values.yaml

## @section Global parameters
global:
  ## @param global.imageRegistry Global Docker Image registry
  imageRegistry: ""
  ## @param global.imagePullSecrets Global Docker registry secret names as an array
  imagePullSecrets: []
  enableServiceLinks: true

## @section Common parameters
## @param nameOverride String to partially override postgres.fullname
nameOverride: ""
## @param fullnameOverride String to fully override postgres.fullname
fullnameOverride: ""
## @param namespaceOverride String to override the namespace for all resources
namespaceOverride: ""
## @param commonLabels Labels to add to all deployed objects
commonLabels: {}
## @param commonAnnotations Annotations to add to all deployed objects
commonAnnotations: {}
## @param priorityClassName Priority class name to be used for the pods
priorityClassName: ""

## @param terminationGracePeriodSeconds Time for Kubernetes to wait for the pod to gracefully terminate
terminationGracePeriodSeconds: 30

## @section PostgreSQL image configuration
image:
  ## @param image.registry PostgreSQL image registry
  registry: docker.io
  ## @param image.repository PostgreSQL image repository
  repository: postgres
  ## @param image.tag PostgreSQL image tag (immutable tags are recommended)
  tag: "18.3@sha256:52e6ffd11fddd081ae63880b635b2a61c14008c17fc98cdc7ce5472265516dd0"
  ## @param image.imagePullPolicy PostgreSQL image pull policy
  imagePullPolicy: Always
  ## @param image.useHardenedImage Set to true when using hardened images (e.g., DHI) that have different PGDATA paths for Postgres <18
  useHardenedImage: false

## @section Deployment configuration
## @param replicaCount Number of PostgreSQL replicas to deploy (Note: PostgreSQL doesn't support multi-master replication by default)
replicaCount: 1

## @section Pod annotations and labels
## @param podAnnotations Map of annotations to add to the pods
podAnnotations: {}
## @param podLabels Map of labels to add to the pods
podLabels: {}

## @section Security Context
podSecurityContext:
  ## @param podSecurityContext.fsGroup Group ID for the volumes of the pod
  fsGroup: 999

containerSecurityContext:
  ## @param containerSecurityContext.allowPrivilegeEscalation Enable container privilege escalation
  allowPrivilegeEscalation: false
  ## @param containerSecurityContext.runAsNonRoot Configure the container to run as a non-root user
  runAsNonRoot: true
  ## @param containerSecurityContext.runAsUser User ID for the PostgreSQL container
  runAsUser: 999
  ## @param containerSecurityContext.runAsGroup Group ID for the PostgreSQL container
  runAsGroup: 999
  ## @param containerSecurityContext.readOnlyRootFilesystem Mount container root filesystem as read-only
  readOnlyRootFilesystem: false
  ## @param containerSecurityContext.capabilities.drop Linux capabilities to be dropped
  capabilities:
    drop:
      - ALL

## @section PostgreSQL Authentication
auth:
  ## @param auth.username Name for a custom superuser to create at initialisation. (This will also create a database with the same name)
  username: ""
  ## @param auth.password Password for the custom user to create
  password: ""
  ## @param auth.database Alternative name for the default database to be created at initialisation
  database: ""
  ## @param auth.existingSecret Name of existing secret to use for PostgreSQL credentials
  existingSecret: ""
  secretKeys:
    ## @param auth.secretKeys.adminPasswordKey Name of key in existing secret to use for PostgreSQL admin credentials
    adminPasswordKey: "postgres-password"

## @section PostgreSQL Configuration
config:
  ## @param config.mountConfigMap Enable mounting of ConfigMap with PostgreSQL configuration
  mountConfigMap: true
  ## @param config.postgresqlSharedPreloadLibraries Shared preload libraries (comma-separated list) - deprecated, see postgresql config block
  postgresqlSharedPreloadLibraries: ""
  ## @param config.postgresqlMaxConnections Maximum number of connections - deprecated, see postgresql config block
  postgresqlMaxConnections: 0
  ## @param config.postgresqlSharedBuffers Amount of memory the database server uses for shared memory buffers - deprecated, see postgresql config block
  postgresqlSharedBuffers: ""
  ## @param config.postgresqlEffectiveCacheSize Effective cache size - deprecated, see postgresql config block
  postgresqlEffectiveCacheSize: ""
  ## @param config.postgresqlWorkMem Amount of memory to be used by internal sort operations and hash tables - deprecated, see postgresql config block
  postgresqlWorkMem: ""
  ## @param config.postgresqlMaintenanceWorkMem Maximum amount of memory to be used by maintenance operations - deprecated, see postgresql config block
  postgresqlMaintenanceWorkMem: ""
  ## @param config.postgresqlWalBuffers Amount of memory used in shared memory for WAL data - deprecated, see postgresql config block
  postgresqlWalBuffers: ""
  ## @param config.postgresqlCheckpointCompletionTarget Time spent flushing dirty buffers during checkpoint, as fraction of checkpoint interval - deprecated, see postgresql config block
  postgresqlCheckpointCompletionTarget: ""
  ## @param config.postgresqlRandomPageCost Sets the planner's estimate of the cost of a non-sequentially-fetched disk page - deprecated, see postgresql config block
  postgresqlRandomPageCost: ""
  ## @param config.postgresqlLogStatement Sets the type of statements logged - deprecated, see postgresql config block
  postgresqlLogStatement: ""
  ## @param config.postgresqlLogMinDurationStatement Sets the minimum execution time above which statements will be logged - deprecated, see postgresql config block
  postgresqlLogMinDurationStatement: ""
  ## @param config.extraConfig Additional PostgreSQL configuration parameters
  extraConfig: []
  ## @param config.existingConfigmap Name of existing ConfigMap with PostgreSQL configuration
  existingConfigmap: ""
  ## @param config.pgHbaConfig Content of a custom pg_hba.conf file to be used instead of the default config
  pgHbaConfig: ""
  # @param config.postgresql Postgresql configuration block
  postgresql:
    # @param config.postgresql.max_connections Maximum number of connections - https://postgresqlco.nf/doc/en/param/max_connections/
    max_connections: 100
    # @param config.postgresql.shared_buffers Amount of memory the database server uses for shared memory buffers - https://postgresqlco.nf/doc/en/param/shared_buffers/
    shared_buffers: 128MB
    # @param config.postgresql.effective_cache_size Sets the planner's assumption about the total size of the data caches - https://postgresqlco.nf/doc/en/param/effective_cache_size/
    effective_cache_size: 4GB
    # @param config.postgresql.work_mem Amount of memory to be used by internal sort operations and hash tables - https://postgresqlco.nf/doc/en/param/work_mem/
    work_mem: 4MB
    # @param config.postgresql.maintenance_work_mem Maximum amount of memory to be used by maintenance operations - https://postgresqlco.nf/doc/en/param/maintenance_work_mem/
    maintenance_work_mem: 64MB
    # @param config.postgresql.checkpoint_completion_target Time spent flushing dirty buffers during checkpoint, as fraction of checkpoint interval - https://postgresqlco.nf/doc/en/param/checkpoint_completion_target/
    checkpoint_completion_target: 0.7
    # @param config.postgresql.random_page_cost Sets the planner's estimate of the cost of a non-sequentially-fetched disk page - https://postgresqlco.nf/doc/en/param/random_page_cost/
    random_page_cost: 1.1
    # @param config.postgresql.timezone Default timezone setting - https://postgresqlco.nf/doc/en/param/TimeZone/
    timezone: "UTC"
    # @param config.postgresql.locale Locale setting for all lc_* settings - https://postgresqlco.nf/doc/en/param/lc_messages/
    locale: "en_US.utf8"
    # @param config.postgresql.default_text_search_config Sets default text search configuration - https://postgresqlco.nf/doc/en/param/default_text_search_config/
    default_text_search_config: pg_catalog.english
    # @param config.postgresql.datestyle Sets the display format for date and time values - https://postgresqlco.nf/doc/en/param/DateStyle/
    datestyle: "iso, mdy"
    # @param config.postgresql.log_destination Sets the destination for server log output - https://postgresqlco.nf/doc/en/param/log_destination/
    log_destination: stderr
    # @param config.postgresql.logging_collector Start a subprocess to capture stderr, csvlog and/or jsonlog into log files - https://postgresqlco.nf/doc/en/param/logging_collector/
    logging_collector: "off"
    # @param config.postgresql.log_min_messages Sets the message levels that are logged - https://postgresqlco.nf/doc/en/param/log_min_messages/
    log_min_messages: warning
    # @param config.postgresql.log_min_error_statement Causes all statements generating error at or above this level to be logged - https://postgresqlco.nf/doc/en/param/log_min_error_statement/
    log_min_error_statement: error
    # @param config.postgresql.log_statement Sets the type of statements logged - https://postgresqlco.nf/doc/en/param/log_statement/
    log_statement: none
    # @param config.postgresql.log_min_duration_statement Sets the minimum execution time above which all statements will be logged - https://postgresqlco.nf/doc/en/param/log_min_duration_statement/
    log_min_duration_statement: -1
    # @param config.postgresql.shared_preload_libraries Shared preload libraries (comma-separated list) - https://postgresqlco.nf/doc/en/param/shared_preload_libraries/
    shared_preload_libraries: ""
    # @param config.postgresql.wal_buffers Amount of memory used in shared memory for WAL data - https://postgresqlco.nf/doc/en/param/wal_buffers/
    wal_buffers: "16MB"
    # @param config.postgresql.wal_level Determines how much information is written to the WAL - https://postgresqlco.nf/doc/en/param/wal_level/
    wal_level: replica
    # @param config.postgresql.max_wal_senders Specifies the maximum number of concurrent connections from standby servers or streaming base backup clients - https://postgresqlco.nf/doc/en/param/max_wal_senders/
    max_wal_senders: 10
    # @param config.postgresql.wal_keep_size Specifies the minimum size of past WAL files kept in the pg_wal directory (in MB) - https://postgresqlco.nf/doc/en/param/wal_keep_size/
    wal_keep_size: 1024

## @section customUser Optional user to be created at initialisation with a custom password and database
customUser:
  ## @param customUser.name Name of the custom user to be created
  name: ""
  ## @param customUser.database Name of the database to be created
  database: ""
  ## @param customUser.password Password to be used for the custom user
  password: ""
  ## @param customUser.existingSecret Existing secret, in which username, password and database name are saved
  existingSecret: ""
  ## @param customUser.secretKeys Name of keys in existing secret to use the custom user name, password and database
  secretKeys:
    ## @param customUser.secretKeys.name Custom user name secret reference (set empty to fallback to customUser.name)
    name: "CUSTOM_USER"
    ## @param customUser.secretKeys.database Custom user database secret reference (set empty to fallback to customUser.database)
    database: "CUSTOM_DB"
    password: "CUSTOM_PASSWORD"

## @section PostgreSQL Initdb configuration
initdb:
  ## @param initdb.args Send arguments to postgres initdb. This is a space separated string of arguments
  args: ""
  ## @param initdb.scripts Dictionary of initdb scripts
  scripts: {}
  ## @param initdb.scriptsConfigMap ConfigMap with scripts to be run at first boot
  scriptsConfigMap: ""
  ## @param initdb.directory Directory where to load initScripts
  directory: "/docker-entrypoint-initdb.d/"

## @section Service configuration
service:
  ## @param service.type PostgreSQL service type
  type: ClusterIP
  ## @param service.port PostgreSQL service port
  port: 5432
  ## @param service.targetPort PostgreSQL container port
  targetPort: 5432
  ## @param service.nodePort PostgreSQL NodePort port
  nodePort: 30432
  ## @param service.annotations Service annotations
  annotations: {}
  ## @param service.loadBalancerIP LoadBalancer IP if service type is `LoadBalancer`
  loadBalancerIP: ""
  ## @param service.externalTrafficPolicy External traffic policy for the service
  externalTrafficPolicy: ""

## @section Ingress configuration
ingress:
  ## @param ingress.enabled Enable ingress record generation for PostgreSQL
  enabled: false
  ## @param ingress.className IngressClass that will be used to implement the Ingress
  className: ""
  ## @param ingress.annotations Additional annotations for the Ingress resource
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  ## @param ingress.hosts[0].host Hostname for PostgreSQL ingress
  ## @param ingress.hosts[0].paths[0].path Path for PostgreSQL ingress
  ## @param ingress.hosts[0].paths[0].pathType Path type for PostgreSQL ingress
  hosts:
    - host: postgres.local
      paths:
        - path: /
          pathType: Prefix
  ## @param ingress.tls TLS configuration for PostgreSQL ingress
  tls: []
  #  - secretName: postgres-tls
  #    hosts:
  #      - postgres.local

## @section Gateway API parameters
## TLS termination happens at the Gateway listener level, not at the backend service.
## To serve traffic from an HTTPS listener, set sectionName to the listener's name:
##
##   parentRefs:
##     - name: my-gateway
##       sectionName: https   # matches the HTTPS listener defined in the Gateway resource
##
## The backend always receives plain HTTP traffic regardless of the listener protocol.
gatewayAPI:
  httpRoute:
    ## @param gatewayAPI.httpRoute.enabled Enable Gateway API HTTPRoute generation for PostgreSQL
    enabled: false
    ## @param gatewayAPI.httpRoute.annotations Additional annotations for the HTTPRoute resource
    annotations: {}
    ## @param gatewayAPI.httpRoute.parentRefs References to the parent Gateways
    parentRefs:
      - name: gateway
        namespace: ""
        sectionName: ""
    ## @param gatewayAPI.httpRoute.hostnames List of hostnames to match
    hostnames:
      - postgres.local
    ## @param gatewayAPI.httpRoute.rules HTTPRoute rules
    rules:
      - matches:
          - path:
              type: PathPrefix
              value: /

## @section Resources
resources: {}
  ## We usually recommend not to specify default resources and to leave this as a conscious
  ## choice for the user. This also increases chances charts run on environments with little
  ## resources, such as Minikube. If you do want to specify resources, uncomment the following
  ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 500m
  #   memory: 512Mi
  # requests:
  #   cpu: 250m
  #   memory: 256Mi

## @section Persistence
persistence:
  ## @param persistence.enabled Enable persistence using Persistent Volume Claims
  enabled: true
  ## @param persistence.storageClass Persistent Volume storage class
  storageClass: ""
  ## @param persistence.annotations Persistent Volume Claim annotations
  annotations: {}
  ## @param persistence.size Persistent Volume size
  size: 8Gi
  ## @param persistence.accessModes Persistent Volume access modes
  accessModes:
    - ReadWriteOnce
  ## @param persistence.existingClaim The name of an existing PVC to use for persistence
  existingClaim: ""
  ## @param persistence.subPath The subdirectory of the volume to mount to
  ## Useful in dev environments and one PV for multiple services
  subPath: ""
  ## @param persistence.labels Labels for persistent volume claims
  labels: {}
  ## @param persistence.volumeName Container volume name and volume claim prefix
  volumeName: "data"

## @section Persistent Volume Claim Retention Policy
persistentVolumeClaimRetentionPolicy:
  ## @param persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for the Statefulset
  enabled: false
  ## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
  whenScaled: Retain
  ## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
  whenDeleted: Retain

## @section Liveness and readiness probes
livenessProbe:
  ## @param livenessProbe.enabled Enable livenessProbe on PostgreSQL containers
  enabled: true
  ## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
  initialDelaySeconds: 30
  ## @param livenessProbe.periodSeconds Period seconds for livenessProbe
  periodSeconds: 10
  ## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
  timeoutSeconds: 5
  ## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
  failureThreshold: 3
  ## @param livenessProbe.successThreshold Success threshold for livenessProbe
  successThreshold: 1

readinessProbe:
  ## @param readinessProbe.enabled Enable readinessProbe on PostgreSQL containers
  enabled: true
  ## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
  initialDelaySeconds: 5
  ## @param readinessProbe.periodSeconds Period seconds for readinessProbe
  periodSeconds: 5
  ## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
  timeoutSeconds: 5
  ## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
  failureThreshold: 3
  ## @param readinessProbe.successThreshold Success threshold for readinessProbe
  successThreshold: 1

startupProbe:
  ## @param startupProbe.enabled Enable startupProbe on PostgreSQL containers
  enabled: true
  ## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
  initialDelaySeconds: 30
  ## @param startupProbe.periodSeconds Period seconds for startupProbe
  periodSeconds: 10
  ## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
  timeoutSeconds: 5
  ## @param startupProbe.failureThreshold Failure threshold for startupProbe
  failureThreshold: 30
  ## @param startupProbe.successThreshold Success threshold for startupProbe
  successThreshold: 1

## @section Node Selection
## @param nodeSelector Node labels for pod assignment
nodeSelector: {}

## @param tolerations Toleration labels for pod assignment
tolerations: []

## @param affinity Affinity settings for pod assignment
affinity: {}

## @section Service Account
serviceAccount:
  ## @param serviceAccount.create Specifies whether a service account should be created
  create: false
  ## @param serviceAccount.annotations Annotations to add to the service account
  annotations: {}
  ## @param serviceAccount.name The name of the service account to use. If not set and create is true, a name is generated using the `fullname` template.
  name: ""
  ## @param serviceAccount.automountServiceAccountToken whether to automount the SA token inside the pod
  automountServiceAccountToken: false

## @param extraEnvVars Additional environment variables to set
extraEnvVars: []
  # - name: CUSTOM_VAR
  #   value: "custom-value"
  # - name: SECRET_VAR
  #   valueFrom:
  #     secretKeyRef:
  #       name: my-secret
  #       key: secret-key

## @param extraEnvVarsSecret Name of a secret containing additional environment variables
extraEnvVarsSecret: ""

## @param extraVolumes Additional volumes to add to the pod
extraVolumes: []

## @param extraVolumeMounts Additional volume mounts to add to the MongoDB container
extraVolumeMounts: []

## @param initContainers Init containers to add to the PostgreSQL pods. Useful for tasks like pgautoupgrade for major version upgrades
initContainers: []
# Example with pgautoupgrade for major version upgrades:
# - name: pgautoupgrade
#   image: tianon/pgautoupgrade:17-to-18
#   volumeMounts:
#     - name: data  # must match persistence.volumeName
#       mountPath: /var/lib/postgresql/data

## @section Container command/args override
## @param command Override default container command (useful for hardened images)
command: []
## @param args Override default container args (useful for hardened images that handle startup differently)
## Leave unset or null to use default args, set to empty array [] to disable default args for hardened images like DHI
args: null  # @schema type:[array, null]

## @param extraObjects Array of extra objects to deploy with the release
extraObjects: []

## @section Metrics configuration
metrics:
  ## @param metrics.enabled Start a sidecar prometheus exporter to expose PostgreSQL metrics
  enabled: false
  image:
    ## @param metrics.image.registry PostgreSQL exporter image registry
    registry: quay.io
    ## @param metrics.image.repository PostgreSQL exporter image repository
    repository: prometheuscommunity/postgres-exporter
    ## @param metrics.image.tag PostgreSQL exporter image tag
    tag: "v0.19.1@sha256:e96064f876226d94bb6ce48a4c4b3dd76edba91168ec1ab024e5c4b959310b0f"
    ## @param metrics.image.pullPolicy PostgreSQL exporter image pull policy
    pullPolicy: Always
  ## @param metrics.resources Resource limits and requests for metrics container
  resources: {}
  ## Metrics service configuration
  service:
    ## @param metrics.service.annotations Additional custom annotations for Metrics service
    annotations: {}
    ## @param metrics.service.labels Additional custom labels for Metrics service
    labels: {}
    ## @param metrics.service.port Metrics service port
    port: 9187
  ## Prometheus Operator ServiceMonitor configuration
  serviceMonitor:
    ## @param metrics.serviceMonitor.enabled Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator
    enabled: false
    ## @param metrics.serviceMonitor.namespace The namespace in which the ServiceMonitor will be created
    namespace: ""
    ## @param metrics.serviceMonitor.interval The interval at which metrics should be scraped
    interval: 30s
    ## @param metrics.serviceMonitor.scrapeTimeout The timeout after which the scrape is ended
    scrapeTimeout: 10s
    ## @param metrics.serviceMonitor.selector Additional labels for ServiceMonitor resource
    selector: {}
    ## @param metrics.serviceMonitor.annotations ServiceMonitor annotations
    annotations: {}
    ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
    honorLabels: false
    ## @param metrics.serviceMonitor.relabelings ServiceMonitor relabel configs to apply to samples before scraping
    relabelings: []
    ## @param metrics.serviceMonitor.metricRelabelings ServiceMonitor metricRelabelings configs to apply to samples before ingestion
    metricRelabelings: []
    ## @param metrics.serviceMonitor.namespaceSelector ServiceMonitor namespace selector
    namespaceSelector: {}

## @section Physical WAL replication configuration
replication:
  # @param replication.enabled Enables the WAL replication feature for both sides (primary and standby), provides the environment variables `REPLICATION_USER` and `REPLICATION_PASSWORD` and configures access in `pg_hba.conf`
  enabled: false
  # @param replication.primary Standby server configuration
  primary:
    # @param replication.primary.host Hostname of the primary server
    host: ""
    # @param replication.primary.port Port of the primary server
    port: 5432
  # -- Whether to create the replication user
  createUser: true
  # @param replication.auth Replication authentication configuration
  auth:
    # @param replication.auth.username Username for replication user
    username: "replication"
    # @param replication.auth.password Password for replication user (cannot be empty)
    password: ""
    # @param replication.auth.existingSecret Use existing secret reference instead of password
    existingSecret: ""
    # @param replication.auth.secretKeys Keys configuration for .existingSecret
    secretKeys:
      # @param replication.auth.secretKeys.password Key for password field
      password: "replication-password"
  # @param replication.primary.allowFrom Allow from IP ranges configuration for the primary server
  allowFrom:
    # @param replication.primary.allowFrom.ipv4 Allowed IPv4 network (set empty to disable that feature)
    ipv4: "0.0.0.0/0"
    # @param replication.primary.allowFrom.ipv6 Allowed IPv6 network (set empty to disable that feature)
    ipv6: "::/0"