Deploy: added PGsql charts.

Author: vladd-bit

deploy/Makefile

@@ -13,6 +13,14 @@ HELM_OPENSEARCH_NAMESPACE ?= cogstack
 HELM_OPENSEARCH_CHART ?= ./charts/opensearch
 HELM_OPENSEARCH_VALUES_FILE ?= ./helm/opensearch.values.yaml
 HELM_OPENSEARCH_VALUES_ARG = -f $(HELM_OPENSEARCH_VALUES_FILE)
+HELM_POSTGRESQL_RELEASE ?= cogstack-postgresql
+HELM_POSTGRESQL_NAMESPACE ?= cogstack
+HELM_POSTGRESQL_CHART ?= ./charts/postgresql
+HELM_POSTGRESQL_VALUES_FILE ?= ./helm/postgresql.values.yaml
+HELM_POSTGRESQL_VALUES_ARG = -f $(HELM_POSTGRESQL_VALUES_FILE)
+CNPG_OPERATOR_MINOR ?= 1.28
+CNPG_OPERATOR_VERSION ?= 1.28.1
+CNPG_OPERATOR_MANIFEST ?= https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-$(CNPG_OPERATOR_MINOR)/releases/cnpg-$(CNPG_OPERATOR_VERSION).yaml
 
 define WITH_ENV
 set -a && source ./export_env_vars.sh;
@@ -80,6 +88,15 @@ helm-template-opensearch: ## Render OpenSearch chart using chart defaults plus .
 helm-install-opensearch: ## Install/upgrade OpenSearch chart using chart defaults plus ./helm/opensearch.values.yaml
 	helm upgrade --install $(HELM_OPENSEARCH_RELEASE) $(HELM_OPENSEARCH_CHART) $(HELM_OPENSEARCH_VALUES_ARG) --namespace $(HELM_OPENSEARCH_NAMESPACE) --create-namespace
 
+kube-install-cnpg-operator: ## Install CloudNativePG operator/CRDs from the pinned upstream manifest
+	kubectl apply --server-side -f $(CNPG_OPERATOR_MANIFEST)
+
+helm-template-postgresql: ## Render CloudNativePG PostgreSQL chart using chart defaults plus ./helm/postgresql.values.yaml
+	helm template $(HELM_POSTGRESQL_RELEASE) $(HELM_POSTGRESQL_CHART) $(HELM_POSTGRESQL_VALUES_ARG) --namespace $(HELM_POSTGRESQL_NAMESPACE)
+
+helm-install-postgresql: ## Install/upgrade CloudNativePG PostgreSQL chart using chart defaults plus ./helm/postgresql.values.yaml
+	helm upgrade --install $(HELM_POSTGRESQL_RELEASE) $(HELM_POSTGRESQL_CHART) $(HELM_POSTGRESQL_VALUES_ARG) --namespace $(HELM_POSTGRESQL_NAMESPACE) --create-namespace
+
 
 remote-deploy-service: ## Deploy one or more services to a remote machine via SSH + docker compose
 remote-deploy-service: _check-remote-params
@@ -107,7 +124,7 @@ _check-remote-params:
 		exit 1; \
 	fi
 
-.PHONY: remote-deploy-service remote-stop-service remote-delete-service _check-remote-params helm-template-opensearch helm-install-opensearch
+.PHONY: remote-deploy-service remote-stop-service remote-delete-service _check-remote-params helm-template-opensearch helm-install-opensearch kube-install-cnpg-operator helm-template-postgresql helm-install-postgresql
 
 # start services
 

deploy/charts/README.md

@@ -10,6 +10,7 @@ This directory contains Helm charts owned by this repository's deployment layer.
 ## Current charts
 
 - `opensearch/` - OpenSearch and/or OpenSearch Dashboards chart used by this repo.
+- `postgresql/` - CloudNativePG-backed PostgreSQL cluster chart used by this repo.
 
 ## Quick usage
 

deploy/charts/postgresql/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: cogstack-postgresql
+description: CloudNativePG-backed PostgreSQL cluster for CogStack deployments
+type: application
+version: 0.1.0
+appVersion: "18.1"

deploy/charts/postgresql/README.md

@@ -0,0 +1,49 @@
+# cogstack-postgresql Helm Chart
+
+Helm chart for deploying the repo's production PostgreSQL database on Kubernetes using the CloudNativePG operator.
+
+## What this chart deploys
+
+- A CloudNativePG `Cluster` resource for PostgreSQL
+- An application credentials `Secret` by default
+- A bootstrap SQL `ConfigMap` sourced from `services/cogstack-db/pgsql/schemas/`
+
+## Prerequisites
+
+1. Install the CloudNativePG operator and CRDs first.
+2. Have a working default `StorageClass`, or set `cluster.storage.storageClass` in your values file.
+3. Use at least 3 worker nodes for HA production deployments.
+
+Pinned operator install example:
+
+```bash
+kubectl apply --server-side -f \
+  https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.28/releases/cnpg-1.28.1.yaml
+```
+
+## Install
+
+```bash
+helm upgrade --install cogstack-postgresql ./deploy/charts/postgresql \
+  -f ./deploy/helm/postgresql.values.yaml \
+  --namespace cogstack --create-namespace
+```
+
+## Render templates
+
+```bash
+helm template cogstack-postgresql ./deploy/charts/postgresql \
+  -f ./deploy/helm/postgresql.values.yaml \
+  --namespace cogstack
+```
+
+## Notes
+
+- The chart consumes shared repo sources through bundled files under `deploy/charts/postgresql/files/`.
+- `deploy/database.env` is used as the default source for `DATABASE_DB_NAME`, `POSTGRES_DB_MAX_CONNECTIONS`, and the default CPU/memory sizing hints.
+- `security/env/users_database.env` is used as the default source for `DATABASE_USER` and `DATABASE_PASSWORD`.
+- The bootstrap SQL comes from the shared PostgreSQL schema files under `services/cogstack-db/pgsql/schemas/`.
+- `POSTGRES_DB_SCHEMA_PREFIX` is respected when selecting bundled custom schema files after `annotations_nlp_create_schema.sql`.
+- Docker-specific settings that do not map cleanly to Kubernetes, such as `DATABASE_DOCKER_SHM_SIZE`, are intentionally not consumed.
+- By default, the application owner is not granted PostgreSQL superuser. If you need compose-like behavior, set `cluster.ownerSuperuser=true`.
+- Backups are intentionally not enabled by default in this chart. Wire object storage and WAL archiving before using this for production data.

deploy/charts/postgresql/files/deploy-database.envfile

@@ -0,0 +1 @@
+../../../../deploy/database.env

deploy/charts/postgresql/files/initdb/annotations_nlp_create_schema.sql

@@ -0,0 +1 @@
+../../../../../services/cogstack-db/pgsql/schemas/annotations_nlp_create_schema.sql

deploy/charts/postgresql/files/initdb/cogstack_db_databank.sql

@@ -0,0 +1 @@
+../../../../../services/cogstack-db/pgsql/schemas/cogstack_db_databank.sql

deploy/charts/postgresql/files/users-database.envfile

@@ -0,0 +1 @@
+../../../../security/env/users_database.env

deploy/charts/postgresql/templates/NOTES.txt

@@ -0,0 +1,9 @@
+CloudNativePG operator resources must already be installed before this chart can be applied.
+
+PostgreSQL services created by the operator:
+- read/write primary service: {{ include "cogstack-postgresql.fullname" . }}-rw
+- read-only replicas service: {{ include "cogstack-postgresql.fullname" . }}-ro
+- any-instance service: {{ include "cogstack-postgresql.fullname" . }}-r
+
+Application credentials secret:
+- {{ include "cogstack-postgresql.appSecretName" . }}

deploy/charts/postgresql/templates/_helpers.tpl

@@ -0,0 +1,117 @@
+{{/* Chart name */}}
+{{- define "cogstack-postgresql.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/* Fully qualified name */}}
+{{- define "cogstack-postgresql.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Common labels */}}
+{{- define "cogstack-postgresql.labels" -}}
+helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" }}
+app.kubernetes.io/name: {{ include "cogstack-postgresql.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/* Application credentials secret name */}}
+{{- define "cogstack-postgresql.appSecretName" -}}
+{{- if .Values.credentials.existingAppSecret -}}
+{{- .Values.credentials.existingAppSecret -}}
+{{- else -}}
+{{- printf "%s-app" (include "cogstack-postgresql.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Bootstrap SQL configmap name */}}
+{{- define "cogstack-postgresql.initdbConfigMapName" -}}
+{{- printf "%s-initdb" (include "cogstack-postgresql.fullname" .) -}}
+{{- end -}}
+
+{{/* Normalize docker-style memory strings to Kubernetes quantities */}}
+{{- define "cogstack-postgresql.normalizeMemory" -}}
+{{- $value := toString . | trim -}}
+{{- if regexMatch "^[0-9]+g$" $value -}}
+{{- printf "%sGi" (trimSuffix "g" $value) -}}
+{{- else if regexMatch "^[0-9]+m$" $value -}}
+{{- printf "%sMi" (trimSuffix "m" $value) -}}
+{{- else if regexMatch "^[0-9]+k$" $value -}}
+{{- printf "%sKi" (trimSuffix "k" $value) -}}
+{{- else -}}
+{{- $value -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Parse deploy/database.env into a filtered YAML map */}}
+{{- define "cogstack-postgresql.parsedEnvFile" -}}
+{{- $root := . -}}
+{{- $envData := dict -}}
+{{- $rawEnv := $root.Values.envFile.raw | default ($root.Files.Get "files/deploy-database.envfile") -}}
+{{- if $rawEnv -}}
+{{- $renderedEnv := tpl $rawEnv $root -}}
+{{- range $line := splitList "\n" $renderedEnv }}
+  {{- $clean := trim (replace "\r" "" $line) -}}
+  {{- if and $clean (not (hasPrefix "#" $clean)) -}}
+    {{- if regexMatch "^[A-Za-z_][A-Za-z0-9_]*=" $clean -}}
+      {{- $key := regexFind "^[A-Za-z_][A-Za-z0-9_]*" $clean -}}
+      {{- $val := trim (regexReplaceAll "^[A-Za-z_][A-Za-z0-9_]*=" $clean "") -}}
+      {{- if has $key $root.Values.envFile.includeKeys -}}
+        {{- if and (hasPrefix "\"" $val) (hasSuffix "\"" $val) -}}
+          {{- $val = trimSuffix "\"" (trimPrefix "\"" $val) -}}
+        {{- else if and (hasPrefix "'" $val) (hasSuffix "'" $val) -}}
+          {{- $val = trimSuffix "'" (trimPrefix "'" $val) -}}
+        {{- end -}}
+        {{- if regexMatch "^\\$[A-Za-z_][A-Za-z0-9_]*$" $val -}}
+          {{- $refKey := trimPrefix "$" $val -}}
+          {{- if hasKey $envData $refKey -}}
+            {{- $val = index $envData $refKey -}}
+          {{- end -}}
+        {{- end -}}
+        {{- $_ := set $envData $key $val -}}
+      {{- end -}}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}
+{{- end -}}
+{{ toYaml $envData }}
+{{- end -}}
+
+{{/* Parse security/env/users_database.env into a filtered YAML map */}}
+{{- define "cogstack-postgresql.parsedUsersEnvFile" -}}
+{{- $root := . -}}
+{{- $usersData := dict -}}
+{{- $rawUsers := $root.Values.usersEnvFile.raw | default ($root.Files.Get "files/users-database.envfile") -}}
+{{- if $rawUsers -}}
+{{- $renderedUsers := tpl $rawUsers $root -}}
+{{- range $line := splitList "\n" $renderedUsers }}
+  {{- $clean := trim (replace "\r" "" $line) -}}
+  {{- if and $clean (not (hasPrefix "#" $clean)) -}}
+    {{- if regexMatch "^[A-Za-z_][A-Za-z0-9_]*=" $clean -}}
+      {{- $key := regexFind "^[A-Za-z_][A-Za-z0-9_]*" $clean -}}
+      {{- $val := trim (regexReplaceAll "^[A-Za-z_][A-Za-z0-9_]*=" $clean "") -}}
+      {{- if has $key $root.Values.usersEnvFile.includeKeys -}}
+        {{- if and (hasPrefix "\"" $val) (hasSuffix "\"" $val) -}}
+          {{- $val = trimSuffix "\"" (trimPrefix "\"" $val) -}}
+        {{- else if and (hasPrefix "'" $val) (hasSuffix "'" $val) -}}
+          {{- $val = trimSuffix "'" (trimPrefix "'" $val) -}}
+        {{- end -}}
+        {{- $_ := set $usersData $key $val -}}
+      {{- end -}}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}
+{{- end -}}
+{{ toYaml $usersData }}
+{{- end -}}