namespace to be overridden for multi-namespace deployments in combined charts.
+*/}}
+{{- define "common.names.namespace" -}}
+{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a fully qualified app name adding the installation's namespace.
+*/}}
+{{- define "common.names.fullname.namespace" -}}
+{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_secrets.tpl b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_secrets.tpl
new file mode 100644
index 00000000..a1708b2e
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_secrets.tpl
@@ -0,0 +1,165 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Generate secret name.
+
+Usage:
+{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }}
+
+Params:
+ - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user
+ to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility.
+ +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret
+ - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment.
+ - context - Dict - Required. The context for the template evaluation.
+*/}}
+{{- define "common.secrets.name" -}}
+{{- $name := (include "common.names.fullname" .context) -}}
+
+{{- if .defaultNameSuffix -}}
+{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- with .existingSecret -}}
+{{- if not (typeIs "string" .) -}}
+{{- with .name -}}
+{{- $name = . -}}
+{{- end -}}
+{{- else -}}
+{{- $name = . -}}
+{{- end -}}
+{{- end -}}
+
+{{- printf "%s" $name -}}
+{{- end -}}
+
+{{/*
+Generate secret key.
+
+Usage:
+{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }}
+
+Params:
+ - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user
+ to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility.
+ +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret
+ - key - String - Required. Name of the key in the secret.
+*/}}
+{{- define "common.secrets.key" -}}
+{{- $key := .key -}}
+
+{{- if .existingSecret -}}
+ {{- if not (typeIs "string" .existingSecret) -}}
+ {{- if .existingSecret.keyMapping -}}
+ {{- $key = index .existingSecret.keyMapping $.key -}}
+ {{- end -}}
+ {{- end }}
+{{- end -}}
+
+{{- printf "%s" $key -}}
+{{- end -}}
+
+{{/*
+Generate secret password or retrieve one if already created.
+
+Usage:
+{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }}
+
+Params:
+ - secret - String - Required - Name of the 'Secret' resource where the password is stored.
+ - key - String - Required - Name of the key in the secret.
+ - providedValues - List<String> - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value.
+ - length - int - Optional - Length of the generated random password.
+ - strong - Boolean - Optional - Whether to add symbols to the generated random password.
+ - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart.
+ - context - Context - Required - Parent context.
+
+The order in which this function returns a secret password:
+ 1. Already existing 'Secret' resource
+ (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned)
+ 2. Password provided via the values.yaml
+ (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned)
+ 3. Randomly generated secret password
+ (A new random secret password with the length specified in the 'length' parameter will be generated and returned)
+
+*/}}
+{{- define "common.secrets.passwords.manage" -}}
+
+{{- $password := "" }}
+{{- $subchart := "" }}
+{{- $chartName := default "" .chartName }}
+{{- $passwordLength := default 10 .length }}
+{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }}
+{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }}
+{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }}
+{{- if $secretData }}
+ {{- if hasKey $secretData .key }}
+ {{- $password = index $secretData .key | quote }}
+ {{- else }}
+ {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}}
+ {{- end -}}
+{{- else if $providedPasswordValue }}
+ {{- $password = $providedPasswordValue | toString | b64enc | quote }}
+{{- else }}
+
+ {{- if .context.Values.enabled }}
+ {{- $subchart = $chartName }}
+ {{- end -}}
+
+ {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}}
+ {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}}
+ {{- $passwordValidationErrors := list $requiredPasswordError -}}
+ {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}}
+
+ {{- if .strong }}
+ {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }}
+ {{- $password = randAscii $passwordLength }}
+ {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }}
+ {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }}
+ {{- else }}
+ {{- $password = randAlphaNum $passwordLength | b64enc | quote }}
+ {{- end }}
+{{- end -}}
+{{- printf "%s" $password -}}
+{{- end -}}
+
+{{/*
+Reuses the value from an existing secret, otherwise sets its value to a default value.
+
+Usage:
+{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }}
+
+Params:
+ - secret - String - Required - Name of the 'Secret' resource where the password is stored.
+ - key - String - Required - Name of the key in the secret.
+ - defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value.
+ - context - Context - Required - Parent context.
+
+*/}}
+{{- define "common.secrets.lookup" -}}
+{{- $value := "" -}}
+{{- $defaultValue := required "\n'common.secrets.lookup': Argument 'defaultValue' missing or empty" .defaultValue -}}
+{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}}
+{{- if and $secretData (hasKey $secretData .key) -}}
+ {{- $value = index $secretData .key -}}
+{{- else -}}
+ {{- $value = $defaultValue | toString | b64enc -}}
+{{- end -}}
+{{- printf "%s" $value -}}
+{{- end -}}
+
+{{/*
+Returns whether a previous generated secret already exists
+
+Usage:
+{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }}
+
+Params:
+ - secret - String - Required - Name of the 'Secret' resource where the password is stored.
+ - context - Context - Required - Parent context.
+*/}}
+{{- define "common.secrets.exists" -}}
+{{- $secret := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret) }}
+{{- if $secret }}
+ {{- true -}}
+{{- end -}}
+{{- end -}}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_storage.tpl b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_storage.tpl
new file mode 100644
index 00000000..60e2a844
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_storage.tpl
@@ -0,0 +1,23 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Return the proper Storage Class
+{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }}
+*/}}
+{{- define "common.storage.class" -}}
+
+{{- $storageClass := .persistence.storageClass -}}
+{{- if .global -}}
+ {{- if .global.storageClass -}}
+ {{- $storageClass = .global.storageClass -}}
+ {{- end -}}
+{{- end -}}
+
+{{- if $storageClass -}}
+ {{- if (eq "-" $storageClass) -}}
+ {{- printf "storageClassName: \"\"" -}}
+ {{- else }}
+ {{- printf "storageClassName: %s" $storageClass -}}
+ {{- end -}}
+{{- end -}}
+
+{{- end -}}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_tplvalues.tpl b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_tplvalues.tpl
new file mode 100644
index 00000000..2db16685
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_tplvalues.tpl
@@ -0,0 +1,13 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Renders a value that contains template.
+Usage:
+{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }}
+*/}}
+{{- define "common.tplvalues.render" -}}
+ {{- if typeIs "string" .value }}
+ {{- tpl .value .context }}
+ {{- else }}
+ {{- tpl (.value | toYaml) .context }}
+ {{- end }}
+{{- end -}}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_utils.tpl b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_utils.tpl
new file mode 100644
index 00000000..b1ead50c
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_utils.tpl
@@ -0,0 +1,62 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Print instructions to get a secret value.
+Usage:
+{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }}
+*/}}
+{{- define "common.utils.secret.getvalue" -}}
+{{- $varname := include "common.utils.fieldToEnvVar" . -}}
+export {{ $varname }}=$(kubectl get secret --namespace {{ include "common.names.namespace" .context | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d)
+{{- end -}}
+
+{{/*
+Build env var name given a field
+Usage:
+{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }}
+*/}}
+{{- define "common.utils.fieldToEnvVar" -}}
+ {{- $fieldNameSplit := splitList "-" .field -}}
+ {{- $upperCaseFieldNameSplit := list -}}
+
+ {{- range $fieldNameSplit -}}
+ {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}}
+ {{- end -}}
+
+ {{ join "_" $upperCaseFieldNameSplit }}
+{{- end -}}
+
+{{/*
+Gets a value from .Values given
+Usage:
+{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }}
+*/}}
+{{- define "common.utils.getValueFromKey" -}}
+{{- $splitKey := splitList "." .key -}}
+{{- $value := "" -}}
+{{- $latestObj := $.context.Values -}}
+{{- range $splitKey -}}
+ {{- if not $latestObj -}}
+ {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}}
+ {{- end -}}
+ {{- $value = ( index $latestObj . ) -}}
+ {{- $latestObj = $value -}}
+{{- end -}}
+{{- printf "%v" (default "" $value) -}}
+{{- end -}}
+
+{{/*
+Returns first .Values key with a defined value or first of the list if all non-defined
+Usage:
+{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }}
+*/}}
+{{- define "common.utils.getKeyFromList" -}}
+{{- $key := first .keys -}}
+{{- $reverseKeys := reverse .keys }}
+{{- range $reverseKeys }}
+ {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }}
+ {{- if $value -}}
+ {{- $key = . }}
+ {{- end -}}
+{{- end -}}
+{{- printf "%s" $key -}}
+{{- end -}}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_warnings.tpl b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_warnings.tpl
new file mode 100644
index 00000000..ae10fa41
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/_warnings.tpl
@@ -0,0 +1,14 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Warning about using rolling tag.
+Usage:
+{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }}
+*/}}
+{{- define "common.warnings.rollingTag" -}}
+
+{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }}
+WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
+{{- end }}
+
+{{- end -}}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/validations/_cassandra.tpl b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/validations/_cassandra.tpl
new file mode 100644
index 00000000..ded1ae3b
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/validations/_cassandra.tpl
@@ -0,0 +1,72 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Validate Cassandra required passwords are not empty.
+
+Usage:
+{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
+Params:
+ - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret"
+ - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
+*/}}
+{{- define "common.validations.values.cassandra.passwords" -}}
+ {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}}
+ {{- $enabled := include "common.cassandra.values.enabled" . -}}
+ {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}}
+ {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}}
+
+ {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
+ {{- $requiredPasswords := list -}}
+
+ {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
+
+ {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
+
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for existingSecret.
+
+Usage:
+{{ include "common.cassandra.values.existingSecret" (dict "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
+*/}}
+{{- define "common.cassandra.values.existingSecret" -}}
+ {{- if .subchart -}}
+ {{- .context.Values.cassandra.dbUser.existingSecret | quote -}}
+ {{- else -}}
+ {{- .context.Values.dbUser.existingSecret | quote -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for enabled cassandra.
+
+Usage:
+{{ include "common.cassandra.values.enabled" (dict "context" $) }}
+*/}}
+{{- define "common.cassandra.values.enabled" -}}
+ {{- if .subchart -}}
+ {{- printf "%v" .context.Values.cassandra.enabled -}}
+ {{- else -}}
+ {{- printf "%v" (not .context.Values.enabled) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for the key dbUser
+
+Usage:
+{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
+*/}}
+{{- define "common.cassandra.values.key.dbUser" -}}
+ {{- if .subchart -}}
+ cassandra.dbUser
+ {{- else -}}
+ dbUser
+ {{- end -}}
+{{- end -}}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/validations/_mariadb.tpl b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/validations/_mariadb.tpl
new file mode 100644
index 00000000..b6906ff7
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/validations/_mariadb.tpl
@@ -0,0 +1,103 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Validate MariaDB required passwords are not empty.
+
+Usage:
+{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
+Params:
+ - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret"
+ - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
+*/}}
+{{- define "common.validations.values.mariadb.passwords" -}}
+ {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}}
+ {{- $enabled := include "common.mariadb.values.enabled" . -}}
+ {{- $architecture := include "common.mariadb.values.architecture" . -}}
+ {{- $authPrefix := include "common.mariadb.values.key.auth" . -}}
+ {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}}
+ {{- $valueKeyUsername := printf "%s.username" $authPrefix -}}
+ {{- $valueKeyPassword := printf "%s.password" $authPrefix -}}
+ {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}}
+
+ {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
+ {{- $requiredPasswords := list -}}
+
+ {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}}
+
+ {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }}
+ {{- if not (empty $valueUsername) -}}
+ {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
+ {{- end -}}
+
+ {{- if (eq $architecture "replication") -}}
+ {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}}
+ {{- end -}}
+
+ {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
+
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for existingSecret.
+
+Usage:
+{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
+*/}}
+{{- define "common.mariadb.values.auth.existingSecret" -}}
+ {{- if .subchart -}}
+ {{- .context.Values.mariadb.auth.existingSecret | quote -}}
+ {{- else -}}
+ {{- .context.Values.auth.existingSecret | quote -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for enabled mariadb.
+
+Usage:
+{{ include "common.mariadb.values.enabled" (dict "context" $) }}
+*/}}
+{{- define "common.mariadb.values.enabled" -}}
+ {{- if .subchart -}}
+ {{- printf "%v" .context.Values.mariadb.enabled -}}
+ {{- else -}}
+ {{- printf "%v" (not .context.Values.enabled) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for architecture
+
+Usage:
+{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
+*/}}
+{{- define "common.mariadb.values.architecture" -}}
+ {{- if .subchart -}}
+ {{- .context.Values.mariadb.architecture -}}
+ {{- else -}}
+ {{- .context.Values.architecture -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for the key auth
+
+Usage:
+{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
+*/}}
+{{- define "common.mariadb.values.key.auth" -}}
+ {{- if .subchart -}}
+ mariadb.auth
+ {{- else -}}
+ auth
+ {{- end -}}
+{{- end -}}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/validations/_mongodb.tpl b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/validations/_mongodb.tpl
new file mode 100644
index 00000000..f820ec10
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/validations/_mongodb.tpl
@@ -0,0 +1,108 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Validate MongoDB® required passwords are not empty.
+
+Usage:
+{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
+Params:
+ - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret"
+ - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false
+*/}}
+{{- define "common.validations.values.mongodb.passwords" -}}
+ {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}}
+ {{- $enabled := include "common.mongodb.values.enabled" . -}}
+ {{- $authPrefix := include "common.mongodb.values.key.auth" . -}}
+ {{- $architecture := include "common.mongodb.values.architecture" . -}}
+ {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}}
+ {{- $valueKeyUsername := printf "%s.username" $authPrefix -}}
+ {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}}
+ {{- $valueKeyPassword := printf "%s.password" $authPrefix -}}
+ {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}}
+ {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}}
+
+ {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}}
+
+ {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}}
+ {{- $requiredPasswords := list -}}
+
+ {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}}
+
+ {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }}
+ {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }}
+ {{- if and $valueUsername $valueDatabase -}}
+ {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
+ {{- end -}}
+
+ {{- if (eq $architecture "replicaset") -}}
+ {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}}
+ {{- end -}}
+
+ {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
+
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for existingSecret.
+
+Usage:
+{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false
+*/}}
+{{- define "common.mongodb.values.auth.existingSecret" -}}
+ {{- if .subchart -}}
+ {{- .context.Values.mongodb.auth.existingSecret | quote -}}
+ {{- else -}}
+ {{- .context.Values.auth.existingSecret | quote -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for enabled mongodb.
+
+Usage:
+{{ include "common.mongodb.values.enabled" (dict "context" $) }}
+*/}}
+{{- define "common.mongodb.values.enabled" -}}
+ {{- if .subchart -}}
+ {{- printf "%v" .context.Values.mongodb.enabled -}}
+ {{- else -}}
+ {{- printf "%v" (not .context.Values.enabled) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for the key auth
+
+Usage:
+{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false
+*/}}
+{{- define "common.mongodb.values.key.auth" -}}
+ {{- if .subchart -}}
+ mongodb.auth
+ {{- else -}}
+ auth
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for architecture
+
+Usage:
+{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false
+*/}}
+{{- define "common.mongodb.values.architecture" -}}
+ {{- if .subchart -}}
+ {{- .context.Values.mongodb.architecture -}}
+ {{- else -}}
+ {{- .context.Values.architecture -}}
+ {{- end -}}
+{{- end -}}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/validations/_mysql.tpl b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/validations/_mysql.tpl
new file mode 100644
index 00000000..74472a06
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/validations/_mysql.tpl
@@ -0,0 +1,103 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Validate MySQL required passwords are not empty.
+
+Usage:
+{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
+Params:
+ - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret"
+ - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false
+*/}}
+{{- define "common.validations.values.mysql.passwords" -}}
+ {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}}
+ {{- $enabled := include "common.mysql.values.enabled" . -}}
+ {{- $architecture := include "common.mysql.values.architecture" . -}}
+ {{- $authPrefix := include "common.mysql.values.key.auth" . -}}
+ {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}}
+ {{- $valueKeyUsername := printf "%s.username" $authPrefix -}}
+ {{- $valueKeyPassword := printf "%s.password" $authPrefix -}}
+ {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}}
+
+ {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
+ {{- $requiredPasswords := list -}}
+
+ {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}}
+
+ {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }}
+ {{- if not (empty $valueUsername) -}}
+ {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
+ {{- end -}}
+
+ {{- if (eq $architecture "replication") -}}
+ {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}}
+ {{- end -}}
+
+ {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
+
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for existingSecret.
+
+Usage:
+{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false
+*/}}
+{{- define "common.mysql.values.auth.existingSecret" -}}
+ {{- if .subchart -}}
+ {{- .context.Values.mysql.auth.existingSecret | quote -}}
+ {{- else -}}
+ {{- .context.Values.auth.existingSecret | quote -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for enabled mysql.
+
+Usage:
+{{ include "common.mysql.values.enabled" (dict "context" $) }}
+*/}}
+{{- define "common.mysql.values.enabled" -}}
+ {{- if .subchart -}}
+ {{- printf "%v" .context.Values.mysql.enabled -}}
+ {{- else -}}
+ {{- printf "%v" (not .context.Values.enabled) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for architecture
+
+Usage:
+{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false
+*/}}
+{{- define "common.mysql.values.architecture" -}}
+ {{- if .subchart -}}
+ {{- .context.Values.mysql.architecture -}}
+ {{- else -}}
+ {{- .context.Values.architecture -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for the key auth
+
+Usage:
+{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false
+*/}}
+{{- define "common.mysql.values.key.auth" -}}
+ {{- if .subchart -}}
+ mysql.auth
+ {{- else -}}
+ auth
+ {{- end -}}
+{{- end -}}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/validations/_postgresql.tpl b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/validations/_postgresql.tpl
new file mode 100644
index 00000000..164ec0d0
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/validations/_postgresql.tpl
@@ -0,0 +1,129 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Validate PostgreSQL required passwords are not empty.
+
+Usage:
+{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
+Params:
+ - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret"
+ - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
+*/}}
+{{- define "common.validations.values.postgresql.passwords" -}}
+ {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}}
+ {{- $enabled := include "common.postgresql.values.enabled" . -}}
+ {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}}
+ {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}}
+ {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
+ {{- $requiredPasswords := list -}}
+ {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}}
+
+ {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}}
+ {{- if (eq $enabledReplication "true") -}}
+ {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}}
+ {{- end -}}
+
+ {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to decide whether evaluate global values.
+
+Usage:
+{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }}
+Params:
+ - key - String - Required. Field to be evaluated within global, e.g: "existingSecret"
+*/}}
+{{- define "common.postgresql.values.use.global" -}}
+ {{- if .context.Values.global -}}
+ {{- if .context.Values.global.postgresql -}}
+ {{- index .context.Values.global.postgresql .key | quote -}}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for existingSecret.
+
+Usage:
+{{ include "common.postgresql.values.existingSecret" (dict "context" $) }}
+*/}}
+{{- define "common.postgresql.values.existingSecret" -}}
+ {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}}
+
+ {{- if .subchart -}}
+ {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}}
+ {{- else -}}
+ {{- default (.context.Values.existingSecret | quote) $globalValue -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for enabled postgresql.
+
+Usage:
+{{ include "common.postgresql.values.enabled" (dict "context" $) }}
+*/}}
+{{- define "common.postgresql.values.enabled" -}}
+ {{- if .subchart -}}
+ {{- printf "%v" .context.Values.postgresql.enabled -}}
+ {{- else -}}
+ {{- printf "%v" (not .context.Values.enabled) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for the key postgressPassword.
+
+Usage:
+{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
+*/}}
+{{- define "common.postgresql.values.key.postgressPassword" -}}
+ {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}}
+
+ {{- if not $globalValue -}}
+ {{- if .subchart -}}
+ postgresql.postgresqlPassword
+ {{- else -}}
+ postgresqlPassword
+ {{- end -}}
+ {{- else -}}
+ global.postgresql.postgresqlPassword
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for enabled.replication.
+
+Usage:
+{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
+*/}}
+{{- define "common.postgresql.values.enabled.replication" -}}
+ {{- if .subchart -}}
+ {{- printf "%v" .context.Values.postgresql.replication.enabled -}}
+ {{- else -}}
+ {{- printf "%v" .context.Values.replication.enabled -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for the key replication.password.
+
+Usage:
+{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
+*/}}
+{{- define "common.postgresql.values.key.replicationPassword" -}}
+ {{- if .subchart -}}
+ postgresql.replication.password
+ {{- else -}}
+ replication.password
+ {{- end -}}
+{{- end -}}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/validations/_redis.tpl b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/validations/_redis.tpl
new file mode 100644
index 00000000..dcccfc1a
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/validations/_redis.tpl
@@ -0,0 +1,76 @@
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Validate Redis® required passwords are not empty.
+
+Usage:
+{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
+Params:
+ - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret"
+ - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false
+*/}}
+{{- define "common.validations.values.redis.passwords" -}}
+ {{- $enabled := include "common.redis.values.enabled" . -}}
+ {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}}
+ {{- $standarizedVersion := include "common.redis.values.standarized.version" . }}
+
+ {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }}
+ {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }}
+
+ {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }}
+ {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }}
+
+ {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
+ {{- $requiredPasswords := list -}}
+
+ {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}}
+ {{- if eq $useAuth "true" -}}
+ {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}}
+ {{- end -}}
+
+ {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for enabled redis.
+
+Usage:
+{{ include "common.redis.values.enabled" (dict "context" $) }}
+*/}}
+{{- define "common.redis.values.enabled" -}}
+ {{- if .subchart -}}
+ {{- printf "%v" .context.Values.redis.enabled -}}
+ {{- else -}}
+ {{- printf "%v" (not .context.Values.enabled) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right prefix path for the values
+
+Usage:
+{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false
+*/}}
+{{- define "common.redis.values.keys.prefix" -}}
+ {{- if .subchart -}}redis.{{- else -}}{{- end -}}
+{{- end -}}
+
+{{/*
+Checks whether the redis chart's includes the standarizations (version >= 14)
+
+Usage:
+{{ include "common.redis.values.standarized.version" (dict "context" $) }}
+*/}}
+{{- define "common.redis.values.standarized.version" -}}
+
+ {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}}
+ {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }}
+
+ {{- if $standarizedAuthValues -}}
+ {{- true -}}
+ {{- end -}}
+{{- end -}}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/validations/_validations.tpl b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/validations/_validations.tpl
new file mode 100644
index 00000000..9a814cf4
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/templates/validations/_validations.tpl
@@ -0,0 +1,46 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Validate values must not be empty.
+
+Usage:
+{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}}
+{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}}
+{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }}
+
+Validate value params:
+ - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password"
+ - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret"
+ - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password"
+*/}}
+{{- define "common.validations.values.multiple.empty" -}}
+ {{- range .required -}}
+ {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Validate a value must not be empty.
+
+Usage:
+{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }}
+
+Validate value params:
+ - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password"
+ - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret"
+ - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password"
+ - subchart - String - Optional - Name of the subchart that the validated password is part of.
+*/}}
+{{- define "common.validations.values.single.empty" -}}
+ {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }}
+ {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }}
+
+ {{- if not $value -}}
+ {{- $varname := "my-value" -}}
+ {{- $getCurrentValue := "" -}}
+ {{- if and .secret .field -}}
+ {{- $varname = include "common.utils.fieldToEnvVar" . -}}
+ {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}}
+ {{- end -}}
+ {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}}
+ {{- end -}}
+{{- end -}}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/values.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/values.yaml
new file mode 100644
index 00000000..5c0ac5b0
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/charts/common/values.yaml
@@ -0,0 +1,20 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+## bitnami/common
+## It is required by CI/CD tools and processes.
+## @skip exampleValue
+##
+exampleValue: common-chart
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/NOTES.txt b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/NOTES.txt
new file mode 100644
index 00000000..21b3d29d
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/NOTES.txt
@@ -0,0 +1,91 @@
+CHART NAME: {{ .Chart.Name }}
+CHART VERSION: {{ .Chart.Version }}
+APP VERSION: {{ .Chart.AppVersion }}
+
+** Please be patient while the chart is being deployed **
+
+{{- if .Values.diagnosticMode.enabled }}
+The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with:
+
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }}
+
+Get the list of pods by executing:
+
+ kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }}
+
+Access the pod you want to debug by executing
+
+ kubectl exec --namespace {{ .Release.Namespace }} -ti <NAME OF THE POD> -- /opt/bitnami/scripts/postgresql/entrypoint.sh /bin/bash
+
+In order to replicate the container startup scripts execute this command:
+
+ /opt/bitnami/scripts/postgresql/entrypoint.sh /opt/bitnami/scripts/postgresql/run.sh
+
+{{- else }}
+
+PostgreSQL can be accessed via port {{ include "postgresql.service.port" . }} on the following DNS names from within your cluster:
+
+ {{ include "postgresql.primary.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read/Write connection
+
+{{- if eq .Values.architecture "replication" }}
+
+ {{ include "postgresql.readReplica.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read only connection
+
+{{- end }}
+
+{{- $customUser := include "postgresql.username" . }}
+{{- if and (not (empty $customUser)) (ne $customUser "postgres") .Values.auth.enablePostgresUser }}
+
+To get the password for "postgres" run:
+
+ export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "postgresql.secretName" . }} -o jsonpath="{.data.{{include "postgresql.adminPasswordKey" .}}}" | base64 -d)
+
+To get the password for "{{ $customUser }}" run:
+
+ export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "postgresql.secretName" . }} -o jsonpath="{.data.{{include "postgresql.userPasswordKey" .}}}" | base64 -d)
+
+{{- else }}
+
+To get the password for "{{ default "postgres" $customUser }}" run:
+
+ export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "postgresql.secretName" . }} -o jsonpath="{.data.{{ ternary "password" (include "postgresql.adminPasswordKey" .) (and (not (empty $customUser)) (ne $customUser "postgres")) }}}" | base64 -d)
+
+{{- end }}
+
+To connect to your database run the following command:
+
+ kubectl run {{ include "common.names.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ include "postgresql.image" . }} --env="PGPASSWORD=$POSTGRES_PASSWORD" \
+ --command -- psql --host {{ include "postgresql.primary.fullname" . }} -U {{ default "postgres" $customUser }} -d {{- if include "postgresql.database" . }} {{ include "postgresql.database" . }}{{- else }} postgres{{- end }} -p {{ include "postgresql.service.port" . }}
+
+ > NOTE: If you access the container using bash, make sure that you execute "/opt/bitnami/scripts/postgresql/entrypoint.sh /bin/bash" in order to avoid the error "psql: local user with ID {{ .Values.primary.containerSecurityContext.runAsUser }}} does not exist"
+
+To connect to your database from outside the cluster execute the following commands:
+
+{{- if contains "NodePort" .Values.primary.service.type }}
+
+ export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "postgresql.primary.fullname" . }})
+ PGPASSWORD="$POSTGRES_PASSWORD" psql --host $NODE_IP --port $NODE_PORT -U {{ default "postgres" $customUser }} -d {{- if include "postgresql.database" . }} {{ include "postgresql.database" . }}{{- else }} postgres{{- end }}
+
+{{- else if contains "LoadBalancer" .Values.primary.service.type }}
+
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "postgresql.primary.fullname" . }}'
+
+ export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "postgresql.primary.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
+ PGPASSWORD="$POSTGRES_PASSWORD" psql --host $SERVICE_IP --port {{ include "postgresql.service.port" . }} -U {{ default "postgres" $customUser }} -d {{- if include "postgresql.database" . }} {{ include "postgresql.database" . }}{{- else }} postgres{{- end }}
+
+{{- else if contains "ClusterIP" .Values.primary.service.type }}
+
+ kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "postgresql.primary.fullname" . }} {{ include "postgresql.service.port" . }}:{{ include "postgresql.service.port" . }} &
+ PGPASSWORD="$POSTGRES_PASSWORD" psql --host 127.0.0.1 -U {{ default "postgres" $customUser }} -d {{- if include "postgresql.database" . }} {{ include "postgresql.database" . }}{{- else }} postgres{{- end }} -p {{ include "postgresql.service.port" . }}
+
+{{- end }}
+{{- end }}
+
+WARNING: The configured password will be ignored on new installation in case when previous Posgresql release was deleted through the helm command. In that case, old PVC will have an old password, and setting it through helm won't take effect. Deleting persistent volumes (PVs) will solve the issue.
+
+{{- include "postgresql.validateValues" . -}}
+{{- include "common.warnings.rollingTag" .Values.image -}}
+{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/_helpers.tpl b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/_helpers.tpl
new file mode 100644
index 00000000..81893806
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/_helpers.tpl
@@ -0,0 +1,399 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Create a default fully qualified app name for PostgreSQL Primary objects
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "postgresql.primary.fullname" -}}
+{{- if eq .Values.architecture "replication" }}
+ {{- printf "%s-%s" (include "common.names.fullname" .) .Values.primary.name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+ {{- include "common.names.fullname" . -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name for PostgreSQL read-only replicas objects
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "postgresql.readReplica.fullname" -}}
+{{- printf "%s-%s" (include "common.names.fullname" .) .Values.readReplicas.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create the default FQDN for PostgreSQL primary headless service
+We truncate at 63 chars because of the DNS naming spec.
+*/}}
+{{- define "postgresql.primary.svc.headless" -}}
+{{- printf "%s-hl" (include "postgresql.primary.fullname" .) | trunc 63 | trimSuffix "-" }}
+{{- end -}}
+
+{{/*
+Create the default FQDN for PostgreSQL read-only replicas headless service
+We truncate at 63 chars because of the DNS naming spec.
+*/}}
+{{- define "postgresql.readReplica.svc.headless" -}}
+{{- printf "%s-hl" (include "postgresql.readReplica.fullname" .) | trunc 63 | trimSuffix "-" }}
+{{- end -}}
+
+{{/*
+Return the proper PostgreSQL image name
+*/}}
+{{- define "postgresql.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper PostgreSQL metrics image name
+*/}}
+{{- define "postgresql.metrics.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the init container volume-permissions image)
+*/}}
+{{- define "postgresql.volumePermissions.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "postgresql.imagePullSecrets" -}}
+{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the name for a custom user to create
+*/}}
+{{- define "postgresql.username" -}}
+{{- if .Values.global.postgresql.auth.username }}
+ {{- .Values.global.postgresql.auth.username -}}
+{{- else -}}
+ {{- .Values.auth.username -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the name for a custom database to create
+*/}}
+{{- define "postgresql.database" -}}
+{{- if .Values.global.postgresql.auth.database }}
+ {{- printf "%s" (tpl .Values.global.postgresql.auth.database $) -}}
+{{- else if .Values.auth.database -}}
+ {{- printf "%s" (tpl .Values.auth.database $) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Get the password secret.
+*/}}
+{{- define "postgresql.secretName" -}}
+{{- if .Values.global.postgresql.auth.existingSecret }}
+ {{- printf "%s" (tpl .Values.global.postgresql.auth.existingSecret $) -}}
+{{- else if .Values.auth.existingSecret -}}
+ {{- printf "%s" (tpl .Values.auth.existingSecret $) -}}
+{{- else -}}
+ {{- printf "%s" (include "common.names.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Get the replication-password key.
+*/}}
+{{- define "postgresql.replicationPasswordKey" -}}
+{{- if or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret }}
+ {{- if .Values.global.postgresql.auth.secretKeys.replicationPasswordKey }}
+ {{- printf "%s" (tpl .Values.global.postgresql.auth.secretKeys.replicationPasswordKey $) -}}
+ {{- else if .Values.auth.secretKeys.replicationPasswordKey -}}
+ {{- printf "%s" (tpl .Values.auth.secretKeys.replicationPasswordKey $) -}}
+ {{- else -}}
+ {{- "replication-password" -}}
+ {{- end -}}
+{{- else -}}
+ {{- "replication-password" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Get the admin-password key.
+*/}}
+{{- define "postgresql.adminPasswordKey" -}}
+{{- if or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret }}
+ {{- if .Values.global.postgresql.auth.secretKeys.adminPasswordKey }}
+ {{- printf "%s" (tpl .Values.global.postgresql.auth.secretKeys.adminPasswordKey $) -}}
+ {{- else if .Values.auth.secretKeys.adminPasswordKey -}}
+ {{- printf "%s" (tpl .Values.auth.secretKeys.adminPasswordKey $) -}}
+ {{- end -}}
+{{- else -}}
+ {{- "postgres-password" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Get the user-password key.
+*/}}
+{{- define "postgresql.userPasswordKey" -}}
+{{- if or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret }}
+ {{- if or (empty (include "postgresql.username" .)) (eq (include "postgresql.username" .) "postgres") }}
+ {{- printf "%s" (include "postgresql.adminPasswordKey" .) -}}
+ {{- else -}}
+ {{- if .Values.global.postgresql.auth.secretKeys.userPasswordKey }}
+ {{- printf "%s" (tpl .Values.global.postgresql.auth.secretKeys.userPasswordKey $) -}}
+ {{- else if .Values.auth.secretKeys.userPasswordKey -}}
+ {{- printf "%s" (tpl .Values.auth.secretKeys.userPasswordKey $) -}}
+ {{- end -}}
+ {{- end -}}
+{{- else -}}
+ {{- ternary "password" "postgres-password" (and (not (empty (include "postgresql.username" .))) (ne (include "postgresql.username" .) "postgres")) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return true if a secret object should be created
+*/}}
+{{- define "postgresql.createSecret" -}}
+{{- if not (or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret) -}}
+ {{- true -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return PostgreSQL service port
+*/}}
+{{- define "postgresql.service.port" -}}
+{{- if .Values.global.postgresql.service.ports.postgresql }}
+ {{- .Values.global.postgresql.service.ports.postgresql -}}
+{{- else -}}
+ {{- .Values.primary.service.ports.postgresql -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return PostgreSQL service port
+*/}}
+{{- define "postgresql.readReplica.service.port" -}}
+{{- if .Values.global.postgresql.service.ports.postgresql }}
+ {{- .Values.global.postgresql.service.ports.postgresql -}}
+{{- else -}}
+ {{- .Values.readReplicas.service.ports.postgresql -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Get the PostgreSQL primary configuration ConfigMap name.
+*/}}
+{{- define "postgresql.primary.configmapName" -}}
+{{- if .Values.primary.existingConfigmap -}}
+ {{- printf "%s" (tpl .Values.primary.existingConfigmap $) -}}
+{{- else -}}
+ {{- printf "%s-configuration" (include "postgresql.primary.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return true if a configmap object should be created for PostgreSQL primary with the configuration
+*/}}
+{{- define "postgresql.primary.createConfigmap" -}}
+{{- if and (or .Values.primary.configuration .Values.primary.pgHbaConfiguration) (not .Values.primary.existingConfigmap) }}
+ {{- true -}}
+{{- else -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Get the PostgreSQL primary extended configuration ConfigMap name.
+*/}}
+{{- define "postgresql.primary.extendedConfigmapName" -}}
+{{- if .Values.primary.existingExtendedConfigmap -}}
+ {{- printf "%s" (tpl .Values.primary.existingExtendedConfigmap $) -}}
+{{- else -}}
+ {{- printf "%s-extended-configuration" (include "postgresql.primary.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Get the PostgreSQL read replica extended configuration ConfigMap name.
+*/}}
+{{- define "postgresql.readReplicas.extendedConfigmapName" -}}
+ {{- printf "%s-extended-configuration" (include "postgresql.readReplica.fullname" .) -}}
+{{- end -}}
+
+{{/*
+Return true if a configmap object should be created for PostgreSQL primary with the extended configuration
+*/}}
+{{- define "postgresql.primary.createExtendedConfigmap" -}}
+{{- if and .Values.primary.extendedConfiguration (not .Values.primary.existingExtendedConfigmap) }}
+ {{- true -}}
+{{- else -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return true if a configmap object should be created for PostgreSQL read replica with the extended configuration
+*/}}
+{{- define "postgresql.readReplicas.createExtendedConfigmap" -}}
+{{- if .Values.readReplicas.extendedConfiguration }}
+ {{- true -}}
+{{- else -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Create the name of the service account to use
+ */}}
+{{- define "postgresql.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return true if a configmap should be mounted with PostgreSQL configuration
+*/}}
+{{- define "postgresql.mountConfigurationCM" -}}
+{{- if or .Values.primary.configuration .Values.primary.pgHbaConfiguration .Values.primary.existingConfigmap }}
+ {{- true -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Get the initialization scripts ConfigMap name.
+*/}}
+{{- define "postgresql.initdb.scriptsCM" -}}
+{{- if .Values.primary.initdb.scriptsConfigMap -}}
+ {{- printf "%s" (tpl .Values.primary.initdb.scriptsConfigMap $) -}}
+{{- else -}}
+ {{- printf "%s-init-scripts" (include "postgresql.primary.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{/*
+Return true if TLS is enabled for LDAP connection
+*/}}
+{{- define "postgresql.ldap.tls.enabled" -}}
+{{- if and (kindIs "string" .Values.ldap.tls) (not (empty .Values.ldap.tls)) }}
+ {{- true -}}
+{{- else if and (kindIs "map" .Values.ldap.tls) .Values.ldap.tls.enabled }}
+ {{- true -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Get the readiness probe command
+*/}}
+{{- define "postgresql.readinessProbeCommand" -}}
+{{- $customUser := include "postgresql.username" . }}
+- |
+{{- if (include "postgresql.database" .) }}
+ exec pg_isready -U {{ default "postgres" $customUser | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if .Values.tls.enabled }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }}
+{{- else }}
+ exec pg_isready -U {{ default "postgres" $customUser | quote }} {{- if .Values.tls.enabled }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }}
+{{- end }}
+{{- if contains "bitnami/" .Values.image.repository }}
+ [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
+{{- end -}}
+{{- end -}}
+
+{{/*
+Compile all warnings into a single message, and call fail.
+*/}}
+{{- define "postgresql.validateValues" -}}
+{{- $messages := list -}}
+{{- $messages := append $messages (include "postgresql.validateValues.ldapConfigurationMethod" .) -}}
+{{- $messages := append $messages (include "postgresql.validateValues.psp" .) -}}
+{{- $messages := without $messages "" -}}
+{{- $message := join "\n" $messages -}}
+
+{{- if $message -}}
+{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap
+*/}}
+{{- define "postgresql.validateValues.ldapConfigurationMethod" -}}
+{{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) }}
+postgresql: ldap.url, ldap.server
+ You cannot set both `ldap.url` and `ldap.server` at the same time.
+ Please provide a unique way to configure LDAP.
+ More info at https://www.postgresql.org/docs/current/auth-ldap.html
+{{- end -}}
+{{- end -}}
+
+{{/*
+Validate values of Postgresql - If PSP is enabled RBAC should be enabled too
+*/}}
+{{- define "postgresql.validateValues.psp" -}}
+{{- if and .Values.psp.create (not .Values.rbac.create) }}
+postgresql: psp.create, rbac.create
+ RBAC should be enabled if PSP is enabled in order for PSP to work.
+ More info at https://kubernetes.io/docs/concepts/policy/pod-security-policy/#authorizing-policies
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the path to the cert file.
+*/}}
+{{- define "postgresql.tlsCert" -}}
+{{- if .Values.tls.autoGenerated }}
+ {{- printf "/opt/bitnami/postgresql/certs/tls.crt" -}}
+{{- else -}}
+ {{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/postgresql/certs/%s" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the path to the cert key file.
+*/}}
+{{- define "postgresql.tlsCertKey" -}}
+{{- if .Values.tls.autoGenerated }}
+ {{- printf "/opt/bitnami/postgresql/certs/tls.key" -}}
+{{- else -}}
+{{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/postgresql/certs/%s" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the path to the CA cert file.
+*/}}
+{{- define "postgresql.tlsCACert" -}}
+{{- if .Values.tls.autoGenerated }}
+ {{- printf "/opt/bitnami/postgresql/certs/ca.crt" -}}
+{{- else -}}
+ {{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.certCAFilename -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the path to the CRL file.
+*/}}
+{{- define "postgresql.tlsCRL" -}}
+{{- if .Values.tls.crlFilename -}}
+{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.crlFilename -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return true if a TLS credentials secret object should be created
+*/}}
+{{- define "postgresql.createTlsSecret" -}}
+{{- if and .Values.tls.autoGenerated (not .Values.tls.certificatesSecret) }}
+ {{- true -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the path to the CA cert file.
+*/}}
+{{- define "postgresql.tlsSecretName" -}}
+{{- if .Values.tls.autoGenerated }}
+ {{- printf "%s-crt" (include "common.names.fullname" .) -}}
+{{- else -}}
+ {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }}
+{{- end -}}
+{{- end -}}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/extra-list.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/extra-list.yaml
new file mode 100644
index 00000000..1ead7826
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/extra-list.yaml
@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- range .Values.extraDeploy }}
+{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
+{{- end }}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/networkpolicy-egress.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/networkpolicy-egress.yaml
new file mode 100644
index 00000000..6e0b3a82
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/networkpolicy-egress.yaml
@@ -0,0 +1,47 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.egressRules.denyConnectionsToExternal .Values.networkPolicy.egressRules.customRules) }}
+apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
+kind: NetworkPolicy
+metadata:
+ name: {{ printf "%s-egress" (include "common.names.fullname" .) }}
+ namespace: {{ .Release.Namespace }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ podSelector:
+ matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+ policyTypes:
+ - Egress
+ egress:
+ {{- if .Values.networkPolicy.egressRules.denyConnectionsToExternal }}
+ - ports:
+ - port: 53
+ protocol: UDP
+ - port: 53
+ protocol: TCP
+ - to:
+ - namespaceSelector: {}
+ {{- end }}
+ {{- if .Values.networkPolicy.egressRules.customRules }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.egressRules.customRules "context" $) | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/configmap.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/configmap.yaml
new file mode 100644
index 00000000..b5f4e8d7
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/configmap.yaml
@@ -0,0 +1,39 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if (include "postgresql.primary.createConfigmap" .) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ printf "%s-configuration" (include "postgresql.primary.fullname" .) }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: primary
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data:
+ {{- if .Values.primary.configuration }}
+ postgresql.conf: |-
+ {{- include "common.tplvalues.render" ( dict "value" .Values.primary.configuration "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.primary.pgHbaConfiguration }}
+ pg_hba.conf: |
+ {{- include "common.tplvalues.render" ( dict "value" .Values.primary.pgHbaConfiguration "context" $ ) | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/extended-configmap.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/extended-configmap.yaml
new file mode 100644
index 00000000..52deaa6c
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/extended-configmap.yaml
@@ -0,0 +1,33 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if (include "postgresql.primary.createExtendedConfigmap" .) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ printf "%s-extended-configuration" (include "postgresql.primary.fullname" .) }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: primary
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data:
+ override.conf: |-
+ {{- include "common.tplvalues.render" ( dict "value" .Values.primary.extendedConfiguration "context" $ ) | nindent 4 }}
+{{- end }}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/initialization-configmap.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/initialization-configmap.yaml
new file mode 100644
index 00000000..037038aa
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/initialization-configmap.yaml
@@ -0,0 +1,30 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if and .Values.primary.initdb.scripts (not .Values.primary.initdb.scriptsConfigMap) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ printf "%s-init-scripts" (include "postgresql.primary.fullname" .) }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data: {{- include "common.tplvalues.render" (dict "value" .Values.primary.initdb.scripts "context" .) | nindent 2 }}
+{{- end }}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/metrics-configmap.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/metrics-configmap.yaml
new file mode 100644
index 00000000..bd691e4b
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/metrics-configmap.yaml
@@ -0,0 +1,31 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if and .Values.metrics.enabled .Values.metrics.customMetrics }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ printf "%s-metrics" (include "postgresql.primary.fullname" .) }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data:
+ custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | quote }}
+{{- end }}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/metrics-svc.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/metrics-svc.yaml
new file mode 100644
index 00000000..1627611f
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/metrics-svc.yaml
@@ -0,0 +1,48 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.metrics.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ printf "%s-metrics" (include "postgresql.primary.fullname" .) }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: metrics
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.commonAnnotations .Values.metrics.service.annotations }}
+ annotations:
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.metrics.service.annotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ type: ClusterIP
+ sessionAffinity: {{ .Values.metrics.service.sessionAffinity }}
+ {{- if .Values.metrics.service.clusterIP }}
+ clusterIP: {{ .Values.metrics.service.clusterIP }}
+ {{- end }}
+ ports:
+ - name: http-metrics
+ port: {{ .Values.metrics.service.ports.metrics }}
+ targetPort: http-metrics
+ selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
+ app.kubernetes.io/component: primary
+{{- end }}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/networkpolicy.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/networkpolicy.yaml
new file mode 100644
index 00000000..e06e5bcf
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/networkpolicy.yaml
@@ -0,0 +1,72 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.metrics.enabled .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled) }}
+apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
+kind: NetworkPolicy
+metadata:
+ name: {{ printf "%s-ingress" (include "postgresql.primary.fullname" .) }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: primary
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ podSelector:
+ matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+ app.kubernetes.io/component: primary
+ ingress:
+ {{- if and .Values.metrics.enabled .Values.networkPolicy.metrics.enabled (or .Values.networkPolicy.metrics.namespaceSelector .Values.networkPolicy.metrics.podSelector) }}
+ - from:
+ {{- if .Values.networkPolicy.metrics.namespaceSelector }}
+ - namespaceSelector:
+ matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.namespaceSelector "context" $) | nindent 14 }}
+ {{- end }}
+ {{- if .Values.networkPolicy.metrics.podSelector }}
+ - podSelector:
+ matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.podSelector "context" $) | nindent 14 }}
+ {{- end }}
+ ports:
+ - port: {{ .Values.metrics.containerPorts.metrics }}
+ {{- end }}
+ {{- if and .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled (or .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector) }}
+ - from:
+ {{- if .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector }}
+ - namespaceSelector:
+ matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector "context" $) | nindent 14 }}
+ {{- end }}
+ {{- if .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector }}
+ - podSelector:
+ matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector "context" $) | nindent 14 }}
+ {{- end }}
+ ports:
+ - port: {{ .Values.containerPorts.postgresql }}
+ {{- end }}
+ {{- if and .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled (eq .Values.architecture "replication") }}
+ - from:
+ - podSelector:
+ matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }}
+ app.kubernetes.io/component: read
+ ports:
+ - port: {{ .Values.containerPorts.postgresql }}
+ {{- end }}
+ {{- if .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules "context" $) | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/servicemonitor.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/servicemonitor.yaml
new file mode 100644
index 00000000..924fa7d2
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/servicemonitor.yaml
@@ -0,0 +1,63 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ include "postgresql.primary.fullname" . }}
+ namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: metrics
+ {{- if .Values.metrics.serviceMonitor.labels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if .Values.metrics.serviceMonitor.jobLabel }}
+ jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }}
+ {{- end }}
+ selector:
+ matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+ {{- if .Values.metrics.serviceMonitor.selector }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
+ {{- end }}
+ app.kubernetes.io/component: metrics
+ endpoints:
+ - port: http-metrics
+ {{- if .Values.metrics.serviceMonitor.interval }}
+ interval: {{ .Values.metrics.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
+ scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
+ {{- end }}
+ {{- if .Values.metrics.serviceMonitor.relabelings }}
+ relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 6 }}
+ {{- end }}
+ {{- if .Values.metrics.serviceMonitor.metricRelabelings }}
+ metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 6 }}
+ {{- end }}
+ {{- if .Values.metrics.serviceMonitor.honorLabels }}
+ honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
+ {{- end }}
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/statefulset.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/statefulset.yaml
new file mode 100644
index 00000000..75c7b1c7
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/statefulset.yaml
@@ -0,0 +1,655 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- $customUser := include "postgresql.username" . }}
+apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
+kind: StatefulSet
+metadata:
+ name: {{ include "postgresql.primary.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: primary
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.primary.labels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.primary.labels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.commonAnnotations .Values.primary.annotations }}
+ annotations:
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.primary.annotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.primary.annotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ replicas: 1
+ serviceName: {{ include "postgresql.primary.svc.headless" . }}
+ {{- if .Values.primary.updateStrategy }}
+ updateStrategy: {{- toYaml .Values.primary.updateStrategy | nindent 4 }}
+ {{- end }}
+ selector:
+ matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+ app.kubernetes.io/component: primary
+ template:
+ metadata:
+ name: {{ include "postgresql.primary.fullname" . }}
+ labels: {{- include "common.labels.standard" . | nindent 8 }}
+ app.kubernetes.io/component: primary
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.primary.podLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.primary.podLabels "context" $ ) | nindent 8 }}
+ {{- end }}
+ {{- if or (include "postgresql.primary.createConfigmap" .) (include "postgresql.primary.createExtendedConfigmap" .) .Values.primary.podAnnotations }}
+ annotations:
+ {{- if (include "postgresql.primary.createConfigmap" .) }}
+ checksum/configuration: {{ include (print $.Template.BasePath "/primary/configmap.yaml") . | sha256sum }}
+ {{- end }}
+ {{- if (include "postgresql.primary.createExtendedConfigmap" .) }}
+ checksum/extended-configuration: {{ include (print $.Template.BasePath "/primary/extended-configmap.yaml") . | sha256sum }}
+ {{- end }}
+ {{- if .Values.primary.podAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.primary.podAnnotations "context" $ ) | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ spec:
+ {{- if .Values.primary.extraPodSpec }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraPodSpec "context" $) | nindent 6 }}
+ {{- end }}
+ serviceAccountName: {{ include "postgresql.serviceAccountName" . }}
+ {{- include "postgresql.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.primary.hostAliases }}
+ hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.primary.hostAliases "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.primary.affinity }}
+ affinity: {{- include "common.tplvalues.render" (dict "value" .Values.primary.affinity "context" $) | nindent 8 }}
+ {{- else }}
+ affinity:
+ podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAffinityPreset "component" "primary" "context" $) | nindent 10 }}
+ podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAntiAffinityPreset "component" "primary" "context" $) | nindent 10 }}
+ nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.primary.nodeAffinityPreset.type "key" .Values.primary.nodeAffinityPreset.key "values" .Values.primary.nodeAffinityPreset.values) | nindent 10 }}
+ {{- end }}
+ {{- if .Values.primary.nodeSelector }}
+ nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.nodeSelector "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.primary.tolerations }}
+ tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.primary.tolerations "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.primary.topologySpreadConstraints }}
+ topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.primary.topologySpreadConstraints "context" .) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.primary.priorityClassName }}
+ priorityClassName: {{ .Values.primary.priorityClassName }}
+ {{- end }}
+ {{- if .Values.primary.schedulerName }}
+ schedulerName: {{ .Values.primary.schedulerName | quote }}
+ {{- end }}
+ {{- if .Values.primary.terminationGracePeriodSeconds }}
+ terminationGracePeriodSeconds: {{ .Values.primary.terminationGracePeriodSeconds }}
+ {{- end }}
+ {{- if .Values.primary.podSecurityContext.enabled }}
+ securityContext: {{- omit .Values.primary.podSecurityContext "enabled" | toYaml | nindent 8 }}
+ {{- end }}
+ hostNetwork: {{ .Values.primary.hostNetwork }}
+ hostIPC: {{ .Values.primary.hostIPC }}
+ {{- if or (and .Values.tls.enabled (not .Values.volumePermissions.enabled)) (and .Values.volumePermissions.enabled (or .Values.primary.persistence.enabled .Values.shmVolume.enabled)) .Values.primary.initContainers }}
+ initContainers:
+ {{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }}
+ - name: copy-certs
+ image: {{ include "postgresql.volumePermissions.image" . }}
+ imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+ {{- if .Values.primary.resources }}
+ resources: {{- toYaml .Values.primary.resources | nindent 12 }}
+ {{- end }}
+ # We don't require a privileged container in this case
+ {{- if .Values.primary.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.primary.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ command:
+ - /bin/sh
+ - -ec
+ - |
+ cp /tmp/certs/* /opt/bitnami/postgresql/certs/
+ chmod 600 {{ include "postgresql.tlsCertKey" . }}
+ volumeMounts:
+ - name: raw-certificates
+ mountPath: /tmp/certs
+ - name: postgresql-certificates
+ mountPath: /opt/bitnami/postgresql/certs
+ {{- else if and .Values.volumePermissions.enabled (or .Values.primary.persistence.enabled .Values.shmVolume.enabled) }}
+ - name: init-chmod-data
+ image: {{ include "postgresql.volumePermissions.image" . }}
+ imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+ {{- if .Values.volumePermissions.resources }}
+ resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+ {{- end }}
+ command:
+ - /bin/sh
+ - -ec
+ - |
+ {{- if .Values.primary.persistence.enabled }}
+ {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }}
+ chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.primary.persistence.mountPath }}
+ {{- else }}
+ chown {{ .Values.primary.containerSecurityContext.runAsUser }}:{{ .Values.primary.podSecurityContext.fsGroup }} {{ .Values.primary.persistence.mountPath }}
+ {{- end }}
+ mkdir -p {{ .Values.primary.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.primary.persistence.mountPath }}/conf {{- end }}
+ chmod 700 {{ .Values.primary.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.primary.persistence.mountPath }}/conf {{- end }}
+ find {{ .Values.primary.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \
+ {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }}
+ xargs -r chown -R `id -u`:`id -G | cut -d " " -f2`
+ {{- else }}
+ xargs -r chown -R {{ .Values.primary.containerSecurityContext.runAsUser }}:{{ .Values.primary.podSecurityContext.fsGroup }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.shmVolume.enabled }}
+ chmod -R 777 /dev/shm
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ cp /tmp/certs/* /opt/bitnami/postgresql/certs/
+ {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }}
+ chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/
+ {{- else }}
+ chown -R {{ .Values.primary.containerSecurityContext.runAsUser }}:{{ .Values.primary.podSecurityContext.fsGroup }} /opt/bitnami/postgresql/certs/
+ {{- end }}
+ chmod 600 {{ include "postgresql.tlsCertKey" . }}
+ {{- end }}
+ {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }}
+ securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }}
+ {{- else }}
+ securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ {{- if .Values.primary.persistence.enabled }}
+ - name: data
+ mountPath: {{ .Values.primary.persistence.mountPath }}
+ {{- if .Values.primary.persistence.subPath }}
+ subPath: {{ .Values.primary.persistence.subPath }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.shmVolume.enabled }}
+ - name: dshm
+ mountPath: /dev/shm
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: raw-certificates
+ mountPath: /tmp/certs
+ - name: postgresql-certificates
+ mountPath: /opt/bitnami/postgresql/certs
+ {{- end }}
+ {{- end }}
+ {{- if .Values.primary.initContainers }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.primary.initContainers "context" $ ) | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ containers:
+ - name: postgresql
+ image: {{ include "postgresql.image" . }}
+ imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+ {{- if .Values.primary.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.primary.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+ {{- else if .Values.primary.command }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.primary.command "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+ {{- else if .Values.primary.args }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.primary.args "context" $) | nindent 12 }}
+ {{- end }}
+ env:
+ - name: BITNAMI_DEBUG
+ value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
+ - name: POSTGRESQL_PORT_NUMBER
+ value: {{ .Values.containerPorts.postgresql | quote }}
+ - name: POSTGRESQL_VOLUME_DIR
+ value: {{ .Values.primary.persistence.mountPath | quote }}
+ {{- if .Values.primary.persistence.mountPath }}
+ - name: PGDATA
+ value: {{ .Values.postgresqlDataDir | quote }}
+ {{- end }}
+ # Authentication
+ {{- if and (not (empty $customUser)) (ne $customUser "postgres") }}
+ - name: POSTGRES_USER
+ value: {{ $customUser | quote }}
+ {{- if .Values.auth.enablePostgresUser }}
+ {{- if .Values.auth.usePasswordFiles }}
+ - name: POSTGRES_POSTGRES_PASSWORD_FILE
+ value: "/opt/bitnami/postgresql/secrets/postgres-password"
+ {{- else }}
+ - name: POSTGRES_POSTGRES_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "postgresql.secretName" . }}
+ key: {{ include "postgresql.adminPasswordKey" . }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.auth.usePasswordFiles }}
+ - name: POSTGRES_PASSWORD_FILE
+ value: {{ printf "/opt/bitnami/postgresql/secrets/%s" (ternary "password" "postgres-password" (and (not (empty $customUser)) (ne $customUser "postgres"))) }}
+ {{- else }}
+ - name: POSTGRES_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "postgresql.secretName" . }}
+ key: {{ include "postgresql.userPasswordKey" . }}
+ {{- end }}
+ {{- if (include "postgresql.database" .) }}
+ - name: POSTGRES_DB
+ value: {{ (include "postgresql.database" .) | quote }}
+ {{- end }}
+ # Replication
+ {{- if or (eq .Values.architecture "replication") .Values.primary.standby.enabled }}
+ - name: POSTGRES_REPLICATION_MODE
+ value: {{ ternary "slave" "master" .Values.primary.standby.enabled | quote }}
+ - name: POSTGRES_REPLICATION_USER
+ value: {{ .Values.auth.replicationUsername | quote }}
+ {{- if .Values.auth.usePasswordFiles }}
+ - name: POSTGRES_REPLICATION_PASSWORD_FILE
+ value: "/opt/bitnami/postgresql/secrets/replication-password"
+ {{- else }}
+ - name: POSTGRES_REPLICATION_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "postgresql.secretName" . }}
+ key: {{ include "postgresql.replicationPasswordKey" . }}
+ {{- end }}
+ {{- if not (eq .Values.replication.synchronousCommit "off") }}
+ - name: POSTGRES_SYNCHRONOUS_COMMIT_MODE
+ value: {{ .Values.replication.synchronousCommit | quote }}
+ - name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS
+ value: {{ .Values.replication.numSynchronousReplicas | quote }}
+ {{- end }}
+ - name: POSTGRES_CLUSTER_APP_NAME
+ value: {{ .Values.replication.applicationName }}
+ {{- end }}
+ # Initdb
+ {{- if .Values.primary.initdb.args }}
+ - name: POSTGRES_INITDB_ARGS
+ value: {{ .Values.primary.initdb.args | quote }}
+ {{- end }}
+ {{- if .Values.primary.initdb.postgresqlWalDir }}
+ - name: POSTGRES_INITDB_WALDIR
+ value: {{ .Values.primary.initdb.postgresqlWalDir | quote }}
+ {{- end }}
+ {{- if .Values.primary.initdb.user }}
+ - name: POSTGRESQL_INITSCRIPTS_USERNAME
+ value: {{ .Values.primary.initdb.user }}
+ {{- end }}
+ {{- if .Values.primary.initdb.password }}
+ - name: POSTGRESQL_INITSCRIPTS_PASSWORD
+ value: {{ .Values.primary.initdb.password | quote }}
+ {{- end }}
+ # Standby
+ {{- if .Values.primary.standby.enabled }}
+ - name: POSTGRES_MASTER_HOST
+ value: {{ .Values.primary.standby.primaryHost }}
+ - name: POSTGRES_MASTER_PORT_NUMBER
+ value: {{ .Values.primary.standby.primaryPort | quote }}
+ {{- end }}
+ # LDAP
+ - name: POSTGRESQL_ENABLE_LDAP
+ value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }}
+ {{- if .Values.ldap.enabled }}
+ {{- if or .Values.ldap.url .Values.ldap.uri }}
+ - name: POSTGRESQL_LDAP_URL
+ value: {{ coalesce .Values.ldap.url .Values.ldap.uri }}
+ {{- else }}
+ - name: POSTGRESQL_LDAP_SERVER
+ value: {{ .Values.ldap.server }}
+ - name: POSTGRESQL_LDAP_PORT
+ value: {{ .Values.ldap.port | quote }}
+ - name: POSTGRESQL_LDAP_SCHEME
+ value: {{ .Values.ldap.scheme }}
+ {{- if (include "postgresql.ldap.tls.enabled" .) }}
+ - name: POSTGRESQL_LDAP_TLS
+ value: "1"
+ {{- end }}
+ - name: POSTGRESQL_LDAP_PREFIX
+ value: {{ .Values.ldap.prefix | quote }}
+ - name: POSTGRESQL_LDAP_SUFFIX
+ value: {{ .Values.ldap.suffix | quote }}
+ - name: POSTGRESQL_LDAP_BASE_DN
+ value: {{ coalesce .Values.ldap.baseDN .Values.ldap.basedn }}
+ - name: POSTGRESQL_LDAP_BIND_DN
+ value: {{ coalesce .Values.ldap.bindDN .Values.ldap.binddn}}
+ {{- if or (not (empty .Values.ldap.bind_password)) (not (empty .Values.ldap.bindpw)) }}
+ - name: POSTGRESQL_LDAP_BIND_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "postgresql.secretName" . }}
+ key: ldap-password
+ {{- end }}
+ - name: POSTGRESQL_LDAP_SEARCH_ATTR
+ value: {{ coalesce .Values.ldap.search_attr .Values.ldap.searchAttribute }}
+ - name: POSTGRESQL_LDAP_SEARCH_FILTER
+ value: {{ coalesce .Values.ldap.search_filter .Values.ldap.searchFilter }}
+ {{- end }}
+ {{- end }}
+ # TLS
+ - name: POSTGRESQL_ENABLE_TLS
+ value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
+ {{- if .Values.tls.enabled }}
+ - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS
+ value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }}
+ - name: POSTGRESQL_TLS_CERT_FILE
+ value: {{ include "postgresql.tlsCert" . }}
+ - name: POSTGRESQL_TLS_KEY_FILE
+ value: {{ include "postgresql.tlsCertKey" . }}
+ {{- if .Values.tls.certCAFilename }}
+ - name: POSTGRESQL_TLS_CA_FILE
+ value: {{ include "postgresql.tlsCACert" . }}
+ {{- end }}
+ {{- if .Values.tls.crlFilename }}
+ - name: POSTGRESQL_TLS_CRL_FILE
+ value: {{ include "postgresql.tlsCRL" . }}
+ {{- end }}
+ {{- end }}
+ # Audit
+ - name: POSTGRESQL_LOG_HOSTNAME
+ value: {{ .Values.audit.logHostname | quote }}
+ - name: POSTGRESQL_LOG_CONNECTIONS
+ value: {{ .Values.audit.logConnections | quote }}
+ - name: POSTGRESQL_LOG_DISCONNECTIONS
+ value: {{ .Values.audit.logDisconnections | quote }}
+ {{- if .Values.audit.logLinePrefix }}
+ - name: POSTGRESQL_LOG_LINE_PREFIX
+ value: {{ .Values.audit.logLinePrefix | quote }}
+ {{- end }}
+ {{- if .Values.audit.logTimezone }}
+ - name: POSTGRESQL_LOG_TIMEZONE
+ value: {{ .Values.audit.logTimezone | quote }}
+ {{- end }}
+ {{- if .Values.audit.pgAuditLog }}
+ - name: POSTGRESQL_PGAUDIT_LOG
+ value: {{ .Values.audit.pgAuditLog | quote }}
+ {{- end }}
+ - name: POSTGRESQL_PGAUDIT_LOG_CATALOG
+ value: {{ .Values.audit.pgAuditLogCatalog | quote }}
+ # Others
+ - name: POSTGRESQL_CLIENT_MIN_MESSAGES
+ value: {{ .Values.audit.clientMinMessages | quote }}
+ - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES
+ value: {{ .Values.postgresqlSharedPreloadLibraries | quote }}
+ {{- if .Values.primary.extraEnvVars }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraEnvVars "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if or .Values.primary.extraEnvVarsCM .Values.primary.extraEnvVarsSecret }}
+ envFrom:
+ {{- if .Values.primary.extraEnvVarsCM }}
+ - configMapRef:
+ name: {{ .Values.primary.extraEnvVarsCM }}
+ {{- end }}
+ {{- if .Values.primary.extraEnvVarsSecret }}
+ - secretRef:
+ name: {{ .Values.primary.extraEnvVarsSecret }}
+ {{- end }}
+ {{- end }}
+ ports:
+ - name: tcp-postgresql
+ containerPort: {{ .Values.containerPorts.postgresql }}
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- if .Values.primary.customStartupProbe }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customStartupProbe "context" $) | nindent 12 }}
+ {{- else if .Values.primary.startupProbe.enabled }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.primary.startupProbe "enabled") "context" $) | nindent 12 }}
+ exec:
+ command:
+ - /bin/sh
+ - -c
+ {{- if (include "postgresql.database" .) }}
+ - exec pg_isready -U {{ default "postgres" $customUser | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }}
+ {{- else }}
+ - exec pg_isready -U {{ default "postgres" $customUser | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.primary.customLivenessProbe }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customLivenessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.primary.livenessProbe.enabled }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.primary.livenessProbe "enabled") "context" $) | nindent 12 }}
+ exec:
+ command:
+ - /bin/sh
+ - -c
+ {{- if (include "postgresql.database" .) }}
+ - exec pg_isready -U {{ default "postgres" $customUser | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }}
+ {{- else }}
+ - exec pg_isready -U {{ default "postgres" $customUser | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.primary.customReadinessProbe }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customReadinessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.primary.readinessProbe.enabled }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.primary.readinessProbe "enabled") "context" $) | nindent 12 }}
+ exec:
+ command:
+ - /bin/sh
+ - -c
+ - -e
+ {{- include "postgresql.readinessProbeCommand" . | nindent 16 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.primary.resources }}
+ resources: {{- toYaml .Values.primary.resources | nindent 12 }}
+ {{- end }}
+ {{- if .Values.primary.lifecycleHooks }}
+ lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.primary.lifecycleHooks "context" $) | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ {{- if or .Values.primary.initdb.scriptsConfigMap .Values.primary.initdb.scripts }}
+ - name: custom-init-scripts
+ mountPath: /docker-entrypoint-initdb.d/
+ {{- end }}
+ {{- if .Values.primary.initdb.scriptsSecret }}
+ - name: custom-init-scripts-secret
+ mountPath: /docker-entrypoint-initdb.d/secret
+ {{- end }}
+ {{- if or .Values.primary.extendedConfiguration .Values.primary.existingExtendedConfigmap }}
+ - name: postgresql-extended-config
+ mountPath: /bitnami/postgresql/conf/conf.d/
+ {{- end }}
+ {{- if .Values.auth.usePasswordFiles }}
+ - name: postgresql-password
+ mountPath: /opt/bitnami/postgresql/secrets/
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: postgresql-certificates
+ mountPath: /opt/bitnami/postgresql/certs
+ readOnly: true
+ {{- end }}
+ {{- if .Values.shmVolume.enabled }}
+ - name: dshm
+ mountPath: /dev/shm
+ {{- end }}
+ {{- if .Values.primary.persistence.enabled }}
+ - name: data
+ mountPath: {{ .Values.primary.persistence.mountPath }}
+ {{- if .Values.primary.persistence.subPath }}
+ subPath: {{ .Values.primary.persistence.subPath }}
+ {{- end }}
+ {{- end }}
+ {{- if or .Values.primary.configuration .Values.primary.pgHbaConfiguration .Values.primary.existingConfigmap }}
+ - name: postgresql-config
+ mountPath: /bitnami/postgresql/conf
+ {{- end }}
+ {{- if .Values.primary.extraVolumeMounts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraVolumeMounts "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.metrics.enabled }}
+ - name: metrics
+ image: {{ include "postgresql.metrics.image" . }}
+ imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
+ {{- if .Values.metrics.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+ {{- else if .Values.metrics.customMetrics }}
+ args: ["--extend.query-path", "/conf/custom-metrics.yaml"]
+ {{- end }}
+ env:
+ {{- $database := required "In order to enable metrics you need to specify a database (.Values.auth.database or .Values.global.postgresql.auth.database)" (include "postgresql.database" .) }}
+ - name: DATA_SOURCE_URI
+ value: {{ printf "127.0.0.1:%d/%s?sslmode=disable" (int (include "postgresql.service.port" .)) $database }}
+ {{- if .Values.auth.usePasswordFiles }}
+ - name: DATA_SOURCE_PASS_FILE
+ value: {{ printf "/opt/bitnami/postgresql/secrets/%s" (ternary "password" "postgres-password" (and (not (empty $customUser)) (ne $customUser "postgres"))) }}
+ {{- else }}
+ - name: DATA_SOURCE_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "postgresql.secretName" . }}
+ key: {{ include "postgresql.userPasswordKey" . }}
+ {{- end }}
+ - name: DATA_SOURCE_USER
+ value: {{ default "postgres" $customUser | quote }}
+ {{- if .Values.metrics.extraEnvVars }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }}
+ {{- end }}
+ ports:
+ - name: http-metrics
+ containerPort: {{ .Values.metrics.containerPorts.metrics }}
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- if .Values.metrics.customStartupProbe }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }}
+ {{- else if .Values.metrics.startupProbe.enabled }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }}
+ tcpSocket:
+ port: http-metrics
+ {{- end }}
+ {{- if .Values.metrics.customLivenessProbe }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.metrics.livenessProbe.enabled }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /
+ port: http-metrics
+ {{- end }}
+ {{- if .Values.metrics.customReadinessProbe }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.metrics.readinessProbe.enabled }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /
+ port: http-metrics
+ {{- end }}
+ {{- end }}
+ volumeMounts:
+ {{- if .Values.auth.usePasswordFiles }}
+ - name: postgresql-password
+ mountPath: /opt/bitnami/postgresql/secrets/
+ {{- end }}
+ {{- if .Values.metrics.customMetrics }}
+ - name: custom-metrics
+ mountPath: /conf
+ readOnly: true
+ {{- end }}
+ {{- if .Values.metrics.resources }}
+ resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.primary.sidecars }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.primary.sidecars "context" $ ) | nindent 8 }}
+ {{- end }}
+ volumes:
+ {{- if or .Values.primary.configuration .Values.primary.pgHbaConfiguration .Values.primary.existingConfigmap }}
+ - name: postgresql-config
+ configMap:
+ name: {{ include "postgresql.primary.configmapName" . }}
+ {{- end }}
+ {{- if or .Values.primary.extendedConfiguration .Values.primary.existingExtendedConfigmap }}
+ - name: postgresql-extended-config
+ configMap:
+ name: {{ include "postgresql.primary.extendedConfigmapName" . }}
+ {{- end }}
+ {{- if .Values.auth.usePasswordFiles }}
+ - name: postgresql-password
+ secret:
+ secretName: {{ include "postgresql.secretName" . }}
+ {{- end }}
+ {{- if or .Values.primary.initdb.scriptsConfigMap .Values.primary.initdb.scripts }}
+ - name: custom-init-scripts
+ configMap:
+ name: {{ include "postgresql.initdb.scriptsCM" . }}
+ {{- end }}
+ {{- if .Values.primary.initdb.scriptsSecret }}
+ - name: custom-init-scripts-secret
+ secret:
+ secretName: {{ tpl .Values.primary.initdb.scriptsSecret $ }}
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: raw-certificates
+ secret:
+ secretName: {{ include "postgresql.tlsSecretName" . }}
+ - name: postgresql-certificates
+ emptyDir: {}
+ {{- end }}
+ {{- if .Values.primary.extraVolumes }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.primary.extraVolumes "context" $ ) | nindent 8 }}
+ {{- end }}
+ {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }}
+ - name: custom-metrics
+ configMap:
+ name: {{ printf "%s-metrics" (include "postgresql.primary.fullname" .) }}
+ {{- end }}
+ {{- if .Values.shmVolume.enabled }}
+ - name: dshm
+ emptyDir:
+ medium: Memory
+ {{- if .Values.shmVolume.sizeLimit }}
+ sizeLimit: {{ .Values.shmVolume.sizeLimit }}
+ {{- end }}
+ {{- end }}
+ {{- if and .Values.primary.persistence.enabled .Values.primary.persistence.existingClaim }}
+ - name: data
+ persistentVolumeClaim:
+ claimName: {{ tpl .Values.primary.persistence.existingClaim $ }}
+ {{- else if not .Values.primary.persistence.enabled }}
+ - name: data
+ emptyDir: {}
+ {{- else }}
+ volumeClaimTemplates:
+ - metadata:
+ name: data
+ {{- if .Values.primary.persistence.annotations }}
+ annotations: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.annotations "context" $) | nindent 10 }}
+ {{- end }}
+ {{- if .Values.primary.persistence.labels }}
+ labels: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.labels "context" $) | nindent 10 }}
+ {{- end }}
+ spec:
+ accessModes:
+ {{- range .Values.primary.persistence.accessModes }}
+ - {{ . | quote }}
+ {{- end }}
+ {{- if .Values.primary.persistence.dataSource }}
+ dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.dataSource "context" $) | nindent 10 }}
+ {{- end }}
+ resources:
+ requests:
+ storage: {{ .Values.primary.persistence.size | quote }}
+ {{- if .Values.primary.persistence.selector }}
+ selector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.selector "context" $) | nindent 10 }}
+ {{- end }}
+ {{- include "common.storage.class" (dict "persistence" .Values.primary.persistence "global" .Values.global) | nindent 8 }}
+ {{- end }}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/svc-headless.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/svc-headless.yaml
new file mode 100644
index 00000000..b3bd02fa
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/svc-headless.yaml
@@ -0,0 +1,52 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "postgresql.primary.svc.headless" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ app.kubernetes.io/component: primary
+ {{- if or .Values.primary.service.headless.annotations .Values.commonAnnotations }}
+ annotations:
+ {{- if .Values.primary.service.headless.annotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.primary.service.headless.annotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+ # Use this annotation in addition to the actual publishNotReadyAddresses
+ # field below because the annotation will stop being respected soon but the
+ # field is broken in some versions of Kubernetes:
+ # https://github.com/kubernetes/kubernetes/issues/58662
+ service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+spec:
+ type: ClusterIP
+ clusterIP: None
+ # We want all pods in the StatefulSet to have their addresses published for
+ # the sake of the other Postgresql pods even before they're ready, since they
+ # have to be able to talk to each other in order to become ready.
+ publishNotReadyAddresses: true
+ ports:
+ - name: tcp-postgresql
+ port: {{ template "postgresql.service.port" . }}
+ targetPort: tcp-postgresql
+ selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
+ app.kubernetes.io/component: primary
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/svc.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/svc.yaml
new file mode 100644
index 00000000..dc199983
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/primary/svc.yaml
@@ -0,0 +1,68 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "postgresql.primary.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ app.kubernetes.io/component: primary
+ {{- if or .Values.commonAnnotations .Values.primary.service.annotations }}
+ annotations:
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.primary.service.annotations }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.annotations "context" $) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ type: {{ .Values.primary.service.type }}
+ {{- if or (eq .Values.primary.service.type "LoadBalancer") (eq .Values.primary.service.type "NodePort") }}
+ externalTrafficPolicy: {{ .Values.primary.service.externalTrafficPolicy | quote }}
+ {{- end }}
+ {{- if and (eq .Values.primary.service.type "LoadBalancer") (not (empty .Values.primary.service.loadBalancerSourceRanges)) }}
+ loadBalancerSourceRanges: {{ .Values.primary.service.loadBalancerSourceRanges }}
+ {{- end }}
+ {{- if and (eq .Values.primary.service.type "LoadBalancer") (not (empty .Values.primary.service.loadBalancerIP)) }}
+ loadBalancerIP: {{ .Values.primary.service.loadBalancerIP }}
+ {{- end }}
+ {{- if and .Values.primary.service.clusterIP (eq .Values.primary.service.type "ClusterIP") }}
+ clusterIP: {{ .Values.primary.service.clusterIP }}
+ {{- end }}
+ {{- if .Values.primary.service.sessionAffinity }}
+ sessionAffinity: {{ .Values.primary.service.sessionAffinity }}
+ {{- end }}
+ {{- if .Values.primary.service.sessionAffinityConfig }}
+ sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.sessionAffinityConfig "context" $) | nindent 4 }}
+ {{- end }}
+ ports:
+ - name: tcp-postgresql
+ port: {{ template "postgresql.service.port" . }}
+ targetPort: tcp-postgresql
+ {{- if and (or (eq .Values.primary.service.type "NodePort") (eq .Values.primary.service.type "LoadBalancer")) (not (empty .Values.primary.service.nodePorts.postgresql)) }}
+ nodePort: {{ .Values.primary.service.nodePorts.postgresql }}
+ {{- else if eq .Values.primary.service.type "ClusterIP" }}
+ nodePort: null
+ {{- end }}
+ {{- if .Values.primary.service.extraPorts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.extraPorts "context" $) | nindent 4 }}
+ {{- end }}
+ selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
+ app.kubernetes.io/component: primary
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/prometheusrule.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/prometheusrule.yaml
new file mode 100644
index 00000000..b795249b
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/prometheusrule.yaml
@@ -0,0 +1,37 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ include "common.names.fullname" . }}
+ namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: metrics
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.metrics.prometheusRule.labels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.labels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ groups:
+ - name: {{ include "common.names.fullname" . }}
+ rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 8 }}
+{{- end }}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/psp.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/psp.yaml
new file mode 100644
index 00000000..a49548fa
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/psp.yaml
@@ -0,0 +1,56 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}}
+{{- if and $pspAvailable .Values.psp.create }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ include "common.names.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ privileged: false
+ volumes:
+ - 'configMap'
+ - 'secret'
+ - 'persistentVolumeClaim'
+ - 'emptyDir'
+ - 'projected'
+ hostNetwork: false
+ hostIPC: false
+ hostPID: false
+ runAsUser:
+ rule: 'RunAsAny'
+ seLinux:
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1
+ max: 65535
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1
+ max: 65535
+ readOnlyRootFilesystem: false
+{{- end }}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/read/extended-configmap.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/read/extended-configmap.yaml
new file mode 100644
index 00000000..838f861e
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/read/extended-configmap.yaml
@@ -0,0 +1,33 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if (include "postgresql.readReplicas.createExtendedConfigmap" .) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ printf "%s-extended-configuration" (include "postgresql.readReplica.fullname" .) }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: read
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data:
+ override.conf: |-
+ {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.extendedConfiguration "context" $ ) | nindent 4 }}
+{{- end }}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/read/metrics-configmap.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/read/metrics-configmap.yaml
new file mode 100644
index 00000000..998c7bd6
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/read/metrics-configmap.yaml
@@ -0,0 +1,31 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if and .Values.metrics.enabled .Values.metrics.customMetrics (eq .Values.architecture "replication") }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ printf "%s-metrics" (include "postgresql.readReplica.fullname" .) }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data:
+ custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | quote }}
+{{- end }}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/read/metrics-svc.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/read/metrics-svc.yaml
new file mode 100644
index 00000000..a974ebb1
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/read/metrics-svc.yaml
@@ -0,0 +1,48 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if and .Values.metrics.enabled (eq .Values.architecture "replication") }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ printf "%s-metrics" (include "postgresql.readReplica.fullname" .) }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: metrics-read
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.commonAnnotations .Values.metrics.service.annotations }}
+ annotations:
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.metrics.service.annotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ type: ClusterIP
+ sessionAffinity: {{ .Values.metrics.service.sessionAffinity }}
+ {{- if .Values.metrics.service.clusterIP }}
+ clusterIP: {{ .Values.metrics.service.clusterIP }}
+ {{- end }}
+ ports:
+ - name: http-metrics
+ port: {{ .Values.metrics.service.ports.metrics }}
+ targetPort: http-metrics
+ selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
+ app.kubernetes.io/component: read
+{{- end }}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/read/networkpolicy.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/read/networkpolicy.yaml
new file mode 100644
index 00000000..65c05173
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/read/networkpolicy.yaml
@@ -0,0 +1,51 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if and .Values.networkPolicy.enabled (eq .Values.architecture "replication") .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.enabled }}
+apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
+kind: NetworkPolicy
+metadata:
+ name: {{ printf "%s-ingress" (include "postgresql.readReplica.fullname" .) }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: read
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ podSelector:
+ matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+ app.kubernetes.io/component: read
+ ingress:
+ {{- if and .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.enabled (or .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector) }}
+ - from:
+ {{- if .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector }}
+ - namespaceSelector:
+ matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector "context" $) | nindent 14 }}
+ {{- end }}
+ {{- if .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector }}
+ - podSelector:
+ matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector "context" $) | nindent 14 }}
+ {{- end }}
+ ports:
+ - port: {{ .Values.containerPorts.postgresql }}
+ {{- end }}
+ {{- if .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.customRules }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.customRules "context" $) | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/read/servicemonitor.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/read/servicemonitor.yaml
new file mode 100644
index 00000000..136da111
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/read/servicemonitor.yaml
@@ -0,0 +1,63 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled (eq .Values.architecture "replication") }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ include "postgresql.readReplica.fullname" . }}
+ namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: metrics-read
+ {{- if .Values.metrics.serviceMonitor.labels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if .Values.metrics.serviceMonitor.jobLabel }}
+ jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }}
+ {{- end }}
+ selector:
+ matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+ {{- if .Values.metrics.serviceMonitor.selector }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
+ {{- end }}
+ app.kubernetes.io/component: metrics-read
+ endpoints:
+ - port: http-metrics
+ {{- if .Values.metrics.serviceMonitor.interval }}
+ interval: {{ .Values.metrics.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
+ scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
+ {{- end }}
+ {{- if .Values.metrics.serviceMonitor.relabelings }}
+ relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 6 }}
+ {{- end }}
+ {{- if .Values.metrics.serviceMonitor.metricRelabelings }}
+ metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 6 }}
+ {{- end }}
+ {{- if .Values.metrics.serviceMonitor.honorLabels }}
+ honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
+ {{- end }}
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/read/statefulset.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/read/statefulset.yaml
new file mode 100644
index 00000000..471e3568
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/read/statefulset.yaml
@@ -0,0 +1,552 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if eq .Values.architecture "replication" }}
+{{- $customUser := include "postgresql.username" . }}
+apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
+kind: StatefulSet
+metadata:
+ name: {{ include "postgresql.readReplica.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: read
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.readReplicas.labels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.labels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.commonAnnotations .Values.readReplicas.annotations }}
+ annotations:
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.readReplicas.annotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.annotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ replicas: {{ .Values.readReplicas.replicaCount }}
+ serviceName: {{ include "postgresql.readReplica.svc.headless" . }}
+ {{- if .Values.readReplicas.updateStrategy }}
+ updateStrategy: {{- toYaml .Values.readReplicas.updateStrategy | nindent 4 }}
+ {{- end }}
+ selector:
+ matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+ app.kubernetes.io/component: read
+ template:
+ metadata:
+ name: {{ include "postgresql.readReplica.fullname" . }}
+ labels: {{- include "common.labels.standard" . | nindent 8 }}
+ app.kubernetes.io/component: read
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.readReplicas.podLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.podLabels "context" $ ) | nindent 8 }}
+ {{- end }}
+ {{- if or (include "postgresql.readReplicas.createExtendedConfigmap" .) .Values.readReplicas.podAnnotations }}
+ annotations:
+ {{- if (include "postgresql.readReplicas.createExtendedConfigmap" .) }}
+ checksum/extended-configuration: {{ include (print $.Template.BasePath "/read/extended-configmap.yaml") . | sha256sum }}
+ {{- end }}
+ {{- if .Values.readReplicas.podAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.podAnnotations "context" $ ) | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ spec:
+ {{- if .Values.readReplicas.extraPodSpec }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.extraPodSpec "context" $) | nindent 6 }}
+ {{- end }}
+ serviceAccountName: {{ include "postgresql.serviceAccountName" . }}
+ {{- include "postgresql.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.readReplicas.hostAliases }}
+ hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.hostAliases "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.readReplicas.affinity }}
+ affinity: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.affinity "context" $) | nindent 8 }}
+ {{- else }}
+ affinity:
+ podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.readReplicas.podAffinityPreset "component" "read" "context" $) | nindent 10 }}
+ podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.readReplicas.podAntiAffinityPreset "component" "read" "context" $) | nindent 10 }}
+ nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.readReplicas.nodeAffinityPreset.type "key" .Values.readReplicas.nodeAffinityPreset.key "values" .Values.readReplicas.nodeAffinityPreset.values) | nindent 10 }}
+ {{- end }}
+ {{- if .Values.readReplicas.nodeSelector }}
+ nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.nodeSelector "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.readReplicas.tolerations }}
+ tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.tolerations "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.readReplicas.topologySpreadConstraints }}
+ topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.topologySpreadConstraints "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.readReplicas.priorityClassName }}
+ priorityClassName: {{ .Values.readReplicas.priorityClassName }}
+ {{- end }}
+ {{- if .Values.readReplicas.schedulerName }}
+ schedulerName: {{ .Values.readReplicas.schedulerName | quote }}
+ {{- end }}
+ {{- if .Values.readReplicas.terminationGracePeriodSeconds }}
+ terminationGracePeriodSeconds: {{ .Values.readReplicas.terminationGracePeriodSeconds }}
+ {{- end }}
+ {{- if .Values.readReplicas.podSecurityContext.enabled }}
+ securityContext: {{- omit .Values.readReplicas.podSecurityContext "enabled" | toYaml | nindent 8 }}
+ {{- end }}
+ hostNetwork: {{ .Values.readReplicas.hostNetwork }}
+ hostIPC: {{ .Values.readReplicas.hostIPC }}
+ {{- if or (and .Values.tls.enabled (not .Values.volumePermissions.enabled)) (and .Values.volumePermissions.enabled (or .Values.readReplicas.persistence.enabled .Values.shmVolume.enabled)) .Values.readReplicas.initContainers }}
+ initContainers:
+ {{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }}
+ - name: copy-certs
+ image: {{ include "postgresql.volumePermissions.image" . }}
+ imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+ {{- if .Values.readReplicas.resources }}
+ resources: {{- toYaml .Values.readReplicas.resources | nindent 12 }}
+ {{- end }}
+ # We don't require a privileged container in this case
+ {{- if .Values.readReplicas.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.readReplicas.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ command:
+ - /bin/sh
+ - -ec
+ - |
+ cp /tmp/certs/* /opt/bitnami/postgresql/certs/
+ chmod 600 {{ include "postgresql.tlsCertKey" . }}
+ volumeMounts:
+ - name: raw-certificates
+ mountPath: /tmp/certs
+ - name: postgresql-certificates
+ mountPath: /opt/bitnami/postgresql/certs
+ {{- else if and .Values.volumePermissions.enabled (or .Values.readReplicas.persistence.enabled .Values.shmVolume.enabled) }}
+ - name: init-chmod-data
+ image: {{ include "postgresql.volumePermissions.image" . }}
+ imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+ {{- if .Values.readReplicas.resources }}
+ resources: {{- toYaml .Values.readReplicas.resources | nindent 12 }}
+ {{- end }}
+ command:
+ - /bin/sh
+ - -ec
+ - |
+ {{- if .Values.readReplicas.persistence.enabled }}
+ {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }}
+ chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.readReplicas.persistence.mountPath }}
+ {{- else }}
+ chown {{ .Values.readReplicas.containerSecurityContext.runAsUser }}:{{ .Values.readReplicas.podSecurityContext.fsGroup }} {{ .Values.readReplicas.persistence.mountPath }}
+ {{- end }}
+ mkdir -p {{ .Values.readReplicas.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.readReplicas.persistence.mountPath }}/conf {{- end }}
+ chmod 700 {{ .Values.readReplicas.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.readReplicas.persistence.mountPath }}/conf {{- end }}
+ find {{ .Values.readReplicas.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \
+ {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }}
+ xargs -r chown -R `id -u`:`id -G | cut -d " " -f2`
+ {{- else }}
+ xargs -r chown -R {{ .Values.readReplicas.containerSecurityContext.runAsUser }}:{{ .Values.readReplicas.podSecurityContext.fsGroup }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.shmVolume.enabled }}
+ chmod -R 777 /dev/shm
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ cp /tmp/certs/* /opt/bitnami/postgresql/certs/
+ {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }}
+ chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/
+ {{- else }}
+ chown -R {{ .Values.readReplicas.containerSecurityContext.runAsUser }}:{{ .Values.readReplicas.podSecurityContext.fsGroup }} /opt/bitnami/postgresql/certs/
+ {{- end }}
+ chmod 600 {{ include "postgresql.tlsCertKey" . }}
+ {{- end }}
+ {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }}
+ securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }}
+ {{- else }}
+ securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ {{ if .Values.readReplicas.persistence.enabled }}
+ - name: data
+ mountPath: {{ .Values.readReplicas.persistence.mountPath }}
+ {{- if .Values.readReplicas.persistence.subPath }}
+ subPath: {{ .Values.readReplicas.persistence.subPath }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.shmVolume.enabled }}
+ - name: dshm
+ mountPath: /dev/shm
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: raw-certificates
+ mountPath: /tmp/certs
+ - name: postgresql-certificates
+ mountPath: /opt/bitnami/postgresql/certs
+ {{- end }}
+ {{- end }}
+ {{- if .Values.readReplicas.initContainers }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.initContainers "context" $ ) | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ containers:
+ - name: postgresql
+ image: {{ include "postgresql.image" . }}
+ imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+ {{- if .Values.readReplicas.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.readReplicas.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+ {{- else if .Values.readReplicas.command }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.command "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+ {{- else if .Values.readReplicas.args }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.args "context" $) | nindent 12 }}
+ {{- end }}
+ env:
+ - name: BITNAMI_DEBUG
+ value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
+ - name: POSTGRESQL_PORT_NUMBER
+ value: {{ .Values.containerPorts.postgresql | quote }}
+ - name: POSTGRESQL_VOLUME_DIR
+ value: {{ .Values.readReplicas.persistence.mountPath | quote }}
+ {{- if .Values.readReplicas.persistence.mountPath }}
+ - name: PGDATA
+ value: {{ .Values.postgresqlDataDir | quote }}
+ {{- end }}
+ # Authentication
+ {{- if and (not (empty $customUser)) (ne $customUser "postgres") .Values.auth.enablePostgresUser }}
+ {{- if .Values.auth.usePasswordFiles }}
+ - name: POSTGRES_POSTGRES_PASSWORD_FILE
+ value: "/opt/bitnami/postgresql/secrets/postgres-password"
+ {{- else }}
+ - name: POSTGRES_POSTGRES_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "postgresql.secretName" . }}
+ key: {{ include "postgresql.adminPasswordKey" . }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.auth.usePasswordFiles }}
+ - name: POSTGRES_PASSWORD_FILE
+ value: {{ printf "/opt/bitnami/postgresql/secrets/%s" (ternary "password" "postgres-password" (and (not (empty $customUser)) (ne $customUser "postgres"))) }}
+ {{- else }}
+ - name: POSTGRES_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "postgresql.secretName" . }}
+ key: {{ include "postgresql.userPasswordKey" . }}
+ {{- end }}
+ # Replication
+ - name: POSTGRES_REPLICATION_MODE
+ value: "slave"
+ - name: POSTGRES_REPLICATION_USER
+ value: {{ .Values.auth.replicationUsername | quote }}
+ {{- if .Values.auth.usePasswordFiles }}
+ - name: POSTGRES_REPLICATION_PASSWORD_FILE
+ value: "/opt/bitnami/postgresql/secrets/replication-password"
+ {{- else }}
+ - name: POSTGRES_REPLICATION_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "postgresql.secretName" . }}
+ key: {{ include "postgresql.replicationPasswordKey" . }}
+ {{- end }}
+ - name: POSTGRES_CLUSTER_APP_NAME
+ value: {{ .Values.replication.applicationName }}
+ - name: POSTGRES_MASTER_HOST
+ value: {{ include "postgresql.primary.fullname" . }}
+ - name: POSTGRES_MASTER_PORT_NUMBER
+ value: {{ include "postgresql.service.port" . | quote }}
+ # TLS
+ - name: POSTGRESQL_ENABLE_TLS
+ value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
+ {{- if .Values.tls.enabled }}
+ - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS
+ value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }}
+ - name: POSTGRESQL_TLS_CERT_FILE
+ value: {{ include "postgresql.tlsCert" . }}
+ - name: POSTGRESQL_TLS_KEY_FILE
+ value: {{ include "postgresql.tlsCertKey" . }}
+ {{- if .Values.tls.certCAFilename }}
+ - name: POSTGRESQL_TLS_CA_FILE
+ value: {{ include "postgresql.tlsCACert" . }}
+ {{- end }}
+ {{- if .Values.tls.crlFilename }}
+ - name: POSTGRESQL_TLS_CRL_FILE
+ value: {{ include "postgresql.tlsCRL" . }}
+ {{- end }}
+ {{- end }}
+ # Audit
+ - name: POSTGRESQL_LOG_HOSTNAME
+ value: {{ .Values.audit.logHostname | quote }}
+ - name: POSTGRESQL_LOG_CONNECTIONS
+ value: {{ .Values.audit.logConnections | quote }}
+ - name: POSTGRESQL_LOG_DISCONNECTIONS
+ value: {{ .Values.audit.logDisconnections | quote }}
+ {{- if .Values.audit.logLinePrefix }}
+ - name: POSTGRESQL_LOG_LINE_PREFIX
+ value: {{ .Values.audit.logLinePrefix | quote }}
+ {{- end }}
+ {{- if .Values.audit.logTimezone }}
+ - name: POSTGRESQL_LOG_TIMEZONE
+ value: {{ .Values.audit.logTimezone | quote }}
+ {{- end }}
+ {{- if .Values.audit.pgAuditLog }}
+ - name: POSTGRESQL_PGAUDIT_LOG
+ value: {{ .Values.audit.pgAuditLog | quote }}
+ {{- end }}
+ - name: POSTGRESQL_PGAUDIT_LOG_CATALOG
+ value: {{ .Values.audit.pgAuditLogCatalog | quote }}
+ # Others
+ - name: POSTGRESQL_CLIENT_MIN_MESSAGES
+ value: {{ .Values.audit.clientMinMessages | quote }}
+ - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES
+ value: {{ .Values.postgresqlSharedPreloadLibraries | quote }}
+ {{- if .Values.readReplicas.extraEnvVars }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.extraEnvVars "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if or .Values.readReplicas.extraEnvVarsCM .Values.readReplicas.extraEnvVarsSecret }}
+ envFrom:
+ {{- if .Values.readReplicas.extraEnvVarsCM }}
+ - configMapRef:
+ name: {{ .Values.readReplicas.extraEnvVarsCM }}
+ {{- end }}
+ {{- if .Values.readReplicas.extraEnvVarsSecret }}
+ - secretRef:
+ name: {{ .Values.readReplicas.extraEnvVarsSecret }}
+ {{- end }}
+ {{- end }}
+ ports:
+ - name: tcp-postgresql
+ containerPort: {{ .Values.containerPorts.postgresql }}
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- if .Values.readReplicas.customStartupProbe }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.customStartupProbe "context" $) | nindent 12 }}
+ {{- else if .Values.readReplicas.startupProbe.enabled }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readReplicas.startupProbe "enabled") "context" $) | nindent 12 }}
+ exec:
+ command:
+ - /bin/sh
+ - -c
+ {{- if (include "postgresql.database" .) }}
+ - exec pg_isready -U {{ default "postgres" $customUser| quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }}
+ {{- else }}
+ - exec pg_isready -U {{ default "postgres" $customUser | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.readReplicas.customLivenessProbe }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.customLivenessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.readReplicas.livenessProbe.enabled }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readReplicas.livenessProbe "enabled") "context" $) | nindent 12 }}
+ exec:
+ command:
+ - /bin/sh
+ - -c
+ {{- if (include "postgresql.database" .) }}
+ - exec pg_isready -U {{ default "postgres" $customUser | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }}
+ {{- else }}
+ - exec pg_isready -U {{default "postgres" $customUser | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.readReplicas.customReadinessProbe }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.customReadinessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.readReplicas.readinessProbe.enabled }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readReplicas.readinessProbe "enabled") "context" $) | nindent 12 }}
+ exec:
+ command:
+ - /bin/sh
+ - -c
+ - -e
+ {{- include "postgresql.readinessProbeCommand" . | nindent 16 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.readReplicas.resources }}
+ resources: {{- toYaml .Values.readReplicas.resources | nindent 12 }}
+ {{- end }}
+ {{- if .Values.readReplicas.lifecycleHooks }}
+ lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.lifecycleHooks "context" $) | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ {{- if .Values.auth.usePasswordFiles }}
+ - name: postgresql-password
+ mountPath: /opt/bitnami/postgresql/secrets/
+ {{- end }}
+ {{- if .Values.readReplicas.extendedConfiguration }}
+ - name: postgresql-extended-config
+ mountPath: /bitnami/postgresql/conf/conf.d/
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: postgresql-certificates
+ mountPath: /opt/bitnami/postgresql/certs
+ readOnly: true
+ {{- end }}
+ {{- if .Values.shmVolume.enabled }}
+ - name: dshm
+ mountPath: /dev/shm
+ {{- end }}
+ {{- if .Values.readReplicas.persistence.enabled }}
+ - name: data
+ mountPath: {{ .Values.readReplicas.persistence.mountPath }}
+ {{- if .Values.readReplicas.persistence.subPath }}
+ subPath: {{ .Values.readReplicas.persistence.subPath }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.readReplicas.extraVolumeMounts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.extraVolumeMounts "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.metrics.enabled }}
+ - name: metrics
+ image: {{ include "postgresql.metrics.image" . }}
+ imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
+ {{- if .Values.metrics.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+ {{- else if .Values.metrics.customMetrics }}
+ args: [ "--extend.query-path", "/conf/custom-metrics.yaml" ]
+ {{- end }}
+ env:
+ {{- $database := required "In order to enable metrics you need to specify a database (.Values.auth.database or .Values.global.postgresql.auth.database)" (include "postgresql.database" .) }}
+ - name: DATA_SOURCE_URI
+ value: {{ printf "127.0.0.1:%d/%s?sslmode=disable" (int (include "postgresql.service.port" .)) $database }}
+ {{- if .Values.auth.usePasswordFiles }}
+ - name: DATA_SOURCE_PASS_FILE
+ value: {{ printf "/opt/bitnami/postgresql/secrets/%s" (ternary "password" "postgres-password" (and (not (empty $customUser)) (ne $customUser "postgres"))) }}
+ {{- else }}
+ - name: DATA_SOURCE_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "postgresql.secretName" . }}
+ key: {{ include "postgresql.userPasswordKey" . }}
+ {{- end }}
+ - name: DATA_SOURCE_USER
+ value: {{ default "postgres" $customUser | quote }}
+ {{- if .Values.metrics.extraEnvVars }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }}
+ {{- end }}
+ ports:
+ - name: http-metrics
+ containerPort: {{ .Values.metrics.containerPorts.metrics }}
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- if .Values.metrics.customStartupProbe }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }}
+ {{- else if .Values.metrics.startupProbe.enabled }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }}
+ tcpSocket:
+ port: http-metrics
+ {{- end }}
+ {{- if .Values.metrics.customLivenessProbe }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.metrics.livenessProbe.enabled }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /
+ port: http-metrics
+ {{- end }}
+ {{- if .Values.metrics.customReadinessProbe }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.metrics.readinessProbe.enabled }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /
+ port: http-metrics
+ {{- end }}
+ {{- end }}
+ volumeMounts:
+ {{- if .Values.auth.usePasswordFiles }}
+ - name: postgresql-password
+ mountPath: /opt/bitnami/postgresql/secrets/
+ {{- end }}
+ {{- if .Values.metrics.customMetrics }}
+ - name: custom-metrics
+ mountPath: /conf
+ readOnly: true
+ {{- end }}
+ {{- if .Values.metrics.resources }}
+ resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.readReplicas.sidecars }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.sidecars "context" $ ) | nindent 8 }}
+ {{- end }}
+ volumes:
+ {{- if .Values.readReplicas.extendedConfiguration }}
+ - name: postgresql-extended-config
+ configMap:
+ name: {{ include "postgresql.readReplicas.extendedConfigmapName" . }}
+ {{- end }}
+ {{- if .Values.auth.usePasswordFiles }}
+ - name: postgresql-password
+ secret:
+ secretName: {{ include "postgresql.secretName" . }}
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: raw-certificates
+ secret:
+ secretName: {{ include "postgresql.tlsSecretName" . }}
+ - name: postgresql-certificates
+ emptyDir: {}
+ {{- end }}
+ {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }}
+ - name: custom-metrics
+ configMap:
+ name: {{ printf "%s-metrics" (include "postgresql.readReplica.fullname" .) }}
+ {{- end }}
+ {{- if .Values.shmVolume.enabled }}
+ - name: dshm
+ emptyDir:
+ medium: Memory
+ {{- if .Values.shmVolume.sizeLimit }}
+ sizeLimit: {{ .Values.shmVolume.sizeLimit }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.readReplicas.extraVolumes }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.extraVolumes "context" $ ) | nindent 8 }}
+ {{- end }}
+ {{- if and .Values.readReplicas.persistence.enabled .Values.readReplicas.persistence.existingClaim }}
+ - name: data
+ persistentVolumeClaim:
+ claimName: {{ tpl .Values.readReplicas.persistence.existingClaim $ }}
+ {{- else if not .Values.readReplicas.persistence.enabled }}
+ - name: data
+ emptyDir: {}
+ {{- else }}
+ volumeClaimTemplates:
+ - metadata:
+ name: data
+ {{- if .Values.readReplicas.persistence.annotations }}
+ annotations: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.persistence.annotations "context" $) | nindent 10 }}
+ {{- end }}
+ {{- if .Values.readReplicas.persistence.labels }}
+ labels: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.persistence.labels "context" $) | nindent 10 }}
+ {{- end }}
+ spec:
+ accessModes:
+ {{- range .Values.readReplicas.persistence.accessModes }}
+ - {{ . | quote }}
+ {{- end }}
+ {{- if .Values.readReplicas.persistence.dataSource }}
+ dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.persistence.dataSource "context" $) | nindent 10 }}
+ {{- end }}
+ resources:
+ requests:
+ storage: {{ .Values.readReplicas.persistence.size | quote }}
+ {{- if .Values.readReplicas.persistence.selector }}
+ selector: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.persistence.selector "context" $) | nindent 10 }}
+ {{- end -}}
+ {{- include "common.storage.class" (dict "persistence" .Values.readReplicas.persistence "global" .Values.global) | nindent 8 }}
+ {{- end }}
+{{- end }}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/read/svc-headless.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/read/svc-headless.yaml
new file mode 100644
index 00000000..b96bc6d1
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/read/svc-headless.yaml
@@ -0,0 +1,54 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if eq .Values.architecture "replication" }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "postgresql.readReplica.svc.headless" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ app.kubernetes.io/component: read
+ {{- if or .Values.readReplicas.service.headless.annotations .Values.commonAnnotations }}
+ annotations:
+ {{- if .Values.readReplicas.service.headless.annotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.service.headless.annotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+ # Use this annotation in addition to the actual publishNotReadyAddresses
+ # field below because the annotation will stop being respected soon but the
+ # field is broken in some versions of Kubernetes:
+ # https://github.com/kubernetes/kubernetes/issues/58662
+ service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+spec:
+ type: ClusterIP
+ clusterIP: None
+ # We want all pods in the StatefulSet to have their addresses published for
+ # the sake of the other Postgresql pods even before they're ready, since they
+ # have to be able to talk to each other in order to become ready.
+ publishNotReadyAddresses: true
+ ports:
+ - name: tcp-postgresql
+ port: {{ include "postgresql.readReplica.service.port" . }}
+ targetPort: tcp-postgresql
+ selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
+ app.kubernetes.io/component: read
+{{- end }}
diff --git a/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/read/svc.yaml b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/read/svc.yaml
new file mode 100644
index 00000000..0d5302ce
--- /dev/null
+++ b/deploy/charts/admin-stack/charts/skywalking/charts/postgresql/templates/read/svc.yaml
@@ -0,0 +1,70 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if eq .Values.architecture "replication" }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "postgresql.readReplica.fullname" . }}
+ namespace: {{ .Release.Namespace | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ app.kubernetes.io/component: read
+ {{- if or .Values.commonAnnotations .Values.readReplicas.service.annotations }}
+ annotations:
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.readReplicas.service.annotations }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.service.annotations "context" $) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ type: {{ .Values.readReplicas.service.type }}
+ {{- if or (eq .Values.readReplicas.service.type "LoadBalancer") (eq .Values.readReplicas.service.type "NodePort") }}
+ externalTrafficPolicy: {{ .Values.readReplicas.service.externalTrafficPolicy | quote }}
+ {{- end }}
+ {{- if and (eq .Values.readReplicas.service.type "LoadBalancer") (not (empty .Values.readReplicas.service.loadBalancerSourceRanges)) }}
+ loadBalancerSourceRanges: {{ .Values.readReplicas.service.loadBalancerSourceRanges }}
+ {{- end }}
+ {{- if and (eq .Values.readReplicas.service.type "LoadBalancer") (not (empty .Values.readReplicas.service.loadBalancerIP)) }}
+ loadBalancerIP: {{ .Values.readReplicas.service.loadBalancerIP }}
+ {{- end }}
+ {{- if and .Values.readReplicas.service.clusterIP (eq .Values.readReplicas.service.type "ClusterIP") }}
+ clusterIP: {{ .Values.readReplicas.service.clusterIP }}
+ {{- end }}
+ {{- if .Values.readReplicas.service.sessionAffinity }}
+ sessionAffinity: {{ .Values.readReplicas.service.sessionAffinity }}
... 3625 lines suppressed ...