loafle/helm-charts
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

pgadmin4

Browse Source
This commit is contained in:
병준 박 2025-04-14 07:09:14 +00:00
commit 6a434da50d
23 changed files with 1617 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
README.md Normal file
View File

17
charts/pgadmin4/Chart.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: v1
description: pgAdmin4 is a web based administration tool for PostgreSQL database
name: pgadmin4
version: 0.0.1
appVersion: "9.2"
keywords:
- pgadmin
- postgres
- database
- sql
home: https://www.pgadmin.org/
icon: https://wiki.postgresql.org/images/3/30/PostgreSQL_logo.3colors.120x120.png
sources:
- https://git.loafle.net/helm-charts/pgadmin4
maintainers:
- name: BAK BYEUNG JUN
email: BAK.BYEUNG.JUN@loafle.com

159
charts/pgadmin4/README.md Normal file
View File

@ -0,0 +1,159 @@
###### based on [dpage/pgadmin4]
# pgAdmin 4
[pgAdmin4](https://www.pgadmin.org/) is the leading Open Source management tool for Postgres, the worlds most advanced Open Source database. pgAdmin4 is designed to meet the needs of both novice and experienced Postgres users alike, providing a powerful graphical interface that simplifies the creation, maintenance and use of database objects.
## TL;DR;
```console
helm repo add runix https://helm.runix.net
helm install pgadmin4 runix/pgadmin4
```
## Introduction
This chart bootstraps a [pgAdmin4](https://www.pgadmin.org/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Install the Chart
To install the chart with the release name `my-release`:
```console
$ # Helm 2
helm install --name my-release runix/pgadmin4
$ # Helm 3
helm install my-release runix/pgadmin4
```
The command deploys pgAdmin4 on the Kubernetes cluster in the default configuration. The configuration section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
## Uninstall the Chart
To uninstall/delete the `my-release` deployment:
```console
helm delete --purge my-release
```
The command removes nearly all the Kubernetes components associated with the chart and deletes the release.
## Configuration
| Parameter | Description | Default |
| --------- | ----------- | ------- |
| `replicaCount` | Number of pgadmin4 replicas | `1` |
| `image.registry` | Docker image registry | `docker.io` |
| `image.repository` | Docker image | `dpage/pgadmin4` |
| `image.tag` | Docker image tag | `""` |
| `image.pullPolicy` | Docker image pull policy | `IfNotPresent` |
| `annotations` | Deployment Annotations | `{}` |
| `commonLabels` | Add labels to all the deployed resources | `{}` |
| `priorityClassName` | Deployment priorityClassName | `""` |
| `command` | Deployment command override | `""` |
| `service.type` | Service type (ClusterIP, NodePort or LoadBalancer) | `ClusterIP` |
| `service.clusterIP` | Service type Cluster IP | `""` |
| `service.loadBalancerIP` | Service Load Balancer IP | `""` |
| `service.annotations` | Service Annotations | `{}` |
| `service.port` | Service port | `80` |
| `service.portName` | Name of the port on the service | `http` |
| `service.targetPort` | Internal service port | `http` |
| `service.nodePort` | Kubernetes service nodePort | `` |
| `serviceAccount.create` | Creates a ServiceAccount for the pod. | `false` |
| `serviceAccount.annotations` | Annotations to add to the service account. | `{}` |
| `serviceAccount.name` | The name of the service account. Otherwise uses the fullname. | `` |
| `serviceAccount.automountServiceAccountToken` | Opt out of API credential automounting. | `false` |
| `hostAliases` | Add entries to Pod /etc/hosts | `` |
| `strategy` | Specifies the strategy used to replace old Pods by new ones | `{}` |
| `serverDefinitions.enabled` | Enables Server Definitions | `false` |
| `serverDefinitions.resourceType` | The type of resource to deploy server definitions (either `ConfigMap` or `Secret`) | `ConfigMap` |
| `serverDefinitions.existingConfigmap` | The name of a configMap containing Server Definitions. Only used when `serverDefinitions.resourceType` is `ConfigMap` | `""` |
| `serverDefinitions.existingSecret` | The name of a Secret containing Server Definitions. Only used when `serverDefinitions.resourceType` is `Secret` | `""` |
| `serverDefinitions.servers` | Pre-configured server parameters | `{}` |
| `networkPolicy.enabled` | Enables Network Policy | `true` |
| `ingress.enabled` | Enables Ingress | `false` |
| `ingress.annotations` | Ingress annotations | `{}` |
| `ingress.ingressClassName` | Ingress class name | `""` |
| `ingress.hosts.host` | Ingress accepted hostname | `nil` |
| `ingress.hosts.paths` | Ingress paths list | `[]` |
| `ingress.tls` | Ingress TLS configuration | `[]` |
| `extraConfigmapMounts` | Additional configMap volume mounts for pgadmin4 pod | `[]` |
| `extraSecretMounts` | Additional secret volume mounts for pgadmin4 pod | `[]` |
| `extraContainers` | Sidecar containers to add to the pgadmin4 pod | `"[]"` |
| `existingSecret` | The name of an existing secret containing the pgadmin4 default password and, optionally, Server Definitions. | `""` |
| `secretKeys.pgadminPasswordKey` | Name of key in existing secret to use for default pgadmin credentials. Only used when `existingSecret` is set. | `"password"` |
| `extraInitContainers` | Sidecar init containers to add to the pgadmin4 pod | `"[]"` |
| `env.email` | pgAdmin4 default email. Needed chart reinstall for apply changes | `chart@domain.com` |
| `env.password` | pgAdmin4 default password. Needed chart reinstall for apply changes | `SuperSecret` |
| `env.pgpassfile` | Path to pgpasssfile (optional). Needed chart reinstall for apply changes | `` |
| `env.enhanced_cookie_protection` | Allows pgAdmin4 to create session cookies based on IP address | `"False"` |
| `env.contextPath` | Context path for accessing pgadmin (optional) | `` |
| `envVarsFromConfigMaps` | Array of ConfigMap names to load as environment variables | `[]` |
| `envVarsFromSecrets` | Array of Secret names to load as environment variables | `[]` |
| `envVarsExtra` | Array of arbitrary environment variable definitions (e.g., for fetching from Kubernetes Secrets) | `[]` |
| `persistentVolume.enabled` | If true, pgAdmin4 will create a Persistent Volume Claim | `true` |
| `persistentVolume.accessMode` | Persistent Volume access Mode | `ReadWriteOnce` |
| `persistentVolume.size` | Persistent Volume size | `10Gi` |
| `persistentVolume.storageClass` | Persistent Volume Storage Class | `unset` |
| `persistentVolume.existingClaim` | Persistent Volume existing claim name | | `unset` |
| `persistentVolume.subPath` | Subdirectory of the volume to mount at | `unset` |
| `securityContext` | Custom [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for pgAdmin4 pod | `` |
| `containerSecurityContext` | Custom [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for pgAdmin4 container | `` |
| `livenessProbe` | [liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) initial delay and timeout | `` |
| `startupProbe` | [startup probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) initial delay and timeout | `` |
| `readinessProbe` | [readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) initial delay and timeout | `` |
| `VolumePermissions.enabled` | Enables init container that changes volume permissions in the data directory | `false` |
| `extraDeploy` | list of extra manifests to deploy | `[]` |
| `extraInitContainers` | Init containers to launch alongside the app | `[]` |
| `containerPorts.http` | Sets http port inside pgadmin container | `80` |
| `resources` | CPU/memory resource requests/limits | `{}` |
| `autoscaling.enabled` | Enables Autoscaling | `false` |
| `autoscaling.minReplicas` | Minimum amount of Replicas | `1` |
| `autoscaling.maxReplicas` | Maximum amount of Replicas| `100` |
| `autoscaling.targetCPUUtilizationPercentage` | Target CPU Utilization in percentage | `80` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | Node tolerations for pod assignment | `[]` |
| `affinity` | Node affinity for pod assignment | `{}` |
| `dnsPolicy` | DNS policy for pods | `""` |
| `dnsConfig` | DNS config for pods | `{}` |
| `podAnnotations` | Annotations for pod | `{}` |
| `templatedPodAnnotations` | Templated annotations for pod | `{}` |
| `podLabels` | Labels for pod | `{}` |
| `namespace` | Namespace where to deploy resources | `null` |
| `init.resources` | Init container CPU/memory resource requests/limits | `{}` |
| `test.image.registry` | Docker image registry for test | `docker.io` |
| `test.image.repository` | Docker image for test | `busybox` |
| `test.image.tag` | Docker image tag for test| `latest` |
| `test.resources` | CPU/memory resource requests/limits for test | `{}` |
| `test.securityContext` | Custom [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for test Pod | `` |
> The values for "extraConfigmapMounts.[].configMap" and "extraSecretMounts.[].secret" can be either a simple string
or a template string.
Then it will be resolved for you.
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example:
```console
$ # Helm 2
helm install runix/pgadmin4 --name my-release \
--set env.password=SuperSecret
$ # Helm 3
helm install my-release runix/pgadmin4 \
--set env.password=SuperSecret
```
Alternatively, a YAML file that specifies the values for the parameters can be
provided while installing the chart. For example:
```console
$ # Helm 2
helm install runix/pgadmin4 --name my-release -f values.yaml
$ # Helm 3
helm install my-release runix/pgadmin4 -f values.yaml
```
> **Tip**: You can use the default [values.yaml](https://github.com/rowanruseler/helm-charts/blob/main/charts/pgadmin4/values.yaml) and look on [examples](https://github.com/rowanruseler/helm-charts/blob/main/charts/pgadmin4/examples/).
[dpage/pgadmin4]: https://hub.docker.com/r/dpage/pgadmin4

113
charts/pgadmin4/examples/add-oauth2-config.yaml Normal file
View File

@ -0,0 +1,113 @@
#
# values.yaml
#
# Add config_local.py file to set OAuth2 configuration
# For details check documentation
# https://www.pgadmin.org/docs/pgadmin4/latest/oauth2.html
extraConfigmapMounts:
- name: config-local
configMap: pgadmin4-config
subPath: config_local.py
mountPath: "/pgadmin4/config_local.py"
readOnly: true
envVarsFromSecrets:
- pgadmin4-oauth2-secret
#
# secrets.yaml
#
# OAuth2 client id and secret value is sensitive information
# Store it securely in a secret
---
apiVersion: v1
kind: Secret
metadata:
name: pgadmin4-oauth2-secret
type: Opaque
stringData:
OAUTH2_CLIENT_ID: ******
OAUTH2_CLIENT_SECRET: ******
#
# configmaps.yaml
#
# To setup Google OAuth
## https://support.google.com/googleapi/answer/6158849?hl=en#
# To setup Github OAuth
## https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app
# To setup Microsoft Azure AD OAuth
## https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
# redirect|callback URI to set:
## https://pgadmin4.example.com/oauth2/authorize
# logout URL (required for Microsoft OAuth)
## https://pgadmin4.example.com/oauth2/logout
---
apiVersion: v1
kind: ConfigMap
metadata:
name: pgadmin4-config
data:
config_local.py: |-
import os
MASTER_PASSWORD_REQUIRED = True
AUTHENTICATION_SOURCES = ['oauth2', 'internal']
OAUTH2_AUTO_CREATE_USER = True
OAUTH2_CONFIG = [
{
'OAUTH2_NAME': 'google',
'OAUTH2_DISPLAY_NAME': 'Google',
'OAUTH2_CLIENT_ID': os.environ['OAUTH2_CLIENT_ID'],
'OAUTH2_CLIENT_SECRET': os.environ['OAUTH2_CLIENT_SECRET'],
'OAUTH2_TOKEN_URL': 'https://www.googleapis.com/oauth2/v3/token',
'OAUTH2_AUTHORIZATION_URL': 'https://accounts.google.com/o/oauth2/v2/auth',
'OAUTH2_API_BASE_URL': 'https://www.googleapis.com/oauth2/v3/',
'OAUTH2_USERINFO_ENDPOINT': 'userinfo',
'OAUTH2_ICON': 'fa-google',
'OAUTH2_BUTTON_COLOR': '#0000ff',
},
{
'OAUTH2_NAME': 'github',
'OAUTH2_DISPLAY_NAME': 'Github',
'OAUTH2_CLIENT_ID': os.environ['OAUTH2_CLIENT_ID'],
'OAUTH2_CLIENT_SECRET': os.environ['OAUTH2_CLIENT_SECRET'],
'OAUTH2_TOKEN_URL': 'https://github.com/login/oauth/access_token',
'OAUTH2_AUTHORIZATION_URL': 'https://github.com/login/oauth/authorize',
'OAUTH2_API_BASE_URL': 'https://api.github.com/',
'OAUTH2_USERINFO_ENDPOINT': 'user',
'OAUTH2_ICON': 'fa-github',
'OAUTH2_BUTTON_COLOR': '#0000ff',
},
{
'OAUTH2_NAME': 'microsoft',
'OAUTH2_DISPLAY_NAME': 'Microsoft',
'OAUTH2_CLIENT_ID': os.environ['OAUTH2_CLIENT_ID'],
'OAUTH2_CLIENT_SECRET': os.environ['OAUTH2_CLIENT_SECRET'],
'OAUTH2_TOKEN_URL': 'https://login.microsoftonline.com/{YOUR_TENANT_ID}/oauth2/v2.0/token',
'OAUTH2_AUTHORIZATION_URL': 'https://login.microsoftonline.com/{YOUR_TENANT_ID}/oauth2/v2.0/authorize',
'OAUTH2_API_BASE_URL': 'https://graph.microsoft.com/v1.0/',
'OAUTH2_USERINFO_ENDPOINT': 'me',
'OAUTH2_SCOPE': 'User.Read',
'OAUTH2_ICON': 'fa-microsoft',
'OAUTH2_BUTTON_COLOR': '#0000ff',
},
{
'OAUTH2_NAME': 'microsoft-oidc',
'OAUTH2_DISPLAY_NAME': 'Microsoft OIDC',
'OAUTH2_CLIENT_ID': os.environ['OAUTH2_CLIENT_ID'],
'OAUTH2_CLIENT_SECRET': os.environ['OAUTH2_CLIENT_SECRET'],
'OAUTH2_TOKEN_URL': 'https://login.microsoftonline.com/{YOUR_TENANT_ID}/oauth2/v2.0/token',
'OAUTH2_AUTHORIZATION_URL': 'https://login.microsoftonline.com/{YOUR_TENANT_ID}/oauth2/v2.0/authorize',
'OAUTH2_SERVER_METADATA_URL': 'https://login.microsoftonline.com/{YOUR_TENANT_ID}/v2.0/.well-known/openid-configuration',
'OAUTH2_API_BASE_URL': 'https://graph.microsoft.com/v1.0/',
'OAUTH2_USERINFO_ENDPOINT': 'https://graph.microsoft.com/oidc/userinfo',
'OAUTH2_SCOPE': 'openid profile email',
'OAUTH2_ICON': 'fa-microsoft',
'OAUTH2_BUTTON_COLOR': '#0000ff',
'OAUTH2_ADDITIONAL_CLAIMS': {
'groups': ["{LIST_OF_YOUR_GROUP_GUIDS}"],
}
}
]

43
charts/pgadmin4/examples/add-pgpass-file.yaml Normal file
View File

@ -0,0 +1,43 @@
#
# values.yaml
#
# Security
## Add .pgpass file to root of pgAdmin storage
# For details Sse `Advanced tab -> Password File` in
# https://www.pgadmin.org/docs/pgadmin4/4.23/server_dialog.html
env:
pgpassfile: /var/lib/pgadmin/storage/pgadmin/file.pgpass
extraSecretMounts:
- name: pgpassfile
secret: pgpassfile
subPath: pgpassfile
mountPath: "/var/lib/pgadmin/storage/pgadmin/file.pgpass"
readOnly: true
VolumePermissions:
# chown -R pgadmin:pgadmin /var/lib/pgadmin
enabled: true
extraInitContainers: |
- name: add-folder-for-pgpass
image: "dpage/pgadmin4:4.23"
command: ["/bin/mkdir", "-p", "/var/lib/pgadmin/storage/pgadmin"]
volumeMounts:
- name: pgadmin-data
mountPath: /var/lib/pgadmin
securityContext:
runAsUser: 5050
#
# secrets.yaml
#
---
apiVersion: v1
kind: Secret
metadata:
name: pgpassfile
type: Opaque
stringData:
# https://www.postgresql.org/docs/9.4/libpq-pgpass.html
pgpassfile: |
hostname:port:database:username:password

55
charts/pgadmin4/examples/enable-ldap-integration.yaml Normal file
View File

@ -0,0 +1,55 @@
#
# values.yaml
#
---
extraSecretMounts:
- name: pgadmin-secret-config
mountPath: /pgadmin4/config_local.py
subPath: config_local.py
readOnly: true
secret: pgadmin-conf
env:
variables:
- name: PGADMIN_CONFIG_AUTHENTICATION_SOURCES
value: "['ldap', 'internal']"
- name: PGADMIN_CONFIG_LDAP_SERVER_URI
value: "'ldap://example:389'"
- name: PGADMIN_CONFIG_LDAP_AUTO_CREATE_USER
value: 'True'
- name: PGADMIN_CONFIG_LDAP_BIND_USER
value: "'cn=example,ou=Service Accounts,dc=example,dc=com'"
- name: PGADMIN_CONFIG_LDAP_SEARCH_BASE_DN
value: "'dc=example,dc=com'"
- name: PGADMIN_CONFIG_LDAP_BASE_DN
value: "'dc=example,dc=com'"
- name: PGADMIN_CONFIG_LDAP_SEARCH_FILTER
value: "'(objectclass=user)'"
- name: PGADMIN_CONFIG_LDAP_USERNAME_ATTRIBUTE
value: "'sAMAccountName'"
- name: PGADMIN_LISTEN_ADDRESS
value: "0.0.0.0"
- name: PGADMIN_LISTEN_PORT
value: "80"
ingress:
enabled: true
hosts:
- host: pgadmin.example.test
paths:
- path: "/"
pathType: ImplementationSpecific
persistentVolume:
enabled: true
size: "10Gi"
#
# secrets.yaml
#
---
apiVersion: v1
kind: Secret
metadata:
name: pgadmin-conf
type: Opaque
stringData:
config_local.py: |
LDAP_BIND_PASSWORD = 'example'

24
charts/pgadmin4/examples/ingress-with-outside-tls-termination.yaml Normal file
View File

@ -0,0 +1,24 @@
#
# values.yaml
#
# Networking
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: "nginx" #
# When setting `ingress.hosts.paths`, pgAdmin needs additional header to be passed.
# Ref: https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html#http-via-nginx
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header X-Script-Name /pgadmin4;
# If TLS is terminated elsewhere (on external load balancer), you may want
# to redirect to `https://` URL scheme along with rewriting URL path if
# `ingress.hosts.paths` is set. This is specific for image version >= 4.22.
# Ref: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#proxy-redirect
nginx.ingress.kubernetes.io/proxy-redirect-from: "~^http://([^/]+)/(pgadmin4/)?(.*)$"
nginx.ingress.kubernetes.io/proxy-redirect-to: "https://$1/pgadmin4/$3"
hosts:
- host: chart-example.local
paths:
- path: /pgadmin4
pathType: ImplementationSpecific

22
charts/pgadmin4/examples/set-admin-creds.yaml Normal file
View File

@ -0,0 +1,22 @@
#
# values.yaml
#
# Security
## Admin user
existingSecret: pgadmin4-password
env:
# can be email or nickname
email: pgadmin4
#
# secrets.yaml
#
---
apiVersion: v1
kind: Secret
metadata:
name: pgadmin4-password
type: Opaque
data:
password: U3VwZXJTZWNyZXQ=

27
charts/pgadmin4/templates/NOTES.txt Normal file
View File

@ -0,0 +1,27 @@
CHART NAME: {{ .Chart.Name }}
CHART VERSION: {{ .Chart.Version }}
APP VERSION: {{ .Chart.AppVersion }}
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "pgadmin.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "pgadmin.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "pgadmin.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "pgadmin.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl port-forward $POD_NAME 8080:80
{{- end }}
{{- include "pgadmin.validateValues" . }}

182
charts/pgadmin4/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,182 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "pgadmin.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "pgadmin.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "pgadmin.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "pgadmin.labels" -}}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/name: {{ include "pgadmin.name" . }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
helm.sh/chart: {{ include "pgadmin.chart" . }}
{{- with .Values.commonLabels }}
{{ toYaml . }}
{{- end }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "pgadmin.selectorLabels" -}}
app.kubernetes.io/name: {{ include "pgadmin.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Generate chart secret name
*/}}
{{- define "pgadmin.secretName" -}}
{{ default (include "pgadmin.fullname" .) .Values.existingSecret }}
{{- end -}}
{{/*
Defines a JSON file containing server definitions. This allows connection information to be pre-loaded into the instance of pgAdmin in the container. Note that server definitions are only loaded on first launch, i.e. when the configuration database is created, and not on subsequent launches using the same configuration database.
*/}}
{{- define "pgadmin.serverDefinitions" -}}
{
"Servers": {{ .Values.serverDefinitions.servers | toJson }}
}
{{- end -}}
{{/*
Return the appropriate apiVersion for deployment.
*/}}
{{- define "deployment.apiVersion" -}}
{{- if semverCompare "<1.9.0-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "apps/v1beta2" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for network policy.
*/}}
{{- define "networkPolicy.apiVersion" -}}
{{- if semverCompare "<1.8.0-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Renders a value that contains template.
Usage:
{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }}
*/}}
{{- define "common.tplvalues.render" -}}
{{- if typeIs "string" .value }}
{{- tpl .value .context }}
{{- else }}
{{- tpl (.value | toYaml) .context }}
{{- end }}
{{- end -}}
{{/*
Create the name of the namespace
*/}}
{{- define "pgadmin.namespaceName" -}}
{{- default .Release.Namespace .Values.namespace | quote }}
{{- end }}
{{/*
Generate serverDefinitions configMap name
*/}}
{{- define "pgadmin.serverDefinitionsConfigmap" -}}
{{- if eq .Values.serverDefinitions.resourceType "ConfigMap" -}}
{{- if .Values.serverDefinitions.existingConfigmap }}
{{- printf "%s" (.Values.serverDefinitions.existingConfigmap) }}
{{- else }}
{{- include "pgadmin.fullname" . }}-server-definitions
{{- end }}
{{- end }}
{{- end }}
{{/*
Generate serverDefinitions secret name
*/}}
{{- define "pgadmin.serverDefinitionsSecret" -}}
{{- if eq .Values.serverDefinitions.resourceType "Secret" -}}
{{- if .Values.serverDefinitions.existingSecret }}
{{- printf "%s" (.Values.serverDefinitions.existingSecret) }}
{{- else if .Values.serverDefinitions.servers }}
{{- include "pgadmin.fullname" . }}-server-definitions
{{- else if .Values.existingSecret }}
{{- printf "%s" (.Values.existingSecret) }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Compile all warnings into a single message.
*/}}
{{- define "pgadmin.validateValues" -}}
{{- $messages := list -}}
{{- $messages := append $messages (include "pgadmin.validateValues.serverDefinitionsType" .) -}}
{{- $messages := append $messages (include "pgadmin.validateValues.serverDefinitionsContent" .) -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
{{- if $message -}}
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
{{- end -}}
{{- end -}}
{{/*
Verify serverDefinitions.resourceType
*/}}
{{- define "pgadmin.validateValues.serverDefinitionsType" -}}
{{- $allowedResourceTypes := list "ConfigMap" "Secret" -}}
{{- if .Values.serverDefinitions.enabled -}}
{{- if not (has .Values.serverDefinitions.resourceType $allowedResourceTypes) -}}
pgadmin: serverDefinitions.resourceType
Invalid value for '.Values.serverDefinitions.resourceType'. Allowed values are either ConfigMap or Secret.
{{- end }}
{{- end }}
{{- end }}
{{/*
Verify serverDefinitions.content
*/}}
{{- define "pgadmin.validateValues.serverDefinitionsContent" -}}
{{- if .Values.serverDefinitions.enabled -}}
{{- if and (eq .Values.serverDefinitions.resourceType "ConfigMap") (not .Values.serverDefinitions.servers) (not .Values.serverDefinitions.existingConfigmap) -}}
pgadmin: serverDefinitions.servers
One of '.Values.serverDefinitions.servers' or '.Values.serverDefinitions.existingConfigmap' must be defined.
{{- else if and (eq .Values.serverDefinitions.resourceType "Secret") (not .Values.serverDefinitions.servers) (not .Values.serverDefinitions.existingSecret) (not .Values.existingSecret) -}}
pgadmin: serverDefinitions.servers
One of '.Values.serverDefinitions.servers', '.Values.serverDefinitions.existingSecret' or '.Values.existingSecret' must be defined.
{{- end }}
{{- end }}
{{- end }}

13
charts/pgadmin4/templates/auth-secret.yaml Normal file
View File

@ -0,0 +1,13 @@
{{- if not .Values.existingSecret }}
{{- $fullName := include "pgadmin.fullname" . -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ $fullName }}
namespace: {{ include "pgadmin.namespaceName" . }}
labels:
{{- include "pgadmin.labels" . | nindent 4 }}
type: Opaque
data:
password: {{ default "SuperSecret" .Values.env.password | b64enc | quote }}
{{- end }}

286
charts/pgadmin4/templates/deployment.yaml Normal file
View File

@ -0,0 +1,286 @@
{{- $fullName := include "pgadmin.fullname" . -}}
apiVersion: {{ template "deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ $fullName }}
namespace: {{ include "pgadmin.namespaceName" . }}
labels:
{{- include "pgadmin.labels" . | nindent 4 }}
{{- if .Values.annotations }}
annotations:
{{- if .Values.annotations }}
{{- .Values.annotations | toYaml | nindent 4 }}
{{- end }}
{{- end }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "pgadmin.selectorLabels" . | nindent 6 }}
{{- if .Values.strategy }}
strategy:
{{- .Values.strategy | toYaml | nindent 4 }}
{{- end }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "pgadmin.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- with (merge .Values.podLabels .Values.commonLabels) }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if or (not .Values.existingSecret) .Values.podAnnotations .Values.templatedPodAnnotations }}
annotations:
{{- if .Values.podAnnotations }}
{{- .Values.podAnnotations | toYaml | nindent 8 }}
{{- end }}
{{- with .Values.templatedPodAnnotations }}
{{- tpl . $ | nindent 8 }}
{{- end }}
{{- if not .Values.existingSecret }}
checksum/secret: {{ include (print $.Template.BasePath "/auth-secret.yaml") . | sha256sum }}
{{- end }}
{{- end }}
spec:
{{- if .Values.serviceAccount.create }}
serviceAccountName: {{ default $fullName .Values.serviceAccount.name }}
{{- end }}
{{- if .Values.hostAliases }}
hostAliases:
{{- range .Values.hostAliases }}
- ip: {{ .ip | quote }}
hostname:
{{- range .hostnames }}
- {{ . | quote }}
{{- end }}
{{- end }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
{{- if or (.Values.VolumePermissions.enabled) .Values.extraInitContainers }}
initContainers:
{{- if .Values.VolumePermissions.enabled }}
- name: init-chmod-data
image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["/bin/chown", "-R", "5050:5050", "/var/lib/pgadmin"]
volumeMounts:
- name: pgadmin-data
mountPath: /var/lib/pgadmin
subPath: "{{ .Values.persistentVolume.subPath }}"
securityContext:
runAsUser: 0
resources:
{{- .Values.init.resources | toYaml | nindent 12 }}
{{- end }}
{{- with .Values.extraInitContainers }}
{{ tpl . $ | nindent 8 }}
{{- end }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: "{{ .Values.priorityClassName }}"
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.command }}
command:
{{- toYaml .Values.command | nindent 12 }}
{{- end }}
{{- if .Values.args }}
args:
{{- toYaml .Values.args | nindent 12 }}
{{- end }}
ports:
- name: {{ .Values.service.portName }}
containerPort: {{ .Values.containerPorts.http }}
protocol: TCP
{{- if .Values.livenessProbe }}
livenessProbe:
httpGet:
port: {{ .Values.service.portName }}
{{- if .Values.env.contextPath }}
path: "{{ .Values.env.contextPath }}/misc/ping"
{{- else }}
path: /misc/ping
{{- end }}
{{- if or (eq (.Values.service.portName | lower) "http") (eq (.Values.service.portName | lower) "https") }}
scheme: {{ upper .Values.service.portName }}
{{- end }}
{{- .Values.livenessProbe | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.startupProbe }}
startupProbe:
httpGet:
port: {{ .Values.service.portName }}
{{- if .Values.env.contextPath }}
path: "{{ .Values.env.contextPath }}/misc/ping"
{{- else }}
path: /misc/ping
{{- end }}
{{- if or (eq (.Values.service.portName | lower) "http") (eq (.Values.service.portName | lower) "https") }}
scheme: {{ upper .Values.service.portName }}
{{- end }}
{{- .Values.startupProbe | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.readinessProbe }}
readinessProbe:
httpGet:
port: {{ .Values.service.portName }}
{{- if .Values.env.contextPath }}
path: "{{ .Values.env.contextPath }}/misc/ping"
{{- else }}
path: /misc/ping
{{- end }}
{{- if or (eq (.Values.service.portName | lower) "http") (eq (.Values.service.portName | lower) "https") }}
scheme: {{ upper .Values.service.portName }}
{{- end }}
{{- .Values.readinessProbe | toYaml | nindent 12 }}
{{- end }}
env:
{{- with .Values.envVarsExtra }}
{{- toYaml . | nindent 12 }}
{{- end }}
- name: PGADMIN_CONFIG_ENHANCED_COOKIE_PROTECTION
value: {{ .Values.env.enhanced_cookie_protection | quote }}
- name: PGADMIN_DEFAULT_EMAIL
value: {{ .Values.env.email }}
{{- if .Values.env.pgpassfile }}
- name: PGPASSFILE
value: {{ .Values.env.pgpassfile }}
{{- end }}
- name: PGADMIN_DEFAULT_PASSWORD
valueFrom:
secretKeyRef:
{{- if not .Values.existingSecret }}
name: {{ $fullName }}
key: password
{{- else }}
name: {{ .Values.existingSecret }}
key: {{ .Values.secretKeys.pgadminPasswordKey }}
{{- end }}
{{- if .Values.env.contextPath }}
- name: SCRIPT_NAME
value: {{ .Values.env.contextPath }}
{{- end }}
{{- if and (.Values.serverDefinitions.enabled) (or (eq .Values.serverDefinitions.resourceType "ConfigMap") (eq .Values.serverDefinitions.resourceType "Secret")) -}}
{{- if or (.Values.serverDefinitions.existingConfigmap) (.Values.serverDefinitions.existingSecret) (.Values.existingSecret) (.Values.serverDefinitions.servers) }}
- name: PGADMIN_SERVER_JSON_FILE
value: /pgadmin4/servers.json
{{- end }}
{{- end }}
{{- range .Values.env.variables }}
- name: {{ .name | quote }}
value: {{ .value | quote }}
{{- end }}
{{- if or .Values.envVarsFromConfigMaps .Values.envVarsFromSecrets }}
envFrom:
{{- range .Values.envVarsFromConfigMaps }}
- configMapRef:
name: {{ . | quote }}
{{- end }}
{{- range .Values.envVarsFromSecrets }}
- secretRef:
name: {{ . | quote }}
{{- end }}
{{- end }}
volumeMounts:
- name: pgadmin-data
mountPath: /var/lib/pgadmin
subPath: "{{ .Values.persistentVolume.subPath }}"
{{- if and (.Values.serverDefinitions.enabled) (or (eq .Values.serverDefinitions.resourceType "ConfigMap") (eq .Values.serverDefinitions.resourceType "Secret")) -}}
{{- if or (.Values.serverDefinitions.existingConfigmap) (.Values.serverDefinitions.existingSecret) (.Values.existingSecret) (.Values.serverDefinitions.servers) }}
- name: definitions
mountPath: /pgadmin4/servers.json
subPath: servers.json
{{- end }}
{{- end }}
{{- range .Values.extraConfigmapMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- range .Values.extraSecretMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- .Values.extraVolumeMounts | toYaml | nindent 12 }}
{{- end }}
resources:
{{- .Values.resources | toYaml | nindent 12 }}
{{- with .Values.extraContainers }}
{{ tpl . $ | nindent 8 }}
{{- end }}
volumes:
- name: pgadmin-data
{{- if .Values.persistentVolume.enabled }}
persistentVolumeClaim:
claimName: {{ if .Values.persistentVolume.existingClaim }}{{ .Values.persistentVolume.existingClaim }}{{- else }}{{ $fullName }}{{- end }}
{{- else }}
emptyDir: {}
{{- end }}
{{- range .Values.extraConfigmapMounts }}
- name: {{ .name }}
configMap:
name: {{ tpl (.configMap) $ }}
defaultMode: {{ .defaultMode | default 256 }}
{{- end }}
{{- range .Values.extraSecretMounts }}
- name: {{ .name }}
secret:
secretName: {{ tpl (.secret) $ }}
defaultMode: {{ .defaultMode | default 256 }}
{{- end }}
{{- if .Values.extraVolumes }}
{{- .Values.extraVolumes | toYaml | nindent 8 }}
{{- end }}
{{- if and (.Values.serverDefinitions.enabled) (eq .Values.serverDefinitions.resourceType "Secret") -}}
{{- if or (.Values.serverDefinitions.existingSecret) (.Values.existingSecret) (.Values.serverDefinitions.servers) }}
- name: definitions
secret:
secretName: {{ include "pgadmin.serverDefinitionsSecret" . }}
{{- end }}
{{- else if and (.Values.serverDefinitions.enabled) (eq .Values.serverDefinitions.resourceType "ConfigMap") -}}
{{ if or (.Values.serverDefinitions.existingConfigmap) (.Values.serverDefinitions.servers) }}
- name: definitions
configMap:
name: {{ include "pgadmin.serverDefinitionsConfigmap" . }}
items:
- key: servers.json
path: servers.json
{{- end }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{- .Values.imagePullSecrets | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{- .Values.nodeSelector | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.securityContext }}
securityContext:
{{- .Values.securityContext | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{- .Values.affinity | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations:
{{- .Values.tolerations | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.dnsPolicy }}
dnsPolicy: {{ .Values.dnsPolicy }}
{{- end }}
{{- if .Values.dnsConfig }}
dnsConfig:
{{- .Values.dnsConfig | toYaml | nindent 8 }}
{{- end }}

4
charts/pgadmin4/templates/extra-list.yaml Normal file
View File

@ -0,0 +1,4 @@
{{- range .Values.extraDeploy }}
---
{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
{{- end }}

40
charts/pgadmin4/templates/hpa.yaml Normal file
View File

@ -0,0 +1,40 @@
{{- if .Values.autoscaling.enabled }}
{{- $kubeVersion := .Capabilities.KubeVersion.Version -}}
{{- if semverCompare ">=1.23-0" $kubeVersion -}}
apiVersion: autoscaling/v2
{{- else if semverCompare ">=1.18-0" $kubeVersion -}}
apiVersion: autoscaling/v2beta2
{{- else -}}
apiVersion: autoscaling/v2beta1
{{- end }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "pgadmin.fullname" . }}
namespace: {{ include "pgadmin.namespaceName" . }}
labels:
{{- include "pgadmin.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "pgadmin.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

60
charts/pgadmin4/templates/ingress.yaml Normal file
View File

@ -0,0 +1,60 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "pgadmin.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- $kubeVersion := .Capabilities.KubeVersion.Version -}}
{{- if semverCompare ">=1.19-0" $kubeVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare "<=1.13-0" $kubeVersion -}}
apiVersion: extensions/v1beta1
{{- else -}}
apiVersion: networking.k8s.io/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
namespace: {{ include "pgadmin.namespaceName" . }}
labels:
{{- include "pgadmin.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.ingressClassName (semverCompare ">=1.18-0" $kubeVersion) }}
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl (.) $ | quote }}
{{- end }}
{{- if .secretName }}
secretName: {{ tpl (.secretName) $ }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ tpl (.host) $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $kubeVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $kubeVersion }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

20
charts/pgadmin4/templates/networkpolicy.yaml Normal file
View File

@ -0,0 +1,20 @@
{{- if .Values.networkPolicy.enabled -}}
{{- $fullName := include "pgadmin.fullname" . -}}
apiVersion: {{ template "networkPolicy.apiVersion" . }}
kind: NetworkPolicy
metadata:
name: {{ $fullName }}
namespace: {{ include "pgadmin.namespaceName" . }}
labels:
{{- include "pgadmin.labels" . | nindent 4 }}
spec:
policyTypes:
- Ingress
podSelector:
matchLabels:
app.kubernetes.io/name: {{ include "pgadmin.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
ingress:
- ports:
- port: {{ .Values.service.targetPort }}
{{- end }}

27
charts/pgadmin4/templates/pvc.yaml Normal file
View File

@ -0,0 +1,27 @@
{{- if and .Values.persistentVolume.enabled (not .Values.persistentVolume.existingClaim) }}
{{- $fullName := include "pgadmin.fullname" . -}}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ $fullName }}
namespace: {{ include "pgadmin.namespaceName" . }}
labels:
{{- include "pgadmin.labels" . | nindent 4 }}
{{- if .Values.persistentVolume.annotations }}
annotations:
{{- .Values.persistentVolume.annotations | toYaml | nindent 4 }}
{{- end }}
spec:
accessModes:
{{- .Values.persistentVolume.accessModes | toYaml | nindent 4 }}
{{- if .Values.persistentVolume.storageClass }}
{{- if (eq "-" .Values.persistentVolume.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistentVolume.storageClass }}"
{{- end }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistentVolume.size }}
{{- end }}

14
charts/pgadmin4/templates/server-definitions-configmap.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- if not .Values.serverDefinitions.existingConfigmap -}}
{{- if and (.Values.serverDefinitions.enabled) (eq .Values.serverDefinitions.resourceType "ConfigMap") (.Values.serverDefinitions.servers) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "pgadmin.fullname" . }}-server-definitions
namespace: {{ include "pgadmin.namespaceName" . }}
labels:
{{- include "pgadmin.labels" . | nindent 4 }}
data:
servers.json: |-
{{ include "pgadmin.serverDefinitions" . | indent 4 }}
{{- end }}
{{- end }}

14
charts/pgadmin4/templates/server-definitions-secret.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- if not .Values.serverDefinitions.existingSecret -}}
{{- if and (.Values.serverDefinitions.enabled) ( eq .Values.serverDefinitions.resourceType "Secret") (.Values.serverDefinitions.servers) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "pgadmin.fullname" . }}-server-definitions
namespace: {{ include "pgadmin.namespaceName" . }}
labels:
{{- include "pgadmin.labels" . | nindent 4 }}
type: Opaque
data:
servers.json: {{ include "pgadmin.serverDefinitions" . | b64enc | quote }}
{{- end }}
{{- end }}

29
charts/pgadmin4/templates/service.yaml Normal file
View File

@ -0,0 +1,29 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "pgadmin.fullname" . }}
namespace: {{ include "pgadmin.namespaceName" . }}
labels:
{{- include "pgadmin.labels" . | nindent 4 }}
{{- if .Values.service.annotations }}
annotations:
{{- .Values.service.annotations | toYaml | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
{{- if and (eq .Values.service.type "ClusterIP") (not (empty .Values.service.clusterIP)) }}
clusterIP: {{ .Values.service.clusterIP }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
ports:
- port: {{ .Values.service.port }}
targetPort: {{ .Values.service.targetPort }}
{{- if .Values.service.nodePort }}
nodePort: {{ .Values.service.nodePort }}
{{- end }}
protocol: TCP
name: {{ .Values.service.portName }}
selector:
{{- include "pgadmin.selectorLabels" . | nindent 4 }}

14
charts/pgadmin4/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- if and (.Values.serviceAccount.create) (not .Values.serviceAccount.name) }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "pgadmin.fullname" . }}
labels:
{{- include "pgadmin.labels" . | nindent 4 }}
{{- if .Values.serviceAccount.annotations }}
annotations:
{{- .Values.serviceAccount.annotations | toYaml | nindent 4 }}
{{- end }}
namespace: {{ include "pgadmin.namespaceName" . }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
{{- end }}

35
charts/pgadmin4/templates/tests/test-connection.yaml Normal file
View File

@ -0,0 +1,35 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "pgadmin.fullname" . }}-test-connection"
namespace: {{ include "pgadmin.namespaceName" . }}
labels:
{{ include "pgadmin.labels" . | indent 4 }}
annotations:
"helm.sh/hook": test
"helm.sh/hook-delete-policy": hook-succeeded
spec:
securityContext:
runAsNonRoot: true
{{- if .Values.test.securityContext }}
{{- .Values.test.securityContext | toYaml | nindent 4 }}
{{- end }}
containers:
- name: wget
image: "{{ .Values.test.image.registry }}/{{ .Values.test.image.repository }}:{{ .Values.test.image.tag }}"
env:
- name: PGADMIN_HOST
value: {{ include "pgadmin.fullname" . }}
- name: PGADMIN_PORT
value: "{{ .Values.service.port }}"
command:
- /bin/sh
- -ec
- |
response=$(wget -qSO - http://${PGADMIN_HOST}:${PGADMIN_PORT} 2>&1)
check=$(echo $response | grep -c '200 OK'); echo $check; if [[ $check -gt 0 ]]; then echo "Response OK"; else exit 1; fi
resources:
{{- .Values.test.resources | toYaml | nindent 8 }}
securityContext:
readOnlyRootFilesystem: true
restartPolicy: Never

419
charts/pgadmin4/values.yaml Normal file
View File

@ -0,0 +1,419 @@
# Default values for pgAdmin4.
replicaCount: 1
## pgAdmin4 container image
##
image:
registry: docker.io
repository: dpage/pgadmin4
# Overrides the image tag whose default is the chart appVersion.
tag: ""
pullPolicy: IfNotPresent
## Deployment annotations
annotations: {}
## commonLabels Add labels to all the deployed resources
commonLabels: {}
## priorityClassName
priorityClassName: ""
## Deployment entrypoint override
## Useful when there's a requirement to modify container's default:
## https://www.vaultproject.io/docs/platform/k8s/injector/examples#environment-variable-example
## ref: https://github.com/postgres/pgadmin4/blob/master/Dockerfile#L206
# command: "['/bin/sh', '-c', 'source /vault/secrets/config && <entrypoint script>']"
service:
type: ClusterIP
clusterIP: ""
loadBalancerIP: ""
port: 80
targetPort: 80
# targetPort: 4181 To be used with a proxy extraContainer
portName: http
annotations: {}
## Special annotations at the service level, e.g
## this will set vnet internal IP's rather than public ip's
## service.beta.kubernetes.io/azure-load-balancer-internal: "true"
## Specify the nodePort value for the service types.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
# nodePort:
## Pod Service Account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
##
serviceAccount:
# Specifies whether a service account should be created
create: false
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# Opt out of API credential automounting.
# If you don't want the kubelet to automatically mount a ServiceAccount's API credentials,
# you can opt out of the default behavior
automountServiceAccountToken: false
## Pod HostAliases
## ref: https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/
##
hostAliases:
# - ip: "127.0.0.1"
# hostnames:
# - "pgadmin4.local"
## Strategy used to replace old Pods by new ones
## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
##
strategy: {}
# type: RollingUpdate
# rollingUpdate:
# maxSurge: 0
# maxUnavailable: 1
## Server definitions will be loaded at launch time. This allows connection
## information to be pre-loaded into the instance of pgAdmin4 in the container.
## Note that server definitions are only loaded on first launch,
## i.e. when the configuration database is created, and not on subsequent launches using the same configuration database.
## Ref: https://www.pgadmin.org/docs/pgadmin4/latest/import_export_servers.html
##
serverDefinitions:
## If true, server definitions will be created
##
enabled: false
## The resource type to use for deploying server definitions.
## Can either be ConfigMap or Secret
resourceType: ConfigMap
# If resource type is set to ConfigMap, specify existingConfigmap containing definitions
existingConfigmap: ""
# If resource type is set to Secret, specify existingSecret containing definitions
existingSecret: ""
servers:
# firstServer:
# Name: "Minimally Defined Server"
# Group: "Servers"
# Port: 5432
# Username: "postgres"
# Host: "localhost"
# SSLMode: "prefer"
# MaintenanceDB: "postgres"
networkPolicy:
enabled: true
## Ingress
## Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
ingress:
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# ingressClassName: ""
hosts:
- host: chart-example.local
paths:
- path: /
pathType: Prefix
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
# Additional config maps to be mounted inside a container
# Can be used to map config maps for sidecar as well
extraConfigmapMounts: []
# - name: certs-configmap
# mountPath: /etc/ssl/certs
# subPath: ""
# configMap: certs-configmap
# readOnly: true
extraSecretMounts: []
# - name: pgpassfile
# secret: pgpassfile
# subPath: pgpassfile
# mountPath: "/var/lib/pgadmin/storage/pgadmin/file.pgpass"
# readOnly: true
## Additional volumes to be mounted inside a container
##
extraVolumeMounts: []
## Specify additional containers in extraContainers.
## For example, to add an authentication proxy to a pgadmin4 pod.
extraContainers: |
# - name: proxy
# image: quay.io/gambol99/keycloak-proxy:latest
# args:
# - -provider=github
# - -client-id=
# - -client-secret=
# - -github-org=<ORG_NAME>
# - -email-domain=*
# - -cookie-secret=
# - -http-address=http://0.0.0.0:4181
# - -upstream-url=http://127.0.0.1:3000
# ports:
# - name: proxy-web
# containerPort: 4181
## @param existingSecret Name of existing secret to use for default pgadmin credentials. `env.password` will be ignored and picked up from this secret.
##
existingSecret: ""
## @param secretKeys.pgadminPasswordKey Name of key in existing secret to use for default pgadmin credentials. Only used when `existingSecret` is set.
##
secretKeys:
pgadminPasswordKey: password
## pgAdmin4 startup configuration
## Values in here get injected as environment variables
## Needed chart reinstall for apply changes
env:
# can be email or nickname
email: chart@domain.com
password: SuperSecret
# pgpassfile: /var/lib/pgadmin/storage/pgadmin/file.pgpass
# set context path for application (e.g. /pgadmin4/*)
# contextPath: /pgadmin4
## If True, allows pgAdmin4 to create session cookies based on IP address
## Ref: https://www.pgadmin.org/docs/pgadmin4/latest/config_py.html
##
enhanced_cookie_protection: "False"
## Add custom environment variables that will be injected to deployment
## Ref: https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html
##
variables: []
# - name: PGADMIN_LISTEN_ADDRESS
# value: "0.0.0.0"
# - name: PGADMIN_LISTEN_PORT
# value: "8080"
## Additional environment variables from ConfigMaps
envVarsFromConfigMaps: []
# - array-of
# - config-map-names
## Additional environment variables from Secrets
envVarsFromSecrets: []
# - array-of
# - secret-names
## Additional environment variables
envVarsExtra: []
# - name: POSTGRES_USERNAME
# valueFrom:
# secretKeyRef:
# name: pgadmin.pgadmin-db.credentials.postgresql.acid.zalan.do
# key: username
# - name: POSTGRES_PASSWORD
# valueFrom:
# secretKeyRef:
# name: pgadmin.pgadmin-db.credentials.postgresql.acid.zalan.do
# key: password
persistentVolume:
## If true, pgAdmin4 will create/use a Persistent Volume Claim
## If false, use emptyDir
##
enabled: true
## pgAdmin4 Persistent Volume Claim annotations
##
annotations: {}
## pgAdmin4 Persistent Volume access modes
## Must match those of existing PV or dynamic provisioner
## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
accessModes:
- ReadWriteOnce
## pgAdmin4 Persistent Volume Size
##
size: 10Gi
## pgAdmin4 Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
# existingClaim: ""
## Subdirectory of pgAdmin4 Persistent Volume to mount
## Useful if the volume's root directory is not empty
##
subPath: ""
## Additional volumes to be added to the deployment
##
extraVolumes: []
## Security context to be added to pgAdmin4 pods
##
securityContext:
runAsUser: 5050
runAsGroup: 5050
fsGroup: 5050
containerSecurityContext:
enabled: false
allowPrivilegeEscalation: false
## pgAdmin4 readiness and liveness probe initial delay and timeout
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
##
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 60
timeoutSeconds: 15
successThreshold: 1
failureThreshold: 3
readinessProbe:
initialDelaySeconds: 30
periodSeconds: 60
timeoutSeconds: 15
successThreshold: 1
failureThreshold: 3
## Required to be enabled pre pgAdmin4 4.16 release, to set the ACL on /var/lib/pgadmin.
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
##
VolumePermissions:
## If true, enables an InitContainer to set permissions on /var/lib/pgadmin.
##
enabled: false
## @param extraDeploy list of extra manifests to deploy
##
extraDeploy: []
## Additional InitContainers to initialize the pod
##
extraInitContainers: |
# - name: add-folder-for-pgpass
# image: "dpage/pgadmin4:latest"
# command: ["/bin/mkdir", "-p", "/var/lib/pgadmin/storage/pgadmin"]
# volumeMounts:
# - name: pgadmin-data
# mountPath: /var/lib/pgadmin
# securityContext:
# runAsUser: 5050
containerPorts:
http: 80
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
## Horizontal Pod Autoscaling
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
#
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
## Node labels for pgAdmin4 pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Node tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
tolerations: []
## Pod affinity
##
affinity: {}
## Pod DNS Policy
## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
dnsPolicy: ""
## Update pod DNS Config
## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config
dnsConfig: {}
# nameservers:
# - 192.0.2.1
# searches:
# - ns1.svc.cluster-domain.example
# - my.dns.search.suffix
# options:
# - name: ndots
# value: "2"
# - name: edns0
## Pod annotations
##
podAnnotations: {}
templatedPodAnnotations: |-
# checksum/configmap-oauth2: {{ include "<parent-chart-name>/templates/configmap-oauth2.yaml" $ | sha256sum }}
# checksum/secret-oauth2: "{{ include "<parent-chart-name>/templates/secret-oauth2.yaml" $ | sha256sum }}"
# checksum/secret-pgpass: "{{ include "<parent-chart-name>/templates/secret-pgpass.yaml" $ | sha256sum }}"
## Pod labels
##
podLabels: {}
# key1: value1
# key2: value2
# -- The name of the Namespace to deploy
# If not set, `.Release.Namespace` is used
namespace: null
init:
## Init container resources
##
resources: {}
## Define values for chart tests
test:
## Container image for test-connection.yaml
image:
registry: docker.io
repository: busybox
tag: latest
## Resources request/limit for test-connection Pod
resources: {}
# limits:
# cpu: 50m
# memory: 32Mi
# requests:
# cpu: 25m
# memory: 16Mi
## Security context for test-connection Pod
securityContext:
runAsUser: 5051
runAsGroup: 5051
fsGroup: 5051