From c4bf2720f386a3c40f346df4998d5153f89720eb Mon Sep 17 00:00:00 2001 From: Jeremy Shimko Date: Thu, 26 Sep 2024 09:08:03 -0400 Subject: [PATCH] [svix] migrate to PGO PostgresCluster chart --- charts/svix/Chart.lock | 10 +- charts/svix/Chart.yaml | 13 +- charts/svix/templates/_helpers.tpl | 28 ++++ charts/svix/templates/svix/deployment.yaml | 14 +- .../svix/templates/svix/jwt-secret-job.yaml | 14 +- charts/svix/values.yaml | 130 ++++++++++++++++-- 6 files changed, 159 insertions(+), 50 deletions(-) diff --git a/charts/svix/Chart.lock b/charts/svix/Chart.lock index 0497215..0ba3e0b 100644 --- a/charts/svix/Chart.lock +++ b/charts/svix/Chart.lock @@ -1,9 +1,9 @@ dependencies: -- name: postgresql - repository: https://charts.bitnami.com/bitnami - version: 15.5.34 +- name: postgrescluster + repository: file://../postgrescluster + version: 5.6.1 - name: redis repository: https://charts.bitnami.com/bitnami version: 20.1.4 -digest: sha256:fba2a042148c14d2a8523320784e2a58492c2f10d952a9f22cc182e3bfd0ebc3 -generated: "2024-09-25T10:53:34.896619-04:00" +digest: sha256:8acdda65b904c1d7ad7340cb5a19d196a20958b64ba1631c8ec10bf2a6f513f6 +generated: "2024-09-26T08:30:57.025407-04:00" diff --git a/charts/svix/Chart.yaml b/charts/svix/Chart.yaml index e22a694..e23817a 100644 --- a/charts/svix/Chart.yaml +++ b/charts/svix/Chart.yaml @@ -2,14 +2,15 @@ apiVersion: v2 name: svix description: A Helm chart for running svix on Kubernetes type: application -version: 0.5.0 +version: 0.6.0 dependencies: - # https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml - - name: postgresql - version: 15.5.34 - repository: https://charts.bitnami.com/bitnami - condition: postgresql.enabled + # Postgres Operator - PostgresCluster + # https://access.crunchydata.com/documentation/postgres-operator/latest/ + - name: postgrescluster + version: 5.6.1 + repository: file://../postgrescluster + condition: postgrescluster.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml - name: redis diff --git a/charts/svix/templates/_helpers.tpl b/charts/svix/templates/_helpers.tpl index 1b0db26..a8112a1 100644 --- a/charts/svix/templates/_helpers.tpl +++ b/charts/svix/templates/_helpers.tpl @@ -49,3 +49,31 @@ Selector labels app.kubernetes.io/name: "svix-server" app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} + +{{/* +Common postgres/redis env +*/}} +{{- define "svix.dbEnv" -}} +# postgres +{{- if or .Values.postgrescluster.enabled .Values.svix.postgresClusterSecret }} +- name: SVIX_DB_DSN + valueFrom: + secretKeyRef: + {{- if .Values.svix.postgresClusterSecret }} + name: "{{ .Values.svix.postgresClusterSecret }}" + {{- else }} + name: "{{ .Values.postgrescluster.name }}-pguser-svix" + {{- end }} + key: "pgbouncer-uri" +{{- end }} + +# redis +{{- if .Values.redis.enabled }} +- name: SVIX_REDIS_DSN + value: "redis://{{ .Values.redis.fullnameOverride }}-master:6379" +- name: SVIX_QUEUE_DSN + value: "$(SVIX_REDIS_DSN)" +- name: SVIX_CACHE_DSN + value: "$(SVIX_REDIS_DSN)" +{{- end }} +{{- end }} diff --git a/charts/svix/templates/svix/deployment.yaml b/charts/svix/templates/svix/deployment.yaml index df256be..5ffbfc1 100644 --- a/charts/svix/templates/svix/deployment.yaml +++ b/charts/svix/templates/svix/deployment.yaml @@ -45,19 +45,7 @@ spec: {{- end }} env: - {{- if .Values.postgresql.enabled }} - - name: SVIX_DB_DSN - value: "postgres://{{ .Values.postgresql.auth.username }}:{{ .Values.postgresql.auth.password }}@svix-postgresql:5432/{{ .Values.postgresql.auth.database }}?{{ .Values.svix.dbUrlOptions }}" - {{- end }} - - {{- if .Values.redis.enabled }} - - name: SVIX_REDIS_DSN - value: "redis://svix-redis-master:6379" - - name: SVIX_QUEUE_DSN - value: "$(SVIX_REDIS_DSN)" - - name: SVIX_CACHE_DSN - value: "$(SVIX_REDIS_DSN)" - {{- end }} + {{- include "svix.dbEnv" . | nindent 12 }} {{- range .Values.svix.env }} - name: {{ .name }} diff --git a/charts/svix/templates/svix/jwt-secret-job.yaml b/charts/svix/templates/svix/jwt-secret-job.yaml index 9fac7d6..2f09ec4 100644 --- a/charts/svix/templates/svix/jwt-secret-job.yaml +++ b/charts/svix/templates/svix/jwt-secret-job.yaml @@ -62,19 +62,7 @@ spec: - name: svix-jwt-generator image: "{{ .Values.svix.image.repository }}:{{ .Values.svix.image.tag | default "latest" }}" env: - {{- if .Values.postgresql.enabled }} - - name: SVIX_DB_DSN - value: "postgresql://{{ .Values.postgresql.auth.username }}:{{ .Values.postgresql.auth.password }}@svix-postgresql:5432/{{ .Values.postgresql.auth.database }}" - {{- end }} - - {{- if .Values.redis.enabled }} - - name: SVIX_REDIS_DSN - value: "redis://{{ .Release.Name }}-redis-master:6379" - - name: SVIX_QUEUE_DSN - value: "$(SVIX_REDIS_DSN)" - - name: SVIX_CACHE_DSN - value: "$(SVIX_REDIS_DSN)" - {{- end }} + {{- include "svix.dbEnv" . | nindent 12 }} {{- range .Values.svix.env }} - name: {{ .name }} diff --git a/charts/svix/values.yaml b/charts/svix/values.yaml index 14b34c6..a82152b 100644 --- a/charts/svix/values.yaml +++ b/charts/svix/values.yaml @@ -26,9 +26,12 @@ svix: # - configMapRef: # name: my-configmap - # Optional postgres connection string options. - # These settings are only used if using the built in postgres chart (enabled below) - dbUrlOptions: "" # schema=public,connect_timeout=10,pool_timeout=10 + # -- optional Postgres Operator cluster secret name. This is useful if you deploy a PostgresCluster instance outside of this chart. + postgresClusterSecret: "" + + # Note that the schema option below must match the user name in the PostgresCluster users list or database permissions will be denied until manually granted. + # -- PostgresCluster connection string options. e.g. schema=stack,connection_limit=10,connect_timeout=10,pool_timeout=10 + dbUrlOptions: "schema=svix&sslmode=require&application_name=svix" # Create a k8s secret with a JWT token that an app can use to authenticate with Svix. # Optionally choose a custom name for the secret and the key to store the JWT in. @@ -139,17 +142,118 @@ svix: affinity: {} -# Postgres -# https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml -postgresql: - enabled: true - architecture: standalone # "replication" or "standalone" - fullnameOverride: svix-postgresql +# PGO PostgresCluster deployment +# If enabled below, PostgresOperator must already be installed in the cluster so the PostgresCluster CRD is available. +# You can install PostgresOperator to your cluster with the following command: - auth: - username: svix - password: svix123 - database: svix +# helm install pgo -n pgo --create-namespace oci://registry.developers.crunchydata.com/crunchydata/pgo +# +# Postgres Operator docs +# https://access.crunchydata.com/documentation/postgres-operator/latest +# https://github.com/CrunchyData/postgres-operator +# +# PostgresCluster Chart +# https://github.com/jshimko/helm-charts/tree/main/charts/postgrescluster +postgrescluster: + # -- disabled by default in case PostgresOperator is not installed in the cluster + enabled: false + + # -- PostgresCluster name + name: postgres-svix + + # -- PostgresCluster annotations + annotations: {} + # postgres-operator.crunchydata.com/autoCreateUserSchema: "true" + + # -- Postgres users to create and assign access to databases + users: + # -- db admin + - name: postgres + + # -- app user + - name: svix + databases: + - svix + + # -- Postgres instances + instances: + - name: svix + replicas: 1 + + # -- Postgres instance resources + resources: {} + # requests: + # cpu: 500m + # memory: 1Gi + # limits: + # cpu: 1000m + # memory: 2Gi + + dataVolumeClaimSpec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: 2Gi + + pgBouncerReplicas: 1 + + # pgBackRest Backups + # https://pgbackrest.org/user-guide.html + # -- https://access.crunchydata.com/documentation/postgres-operator/latest/tutorials/backups-disaster-recovery/backups + pgBackRestConfig: + # which repo to use when triggering a manual backup + manual: + repoName: repo1 # in-cluster persistent volume + options: + - --type=full + + # # S3 auth + # # https://access.crunchydata.com/documentation/postgres-operator/latest/tutorials/backups-disaster-recovery/backups#using-s3 + # configuration: + # - secret: + # name: pgbackrest-backup-secret + + global: + # set retention of full backups to 7 days + # https://pgbackrest.org/user-guide.html#retention + + # in-cluster persistent volume + repo1-retention-full: "7" + repo1-retention-full-type: time + + # # S3 bucket + # repo2-path: /pgbackrest/production + # repo2-retention-full: "7" + # repo2-retention-full-type: time + + repos: + # in-cluster persistent volume + - name: repo1 + volume: + volumeClaimSpec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: 10Gi + schedules: + # full backup weekly at 12:00a UTC Sunday + full: "0 12 * * 0" + # differential backup at 12:00 UTC Monday-Saturday + differential: "0 12 * * 1-6" + + # # S3 bucket + # - name: repo2 + # s3: + # bucket: example-pgbackrest-bucket + # endpoint: s3.amazonaws.com + # region: us-east-1 + # schedules: + # # full backup weekly at 1:00a UTC Sunday + # full: "0 1 * * 0" + # # differential backup at 1:00 UTC Monday-Saturday + # differential: "0 1 * * 1-6" # Redis # https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml