feat: bump to postgres v15.5

chart/templates/postgres.yaml

@@ -20,11 +20,24 @@ spec:
           emptyDir:
             medium: Memory
             sizeLimit: "{{- .Values.db.shmVolume  }}"
-        - name: conf
-          configMap:
-            name: postgresql-conf
-            optional: true
       initContainers:
+        {{- if .Values.db.upgrade.perform}}
+        - image: tianon/postgres-upgrade:{{.Values.db.upgrade.old}}-to-{{.Values.db.upgrade.new}}
+          name: postgres-upgrade
+          volumeMounts:
+            - mountPath: "/current"
+              name: postgresql
+          command:
+            - sh
+            - -c
+            - "if [ ! -d '/current/postgres' ]; then exit 0; fi && rm -rf /var/lib/postgresql/{{.Values.db.upgrade.old}}/data &&
+              mv /current/postgres /var/lib/postgresql/{{.Values.db.upgrade.old}}/data && 
+              mkdir -p /var/lib/postgresql/{{.Values.db.upgrade.new}}/data &&
+              chmod -R 0750 /var/lib/postgresql/{{.Values.db.upgrade.new}}/data &&
+              chown 999:999 -R /var/lib/postgresql/{{.Values.db.upgrade.new}}/data &&
+              /usr/local/bin/docker-upgrade &&
+              mv /var/lib/postgresql/{{.Values.db.upgrade.new}}/data /current/postgres"
+        {{- end}}
         - command:
           - sh
           - -c
@@ -38,12 +51,11 @@ spec:
             mountPath: /dev/shm
       containers:
       - name: postgresql
-        image: docker.io/supabase/postgres:14.1.0.21
+        image: '{{.Values.db.image}}:{{.Values.db.tag}}'
         command:
           - /usr/local/bin/docker-entrypoint.sh
           - -D
           - /var/lib/postgresql/data
-          - --config-file=/etc/postgresql/postgresql.conf
           {{- range $k, $v := .Values.db.conf }}
           - --{{ $k }}={{ $v }}
           {{- end }}
@@ -68,13 +80,12 @@ spec:
       name: postgresql
     spec:
       accessModes: ["ReadWriteOnce"]
-      {{ if .Values.db.storageClass }}
+      {{- if .Values.db.storageClass }}
       storageClassName: {{ .Values.db.storageClass }}
-      {{ end }}
+      {{- end }}
       resources:
         requests:
           storage: {{ .Values.db.storage }}
-
 ---
 apiVersion: v1
 kind: Service

chart/values.yaml

@@ -1,6 +1,7 @@
 replicas: 1
 # Use this only if you want to replace the default that is .Chart.Name as the name of all the objects.
 nameOverride: ""
+
 image:
   repository: docker.io/flanksource/incident-commander
   pullPolicy: IfNotPresent
@@ -17,14 +18,17 @@
 serviceAccount:
   # Annotations to add to the service account
   annotations: {}
+
 extraArgs: {}
+
 externalPostgrest:
   enable: true
   tag: v10.1.0
   logLevel: info
   dbScema: public
   dbAnonRole: postgrest_anon
   maxRows: 2000
+
 # Specify the cel-go script or the file path to the cel script.
 # Script is used to map the user identity to the role & teams.
 identityRoleMapper:
@@ -35,6 +39,7 @@
     name: ""
     key: ""
     mountPath: "/etc/identity-role-mapper"
+
 # Configuration for pushing data to upstream
 # upstream_push:
 #   name: ''
@@ -43,20 +48,30 @@
 #   password: ''
 #   labels: 'key1=val1,key2=val2'
 upstream_push: {}
+
 # Allowed values are [none, kratos,clerk]
 authProvider: kratos
 clerkJWKSURL: ""
 clerkOrgID: ""
+
 otel:
   # OpenTelemetry gRPC collector endpoint in host:port format
   collector: "{{.Values.global.otel.collector}}"
   serviceName: "mission-control"
+
 # Properties to configure mission-control feature sets
 properties:
   incidents.disable: true
   logs.disable: true
+
 db:
   create: true
+  image: postgres
+  tag: '15.5@sha256:ee2f170c46df225310c923010230434e269238a65307539f9aced9da6ca44fad'
+  upgrade:
+    perform: true
+    old: '14'
+    new: '15'
   conf:
     max_connections: 200
     shared_buffers: 1GB
@@ -67,24 +82,24 @@
     work_mem: 10MB
     max_wal_size: 4GB
     log_autovacuum_min_duration: 0
     log_connections: on
     log_destination: "csvlog"
     log_directory: "/var/log/postgresql"
     log_file_mode: 0640
     log_filename: "postgresql.log"
     log_line_prefix: "%h %m [%p] %q%u@%d "
     log_lock_waits: on
     log_min_duration_statement: "1s"
     log_rotation_age: 0
     log_rotation_size: 0
     log_statement: "all"
     log_temp_files: 0
     log_timezone: "UTC"
     logging_collector: on
     ssl: off
     timezone: "UTC"
     password_encryption: scram-sha-256
     db_user_namespace: off
     extra_float_digits: 0
   secretKeyRef:
     name: incident-commander-postgres
@@ -106,7 +121,9 @@
     # SMTP_PORT: <port>
     # SMTP_USER: <user>
     # SMTP_PASSWORD: <password>
+
 adminPassword: admin
+
 canary-checker:
   image:
     type: full
@@ -124,6 +141,7 @@
   flanksource-ui:
     # Disable UI via canary-checker by default.
     enabled: false
+
 config-db:
   disablePostgrest: true
   db:
@@ -135,6 +153,7 @@
       secretKeyRef:
         name: incident-commander-postgres
         key: DB_URL
+
 apm-hub:
   enabled: false
   db:
@@ -143,6 +162,7 @@
       create: false
       name: incident-commander-postgres
       key: DB_URL
+
 # Enable ingress only if the UI is deployed outside of the cluster and calls public incident-commander api endpoint.
 ingress:
   enabled: false
@@ -154,6 +174,7 @@
     - hosts:
         - "{{.Values.global.api.host}}"
       secretName: "{{.Values.global.api.tlsSecretName}}"
+
 flanksource-ui:
   enabled: true
   nameOverride: "incident-manager-ui"
@@ -168,6 +189,7 @@
       - hosts:
           - "{{.Values.global.ui.host}}"
         secretName: "{{.Values.global.ui.tlsSecretName}}"
+
 # - if chart name (incident-commander) is changed, change the urls. E.g.
 # oryKratosURI url points to the incident-commander service with a suffix.
 #