diff --git a/.github/workflows/helm_charts_scalar.yml b/.github/workflows/helm_charts_scalar.yml index 29269cb7..639cbf86 100644 --- a/.github/workflows/helm_charts_scalar.yml +++ b/.github/workflows/helm_charts_scalar.yml @@ -84,7 +84,7 @@ jobs: run: | # TODO If more charts are supported by kubeaudit, they should be added. # Change to `ls charts` when all charts are supported. - chart_dirs=(envoy scalardb scalardl scalardl-audit scalardb-cluster) + chart_dirs=(envoy scalardb scalardl scalardl-audit scalardb-cluster scalardb-analytics-postgresql) for chart_dir in ${chart_dirs[@]}; do echo "helm dependency build charts/${chart_dir} chart..." helm dependency build charts/${chart_dir} @@ -190,10 +190,11 @@ jobs: kubectl create secret docker-registry reg-docker-secrets --docker-server=${DOCKER_REGISTRY_SERVER} --docker-username=${DOCKER_REGISTRY_USERNAME} --docker-password=${DOCKER_REGISTRY_PASSWORD} kubectl create secret generic ledger-keys --from-file=private-key=.github/ledger-key.pem kubectl create secret generic auditor-keys --from-file=certificate=.github/auditor-cert.pem --from-file=private-key=.github/auditor-key.pem + kubectl create secret generic scalardb-analytics-postgresql-superuser-password --from-literal=superuser-password=postgres helm install postgresql oci://registry-1.docker.io/bitnamicharts/postgresql -f .github/postgresql.yaml sleep 1 # Waiting for the StatefulSet creates a PostgreSQL pod. kubectl wait --for=condition=Ready --timeout=120s pod/postgresql-0 - kubectl create -f .github/schema-loading.yaml # Create schema for ScalarDB GraphQL + kubectl create -f .github/schema-loading.yaml # Create schema for ScalarDB GraphQL and ScalarDB Analytics with PostgreSQL kubectl wait --for=condition=complete --timeout=60s job/schema-loading kubectl get pods,svc,endpoints,nodes -o wide diff --git a/charts/scalardb-analytics-postgresql/.helmignore b/charts/scalardb-analytics-postgresql/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/charts/scalardb-analytics-postgresql/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/scalardb-analytics-postgresql/Chart.yaml b/charts/scalardb-analytics-postgresql/Chart.yaml new file mode 100644 index 00000000..a5a4f972 --- /dev/null +++ b/charts/scalardb-analytics-postgresql/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +name: scalardb-analytics-postgresql +description: ScalarDB Analytics with PostgreSQL +type: application +version: 1.0.0-SNAPSHOT +appVersion: 3.10.3 +deprecated: false +icon: https://scalar-labs.com/wp-content/themes/scalar/assets/img/logo_scalar.svg +keywords: +- scalardb +- scalardb-analytics +- analytics +home: https://scalar-labs.com/ +sources: + - https://github.com/scalar-labs/scalardb-analytics-postgresql +maintainers: + - name: Takanori Yokoyama + email: takanori.yokoyama@scalar-labs.com diff --git a/charts/scalardb-analytics-postgresql/README.md b/charts/scalardb-analytics-postgresql/README.md new file mode 100644 index 00000000..7e8570e3 --- /dev/null +++ b/charts/scalardb-analytics-postgresql/README.md @@ -0,0 +1,54 @@ +# scalardb-analytics-postgresql + +ScalarDB Analytics with PostgreSQL +Current chart version is `1.0.0-SNAPSHOT` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| fullnameOverride | string | `""` | String to fully override scalardb-analytics-postgresql.fullname template | +| nameOverride | string | `""` | String to partially override scalardb-analytics-postgresql.fullname template (will maintain the release name) | +| scalardbAnalyticsPostgreSQL.affinity | object | `{}` | The affinity/anti-affinity feature greatly expands the types of constraints you can express. | +| scalardbAnalyticsPostgreSQL.databaseProperties | string | The minimum template of database.properties is set by default. | The database.properties to access the underlying databases that Schema Importer will load schemas into PostgreSQL. | +| scalardbAnalyticsPostgreSQL.extraVolumeMounts | list | `[]` | Defines additional volume mounts. | +| scalardbAnalyticsPostgreSQL.extraVolumes | list | `[]` | Defines additional volumes. If you want to mount a volume for PGDATA, you can mount extra volumes. | +| scalardbAnalyticsPostgreSQL.image.pullPolicy | string | `"IfNotPresent"` | Specify an image-pulling policy. | +| scalardbAnalyticsPostgreSQL.image.repository | string | `"ghcr.io/scalar-labs/scalardb-analytics-postgresql"` | Docker image repository of ScalarDB Analytics with PostgreSQL. | +| scalardbAnalyticsPostgreSQL.image.tag | string | `""` | Override the image tag with a default that is the chart appVersion. | +| scalardbAnalyticsPostgreSQL.imagePullSecrets | list | `[{"name":"reg-docker-secrets"}]` | Optionally specify an array of imagePullSecrets. Secrets must be manually created in the namespace. | +| scalardbAnalyticsPostgreSQL.nodeSelector | object | `{}` | nodeSelector is a form of node selection constraint. | +| scalardbAnalyticsPostgreSQL.podAnnotations | object | `{}` | Pod annotations for the scalardb-analytics-postgresql deployment. | +| scalardbAnalyticsPostgreSQL.podSecurityContext | object | `{"fsGroup":201,"seccompProfile":{"type":"RuntimeDefault"}}` | PodSecurityContext holds pod-level security attributes and common container settings. | +| scalardbAnalyticsPostgreSQL.podSecurityContext.fsGroup | int | `201` | For ScalarDB Analytics with PostgreSQL to work properly, you must set "podSecurityContext.fsGroup" to "201". | +| scalardbAnalyticsPostgreSQL.postgresql.databaseName | string | `"scalardb"` | The database name that you create in PostgreSQL. Schema Importer creates some objects such as a view of ScalarDB Analytics with PostgreSQL in this database. | +| scalardbAnalyticsPostgreSQL.postgresql.secretName | string | `"scalardb-analytics-postgresql-superuser-password"` | The secret resource name that includes superuser password for PostgreSQL. | +| scalardbAnalyticsPostgreSQL.replicaCount | int | `3` | Default values for number of replicas. | +| scalardbAnalyticsPostgreSQL.resources | object | `{}` | Resources allowed to the pod. | +| scalardbAnalyticsPostgreSQL.secretName | string | `""` | Secret name that includes sensitive data such as credentials. Each secret key is passed to a pod as environment variables by using envFrom. | +| scalardbAnalyticsPostgreSQL.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":999}` | Setting security context at the pod applies those settings to all containers in the pod. | +| scalardbAnalyticsPostgreSQL.securityContext.allowPrivilegeEscalation | bool | `false` | AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. | +| scalardbAnalyticsPostgreSQL.securityContext.capabilities | object | `{"drop":["ALL"]}` | Capabilities (specifically, Linux capabilities), are used for permission management in Linux. Some capabilities are enabled by default. | +| scalardbAnalyticsPostgreSQL.securityContext.runAsNonRoot | bool | `true` | Containers should be run as a non-root user with the minimum required permissions (principle of least privilege). | +| scalardbAnalyticsPostgreSQL.securityContext.runAsUser | int | `999` | The official PostgreSQL image uses the "postgres (UID=999)" user by default. | +| scalardbAnalyticsPostgreSQL.service.annotations | object | `{}` | Service annotations, e.g: prometheus, etc. | +| scalardbAnalyticsPostgreSQL.service.ports.postgresql.port | int | `5432` | PostgreSQL public port | +| scalardbAnalyticsPostgreSQL.service.ports.postgresql.protocol | string | `"TCP"` | PostgreSQL protocol | +| scalardbAnalyticsPostgreSQL.service.ports.postgresql.targetPort | int | `5432` | PostgreSQL k8s internal port | +| scalardbAnalyticsPostgreSQL.service.type | string | `"ClusterIP"` | Service types in Kubernetes | +| scalardbAnalyticsPostgreSQL.serviceAccount.automountServiceAccountToken | bool | `false` | Specify whether to mount a service account token or not. | +| scalardbAnalyticsPostgreSQL.serviceAccount.serviceAccountName | string | `""` | Name of the existing service account resource. | +| scalardbAnalyticsPostgreSQL.strategy.rollingUpdate.maxSurge | string | `"25%"` | The number of pods that can be created above the desired amount of pods during an update. | +| scalardbAnalyticsPostgreSQL.strategy.rollingUpdate.maxUnavailable | string | `"25%"` | The number of pods that can be unavailable during the update process. | +| scalardbAnalyticsPostgreSQL.strategy.type | string | `"RollingUpdate"` | New pods are added gradually, and old pods are terminated gradually, e.g: Recreate or RollingUpdate | +| scalardbAnalyticsPostgreSQL.tolerations | list | `[]` | Tolerations are applied to pods and allow (but do not require) the pods to schedule onto nodes with matching taints. | +| schemaImporter.entrypointShell.maxRetryCount | int | `10` | Maximum retry count of Schema Importer in entrypoint.sh. | +| schemaImporter.entrypointShell.retryInterval | int | `3` | Retry interval of Schema Importer in entrypoint.sh. | +| schemaImporter.image.pullPolicy | string | `"IfNotPresent"` | Specify an image-pulling policy. | +| schemaImporter.image.repository | string | `"ghcr.io/scalar-labs/scalardb-analytics-postgresql-schema-importer"` | Docker image repository of Schema Importer. | +| schemaImporter.image.tag | string | `""` | Override the image tag with a default that is the chart appVersion | +| schemaImporter.namespaces | list | `[]` | Namespace list that includes tables you want to read via ScalarDB Analytics with PostgreSQL. | +| schemaImporter.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true}` | Setting security context at the pod applies those settings to all containers in the pod. | +| schemaImporter.securityContext.allowPrivilegeEscalation | bool | `false` | AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. | +| schemaImporter.securityContext.capabilities | object | `{"drop":["ALL"]}` | Capabilities (specifically, Linux capabilities), are used for permission management in Linux. Some capabilities are enabled by default. | +| schemaImporter.securityContext.runAsNonRoot | bool | `true` | Containers should be run as a non-root user with the minimum required permissions (principle of least privilege). | diff --git a/charts/scalardb-analytics-postgresql/README.md.gotmpl b/charts/scalardb-analytics-postgresql/README.md.gotmpl new file mode 100644 index 00000000..03ffd3ee --- /dev/null +++ b/charts/scalardb-analytics-postgresql/README.md.gotmpl @@ -0,0 +1,8 @@ +{{ template "chart.header" . }} + +{{ template "chart.description" . }} +Current chart version is `{{ template "chart.version" . }}` + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} diff --git a/charts/scalardb-analytics-postgresql/ci/scalardb-analytics-postgresql-ct-values.yaml b/charts/scalardb-analytics-postgresql/ci/scalardb-analytics-postgresql-ct-values.yaml new file mode 100644 index 00000000..3c1e1399 --- /dev/null +++ b/charts/scalardb-analytics-postgresql/ci/scalardb-analytics-postgresql-ct-values.yaml @@ -0,0 +1,10 @@ +scalardbAnalyticsPostgreSQL: + databaseProperties: | + scalar.db.storage=jdbc + scalar.db.contact_points=jdbc:postgresql://postgresql.default.svc.cluster.local:5432/postgres + scalar.db.username=postgres + scalar.db.password=postgres + +schemaImporter: + namespaces: + - ct diff --git a/charts/scalardb-analytics-postgresql/templates/_helpers.tpl b/charts/scalardb-analytics-postgresql/templates/_helpers.tpl new file mode 100644 index 00000000..31605ca9 --- /dev/null +++ b/charts/scalardb-analytics-postgresql/templates/_helpers.tpl @@ -0,0 +1,64 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "scalardb-analytics-postgresql.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "scalardb-analytics-postgresql.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "scalardb-analytics-postgresql.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "scalardb-analytics-postgresql.labels" -}} +helm.sh/chart: {{ include "scalardb-analytics-postgresql.chart" . }} +{{ include "scalardb-analytics-postgresql.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "scalardb-analytics-postgresql.selectorLabels" -}} +app.kubernetes.io/name: {{ include "scalardb-analytics-postgresql.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/app: scalardb-analytics-postgresql +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "scalardb-analytics-postgresql.serviceAccountName" -}} +{{- if .Values.scalardbAnalyticsPostgreSQL.serviceAccount.serviceAccountName }} +{{- .Values.scalardbAnalyticsPostgreSQL.serviceAccount.serviceAccountName }} +{{- else }} +{{- print (include "scalardb-analytics-postgresql.fullname" .) "-sa" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} diff --git a/charts/scalardb-analytics-postgresql/templates/scalardb-analytics-postgresql/configmap.yaml b/charts/scalardb-analytics-postgresql/templates/scalardb-analytics-postgresql/configmap.yaml new file mode 100644 index 00000000..9343a7bf --- /dev/null +++ b/charts/scalardb-analytics-postgresql/templates/scalardb-analytics-postgresql/configmap.yaml @@ -0,0 +1,48 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "scalardb-analytics-postgresql.fullname" . }}-database-properties + namespace: {{ .Release.Namespace }} +data: + # Create a database.properties file which is config file of ScalarDB Analytics with PostgreSQL. + database.properties: + {{- toYaml .Values.scalardbAnalyticsPostgreSQL.databaseProperties | nindent 4 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "scalardb-analytics-postgresql.fullname" . }}-entrypoint-shell + namespace: {{ .Release.Namespace }} +data: + entrypoint.sh: | + #!/bin/bash + + MAX_RETRY_COUNT=${SCHEMA_IMPORTER_MAX_RETRY_COUNT} + RETRY_INTERVAL=${SCHEMA_IMPORTER_RETRY_INTERVAL} + COUNT=0 + + # A ScalarDB Analytics with PostgreSQL container and a Schema Importer + # container start at the same time in a pod. And, it takes a few seconds + # to start PostgreSQL. So, first, we wait ${RETRY_INTERVAL} seconds + # before we run Schema Importer. + echo "Sleep ${RETRY_INTERVAL} seconds to wait for PostgreSQL start." + + while [[ ${COUNT} -lt ${MAX_RETRY_COUNT} ]] + do + sleep ${RETRY_INTERVAL} + echo "Retry count: ${COUNT}" + COUNT=$((COUNT + 1)) + "$@" + if [[ $? -ne 0 ]]; then + echo "INFO: Schema Importer failed. Will retry after ${RETRY_INTERVAL} seconds." + else + # The Schema Importer container will sleep infinitely. This is + # because Kubernetes will restart a pod if the sidecar container + # exits. In other words, if we exit the Schema Importer container, + # it causes CrashLoopBackOff. + echo "INFO: Schema Importer succeeded. This container sleeps infinitely." + sleep inf + fi + done + + echo "ERROR: Schema Importer failed ${MAX_RETRY_COUNT} times. Please check your configuration." >&2 diff --git a/charts/scalardb-analytics-postgresql/templates/scalardb-analytics-postgresql/deployment.yaml b/charts/scalardb-analytics-postgresql/templates/scalardb-analytics-postgresql/deployment.yaml new file mode 100644 index 00000000..31530f5c --- /dev/null +++ b/charts/scalardb-analytics-postgresql/templates/scalardb-analytics-postgresql/deployment.yaml @@ -0,0 +1,163 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "scalardb-analytics-postgresql.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "scalardb-analytics-postgresql.labels" . | nindent 4 }} +spec: + minReadySeconds: 0 + replicas: {{ .Values.scalardbAnalyticsPostgreSQL.replicaCount }} + selector: + matchLabels: + {{- include "scalardb-analytics-postgresql.selectorLabels" . | nindent 6 }} + {{- with .Values.scalardbAnalyticsPostgreSQL.strategy }} + strategy: + {{- toYaml . | nindent 4 }} + {{- end }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/scalardb-analytics-postgresql/configmap.yaml") . | sha256sum }} + {{- if .Values.scalardbAnalyticsPostgreSQL.podAnnotations }} + {{- toYaml .Values.scalardbAnalyticsPostgreSQL.podAnnotations | nindent 8 }} + {{- end }} + labels: + {{- include "scalardb-analytics-postgresql.selectorLabels" . | nindent 8 }} + spec: + {{- if .Values.scalardbAnalyticsPostgreSQL.serviceAccount.serviceAccountName }} + serviceAccountName: {{ .Values.scalardbAnalyticsPostgreSQL.serviceAccount.serviceAccountName }} + {{- end }} + automountServiceAccountToken: {{ .Values.scalardbAnalyticsPostgreSQL.serviceAccount.automountServiceAccountToken }} + terminationGracePeriodSeconds: 60 + {{- with .Values.scalardbAnalyticsPostgreSQL.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.scalardbAnalyticsPostgreSQL.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.scalardbAnalyticsPostgreSQL.securityContext | nindent 12 }} + image: "{{ .Values.scalardbAnalyticsPostgreSQL.image.repository }}:{{ .Values.scalardbAnalyticsPostgreSQL.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.scalardbAnalyticsPostgreSQL.image.pullPolicy }} + ports: + - containerPort: 5432 + env: + - name: POSTGRES_DB + value: "{{ .Values.scalardbAnalyticsPostgreSQL.postgresql.databaseName }}" + - name : POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: "{{ .Values.scalardbAnalyticsPostgreSQL.postgresql.secretName }}" + key: superuser-password + {{- if .Values.scalardbAnalyticsPostgreSQL.secretName }} + envFrom: + - secretRef: + name: "{{ .Values.scalardbAnalyticsPostgreSQL.secretName }}" + {{- end }} + volumeMounts: + - mountPath: /etc/database.properties + name: database-properties-volume + subPath: database.properties + readOnly: true + resources: + {{- toYaml .Values.scalardbAnalyticsPostgreSQL.resources | nindent 12 }} + startupProbe: + exec: + command: + - psql + - -d + - "{{ .Values.scalardbAnalyticsPostgreSQL.postgresql.databaseName }}" + - -U + - postgres + - -c + - "SELECT 1" + failureThreshold: 60 + periodSeconds: 5 + livenessProbe: + exec: + command: + - psql + - -d + - "{{ .Values.scalardbAnalyticsPostgreSQL.postgresql.databaseName }}" + - -U + - postgres + - -c + - "SELECT 1" + failureThreshold: 3 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + - name: schema-importer + securityContext: + {{- toYaml .Values.schemaImporter.securityContext | nindent 12 }} + image: "{{ .Values.schemaImporter.image.repository }}:{{ .Values.schemaImporter.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.schemaImporter.image.pullPolicy }} + envFrom: + {{- if .Values.scalardbAnalyticsPostgreSQL.secretName }} + - secretRef: + name: "{{ .Values.scalardbAnalyticsPostgreSQL.secretName }}" + {{- end }} + command: [/entrypoint.sh] + args: + - java + - -jar + - /app.jar + - import + - --host + - localhost + - --port + - "5432" + - --database + - "{{ .Values.scalardbAnalyticsPostgreSQL.postgresql.databaseName }}" + - --user + - postgres + - --config + - /etc/database.properties + {{- range .Values.schemaImporter.namespaces }} + - --namespace + - {{ . | quote }} + {{- end }} + env: + - name: SCHEMA_IMPORTER_MAX_RETRY_COUNT + value: "{{ .Values.schemaImporter.entrypointShell.maxRetryCount }}" + - name: SCHEMA_IMPORTER_RETRY_INTERVAL + value: "{{ .Values.schemaImporter.entrypointShell.retryInterval }}" + volumeMounts: + - mountPath: /etc/database.properties + name: database-properties-volume + subPath: database.properties + readOnly: true + - mountPath: /entrypoint.sh + name: entrypoint-shell-volume + subPath: entrypoint.sh + readOnly: true + {{- with .Values.scalardbAnalyticsPostgreSQL.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + volumes: + - configMap: + defaultMode: 0440 + name: {{ include "scalardb-analytics-postgresql.fullname" . }}-database-properties + name: database-properties-volume + - configMap: + defaultMode: 0770 + name: {{ include "scalardb-analytics-postgresql.fullname" . }}-entrypoint-shell + name: entrypoint-shell-volume + {{- with .Values.scalardbAnalyticsPostgreSQL.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.scalardbAnalyticsPostgreSQL.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.scalardbAnalyticsPostgreSQL.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.scalardbAnalyticsPostgreSQL.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/scalardb-analytics-postgresql/templates/scalardb-analytics-postgresql/service.yaml b/charts/scalardb-analytics-postgresql/templates/scalardb-analytics-postgresql/service.yaml new file mode 100644 index 00000000..6230d268 --- /dev/null +++ b/charts/scalardb-analytics-postgresql/templates/scalardb-analytics-postgresql/service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "scalardb-analytics-postgresql.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "scalardb-analytics-postgresql.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.scalardbAnalyticsPostgreSQL.service.annotations | nindent 4 }} +spec: + type: {{ .Values.scalardbAnalyticsPostgreSQL.service.type }} + ports: + {{- range $key, $value := .Values.scalardbAnalyticsPostgreSQL.service.ports }} + - name: {{ $key }} +{{ toYaml $value | indent 6 }} + {{- end }} + selector: + {{- include "scalardb-analytics-postgresql.selectorLabels" . | nindent 4 }} diff --git a/charts/scalardb-analytics-postgresql/values.schema.json b/charts/scalardb-analytics-postgresql/values.schema.json new file mode 100644 index 00000000..d6538401 --- /dev/null +++ b/charts/scalardb-analytics-postgresql/values.schema.json @@ -0,0 +1,239 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "fullnameOverride": { + "type": "string" + }, + "nameOverride": { + "type": "string" + }, + "scalardbAnalyticsPostgreSQL": { + "type": "object", + "properties": { + "affinity": { + "type": "object" + }, + "databaseProperties": { + "type": "string" + }, + "extraVolumeMounts": { + "type": "array" + }, + "extraVolumes": { + "type": "array" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "imagePullSecrets": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + } + } + }, + "nodeSelector": { + "type": "object" + }, + "podAnnotations": { + "type": "object" + }, + "podSecurityContext": { + "type": "object", + "properties": { + "fsGroup": { + "type": "integer" + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + } + } + }, + "postgresql": { + "type": "object", + "properties": { + "databaseName": { + "type": "string" + }, + "secretName": { + "type": "string" + } + } + }, + "replicaCount": { + "type": "integer" + }, + "resources": { + "type": "object" + }, + "secretName": { + "type": "string" + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + } + } + }, + "service": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "ports": { + "type": "object", + "properties": { + "postgresql": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + }, + "targetPort": { + "type": "integer" + } + } + } + } + }, + "type": { + "type": "string" + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "automountServiceAccountToken": { + "type": "boolean" + }, + "serviceAccountName": { + "type": "string" + } + } + }, + "strategy": { + "type": "object", + "properties": { + "rollingUpdate": { + "type": "object", + "properties": { + "maxSurge": { + "type": "string" + }, + "maxUnavailable": { + "type": "string" + } + } + }, + "type": { + "type": "string" + } + } + }, + "tolerations": { + "type": "array" + } + } + }, + "schemaImporter": { + "type": "object", + "properties": { + "entrypointShell": { + "type": "object", + "properties": { + "maxRetryCount": { + "type": "integer" + }, + "retryInterval": { + "type": "integer" + } + } + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "namespaces": { + "type": "array" + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "runAsNonRoot": { + "type": "boolean" + } + } + } + } + } + } +} diff --git a/charts/scalardb-analytics-postgresql/values.yaml b/charts/scalardb-analytics-postgresql/values.yaml new file mode 100644 index 00000000..6662f70f --- /dev/null +++ b/charts/scalardb-analytics-postgresql/values.yaml @@ -0,0 +1,163 @@ +# Default values for scalardb-analytics-postgresql. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# -- String to partially override scalardb-analytics-postgresql.fullname template (will maintain the release name) +nameOverride: "" +# -- String to fully override scalardb-analytics-postgresql.fullname template +fullnameOverride: "" + +scalardbAnalyticsPostgreSQL: + # -- Default values for number of replicas. + replicaCount: 3 + + postgresql: + # -- The database name that you create in PostgreSQL. Schema Importer creates some objects such as a view of ScalarDB Analytics with PostgreSQL in this database. + databaseName: scalardb + # -- The secret resource name that includes superuser password for PostgreSQL. + secretName: scalardb-analytics-postgresql-superuser-password + + # -- The database.properties to access the underlying databases that Schema Importer will load schemas into PostgreSQL. + # @default -- The minimum template of database.properties is set by default. + databaseProperties: | + # Comma-separated contact points. For DynamoDB, the region is specified by this parameter. + scalar.db.contact_points=${env:SCALAR_DB_CONTACT_POINTS:-} + + # Port number for all the contact points. Default port number for each database is used if empty. + scalar.db.contact_port=${env:SCALAR_DB_CONTACT_PORT:-} + + # Credential information to access the database. For Cosmos DB, username isn't used. For DynamoDB, AWS_ACCESS_KEY_ID is specified by the username and AWS_ACCESS_SECRET_KEY is specified by the password. + scalar.db.username=${env:SCALAR_DB_USERNAME:-} + scalar.db.password=${env:SCALAR_DB_PASSWORD:-} + + # Storage implementation. "cassandra" or "cosmos" or "dynamo" or "jdbc" or "grpc" can be set. Default storage is "cassandra". + scalar.db.storage=${env:SCALAR_DB_STORAGE:-} + + # -- Secret name that includes sensitive data such as credentials. Each secret key is passed to a pod as environment variables by using envFrom. + secretName: "" + + image: + # -- Docker image repository of ScalarDB Analytics with PostgreSQL. + repository: ghcr.io/scalar-labs/scalardb-analytics-postgresql + # -- Specify an image-pulling policy. + pullPolicy: IfNotPresent + # -- Override the image tag with a default that is the chart appVersion. + tag: "" + + # -- Optionally specify an array of imagePullSecrets. Secrets must be manually created in the namespace. + imagePullSecrets: [name: reg-docker-secrets] + + strategy: + rollingUpdate: + # -- The number of pods that can be created above the desired amount of pods during an update. + maxSurge: 25% + # -- The number of pods that can be unavailable during the update process. + maxUnavailable: 25% + # -- New pods are added gradually, and old pods are terminated gradually, e.g: Recreate or RollingUpdate + type: RollingUpdate + + service: + # -- Service types in Kubernetes + type: ClusterIP + # -- Service annotations, e.g: prometheus, etc. + annotations: {} + ports: + postgresql: + # -- PostgreSQL public port + port: 5432 + # -- PostgreSQL k8s internal port + targetPort: 5432 + # -- PostgreSQL protocol + protocol: TCP + + # -- PodSecurityContext holds pod-level security attributes and common container settings. + podSecurityContext: + # -- For ScalarDB Analytics with PostgreSQL to work properly, you must set "podSecurityContext.fsGroup" to "201". + fsGroup: 201 + seccompProfile: + type: RuntimeDefault + + # -- Setting security context at the pod applies those settings to all containers in the pod. + securityContext: + # -- Capabilities (specifically, Linux capabilities), are used for permission management in Linux. Some capabilities are enabled by default. + capabilities: + drop: + - ALL + # -- Containers should be run as a non-root user with the minimum required permissions (principle of least privilege). + runAsNonRoot: true + # -- The official PostgreSQL image uses the "postgres (UID=999)" user by default. + runAsUser: 999 + # -- AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. + allowPrivilegeEscalation: false + + # -- Pod annotations for the scalardb-analytics-postgresql deployment. + podAnnotations: {} + + # -- Resources allowed to the pod. + resources: + {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + # -- nodeSelector is a form of node selection constraint. + nodeSelector: {} + + # -- Tolerations are applied to pods and allow (but do not require) the pods to schedule onto nodes with matching taints. + tolerations: [] + + # -- The affinity/anti-affinity feature greatly expands the types of constraints you can express. + affinity: {} + + # -- Defines additional volumes. + # If you want to mount a volume for PGDATA, you can mount extra volumes. + extraVolumes: [] + # - name: pgdata + # emptyDir: {} + + # -- Defines additional volume mounts. + extraVolumeMounts: [] + # - name: pgdata + # mountPath: /var/lib/postgresql/data + + serviceAccount: + # -- Name of the existing service account resource. + serviceAccountName: "" + # -- Specify whether to mount a service account token or not. + automountServiceAccountToken: false + +schemaImporter: + image: + # -- Docker image repository of Schema Importer. + repository: ghcr.io/scalar-labs/scalardb-analytics-postgresql-schema-importer + # -- Specify an image-pulling policy. + pullPolicy: IfNotPresent + # -- Override the image tag with a default that is the chart appVersion + tag: "" + + # -- Namespace list that includes tables you want to read via ScalarDB Analytics with PostgreSQL. + namespaces: [] + + # -- Setting security context at the pod applies those settings to all containers in the pod. + securityContext: + # -- Capabilities (specifically, Linux capabilities), are used for permission management in Linux. Some capabilities are enabled by default. + capabilities: + drop: + - ALL + # -- Containers should be run as a non-root user with the minimum required permissions (principle of least privilege). + runAsNonRoot: true + # -- AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. + allowPrivilegeEscalation: false + + entrypointShell: + # -- Maximum retry count of Schema Importer in entrypoint.sh. + maxRetryCount: 10 + # -- Retry interval of Schema Importer in entrypoint.sh. + retryInterval: 3 diff --git a/docs/configure-custom-values-file.md b/docs/configure-custom-values-file.md index d9d00831..762bf9cf 100644 --- a/docs/configure-custom-values-file.md +++ b/docs/configure-custom-values-file.md @@ -3,6 +3,7 @@ When you deploy Scalar products using Scalar Helm Charts, you must prepare your custom values file based on your environment. Please refer to the following documents for more details on how to a create custom values file for each product. * [ScalarDB Cluster](./configure-custom-values-scalardb-cluster.md) +* [ScalarDB Analytics with PostgreSQL](./configure-custom-values-scalardb-analytics-postgresql.md) * [ScalarDL Ledger](./configure-custom-values-scalardl-ledger.md) * [ScalarDL Auditor](./configure-custom-values-scalardl-auditor.md) * [ScalarDL Schema Loader](./configure-custom-values-scalardl-schema-loader.md) diff --git a/docs/configure-custom-values-scalardb-analytics-postgresql.md b/docs/configure-custom-values-scalardb-analytics-postgresql.md new file mode 100644 index 00000000..91e4ecb0 --- /dev/null +++ b/docs/configure-custom-values-scalardb-analytics-postgresql.md @@ -0,0 +1,185 @@ +# Configure a custom values file for ScalarDB Analytics with PostgreSQL + +This document explains how to create your custom values file for the ScalarDB Analytics with PostgreSQL chart. For details on the parameters, see the [README](https://github.com/scalar-labs/helm-charts/blob/main/charts/scalardb-analytics-postgresql/README.md) of the ScalarDB Analytics with PostgreSQL chart. + +## Required configurations + +This section explains the required configurations when setting up a custom values file for ScalarDB Analytics with PostgreSQL. + +### Database configurations + +To access databases via ScalarDB Analytics with PostgreSQL, you must set the `scalardbAnalyticsPostgreSQL.databaseProperties` parameter by following the same syntax that you use to configure the `database.properties` file. For details about configurations, see [ScalarDB Configurations](https://github.com/scalar-labs/scalardb/blob/master/docs/configurations.md). + +```yaml +scalardbAnalyticsPostgreSQL: + databaseProperties: | + scalar.db.contact_points=localhost + scalar.db.username=${env:SCALAR_DB_USERNAME:-} + scalar.db.password=${env:SCALAR_DB_PASSWORD:-} + scalar.db.storage=cassandra +``` + +### Database namespaces configurations + +You must set `schemaImporter.namespaces` to all the database namespaces that include tables you want to read via ScalarDB Analytics with PostgreSQL. + +```yaml +schemaImporter: + namespaces: + - namespace1 + - namespace2 + - namespace3 +``` + +## Optional configurations + +This section explains the optional configurations when setting up a custom values file for ScalarDB Analytics with PostgreSQL. + +### Resource configurations (recommended in production environments) + +To control pod resources by using requests and limits in Kubernetes, you can use `scalardbAnalyticsPostgreSQL.resources`. + +You can configure requests and limits by using the same syntax as requests and limits in Kubernetes. For more details on requests and limits in Kubernetes, see [Resource Management for Pods and Containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + +```yaml +scalardbAnalyticsPostgreSQL: + resources: + requests: + cpu: 1000m + memory: 2Gi + limits: + cpu: 2000m + memory: 4Gi +``` + +### Secret configurations (recommended in production environments) + +To use environment variables to set some properties, like credentials, in `scalardbAnalyticsPostgreSQL.databaseProperties`, you can use `scalardbAnalyticsPostgreSQL.secretName` to specify the secret resource that includes some credentials. + +For example, you can set credentials for a backend database (`scalar.db.username` and `scalar.db.password`) by using environment variables, which makes your pods more secure. + +For more details on how to use a secret resource, see [How to use Secret resources to pass the credentials as the environment variables into the properties file](./use-secret-for-credentials.md). + +```yaml +scalardbAnalyticsPostgreSQL: + secretName: "scalardb-analytics-postgresql-credentials-secret" +``` + +### Affinity configurations (recommended in production environments) + +To control pod deployment by using affinity and anti-affinity in Kubernetes, you can use `scalardbAnalyticsPostgreSQL.affinity`. + +You can configure affinity and anti-affinity by using the same syntax for affinity and anti-affinity in Kubernetes. For more details on configuring affinity in Kubernetes, see [Assigning Pods to Nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). + +```yaml +scalardbAnalyticsPostgreSQL: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - scalardb-analytics-postgresql + - key: app.kubernetes.io/app + operator: In + values: + - scalardb-analytics-postgresql + topologyKey: kubernetes.io/hostname +``` + +### SecurityContext configurations (default value is recommended) + +To set SecurityContext and PodSecurityContext for ScalarDB Analytics with PostgreSQL pods, you can use `scalardbAnalyticsPostgreSQL.securityContext`, `scalardbAnalyticsPostgreSQL.podSecurityContext`, and `schemaImporter.securityContext`. + +You can configure SecurityContext and PodSecurityContext by using the same syntax as SecurityContext and PodSecurityContext in Kubernetes. For more details on the SecurityContext and PodSecurityContext configurations in Kubernetes, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). + +```yaml +scalardbAnalyticsPostgreSQL: + podSecurityContext: + fsGroup: 201 + seccompProfile: + type: RuntimeDefault + securityContext: + capabilities: + drop: + - ALL + runAsNonRoot: true + runAsUser: 999 + allowPrivilegeEscalation: false + +schemaImporter: + securityContext: + capabilities: + drop: + - ALL + runAsNonRoot: true + allowPrivilegeEscalation: false +``` + +### Image configurations (default value is recommended) + +If you want to change the image repository, you can use `scalardbAnalyticsPostgreSQL.image.repository` and `schemaImporter.image.repository` to specify the container repository information of the ScalarDB Analytics with PostgreSQL and Schema Importer images that you want to pull. + +```yaml +scalardbAnalyticsPostgreSQL: + image: + repository: + +schemaImporter: + image: + repository: +``` + +### Replica configurations (optional based on your environment) + +You can specify the number of ScalarDB Analytics with PostgreSQL replicas (pods) by using `scalardbAnalyticsPostgreSQL.replicaCount`. + +```yaml +scalardbAnalyticsPostgreSQL: + replicaCount: 3 +``` + +### PostgreSQL database name configuration (optional based on your environment) + +You can specify the database name that you create in PostgreSQL. Schema Importer creates some objects, such as a view of ScalarDB Analytics with PostgreSQL, in this database. + +```yaml +scalardbAnalyticsPostgreSQL: + postgresql: + databaseName: scalardb +``` + +### PostgreSQL superuser password configuration (optional based on your environment) + +You can specify the secret name that includes the superuser password for PostgreSQL. + +```yaml +scalardbAnalyticsPostgreSQL: + postgresql: + secretName: scalardb-analytics-postgresql-superuser-password +``` + +{% capture notice--info %} +**Note** + +You must create a secret resource with this name (`scalardb-analytics-postgresql-superuser-password` by default) before you deploy ScalarDB Analytics with PostgreSQL. For details, see [Prepare a secret resource](./how-to-deploy-scalardb-analytics-postgresql.md#prepare-a-secret-resource). +{% endcapture %} + +
{{ notice--info | markdownify }}
+ +### Taint and toleration configurations (optional based on your environment) + +If you want to control pod deployment by using taints and tolerations in Kubernetes, you can use `scalardbAnalyticsPostgreSQL.tolerations`. + +You can configure taints and tolerations by using the same syntax as the tolerations in Kubernetes. For details on configuring tolerations in Kubernetes, see the official Kubernetes documentation [Taints and Tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/). + +```yaml +scalardbAnalyticsPostgreSQL: + tolerations: + - effect: NoSchedule + key: scalar-labs.com/dedicated-node + operator: Equal + value: scalardb-analytics-postgresql +``` diff --git a/docs/how-to-deploy-scalar-products.md b/docs/how-to-deploy-scalar-products.md index c9705065..e31a90aa 100644 --- a/docs/how-to-deploy-scalar-products.md +++ b/docs/how-to-deploy-scalar-products.md @@ -51,6 +51,7 @@ If you use a Kubernetes cluster other than EKS or AKS, you need to create a Secr Please refer to the following documents for more details on how to deploy each product. * [ScalarDB Cluster](./how-to-deploy-scalardb-cluster.md) +* [ScalarDB Analytics with PostgreSQL](./how-to-deploy-scalardb-analytics-postgresql.md) * [ScalarDL Ledger](./how-to-deploy-scalardl-ledger.md) * [ScalarDL Auditor](./how-to-deploy-scalardl-auditor.md) * [Scalar Manager](./how-to-deploy-scalar-manager.md) diff --git a/docs/how-to-deploy-scalardb-analytics-postgresql.md b/docs/how-to-deploy-scalardb-analytics-postgresql.md new file mode 100644 index 00000000..b2454de4 --- /dev/null +++ b/docs/how-to-deploy-scalardb-analytics-postgresql.md @@ -0,0 +1,35 @@ +# How to deploy ScalarDB Analytics with PostgreSQL + +This document explains how to deploy ScalarDB Analytics with PostgreSQL by using Scalar Helm Charts. For details on the custom values file for ScalarDB Analytics with PostgreSQL, see [Configure a custom values file for ScalarDB Analytics with PostgreSQL](./configure-custom-values-scalardb-analytics-postgresql.md). + +## Prepare a secret resource + +You must create a secret resource `scalardb-analytics-postgresql-superuser-password` with the key `superuser-password` that includes a superuser password for PostgreSQL before you deploy ScalarDB Analytics with PostgreSQL. Scalar Helm Chart mounts this secret resource and sets the `POSTGRES_PASSWORD` environment variable to the value of the `superuser-password` key. + +```console +kubectl create secret generic scalardb-analytics-postgresql-superuser-password --from-literal=superuser-password= -n +``` + +## Deploy ScalarDB Analytics with PostgreSQL + +To deploy ScalarDB Analytics with PostgreSQL, run the following command, replacing the contents in the angle brackets as described: + +```console +helm install scalar-labs/scalardb-analytics-postgresql -n -f / --version +``` + +## Upgrade a ScalarDB Analytics with PostgreSQL deployment + +To upgrade a ScalarDB Analytics with PostgreSQL deployment, run the following command, replacing the contents in the angle brackets as described: + +```console +helm upgrade scalar-labs/scalardb-analytics-postgresql -n -f / --version +``` + +## Delete a ScalarDB Analytics with PostgreSQL deployment + +To delete a ScalarDB Analytics with PostgreSQL deployment, run the following command, replacing the contents in the angle brackets as described: + +```console +helm uninstall -n +``` diff --git a/docs/mount-files-or-volumes-on-scalar-pods.md b/docs/mount-files-or-volumes-on-scalar-pods.md index 37533436..c81106aa 100644 --- a/docs/mount-files-or-volumes-on-scalar-pods.md +++ b/docs/mount-files-or-volumes-on-scalar-pods.md @@ -1,6 +1,6 @@ # Mount any files or volumes on Scalar product pods -You can mount any files or volumes on Scalar product pods when you use ScalarDB Server, ScalarDB Cluster, or ScalarDL Helm Charts (ScalarDL Ledger and ScalarDL Auditor). +You can mount any files or volumes on Scalar product pods when you use ScalarDB Server, ScalarDB Cluster, ScalarDB Analytics with PostgreSQL, or ScalarDL Helm Charts (ScalarDL Ledger and ScalarDL Auditor). ## Mount key and certificate files on a pod in ScalarDL Helm Charts @@ -97,6 +97,7 @@ You can mount emptyDir to Scalar product pods by using the following keys in you * Keys * `scalardb.extraVolumes` / `scalardb.extraVolumeMounts` (ScalarDB Server) * `scalardbCluster.extraVolumes` / `scalardbCluster.extraVolumeMounts` (ScalarDB Cluster) + * `scalardbAnalyticsPostgreSQL.extraVolumes` / `scalardbAnalyticsPostgreSQL.extraVolumeMounts` (ScalarDB Analytics with PostgreSQL) * `ledger.extraVolumes` / `ledger.extraVolumeMounts` (ScalarDL Ledger) * `auditor.extraVolumes` / `auditor.extraVolumeMounts` (ScalarDL Auditor) diff --git a/docs/use-secret-for-credentials.md b/docs/use-secret-for-credentials.md index f3ce4043..d4f772ed 100644 --- a/docs/use-secret-for-credentials.md +++ b/docs/use-secret-for-credentials.md @@ -57,6 +57,15 @@ SCALAR_DB_CLUSTER_MEMBERSHIP_KUBERNETES_ENDPOINT_NAME scalar.db.password=${env:SCALAR_DB_PASSWORD} ... ``` + * ScalarDB Analytics with PostgreSQL + ```yaml + scalardbAnalyticsPostgreSQL: + databaseProperties: | + ... + scalar.db.username=${env:SCALAR_DB_USERNAME} + scalar.db.password=${env:SCALAR_DB_PASSWORD} + ... + ``` * ScalarDL Ledger (Go template syntax) ```yaml ledger: @@ -98,6 +107,7 @@ SCALAR_DB_CLUSTER_MEMBERSHIP_KUBERNETES_ENDPOINT_NAME * Keys * `scalardb.secretName` (ScalarDB Server) * `scalardbCluster.secretName` (ScalarDB Cluster) + * `scalardbAnalyticsPostgreSQL.secretName` (ScalarDB Analytics with PostgreSQL) * `ledger.secretName` (ScalarDL Ledger) * `auditor.secretName` (ScalarDL Auditor) * `schemaLoading.secretName` (ScalarDL Schema Loader) @@ -112,6 +122,11 @@ SCALAR_DB_CLUSTER_MEMBERSHIP_KUBERNETES_ENDPOINT_NAME scalardbCluster: secretName: "scalardb-cluster-credentials-secret" ``` + * ScalarDB Analytics with PostgreSQL + ```yaml + scalardbAnalyticsPostgreSQL: + secretName: scalardb-analytics-postgresql-credentials-secret + ``` * ScalarDL Ledger ```yaml ledger: