Add PgBouncer (#168)

* Add PgBouncer * Helm-Docs update * Remove serviceAccount * Helm-Docs update * Add PGBOUNCER_DATABASE * Make pgbouncer optional * Helm-Docs update * Bump chart version * Helm-Docs update * Fix "nil pointer evaluating interface" * Apply suggestions from code review * Apply suggestions from code review * Update charts/studio/templates/secret-studio.yaml Co-authored-by: Marcin Jasion <5058132+mjasion@users.noreply.github.com> --------- Co-authored-by: jesper7 <jesper7@users.noreply.github.com> Co-authored-by: Helio Machado <0x2b3bfa0+git@googlemail.com> Co-authored-by: 0x2b3bfa0 <0x2b3bfa0@users.noreply.github.com> Co-authored-by: Marcin Jasion <5058132+mjasion@users.noreply.github.com>
iterative · Aug 22, 2023 · b80dff6 · b80dff6
1 parent a70e3cc
commit b80dff6
Show file tree

Hide file tree

Showing 9 changed files with 233 additions and 8 deletions.
diff --git a/charts/studio/Chart.yaml b/charts/studio/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: studio
 description: A Helm chart for Kubernetes
 type: application
-version: 0.4.3
+version: 0.4.4
 appVersion: "v2.27.0"
 maintainers:
   - name: iterative

diff --git a/charts/studio/README.md b/charts/studio/README.md
@@ -1,6 +1,6 @@
 # studio
 
-![Version: 0.4.3](https://img.shields.io/badge/Version-0.4.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.27.0](https://img.shields.io/badge/AppVersion-v2.27.0-informational?style=flat-square)
+![Version: 0.4.4](https://img.shields.io/badge/Version-0.4.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.27.0](https://img.shields.io/badge/AppVersion-v2.27.0-informational?style=flat-square)
 
 A Helm chart for Kubernetes
 
@@ -91,6 +91,28 @@ A Helm chart for Kubernetes
 | nginx.ingress.enabled | bool | `false` |  |
 | nginx.serverBlock | string | see in `values.yaml` | Nginx for blobvault configuration |
 | nginx.service.type | string | `"ClusterIP"` |  |
+| pgBouncer | object | `{"affinity":{},"autoscaling":{"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":80},"enabled":false,"envFromSecret":"","envVars":{},"image":{"pullPolicy":"IfNotPresent","repository":"docker.io/bitnami/pgbouncer","tag":"1.20.1"},"nodeSelector":{},"podAnnotations":{},"podSecurityContext":{},"replicaCount":1,"resources":{"limits":{"cpu":"1000m","memory":"1024Mi"},"requests":{"cpu":"500m","memory":"512Mi"}},"securityContext":{},"service":{"port":6432,"type":"ClusterIP"},"serviceAccountName":"","tolerations":[]}` | PgBouncer settings group |
+| pgBouncer.affinity | object | `{}` | PgBouncer pod affinity configuration |
+| pgBouncer.autoscaling | object | `{"enabled":false,"maxReplicas":5,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | PgBouncer autoscaling configuration |
+| pgBouncer.autoscaling.enabled | bool | `false` | PgBouncer autoscaling enabled flag |
+| pgBouncer.autoscaling.maxReplicas | int | `5` | PgBouncer autoscaling max replicas |
+| pgBouncer.autoscaling.minReplicas | int | `1` | PgBouncer autoscaling min replicas |
+| pgBouncer.autoscaling.targetCPUUtilizationPercentage | int | `80` | PgBouncer autoscaling target CPU utilization percentage |
+| pgBouncer.envFromSecret | string | `""` | The name of an existing Secret that contains sensitive environment variables passed to DVCx worker pods. |
+| pgBouncer.envVars | object | `{}` | Additional environment variables for PgBouncer pods |
+| pgBouncer.image | object | `{"pullPolicy":"IfNotPresent","repository":"docker.io/bitnami/pgbouncer","tag":"1.20.1"}` | PgBouncer image settings |
+| pgBouncer.image.pullPolicy | string | `"IfNotPresent"` | PgBouncer image pull policy |
+| pgBouncer.image.repository | string | `"docker.io/bitnami/pgbouncer"` | PgBouncer image repository |
+| pgBouncer.image.tag | string | `"1.20.1"` | PgBouncer image tag |
+| pgBouncer.nodeSelector | object | `{}` | PgBouncer pod node selector configuration |
+| pgBouncer.podAnnotations | object | `{}` | Additional PgBouncer pod annotations |
+| pgBouncer.podSecurityContext | object | `{}` | PgBouncer pod security context configuration |
+| pgBouncer.resources | object | `{"limits":{"cpu":"1000m","memory":"1024Mi"},"requests":{"cpu":"500m","memory":"512Mi"}}` | PgBouncer resources configuration |
+| pgBouncer.resources.limits | object | `{"cpu":"1000m","memory":"1024Mi"}` | PgBouncer limits configuration |
+| pgBouncer.resources.requests | object | `{"cpu":"500m","memory":"512Mi"}` | PgBouncer requests configuration |
+| pgBouncer.securityContext | object | `{}` | PgBouncer pod security context configuration |
+| pgBouncer.serviceAccountName | string | `""` | PgBouncer service account name |
+| pgBouncer.tolerations | list | `[]` | PgBouncer pod tolerations configuration |
 | postgresql.enabled | bool | `true` | Postgres enabled |
 | postgresql.fullnameOverride | string | `"studio-postgresql"` | Postgres name override |
 | postgresql.global.postgresql.auth.database | string | `"iterativeai"` | Postgres database |

diff --git a/charts/studio/templates/_helpers.tpl b/charts/studio/templates/_helpers.tpl
@@ -88,6 +88,15 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 
+{{- define "pgbouncer.labels" -}}
+helm.sh/chart: {{ include "studio.chart" . }}
+{{ include "pgbouncer.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
 {{/*
 Selector labels
 */}}
@@ -122,6 +131,12 @@ app.kubernetes.io/name: studio-worker
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
+{{- define "pgbouncer.selectorLabels" -}}
+app.kubernetes.io/name: pgbouncer
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+
 {{/*
 Create the name of the service account to use
 */}}

diff --git a/charts/studio/templates/deployment-pgbouncer.yaml b/charts/studio/templates/deployment-pgbouncer.yaml
@@ -0,0 +1,69 @@
+{{- if ((.Values.pgBouncer).enabled) -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{.Release.Name}}-pgbouncer
+  labels:
+    {{- include "pgbouncer.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.pgBouncer.autoscaling.enabled }}
+  replicas: {{ .Values.pgBouncer.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "pgbouncer.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        checksum/secret-pgbouncer: {{ include (print $.Template.BasePath "/secret-pgbouncer.yaml") . | sha256sum }}
+        {{- include "studio.checksum" . | indent 8 }}
+        {{- with .Values.pgBouncer.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      labels:
+        {{- include "pgbouncer.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ .Values.pgBouncer.serviceAccountName }}
+      securityContext:
+        {{- with .Values.pgBouncer.podSecurityContext }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      containers:
+        - name: pgbouncer
+          securityContext:
+            {{- toYaml .Values.pgBouncer.securityContext | nindent 12 }}
+          image: "{{ .Values.pgBouncer.image.repository }}:{{ .Values.pgBouncer.image.tag }}"
+          imagePullPolicy: {{ .Values.pgBouncer.image.pullPolicy }}
+          resources:
+            {{- toYaml .Values.pgBouncer.resources | nindent 12 }}
+          env:
+            - name: PGBOUNCER_PORT
+              value: "6432"
+          envFrom:
+            - secretRef:
+                name: pgbouncer
+            {{- if .Values.pgBouncer.envFromSecret }}
+            - secretRef:
+                name: {{ .Values.pgBouncer.envFromSecret }}
+            {{- end }}
+          ports:
+            - name: pgbouncer
+              containerPort: 6432
+              protocol: TCP
+      {{- with .Values.pgBouncer.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.pgBouncer.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.pgBouncer.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+{{- end }}
diff --git a/charts/studio/templates/deployment-studio-dvcx-worker.yaml b/charts/studio/templates/deployment-studio-dvcx-worker.yaml
@@ -30,7 +30,7 @@ spec:
       securityContext:
         fsGroup: 103
         fsGroupChangePolicy: "OnRootMismatch"
-        {{- with .Values.studioWorker.podSecurityContext }}
+        {{- with .Values.studioDvcxWorker.podSecurityContext }}
         {{- toYaml . | nindent 8 }}
         {{- end }}
       containers:

diff --git a/charts/studio/templates/secret-pgbouncer.yaml b/charts/studio/templates/secret-pgbouncer.yaml
@@ -0,0 +1,21 @@
+{{- if ((.Values.pgBouncer).enabled) -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: pgbouncer
+  {{ if (not (hasKey .Values "ci")) }} # Add annotation if we're not in CI execution.
+  annotations:
+    helm.sh/resource-policy: "keep"
+    argocd.argoproj.io/sync-options: Delete=false
+  {{- end }}
+  labels:
+    {{- include "studio.labels" . | nindent 4 }}
+type: Opaque
+stringData:
+  POSTGRESQL_USERNAME: {{ .Values.global.postgres.user | quote }}
+  POSTGRESQL_PASSWORD: {{ .Values.global.postgres.password | quote }}
+  POSTGRESQL_DATABASE: {{ .Values.global.postgres.databaseName | quote }}
+  POSTGRESQL_HOST: {{ .Values.global.postgres.host | quote }}
+  POSTGRESQL_PORT: {{ .Values.global.postgres.port | quote }}
+  PGBOUNCER_DATABASE: {{ .Values.global.postgres.databaseName | quote }}
+{{- end }}
diff --git a/charts/studio/templates/secret-studio.yaml b/charts/studio/templates/secret-studio.yaml
@@ -11,14 +11,14 @@ metadata:
     {{- include "studio.labels" . | nindent 4 }}
 type: Opaque
 stringData:
-  {{- if .Values.global.postgres.databaseUrl }}
-  # Deprecated configuration format.
-  # Will be removed in a future release
-  DATABASE_URL: "psql://{{ .Values.global.postgres.databaseUser}}:{{ .Values.global.postgres.databasePassword }}@{{ .Values.global.postgres.databaseUrl }}"
-  {{- else }}
   DATABASE_USER: {{ .Values.global.postgres.user | quote }}
   DATABASE_PASSWORD: {{ .Values.global.postgres.password | quote }}
   DATABASE_NAME: {{ .Values.global.postgres.databaseName | quote }}
+
+  {{- if ((.Values.pgBouncer).enabled) }}
+  DATABASE_HOST: "pgbouncer.{{ .Release.Namespace }}.svc.cluster.local"
+  DATABASE_PORT: {{ .Values.pgBouncer.service.port | quote }}
+  {{- else }}
   DATABASE_HOST: {{ .Values.global.postgres.host | quote }}
   DATABASE_PORT: {{ .Values.global.postgres.port | quote }}
   {{- end }}

diff --git a/charts/studio/templates/service-pgbouncer.yaml b/charts/studio/templates/service-pgbouncer.yaml
@@ -0,0 +1,17 @@
+{{- if ((.Values.pgBouncer).enabled) -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: pgbouncer
+  labels:
+    {{- include "pgbouncer.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.pgBouncer.service.type }}
+  ports:
+    - port: {{ .Values.pgBouncer.service.port }}
+      targetPort: pgbouncer
+      protocol: TCP
+      name: pgbouncer
+  selector:
+    {{- include "pgbouncer.selectorLabels" . | nindent 4 }}
+{{- end }}
diff --git a/charts/studio/values.yaml b/charts/studio/values.yaml
@@ -363,6 +363,87 @@ ray:
       minimum: 1
       maximum: 4
 
+# -- PgBouncer settings group
+pgBouncer:
+  enabled: false
+
+  # -- PgBouncer image settings
+  image:
+    # -- PgBouncer image repository
+    repository: docker.io/bitnami/pgbouncer
+    # -- PgBouncer image pull policy
+    pullPolicy: IfNotPresent
+    # -- PgBouncer image tag
+    tag: "1.20.1"
+
+  service:
+    type: ClusterIP
+    port: 6432
+
+  # -- Additional environment variables for PgBouncer pods
+  envVars: {}
+  # Example:
+  # envVars:
+  #   DEBUG: "True"
+
+  # -- The name of an existing Secret that contains sensitive environment variables passed to DVCx
+  # worker pods.
+  envFromSecret: ""
+
+  replicaCount: 1
+
+  # -- PgBouncer resources configuration
+  resources:
+    # -- PgBouncer requests configuration
+    requests:
+      cpu: 500m
+      memory: 512Mi
+    # -- PgBouncer limits configuration
+    limits:
+      cpu: 1000m
+      memory: 1024Mi
+
+  # -- PgBouncer autoscaling configuration
+  autoscaling:
+    # -- PgBouncer autoscaling enabled flag
+    enabled: false
+    # -- PgBouncer autoscaling min replicas
+    minReplicas: 1
+    # -- PgBouncer autoscaling max replicas
+    maxReplicas: 5
+    # -- PgBouncer autoscaling target CPU utilization percentage
+    targetCPUUtilizationPercentage: 80
+    # -- PgBouncer autoscaling target memory utilization percentage
+    # targetMemoryUtilizationPercentage: 80
+
+  # -- Additional PgBouncer pod annotations
+  podAnnotations: {}
+
+  # -- PgBouncer pod security context configuration
+  podSecurityContext: {}
+  # fsGroup: 2000
+
+  # -- PgBouncer pod security context configuration
+  securityContext: {}
+    # capabilities:
+    #   drop:
+    #   - ALL
+    # readOnlyRootFilesystem: true
+    # runAsNonRoot: true
+  # runAsUser: 1000
+
+  # -- PgBouncer service account name
+  serviceAccountName: ""
+
+  # -- PgBouncer pod node selector configuration
+  nodeSelector: {}
+
+  # -- PgBouncer pod tolerations configuration
+  tolerations: []
+
+  # -- PgBouncer pod affinity configuration
+  affinity: {}
+
 # -- Studio UI settings group
 studioUi:
   # -- Additional environment variables for ui pods