k8s/apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

pgadmin

Browse Source
This commit is contained in:
Philip Haupt
2025-05-30 00:18:42 +02:00
parent 74116c1f63
commit 3d712ccede
4 changed files with 668 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pgadmin/kustomization.yaml Normal file
View File

@@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- main.yaml

200
pgadmin/main.yaml Normal file
View File

@@ -0,0 +1,200 @@
apiVersion: v1
data:
password: U3VwZXJTZWNyZXQ=
kind: Secret
metadata:
labels:
app.kubernetes.io/instance: pgadmin
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: pgadmin4
app.kubernetes.io/version: "9.3"
helm.sh/chart: pgadmin4-1.45.1
name: pgadmin-pgadmin4
namespace: pgadmin
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: pgadmin
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: pgadmin4
app.kubernetes.io/version: "9.3"
helm.sh/chart: pgadmin4-1.45.1
name: pgadmin-pgadmin4
namespace: pgadmin
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
selector:
app.kubernetes.io/instance: pgadmin
app.kubernetes.io/name: pgadmin4
type: ClusterIP
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/instance: pgadmin
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: pgadmin4
app.kubernetes.io/version: "9.3"
helm.sh/chart: pgadmin4-1.45.1
name: pgadmin-pgadmin4
namespace: pgadmin
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: openebs-3-replicas
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: pgadmin
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: pgadmin4
app.kubernetes.io/version: "9.3"
helm.sh/chart: pgadmin4-1.45.1
name: pgadmin-pgadmin4
namespace: pgadmin
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/instance: pgadmin
app.kubernetes.io/name: pgadmin4
template:
metadata:
annotations:
checksum/secret: d60cced22b70238aab1ff018a874bbd8cba79292c40172e1449dc31f0a56afb7
labels:
app.kubernetes.io/instance: pgadmin
app.kubernetes.io/name: pgadmin4
spec:
automountServiceAccountToken: false
containers:
- env:
- name: PGADMIN_CONFIG_ENHANCED_COOKIE_PROTECTION
value: "False"
- name: PGADMIN_DEFAULT_EMAIL
value: chart@domain.com
- name: PGADMIN_DEFAULT_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: pgadmin-pgadmin4
image: docker.io/dpage/pgadmin4:9.2.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /misc/ping
port: http
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 20
timeoutSeconds: 5
name: pgadmin4
ports:
- containerPort: 80
name: http
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /misc/ping
port: http
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 3
resources: {}
startupProbe:
failureThreshold: 30
httpGet:
path: /misc/ping
port: http
scheme: HTTP
periodSeconds: 2
volumeMounts:
- mountPath: /var/lib/pgadmin
name: pgadmin-data
subPath: ""
securityContext:
fsGroup: 5050
runAsGroup: 5050
runAsUser: 5050
volumes:
- name: pgadmin-data
persistentVolumeClaim:
claimName: pgadmin-pgadmin4
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/instance: pgadmin
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: pgadmin4
app.kubernetes.io/version: "9.3"
helm.sh/chart: pgadmin4-1.45.1
name: pgadmin-pgadmin4
namespace: pgadmin
spec:
ingress:
- ports:
- port: 80
podSelector:
matchLabels:
app.kubernetes.io/instance: pgadmin
app.kubernetes.io/name: pgadmin4
policyTypes:
- Ingress
---
apiVersion: v1
kind: Pod
metadata:
annotations:
helm.sh/hook: test
helm.sh/hook-delete-policy: hook-succeeded
labels:
app.kubernetes.io/instance: pgadmin
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: pgadmin4
app.kubernetes.io/version: "9.3"
helm.sh/chart: pgadmin4-1.45.1
name: pgadmin-pgadmin4-test-connection
namespace: pgadmin
spec:
containers:
- command:
- /bin/sh
- -ec
- |
response=$(wget -qSO - http://${PGADMIN_HOST}:${PGADMIN_PORT} 2>&1)
check=$(echo $response | grep -c '200 OK'); echo $check; if [[ $check -gt 0 ]]; then echo "Response OK"; else exit 1; fi
env:
- name: PGADMIN_HOST
value: pgadmin-pgadmin4
- name: PGADMIN_PORT
value: "80"
image: docker.io/busybox:latest
name: wget
resources: {}
securityContext:
readOnlyRootFilesystem: true
restartPolicy: Never
securityContext:
fsGroup: 5051
runAsGroup: 5051
runAsNonRoot: true
runAsUser: 5051

12
pgadmin/src/kustomization.yaml Normal file
View File

@@ -0,0 +1,12 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
helmCharts:
- name: pgadmin4
repo: https://helm.runix.net
version: 1.45.1
releaseName: pgadmin
includeCRDs: true
namespace: pgadmin
valuesFile: values.yaml

450
pgadmin/src/values.yaml Normal file
View File

@@ -0,0 +1,450 @@
global:
# Overrides the Docker registry globally for all images.
imageRegistry: ""
# Add additional image pull secrets globally.
# Support both full format (- name: secret) and short format (- secret).
# These will be merged with any chart-specific pull secrets.
imagePullSecrets: []
replicaCount: 1
## pgAdmin4 container image
##
image:
registry: docker.io
repository: dpage/pgadmin4
# Overrides the image tag whose default is the chart appVersion.
tag: 9.2.0
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
imagePullSecrets: []
# - RegistryKeySecret
## Deployment annotations
annotations: {}
## revisionHistoryLimit The number of old history to retain to allow rollback
revisionHistoryLimit: 10
## commonLabels Add labels to all the deployed resources
commonLabels: {}
## priorityClassName
priorityClassName: ""
## Deployment entrypoint override
## Useful when there's a requirement to modify container's default:
## https://www.vaultproject.io/docs/platform/k8s/injector/examples#environment-variable-example
## ref: https://github.com/postgres/pgadmin4/blob/master/Dockerfile#L206
# command: "['/bin/sh', '-c', 'source /vault/secrets/config && <entrypoint script>']"
service:
type: ClusterIP
clusterIP: ""
loadBalancerIP: ""
port: 80
targetPort: 80
# targetPort: 4181 To be used with a proxy extraContainer
portName: http
annotations: {}
## Special annotations at the service level, e.g
## this will set vnet internal IP's rather than public ip's
## service.beta.kubernetes.io/azure-load-balancer-internal: "true"
## Specify the nodePort value for the service types.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
# nodePort:
## Pod Service Account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
##
serviceAccount:
# Specifies whether a service account should be created
create: false
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# Opt out of API credential automounting.
# If you don't want the kubelet to automatically mount a ServiceAccount's API credentials,
# you can opt out of the default behavior
automountServiceAccountToken: false
## Pod HostAliases
## ref: https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/
##
hostAliases:
# - ip: "127.0.0.1"
# hostnames:
# - "pgadmin4.local"
## Strategy used to replace old Pods by new ones
## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
##
strategy: {}
# type: RollingUpdate
# rollingUpdate:
# maxSurge: 0
# maxUnavailable: 1
## Pre-load pgAdmin4 with servers at first start-up.
## Servers are imported only the first time the config DB is created.
## Docs: https://www.pgadmin.org/docs/pgadmin4/latest/import_export_servers.html
##
serverDefinitions:
# Enable/disable server import
enabled: false
# Storage for the server JSON:
# ConfigMap - plain text (good for non-secret data)
# Secret - base-64 (better for credentials)
resourceType: ConfigMap
# Use this only when `resourceType` = ConfigMap - point to an existing ConfigMap
# that already holds your `servers.json`
existingConfigmap: ""
# Use this only when `resourceType` = Secret - point to an existing Secret
# that already holds your `servers.json`.
existingSecret: ""
# Set to true to put raw JSON under `stringData` (handy for dry-runs/debug).
# Leave false to keep the default base-64 in `data`.
useStringData: false
# Inline server definitions (ignore if you point to an existing resource)
# You can use Helm templates here, e.g. Host: "{{ .Values.example.host }}"
servers:
# firstServer:
# Name: "Minimally Defined Server"
# Group: "Servers"
# Username: "postgres"
# Host: "{{ .Values.example.host }}"
# Port: "{{ .Values.example.port }}"
# SSLMode: "prefer"
# MaintenanceDB: "postgres"
networkPolicy:
enabled: true
## Ingress
## Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
ingress:
enabled: false
# For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
# ingressClassName: nginx
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
labels: {}
hosts:
- host: chart-example.local
paths:
- path: /
pathType: Prefix
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
# Additional config maps to be mounted inside a container
# Can be used to map config maps for sidecar as well
extraConfigmapMounts: []
# - name: certs-configmap
# mountPath: /etc/ssl/certs
# subPath: ""
# configMap: certs-configmap
# readOnly: true
extraSecretMounts: []
# - name: pgpassfile
# secret: pgpassfile
# subPath: pgpassfile
# mountPath: "/var/lib/pgadmin/storage/pgadmin/file.pgpass"
# readOnly: true
## Additional volumes to be mounted inside a container
##
extraVolumeMounts: []
## Specify additional containers in extraContainers.
## For example, to add an authentication proxy to a pgadmin4 pod.
extraContainers: |
# - name: proxy
# image: quay.io/gambol99/keycloak-proxy:latest
# args:
# - -provider=github
# - -client-id=
# - -client-secret=
# - -github-org=<ORG_NAME>
# - -email-domain=*
# - -cookie-secret=
# - -http-address=http://0.0.0.0:4181
# - -upstream-url=http://127.0.0.1:3000
# ports:
# - name: proxy-web
# containerPort: 4181
## @param existingSecret Name of existing secret to use for default pgadmin credentials. `env.password` will be ignored and picked up from this secret.
##
existingSecret: ""
## @param secretKeys.pgadminPasswordKey Name of key in existing secret to use for default pgadmin credentials. Only used when `existingSecret` is set.
##
secretKeys:
pgadminPasswordKey: password
## pgAdmin4 startup configuration
## Values in here get injected as environment variables
## Needed chart reinstall for apply changes
env:
# can be email or nickname
email: chart@domain.com
password: SuperSecret
# pgpassfile: /var/lib/pgadmin/storage/pgadmin/file.pgpass
# set context path for application (e.g. /pgadmin4/*)
# contextPath: /pgadmin4
## If True, allows pgAdmin4 to create session cookies based on IP address
## Ref: https://www.pgadmin.org/docs/pgadmin4/latest/config_py.html
##
enhanced_cookie_protection: "False"
## Add custom environment variables that will be injected to deployment
## Ref: https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html
##
variables: []
# - name: PGADMIN_LISTEN_ADDRESS
# value: "0.0.0.0"
# - name: PGADMIN_LISTEN_PORT
# value: "8080"
## Additional environment variables from ConfigMaps
envVarsFromConfigMaps: []
# - array-of
# - config-map-names
## Additional environment variables from Secrets
envVarsFromSecrets: []
# - array-of
# - secret-names
## Additional environment variables
envVarsExtra: []
# - name: POSTGRES_USERNAME
# valueFrom:
# secretKeyRef:
# name: pgadmin.pgadmin-db.credentials.postgresql.acid.zalan.do
# key: username
# - name: POSTGRES_PASSWORD
# valueFrom:
# secretKeyRef:
# name: pgadmin.pgadmin-db.credentials.postgresql.acid.zalan.do
# key: password
persistentVolume:
## If true, pgAdmin4 will create/use a Persistent Volume Claim
## If false, use emptyDir
##
enabled: true
## pgAdmin4 Persistent Volume Claim annotations
##
annotations: {}
## pgAdmin4 Persistent Volume access modes
## Must match those of existing PV or dynamic provisioner
## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
accessModes:
- ReadWriteOnce
## pgAdmin4 Persistent Volume Size
##
size: 10Gi
## pgAdmin4 Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: openebs-3-replicas
# existingClaim: ""
## Subdirectory of pgAdmin4 Persistent Volume to mount
## Useful if the volume's root directory is not empty
##
subPath: ""
## Additional volumes to be added to the deployment
##
extraVolumes: []
## Security context to be added to pgAdmin4 pods
##
securityContext:
runAsUser: 5050
runAsGroup: 5050
fsGroup: 5050
containerSecurityContext:
enabled: false
allowPrivilegeEscalation: false
## pgAdmin4 readiness and liveness probe initial delay and timeout
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
##
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 20
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 3
failureThreshold: 3
startupProbe:
failureThreshold: 30
periodSeconds: 2
## Required to be enabled pre pgAdmin4 4.16 release, to set the ACL on /var/lib/pgadmin.
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
##
VolumePermissions:
## If true, enables an InitContainer to set permissions on /var/lib/pgadmin.
##
enabled: false
## @param extraDeploy list of extra manifests to deploy
##
extraDeploy: []
## Additional InitContainers to initialize the pod
##
extraInitContainers: |
# - name: add-folder-for-pgpass
# image: "dpage/pgadmin4:latest"
# command: ["/bin/mkdir", "-p", "/var/lib/pgadmin/storage/pgadmin"]
# volumeMounts:
# - name: pgadmin-data
# mountPath: /var/lib/pgadmin
# securityContext:
# runAsUser: 5050
containerPorts:
http: 80
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
## Horizontal Pod Autoscaling
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
#
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
## Node labels for pgAdmin4 pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Node tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
tolerations: []
## Pod affinity
##
affinity: {}
## Pod DNS Policy
## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
dnsPolicy: ""
## Update pod DNS Config
## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config
dnsConfig: {}
# nameservers:
# - 192.0.2.1
# searches:
# - ns1.svc.cluster-domain.example
# - my.dns.search.suffix
# options:
# - name: ndots
# value: "2"
# - name: edns0
## Pod annotations
##
podAnnotations: {}
templatedPodAnnotations: |-
# checksum/configmap-oauth2: {{ include "<parent-chart-name>/templates/configmap-oauth2.yaml" $ | sha256sum }}
# checksum/secret-oauth2: "{{ include "<parent-chart-name>/templates/secret-oauth2.yaml" $ | sha256sum }}"
# checksum/secret-pgpass: "{{ include "<parent-chart-name>/templates/secret-pgpass.yaml" $ | sha256sum }}"
## Pod labels
##
podLabels: {}
# key1: value1
# key2: value2
# -- The name of the Namespace to deploy
# If not set, `.Release.Namespace` is used
namespace: null
init:
## Init container resources
##
resources: {}
## Define values for chart tests
test:
enabled: true
## Container image for test-connection.yaml
image:
registry: docker.io
repository: busybox
tag: latest
## Resources request/limit for test-connection Pod
resources: {}
# limits:
# cpu: 50m
# memory: 32Mi
# requests:
# cpu: 25m
# memory: 16Mi
## Security context for test-connection Pod
securityContext:
runAsUser: 5051
runAsGroup: 5051
fsGroup: 5051
## Container Security context for test-connection Pod
containerSecurityContext:
readOnlyRootFilesystem: true