forked from zitadel/zitadel-charts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpgadmin-values.yaml
255 lines (213 loc) · 5.46 KB
/
pgadmin-values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
replicaCount: 1
## pgAdmin4 container image
##
image:
registry: docker.io
repository: dpage/pgadmin4
tag: "8.6"
pullPolicy: IfNotPresent
## Deployment annotations
annotations: {}
service:
type: ClusterIP
port: 80
targetPort: http
# targetPort: 4181 To be used with a proxy extraContainer
portName: http
annotations: {}
serviceAccount:
# Specifies whether a service account should be created
create: false
# Annotations to add to the service account
annotations: {}
name: ""
strategy: {}
serverDefinitions:
## If true, server definitions will be created
##
enabled: true
## The resource type to use for deploying server definitions.
## Can either be ConfigMap or Secret
resourceType: ConfigMap
# servers:
# server1:
# Name: "Zitadel"
# Group: "Servers"
# Host: "131.130.102.246"
# Port: 5432
# Username: "postgres"
# MaintenanceDB: "postgres"
# Shared: true
# ConnectionParameters:
# passfile: "../../file.pgpass"
servers:
server1:
Name: "Zitadel"
Group: "Servers"
Host: "131.130.102.246"
Port: 5432
MaintenanceDB: "postgres"
Username: "postgres"
SSLMode: "verify-ca"
Comment: "This server has every option configured in the JSON"
PassFile: "../../file.pgpass"
SSLCert: "/postgres-cert/tls.crt"
SSLKey: "/postgres-cert/tls.key"
SSLRootCert: "/postgres-cert/ca.crt"
# server2:
# Name: "Zitadel2"
# Group: "Servers"
# Host: "131.130.102.246"
# Port: 5432
# MaintenanceDB: "postgres"
# Username: "zitadel"
# SSLMode: "verify-ca"
# Comment: "This server has every option configured in the JSON"
# PassFile: "../../file.pgpass"
# SSLCert: "../../tls.crt"
# SSLKey: "../../tls.key"
# SSLRootCert: "../../ca.crt"
# BGColor: "#ff9900"
# FGColor: "#000000"
extraSecretMounts:
- name: pgpassfile
secret: pgadmin-pgpassfile-secret
mountPath: "/tmp/file.pgpass"
subPath: pgpassfile
- name: postgres-certs
secret: postgres-cert
mountPath: "/var/lib/pgadmin/storage/zitadel-admin_netsnek.com/postgres-cert/"
readOnly: true
# - name: pgadmin-certs
# secret: pgadmin-cert
# mountPath: "/var/lib/pgadmin/certs/pgadmin-cert"
# readOnly: true
## Additional InitContainers to initialize the pod
##
extraInitContainers: |
- name: prepare-pgpass
image: "dpage/pgadmin4:4.23"
command:
- /bin/sh
- -c
- |
mkdir -p /var/lib/pgadmin/storage/
mkdir -p /var/lib/pgadmin/certs/
cat /tmp/file.pgpass > /var/lib/pgadmin/file.pgpass
volumeMounts:
- name: pgadmin-data
mountPath: /var/lib/pgadmin
- name: pgpassfile
mountPath: /tmp/file.pgpass
subPath: pgpassfile
readOnly: true
securityContext:
runAsUser: 5050
networkPolicy:
enabled: true
ingress:
enabled: true
annotations:
kubernetes.io/tls-acme: "true"
# cert-manager.io/cluster-issuer: letsencrypt-prod
ingressClassName: public
hosts:
- host: pgadmin.netsnek.com
paths:
- path: /
pathType: Prefix
# tls:
# - secretName: pgadmin-tls
# hosts:
# - pgadmin.host.net
# Additional config maps to be mounted inside a container
# Can be used to map config maps for sidecar as well
#extraConfigmapMounts: []
# Add config_local.py file to set OAuth2 configuration
# For details check documentation
# https://www.pgadmin.org/docs/pgadmin4/latest/oauth2.html
extraConfigmapMounts:
- name: config-local
configMap: pgadmin4-config
subPath: config_local.py
mountPath: "/pgadmin4/config_local.py"
readOnly: true
existingSecret: ""
envVarsFromSecrets:
- pgadmin4-oauth2-secret
env:
# can be email or nickname
email: [email protected]
password: SuperSecret
#pgpassfile: /var/lib/pgadmin/storage/pgadmin/file.pgpass
enhanced_cookie_protection: "False"
persistentVolume:
enabled: true
annotations: {}
accessModes:
- ReadWriteOnce
size: 10Gi
securityContext:
runAsUser: 5050
runAsGroup: 5050
fsGroup: 5050
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 60
timeoutSeconds: 15
successThreshold: 1
failureThreshold: 3
readinessProbe:
initialDelaySeconds: 30
periodSeconds: 60
timeoutSeconds: 15
successThreshold: 1
failureThreshold: 3
VolumePermissions:
## If true, enables an InitContainer to set permissions on /var/lib/pgadmin.
##
enabled: true
containerPorts:
http: 80
resources:
limits:
cpu: 300m
memory: 500Mi
requests:
cpu: 150m
memory: 400Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
## Pod affinity
##
affinity: {}
## Pod annotations
##
podAnnotations: {}
## Pod labels
##
podLabels: {}
# key1: value1
# key2: value2
init:
## Init container resources
##
resources: {}
## Define values for chart tests
test:
## Container image for test-connection.yaml
image:
registry: docker.io
repository: busybox
tag: latest
## Resources request/limit for test-connection Pod
resources: {}
securityContext:
runAsUser: 5051
runAsGroup: 5051
fsGroup: 5051