Add pgbouncer chart

mastodon · Oct 27, 2023 · 7df9470 · 7df9470
1 parent 04e3873
commit 7df9470
Show file tree

Hide file tree

Showing 9 changed files with 505 additions and 0 deletions.
diff --git a/pgbouncer/Chart.yaml b/pgbouncer/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: pgbouncer
+description: Deploys pgbouncer
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 1.0.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.21.0"
diff --git a/pgbouncer/templates/_helpers.tpl b/pgbouncer/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "pgbouncer.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "pgbouncer.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "pgbouncer.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "pgbouncer.labels" -}}
+helm.sh/chart: {{ include "pgbouncer.chart" . }}
+{{ include "pgbouncer.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "pgbouncer.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "pgbouncer.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "pgbouncer.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "pgbouncer.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/pgbouncer/templates/_pgbouncer.ini.tpl b/pgbouncer/templates/_pgbouncer.ini.tpl
@@ -0,0 +1,133 @@
+{{ define "pgbouncer.ini.1.0.0" }}
+
+{{- $root := . -}}
+
+;; database name = {{ .Values.replicaCount }}
+[databases]
+{{- range $k, $v := .Values.databases }}
+
+{{- $requiredMsg := printf ".Values.databases.%v needs to include .dbname" $k }}
+{{ $k }} = host={{ $v.host }} port={{ $v.port }} {{ if $v.user }}user={{ $v.user }}{{end}} {{ if $v.auth_user }}auth_user={{ $v.auth_user }}{{end}} {{ if $v.dbname }}dbname={{ $v.dbname }}{{end}}
+{{- end }}
+
+
+[pgbouncer]
+
+;;; Administrative settings
+;logfile = /var/log/pgbouncer/pgbouncer.log
+;pidfile = /var/run/pgbouncer/pgbouncer.pid
+
+;;; Where to wait for clients
+listen_addr = 0.0.0.0
+listen_port = 6432
+; unix_socket_dir = var/run/postgresql
+;unix_socket_mode = 0777
+;unix_socket_group =
+;client_tls_sslmode = disable
+;client_tls_ca_file = <system default>
+;client_tls_key_file =
+;client_tls_cert_file =
+;client_tls_ciphers = fast
+;client_tls_protocols = all
+;client_tls_dheparams = auto
+;client_tls_ecdhcurve = auto
+;server_tls_sslmode = disable
+;server_tls_ca_file = <system default>
+;server_tls_key_file =
+;server_tls_cert_file =
+;server_tls_protocols = all
+;server_tls_ciphers = fast
+; any, trust, plain, crypt, md5, cert, hba, pam
+
+;;; Authentication settings
+
+auth_type = md5
+;auth_file = /8.0/main/global/pg_auth
+auth_file = /etc/pgbouncer/userlist.txt
+;auth_hba_file =
+
+{{ .Values.settings.auth_query }}
+
+;;; Users allowed into database 'pgbouncer'
+admin_users = {{ join ", " (.Values.settings.adminUsers | sortAlpha) }}
+stats_users = {{ join ", " (.Values.settings.statsUsers | sortAlpha) }}
+
+;;; Pooler personality
+
+pool_mode = {{ .Values.settings.poolMode }}
+server_reset_query = {{ .Values.settings.serverResetQuery }}
+;server_reset_query_always = 0
+ignore_startup_parameters = extra_float_digits
+;server_check_query = select 1
+;server_check_delay = 30
+;application_name_add_host = 0
+max_prepared_statements = {{ .Values.settings.maxPreparedStatements}}
+
+;;; Connection limits
+
+{{- with .Values.settings.connectionLimits}}
+max_client_conn = {{ .maxClientConn }}
+default_pool_size = {{ .defaultPoolSize }}
+min_pool_size = {{ .minPoolSize }}
+reserve_pool_size = {{ .reservePoolSize }}
+reserve_pool_timeout = {{ .reservePoolTimeout }}
+;max_db_connections = 0
+;max_user_connections = 0
+{{- end }}
+;server_round_robin = 0
+;syslog = 0
+;syslog_facility = daemon
+;syslog_ident = pgbouncer
+
+;;; Logging
+
+log_connections = {{ .Values.settings.logConnections }}
+log_disconnections = {{ .Values.settings.logDisconnections }}
+log_pooler_errors = {{ .Values.settings.logPoolerErrors }}
+log_stats = {{ .Values.settings.logStats }}
+stats_period = {{ .Values.settings.statsPeriod }}
+verbose = {{ .Values.settings.verbose }}
+
+;;; Timeouts
+
+server_lifetime = {{ .Values.settings.serverLifetime}}
+server_idle_timeout = {{ .Values.settings.serverIdleTimeout}}
+server_connect_timeout = {{ .Values.settings.serverConnectTimeout}}
+server_login_retry = {{ .Values.settings.serverLoginRetry}}
+query_timeout = {{ .Values.settings.queryTimeout}}
+query_wait_timeout = {{ .Values.settings.queryWaitTimeout}}
+client_idle_timeout = {{ .Values.settings.clientIdleTimeout}}
+client_login_timeout = {{ .Values.settings.clientLoginTimeout}}
+;autodb_idle_timeout = 3600
+;suspend_timeout = 10
+;idle_transaction_timeout = 0
+
+;;; Low-level tuning options
+
+;pkt_buf = 4096
+;listen_backlog = 128
+;sbuf_loopcnt = 5
+;max_packet_size = 2147483647
+
+;tcp_defer_accept = 0
+;tcp_socket_buffer = 0
+tcp_keepalive = 1
+tcp_keepcnt = 5
+tcp_keepidle = 30
+tcp_keepintvl = 30
+
+;dns_max_ttl = 15
+;dns_zone_check_period = 0
+;dns_nxdomain_ttl = 15
+
+;disable_pqexec = 0
+;conffile
+;service_name = pgbouncer
+;job_name = pgbouncer
+;%include /etc/pgbouncer/pgbouncer-other.ini
+
+;;; Custom attributes added from .Values.customSettings
+{{- range $k, $v := .Values.settings.customSettings }}
+{{ $k }} = {{ $v }}
+{{- end }}
+{{ end }}
diff --git a/pgbouncer/templates/_userlist.txt.tpl b/pgbouncer/templates/_userlist.txt.tpl
@@ -0,0 +1,5 @@
+{{ define "userlist.txt.1.0.0" }}
+{{- range $k, $v := .Values.users }}
+{{ $k | quote }} {{ $v | quote }}
+{{- end }}
+{{- end }}
diff --git a/pgbouncer/templates/configmap.yaml b/pgbouncer/templates/configmap.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "pgbouncer.fullname" . }}-config
+  labels:
+    {{- include "pgbouncer.labels" . | nindent 4 }}
+data:
+  pgbouncer.ini: |-
+{{ include "pgbouncer.ini.1.0.0" . | indent 4 }}
diff --git a/pgbouncer/templates/deployment.yaml b/pgbouncer/templates/deployment.yaml
@@ -0,0 +1,111 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "pgbouncer.fullname" . }}
+  labels:
+    {{- include "pgbouncer.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  strategy:
+    rollingUpdate:
+      maxUnavailable: 0
+  selector:
+    matchLabels:
+      {{- include "pgbouncer.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        {{- with .Values.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+        {{- with .Values.rollMe }}
+        rollme: {{ randAlphaNum 5 | quote }}
+        {{- end }}
+      labels:
+        {{- include "pgbouncer.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: pgbouncer
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: postgres
+              containerPort: 6432
+              protocol: TCP
+          readinessProbe:
+            tcpSocket:
+              port: 6432
+          livenessProbe:
+            tcpSocket:
+              port: 6432
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - name: userssecret
+              mountPath: /etc/pgbouncer/userlist.txt
+              subPath: {{ .Values.usersSecretRef.key }}
+              readOnly: true
+            - name: config
+              mountPath: /etc/pgbouncer/pgbouncer.ini
+              subPath: pgbouncer.ini
+              readOnly: true
+          lifecycle:
+            preStop:
+              exec:
+                # Allow existing queries clients to complete transactions within 120 seconds
+                command: ["/bin/sh", "-c", "kill -s INT pgbouncer && sleep {{ .Values.terminationGracePeriodSeconds }}"]
+        {{- with .Values.prometheusExporter }}
+        {{- if .enabled }}
+        - name: pgbouncer-exporter
+          image: prometheuscommunity/pgbouncer-exporter
+          command:
+            - /bin/pgbouncer_exporter
+          args:
+            - --pgBouncer.connectionString=postgres://{{ .statsPgUser }}:$(CONNECTION_PASSWORD)@localhost:6432?sslmode=disable&dbname=pgbouncer
+          ports:
+            - name: metrics
+              containerPort: 9127
+              protocol: TCP
+          env:
+            - name: CONNECTION_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .statsPgPasswordSecretRef.name }}
+                  key: {{ .statsPgPasswordSecretRef.key }}
+        {{- end }}
+        {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
+      volumes:
+        - name: userssecret
+          secret:
+            secretName: {{ .Values.usersSecretRef.name }}
+            items:
+              - key: {{ .Values.usersSecretRef.key }}
+                path: userlist.txt
+        - name: config
+          configMap:
+            name: {{ template "pgbouncer.fullname" . }}-config
+            items:
+              - key: pgbouncer.ini
+                path: pgbouncer.ini
diff --git a/pgbouncer/templates/service.yaml b/pgbouncer/templates/service.yaml
@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "pgbouncer.fullname" . }}
+  labels:
+    app: {{ template "pgbouncer.name" . }}
+    chart: {{ template "pgbouncer.chart" . }}
+    release: {{ .Release.Name }}
+    {{- include "pgbouncer.labels" . | nindent 4 }}
+
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: postgres
+      protocol: TCP
+      name: postgres
+    - port: 9127
+      targetPort: metrics
+      protocol: TCP
+      name: metrics
+  selector:
+    {{- include "pgbouncer.selectorLabels" . | nindent 4 }}
diff --git a/pgbouncer/templates/servicemonitor.yaml b/pgbouncer/templates/servicemonitor.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.prometheusExporter.installServiceMonitor }}
+# postgres_exporter for external services
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ include "pgbouncer.fullname" . }}
+  labels:
+    {{- include "pgbouncer.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "pgbouncer.name" . }}
+      release: {{ .Release.Name }}
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace }}
+  endpoints:
+    - interval: 10s
+      port: metrics
+{{- end }}