Google Git
Sign in
apache / airflow / 64277cfb8630ecd48cfdfdc4b953c7c6b819b8c3 / . / chart / templates / pgbouncer / pgbouncer-deployment.yaml
blob: 17e135776a244021ff423dd9f3c78b6ea3fa8169 [file] [log] [blame]
{{/*
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
*/}}
################################
## Airflow Pgbouncer Deployment
#################################
{{- if .Values.pgbouncer.enabled }}
{{- $nodeSelector := or .Values.pgbouncer.nodeSelector .Values.nodeSelector }}
{{- $affinity := or .Values.pgbouncer.affinity .Values.affinity }}
{{- $tolerations := or .Values.pgbouncer.tolerations .Values.tolerations }}
{{- $topologySpreadConstraints := or .Values.pgbouncer.topologySpreadConstraints .Values.topologySpreadConstraints }}
{{- $revisionHistoryLimit := or .Values.pgbouncer.revisionHistoryLimit .Values.revisionHistoryLimit }}
{{- $securityContext := include "localPodSecurityContext" .Values.pgbouncer }}
{{- $containerSecurityContext := include "externalContainerSecurityContext" .Values.pgbouncer }}
{{- $containerSecurityContextMetricsExporter := include "externalContainerSecurityContext" .Values.pgbouncer.metricsExporterSidecar }}
{{- $containerLifecycleHooks := .Values.pgbouncer.containerLifecycleHooks }}
{{- $containerLifecycleHooksMetricsExporter := .Values.pgbouncer.metricsExporterSidecar.containerLifecycleHooks }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "airflow.fullname" . }}-pgbouncer
labels:
tier: airflow
component: pgbouncer
release: {{ .Release.Name }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
heritage: {{ .Release.Service }}
{{- with .Values.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.pgbouncer.annotations }}
annotations: {{- toYaml .Values.pgbouncer.annotations | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.pgbouncer.replicas | default "1" }}
{{- if $revisionHistoryLimit }}
revisionHistoryLimit: {{ $revisionHistoryLimit }}
{{- end }}
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
selector:
matchLabels:
tier: airflow
component: pgbouncer
release: {{ .Release.Name }}
template:
metadata:
labels:
tier: airflow
component: pgbouncer
release: {{ .Release.Name }}
{{- with .Values.labels }}
{{- toYaml . | nindent 8 }}
{{- end }}
annotations:
checksum/pgbouncer-config-secret: {{ include (print $.Template.BasePath "/secrets/pgbouncer-config-secret.yaml") . | sha256sum }}
checksum/pgbouncer-certificates-secret: {{ include (print $.Template.BasePath "/secrets/pgbouncer-certificates-secret.yaml") . | sha256sum }}
{{- if .Values.pgbouncer.podAnnotations }}
{{- toYaml .Values.pgbouncer.podAnnotations | nindent 8 }}
{{- end }}
spec:
{{- if .Values.pgbouncer.priorityClassName }}
priorityClassName: {{ .Values.pgbouncer.priorityClassName }}
{{- end }}
nodeSelector: {{- toYaml $nodeSelector | nindent 8 }}
affinity: {{- toYaml $affinity | nindent 8 }}
{{- if .Values.schedulerName }}
schedulerName: {{ .Values.schedulerName }}
{{- end }}
tolerations: {{- toYaml $tolerations | nindent 8 }}
topologySpreadConstraints: {{- toYaml $topologySpreadConstraints | nindent 8 }}
serviceAccountName: {{ include "pgbouncer.serviceAccountName" . }}
securityContext: {{ $securityContext | nindent 8 }}
restartPolicy: Always
{{- if or .Values.registry.secretName .Values.registry.connection }}
imagePullSecrets:
- name: {{ template "registry_secret" . }}
{{- end }}
containers:
- name: pgbouncer
image: {{ template "pgbouncer_image" . }}
imagePullPolicy: {{ .Values.images.pgbouncer.pullPolicy }}
securityContext: {{ $containerSecurityContext | nindent 12 }}
{{- if .Values.pgbouncer.command }}
command: {{ tpl (toYaml .Values.pgbouncer.command) . | nindent 12 }}
{{- end }}
{{- if .Values.pgbouncer.args }}
args: {{ tpl (toYaml .Values.pgbouncer.args) . | nindent 12 }}
{{- end }}
resources: {{- toYaml .Values.pgbouncer.resources | nindent 12 }}
{{- with .Values.pgbouncer.env }}
env: {{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: pgbouncer
containerPort: {{ .Values.ports.pgbouncer }}
livenessProbe:
tcpSocket:
port: {{ .Values.ports.pgbouncer }}
readinessProbe:
tcpSocket:
port: {{ .Values.ports.pgbouncer }}
volumeMounts:
- name: pgbouncer-config
subPath: pgbouncer.ini
mountPath: /etc/pgbouncer/pgbouncer.ini
readOnly: true
- name: pgbouncer-config
subPath: users.txt
mountPath: /etc/pgbouncer/users.txt
readOnly: true
{{- if .Values.pgbouncer.ssl.ca }}
- name: pgbouncer-certificates
subPath: root.crt
mountPath: /etc/pgbouncer/root.crt
readOnly: true
{{- end }}
{{- if .Values.pgbouncer.ssl.cert }}
- name: pgbouncer-certificates
subPath: server.crt
mountPath: /etc/pgbouncer/server.crt
readOnly: true
{{- end }}
{{- if .Values.pgbouncer.ssl.key }}
- name: pgbouncer-certificates
subPath: server.key
mountPath: /etc/pgbouncer/server.key
readOnly: true
{{- end }}
{{- if .Values.volumeMounts }}
{{- toYaml .Values.volumeMounts | nindent 12 }}
{{- end }}
{{- if .Values.pgbouncer.extraVolumeMounts }}
{{- tpl (toYaml .Values.pgbouncer.extraVolumeMounts) . | nindent 12 }}
{{- end }}
{{- if $containerLifecycleHooks }}
lifecycle: {{- tpl (toYaml $containerLifecycleHooks) . | nindent 12 }}
{{- end }}
- name: metrics-exporter
resources: {{- toYaml .Values.pgbouncer.metricsExporterSidecar.resources | nindent 12 }}
image: {{ template "pgbouncer_exporter_image" . }}
imagePullPolicy: {{ .Values.images.pgbouncerExporter.pullPolicy }}
securityContext: {{ $containerSecurityContextMetricsExporter | nindent 12 }}
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: {{ template "pgbouncer_stats_secret" . }}
{{- if (and .Values.pgbouncer.metricsExporterSidecar.statsSecretName .Values.pgbouncer.metricsExporterSidecar.statsSecretKey) }}
key: {{ .Values.pgbouncer.metricsExporterSidecar.statsSecretKey }}
{{- else }}
key: "connection"
{{- end }}
ports:
- name: metrics
containerPort: {{ .Values.ports.pgbouncerScrape }}
livenessProbe:
exec:
command:
- pgbouncer_exporter
- health
initialDelaySeconds: {{ .Values.pgbouncer.metricsExporterSidecar.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.pgbouncer.metricsExporterSidecar.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.pgbouncer.metricsExporterSidecar.livenessProbe.timeoutSeconds }}
readinessProbe:
exec:
command:
- pgbouncer_exporter
- health
initialDelaySeconds: {{ .Values.pgbouncer.metricsExporterSidecar.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.pgbouncer.metricsExporterSidecar.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.pgbouncer.metricsExporterSidecar.readinessProbe.timeoutSeconds }}
{{- if $containerLifecycleHooksMetricsExporter }}
lifecycle: {{- tpl (toYaml $containerLifecycleHooksMetricsExporter) . | nindent 12 }}
{{- end }}
{{- if .Values.pgbouncer.extraContainers }}
{{- tpl (toYaml .Values.pgbouncer.extraContainers) . | nindent 8 }}
{{- end }}
volumes:
- name: pgbouncer-config
secret:
secretName: {{ template "pgbouncer_config_secret" . }}
{{- if or .Values.pgbouncer.ssl.ca .Values.pgbouncer.ssl.cert .Values.pgbouncer.ssl.key }}
- name: pgbouncer-certificates
secret:
secretName: {{ template "pgbouncer_certificates_secret" . }}
{{- end }}
{{- if .Values.volumes }}
{{- toYaml .Values.volumes | nindent 8 }}
{{- end }}
{{- if .Values.pgbouncer.extraVolumes }}
{{- tpl (toYaml .Values.pgbouncer.extraVolumes) . | nindent 8 }}
{{- end }}
{{- end }}