pgadmin

pgadmin/src/kustomization.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+helmCharts:
+  - name: pgadmin4
+    repo: https://helm.runix.net
+    version: 1.45.1
+    releaseName: pgadmin
+    includeCRDs: true
+    namespace: pgadmin
+    valuesFile: values.yaml

pgadmin/src/values.yaml

@@ -0,0 +1,450 @@
+global:
+  # Overrides the Docker registry globally for all images.
+  imageRegistry: ""
+  # Add additional image pull secrets globally.
+  # Support both full format (- name: secret) and short format (- secret).
+  # These will be merged with any chart-specific pull secrets.
+  imagePullSecrets: []
+
+replicaCount: 1
+
+## pgAdmin4 container image
+##
+image:
+  registry: docker.io
+  repository: dpage/pgadmin4
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: 9.2.0
+  pullPolicy: IfNotPresent
+
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+imagePullSecrets: []
+  #  - RegistryKeySecret
+
+## Deployment annotations
+annotations: {}
+
+## revisionHistoryLimit The number of old history to retain to allow rollback
+revisionHistoryLimit: 10
+
+## commonLabels Add labels to all the deployed resources
+commonLabels: {}
+
+## priorityClassName
+priorityClassName: ""
+
+## Deployment entrypoint override
+## Useful when there's a requirement to modify container's default:
+## https://www.vaultproject.io/docs/platform/k8s/injector/examples#environment-variable-example
+## ref: https://github.com/postgres/pgadmin4/blob/master/Dockerfile#L206
+# command: "['/bin/sh', '-c', 'source /vault/secrets/config && <entrypoint script>']"
+
+service:
+  type: ClusterIP
+  clusterIP: ""
+  loadBalancerIP: ""
+  port: 80
+  targetPort: 80
+  # targetPort: 4181 To be used with a proxy extraContainer
+  portName: http
+
+  annotations: {}
+    ## Special annotations at the service level, e.g
+    ## this will set vnet internal IP's rather than public ip's
+    ## service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+
+  ## Specify the nodePort value for the service types.
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+  ##
+  # nodePort:
+
+## Pod Service Account
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+##
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: false
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+  # Opt out of API credential automounting.
+  # If you don't want the kubelet to automatically mount a ServiceAccount's API credentials,
+  # you can opt out of the default behavior
+  automountServiceAccountToken: false
+
+## Pod HostAliases
+## ref: https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/
+##
+hostAliases:
+  # - ip: "127.0.0.1"
+  #   hostnames:
+  #   - "pgadmin4.local"
+
+## Strategy used to replace old Pods by new ones
+## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
+##
+strategy: {}
+  # type: RollingUpdate
+  # rollingUpdate:
+  #   maxSurge: 0
+  #   maxUnavailable: 1
+
+## Pre-load pgAdmin4 with servers at first start-up.
+## Servers are imported only the first time the config DB is created.
+## Docs: https://www.pgadmin.org/docs/pgadmin4/latest/import_export_servers.html
+##
+serverDefinitions:
+  # Enable/disable server import
+  enabled: false
+
+  # Storage for the server JSON:
+  #   ConfigMap - plain text (good for non-secret data)
+  #   Secret    - base-64 (better for credentials)
+  resourceType: ConfigMap
+
+  # Use this only when `resourceType` = ConfigMap - point to an existing ConfigMap
+  # that already holds your `servers.json`
+  existingConfigmap: ""
+
+  # Use this only when `resourceType` = Secret - point to an existing Secret
+  # that already holds your `servers.json`.
+  existingSecret: ""
+
+  # Set to true to put raw JSON under `stringData` (handy for dry-runs/debug).
+  # Leave false to keep the default base-64 in `data`.
+  useStringData: false
+
+  # Inline server definitions (ignore if you point to an existing resource)
+  # You can use Helm templates here, e.g. Host: "{{ .Values.example.host }}"
+  servers:
+  #  firstServer:
+  #    Name: "Minimally Defined Server"
+  #    Group: "Servers"
+  #    Username: "postgres"
+  #    Host: "{{ .Values.example.host }}"
+  #    Port: "{{ .Values.example.port }}"
+  #    SSLMode: "prefer"
+  #    MaintenanceDB: "postgres"
+
+networkPolicy:
+  enabled: true
+
+## Ingress
+## Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
+ingress:
+  enabled: false
+  # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
+  # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
+  # ingressClassName: nginx
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  labels: {}
+  hosts:
+    - host: chart-example.local
+      paths:
+        - path: /
+          pathType: Prefix
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+# Additional config maps to be mounted inside a container
+# Can be used to map config maps for sidecar as well
+extraConfigmapMounts: []
+  # - name: certs-configmap
+  #   mountPath: /etc/ssl/certs
+  #   subPath: ""
+  #   configMap: certs-configmap
+  #   readOnly: true
+
+extraSecretMounts: []
+  # - name: pgpassfile
+  #   secret: pgpassfile
+  #   subPath: pgpassfile
+  #   mountPath: "/var/lib/pgadmin/storage/pgadmin/file.pgpass"
+  #   readOnly: true
+
+## Additional volumes to be mounted inside a container
+##
+extraVolumeMounts: []
+
+## Specify additional containers in extraContainers.
+## For example, to add an authentication proxy to a pgadmin4 pod.
+extraContainers: |
+# - name: proxy
+#   image: quay.io/gambol99/keycloak-proxy:latest
+#   args:
+#   - -provider=github
+#   - -client-id=
+#   - -client-secret=
+#   - -github-org=<ORG_NAME>
+#   - -email-domain=*
+#   - -cookie-secret=
+#   - -http-address=http://0.0.0.0:4181
+#   - -upstream-url=http://127.0.0.1:3000
+#   ports:
+#     - name: proxy-web
+#       containerPort: 4181
+
+## @param existingSecret Name of existing secret to use for default pgadmin credentials. `env.password` will be ignored and picked up from this secret.
+##
+existingSecret: ""
+## @param secretKeys.pgadminPasswordKey Name of key in existing secret to use for default pgadmin credentials. Only used when `existingSecret` is set.
+##
+secretKeys:
+  pgadminPasswordKey: password
+
+## pgAdmin4 startup configuration
+## Values in here get injected as environment variables
+## Needed chart reinstall for apply changes
+env:
+  # can be email or nickname
+  email: chart@domain.com
+  password: SuperSecret
+  # pgpassfile: /var/lib/pgadmin/storage/pgadmin/file.pgpass
+
+  # set context path for application (e.g. /pgadmin4/*)
+  # contextPath: /pgadmin4
+
+  ## If True, allows pgAdmin4 to create session cookies based on IP address
+  ## Ref: https://www.pgadmin.org/docs/pgadmin4/latest/config_py.html
+  ##
+  enhanced_cookie_protection: "False"
+
+  ## Add custom environment variables that will be injected to deployment
+  ## Ref: https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html
+  ##
+  variables: []
+  # - name: PGADMIN_LISTEN_ADDRESS
+  #   value: "0.0.0.0"
+  # - name: PGADMIN_LISTEN_PORT
+  #   value: "8080"
+
+## Additional environment variables from ConfigMaps
+envVarsFromConfigMaps: []
+  # - array-of
+  # - config-map-names
+
+## Additional environment variables from Secrets
+envVarsFromSecrets: []
+  # - array-of
+  # - secret-names
+
+## Additional environment variables
+envVarsExtra: []
+  # - name: POSTGRES_USERNAME
+  #   valueFrom:
+  #     secretKeyRef:
+  #       name: pgadmin.pgadmin-db.credentials.postgresql.acid.zalan.do
+  #       key: username
+  # - name: POSTGRES_PASSWORD
+  #   valueFrom:
+  #     secretKeyRef:
+  #       name: pgadmin.pgadmin-db.credentials.postgresql.acid.zalan.do
+  #       key: password
+
+persistentVolume:
+  ## If true, pgAdmin4 will create/use a Persistent Volume Claim
+  ## If false, use emptyDir
+  ##
+  enabled: true
+
+  ## pgAdmin4 Persistent Volume Claim annotations
+  ##
+  annotations: {}
+
+  ## pgAdmin4 Persistent Volume access modes
+  ## Must match those of existing PV or dynamic provisioner
+  ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+  accessModes:
+    - ReadWriteOnce
+
+  ## pgAdmin4 Persistent Volume Size
+  ##
+  size: 10Gi
+
+  ## pgAdmin4 Persistent Volume Storage Class
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is
+  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+  ##   GKE, AWS & OpenStack)
+  ##
+  storageClass: openebs-3-replicas
+  # existingClaim: ""
+
+  ## Subdirectory of pgAdmin4 Persistent Volume to mount
+  ## Useful if the volume's root directory is not empty
+  ##
+  subPath: ""
+
+## Additional volumes to be added to the deployment
+##
+extraVolumes: []
+
+## Security context to be added to pgAdmin4 pods
+##
+securityContext:
+  runAsUser: 5050
+  runAsGroup: 5050
+  fsGroup: 5050
+
+containerSecurityContext:
+  enabled: false
+  allowPrivilegeEscalation: false
+
+## pgAdmin4 readiness and liveness probe initial delay and timeout
+## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
+##
+livenessProbe:
+  initialDelaySeconds: 30
+  periodSeconds: 20
+  timeoutSeconds: 5
+  failureThreshold: 3
+
+readinessProbe:
+  initialDelaySeconds: 10
+  periodSeconds: 10
+  timeoutSeconds: 3
+  failureThreshold: 3
+
+startupProbe:
+  failureThreshold: 30
+  periodSeconds: 2
+
+## Required to be enabled pre pgAdmin4 4.16 release, to set the ACL on /var/lib/pgadmin.
+## Ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+##
+VolumePermissions:
+  ## If true, enables an InitContainer to set permissions on /var/lib/pgadmin.
+  ##
+  enabled: false
+
+## @param extraDeploy list of extra manifests to deploy
+##
+extraDeploy: []
+
+## Additional InitContainers to initialize the pod
+##
+extraInitContainers: |
+#   - name: add-folder-for-pgpass
+#     image: "dpage/pgadmin4:latest"
+#     command: ["/bin/mkdir", "-p", "/var/lib/pgadmin/storage/pgadmin"]
+#     volumeMounts:
+#       - name: pgadmin-data
+#         mountPath: /var/lib/pgadmin
+#     securityContext:
+#       runAsUser: 5050
+
+containerPorts:
+  http: 80
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+## Horizontal Pod Autoscaling
+## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
+#
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+
+## Node labels for pgAdmin4 pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+
+## Node tolerations for server scheduling to nodes with taints
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+##
+tolerations: []
+
+## Pod affinity
+##
+affinity: {}
+
+## Pod DNS Policy
+## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
+
+dnsPolicy: ""
+
+## Update pod DNS Config
+## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config
+
+dnsConfig: {}
+#  nameservers:
+#    - 192.0.2.1
+#  searches:
+#    - ns1.svc.cluster-domain.example
+#    - my.dns.search.suffix
+#  options:
+#    - name: ndots
+#      value: "2"
+#    - name: edns0
+
+## Pod annotations
+##
+podAnnotations: {}
+templatedPodAnnotations: |-
+#   checksum/configmap-oauth2: {{ include "<parent-chart-name>/templates/configmap-oauth2.yaml" $ | sha256sum }}
+#   checksum/secret-oauth2: "{{ include "<parent-chart-name>/templates/secret-oauth2.yaml" $ | sha256sum }}"
+#   checksum/secret-pgpass: "{{ include "<parent-chart-name>/templates/secret-pgpass.yaml" $ | sha256sum }}"
+
+## Pod labels
+##
+podLabels: {}
+  # key1: value1
+  # key2: value2
+
+# -- The name of the Namespace to deploy
+# If not set, `.Release.Namespace` is used
+namespace: null
+
+init:
+  ## Init container resources
+  ##
+  resources: {}
+
+## Define values for chart tests
+test:
+  enabled: true
+  ## Container image for test-connection.yaml
+  image:
+    registry: docker.io
+    repository: busybox
+    tag: latest
+  ## Resources request/limit for test-connection Pod
+  resources: {}
+    # limits:
+    #   cpu: 50m
+    #   memory: 32Mi
+    # requests:
+    #   cpu: 25m
+    #   memory: 16Mi
+  ## Security context for test-connection Pod
+  securityContext:
+    runAsUser: 5051
+    runAsGroup: 5051
+    fsGroup: 5051
+
+  ## Container Security context for test-connection Pod
+  containerSecurityContext:
+    readOnlyRootFilesystem: true