KOTS: Optional Embedded Database


#1

KOTS provides kots.io/when and kots.io/exclude annotations to optionally include/exclude entire yaml K8s resources.

We’ll optionally include/exclude a postgres DB.


config.yaml

apiVersion: kots.io/v1beta1
kind: Config
metadata:
  name: sentry-config
spec:
  groups:
    - name: sentry
      title: Sentry
      description: Sentry Defaults
      items:
    - name: database
      title: Database
      description: Database Options
      items:
        - name: postgres_type
          type: select_one
          title: Postgres
          default: embedded_postgres
          items:
            - name: embedded_postgres
              title: Embedded Postgres
            - name: external_postgres_inline
              title: External Postgres Inline
            - name: external_postgres_secret
              title: External Postgres From Secret
        - name: embedded_postgres_password
          hidden: true
          type: password
          value: "{{repl RandomString 32}}"
        - name: external_postgres_connectionstring
          title: Postgres Connection string
          when: '{{repl ConfigOptionEquals "postgres_type" "external_postgres_inline"}}'
          type: text
          default: postgresql://user:[email protected]/db
        - name: external_postgres_secretname
          title: Postgres Secret Name
          help_text: Enter the name of a secret containing the key `PG_CONNSTRING`
          when: '{{repl ConfigOptionEquals "postgres_type" "external_postgres_secret"}}'
          type: text

Exclude Postgres optionally
kots.io/when: 'repl{{ ConfigOptionEquals "postgres_type" "embedded_postgres"}}'

apiVersion: apps/v1
kind: Deployment
metadata:
  name: sentry-postgresql
  labels:
    app: postgresql
  annotations:
    kots.io/when: 'repl{{ ConfigOptionEquals "postgres_type" "embedded_postgres"}}'
spec:
  selector:
    matchLabels:
      app: postgresql
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: postgresql
    spec:
      containers:
      - name: sentry-postgresql
        image: "postgres:9.6"
        imagePullPolicy: ""
        args:
        env:
        - name: POSTGRES_USER
          value: "sentry"
          # Required for pg_isready in the health probes.
        - name: PGUSER
          value: "sentry"
        - name: POSTGRES_DB
          value: "sentry"
        - name: POSTGRES_INITDB_ARGS
          value: ""
        - name: PGDATA
          value: /var/lib/postgresql/data/pgdata
        - name: POSTGRES_PASSWORD
          valueFrom:
            secretKeyRef:
              name: sentry-postgresql
              key: postgres-password
        - name: POD_IP
          valueFrom: { fieldRef: { fieldPath: status.podIP } }
        ports:
        - name: postgresql
          containerPort: 5432
        livenessProbe:
          exec:
            command:
            - sh
            - -c
            - exec pg_isready --host $POD_IP
          initialDelaySeconds: 60
          timeoutSeconds: 5
          failureThreshold: 6
        readinessProbe:
          exec:
            command:
            - sh
            - -c
            - exec pg_isready --host $POD_IP
          initialDelaySeconds: 5
          timeoutSeconds: 3
          periodSeconds: 5
        resources:
          requests:
            cpu: 100m
            memory: 256Mi

        volumeMounts:
        - name: data
          mountPath: /var/lib/postgresql/data/pgdata
          subPath: postgresql-db
      volumes:
      - name: data
        persistentVolumeClaim:
          claimName: sentry-postgresql

Supporting resources for postgres, also with annotations.

PVC

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: sentry-postgresql
  labels:
    app: sentry
  annotations:
    kots.io/when: 'repl{{ ConfigOptionEquals "postgres_type" "embedded_postgres"}}'
spec:
  accessModes:
    - "ReadWriteOnce"
  resources:
    requests:
      storage: "100Gi"

Secret

apiVersion: v1
kind: Secret
metadata:
  name: sentry-postgresql
  labels:
    app: postgresql
  annotations:
    kots.io/when: 'repl{{ ConfigOptionEquals "postgres_type" "embedded_postgres"}}'
type: Opaque
data:
  postgres-password: '{{repl ConfigOption "embedded_postgres_password" | Base64Encode}}'

Verify postgresql is running.

$ kubectl get po
NAME                                  READY   STATUS      RESTARTS   AGE
...
sentry-postgresql-6b74b7586-8xtt5     1/1     Running     0          13m