Skip to content

Commit

Permalink
feat(images): Add Postgres Bitnami
Browse files Browse the repository at this point in the history
Signed-off-by: RJ Sampson <rj.sampson@chainguard.dev>
  • Loading branch information
EyeCantCU committed May 3, 2024
1 parent 1a71225 commit 4c96f77
Show file tree
Hide file tree
Showing 9 changed files with 289 additions and 0 deletions.
9 changes: 9 additions & 0 deletions generated.tf

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

32 changes: 32 additions & 0 deletions images/postgres-bitnami/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
<!--monopod:start-->
# postgres-bitnami
| | |
| - | - |
| **OCI Reference** | `cgr.dev/chainguard/postgres-bitnami` |


* [View Image in Chainguard Academy](https://edu.chainguard.dev/chainguard/chainguard-images/reference/postgres-bitnami/overview/)
* [View Image Catalog](https://console.enforce.dev/images/catalog) for a full list of available tags.
* [Contact Chainguard](https://www.chainguard.dev/chainguard-images) for enterprise support, SLAs, and access to older tags.*

---
<!--monopod:end-->

<!--overview:start-->
Minimal PostgreSQL Bitnami image.
<!--overview:end-->

<!--getting:start-->
## Download this Image
The image is available on `cgr.dev`:

```
docker pull cgr.dev/chainguard/postgres-bitnami:latest
```
<!--getting:end-->

<!--body:start-->
This image provides PostgreSQL with bitnami compliance in place.

The latest image and usage documentation can be found [here](https://github.com/chainguard-images/images/tree/main/images/postgres).
<!--body:end-->
19 changes: 19 additions & 0 deletions images/postgres-bitnami/config/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
terraform {
required_providers {
apko = { source = "chainguard-dev/apko" }
}
}

variable "extra_packages" {
description = "The additional packages to install (e.g. postgresql-15)."
default = [""]
}

data "apko_config" "this" {
config_contents = file("${path.module}/template.apko.yaml")
extra_packages = var.extra_packages
}

output "config" {
value = jsonencode(data.apko_config.this.config)
}
51 changes: 51 additions & 0 deletions images/postgres-bitnami/config/template.apko.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
contents:
packages:
- glibc-locale-en
- busybox
- su-exec
# Postgres comes via var.extra_packages

accounts:
groups:
- groupname: postgres
gid: 1001
users:
- username: postgres
uid: 1001
gid: 1001
run-as: 1001

entrypoint:
command: /opt/bitnami/scripts/postgresql/entrypoint.sh /opt/bitnami/scripts/postgresql/run.sh

environment:
PGDATA: /opt/bitnami/postgresql/data
# Postgres defers to locale and docker-library/postgres sets UTF-8 as default.
LANG: en_US.UTF-8
BITNAMI_APP_NAME: postgresql

paths:
- path: /opt/bitnami/postgresql/data
type: directory
uid: 1001
gid: 1001
permissions: 0o755
recursive: true
- path: /opt/bitnami/postgresql/tmp
type: directory
uid: 1001
gid: 1001
permissions: 0o755
recursive: true
- path: /opt/bitnami/postgresql/logs
type: directory
uid: 1001
gid: 1001
permissions: 0o755
recursive: true
- path: /opt/bitnami/postgresql/conf
type: directory
uid: 1001
gid: 1001
permissions: 0o777
recursive: true
13 changes: 13 additions & 0 deletions images/postgres-bitnami/generated.tf

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

46 changes: 46 additions & 0 deletions images/postgres-bitnami/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
terraform {
required_providers {
oci = { source = "chainguard-dev/oci" }
}
}

variable "target_repository" {
description = "The docker repo into which the image and attestations should be published."
}

module "latest-config" {
source = "./config"
extra_packages = [
"postgresql",
"postgresql-client",
"postgresql-oci-entrypoint",
"postgresql-contrib",
"postgresql-bitnami-compat",
"libpq",
]
}

module "latest" {
source = "../../tflib/publisher"
name = basename(path.module)
target_repository = var.target_repository
config = module.latest-config.config
build-dev = true
}

module "latest-test" {
source = "./tests"
digest = module.latest.image_ref
}

resource "oci_tag" "latest" {
depends_on = [module.latest-test]
digest_ref = module.latest.image_ref
tag = "latest"
}

resource "oci_tag" "latest-dev" {
depends_on = [module.latest-test]
digest_ref = module.latest.dev_ref
tag = "latest-dev"
}
12 changes: 12 additions & 0 deletions images/postgres-bitnami/metadata.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
name: postgres-bitnami
image: cgr.dev/chainguard/postgres-bitnami
logo: https://storage.googleapis.com/chainguard-academy/logos/postgres.svg
endoflife: ""
console_summary: ""
short_description: Minimal PostgreSQL Bitnami image.
compatibility_notes: ""
readme_file: README.md
upstream_url: https://www.postgresql.org/
keywords:
- application
- databases
79 changes: 79 additions & 0 deletions images/postgres-bitnami/tests/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
terraform {
required_providers {
oci = { source = "chainguard-dev/oci" }
imagetest = { source = "chainguard-dev/imagetest" }
}
}

variable "digest" {
description = "The image digest to run tests over."
}

data "oci_string" "ref" { input = var.digest }

data "imagetest_inventory" "this" {}

resource "imagetest_harness_k3s" "this" {
name = "postgres"
inventory = data.imagetest_inventory.this

sandbox = {
envs = {
"NAME" : "postgres"
"NAMESPACE" : "postgres"
}
mounts = [{
source = path.module
destination = "/tests"
}]
}
}

module "helm" {
source = "../../../tflib/imagetest/helm"

name = "postgres"
namespace = "postgres"
chart = "oci://registry-1.docker.io/bitnamicharts/postgresql"

# https://artifacthub.io/packages/helm/bitnami/postgresql#securing-traffic-using-tls
values = {
image = {
registry = data.oci_string.ref.registry
repository = data.oci_string.ref.repo
tag = data.oci_string.ref.pseudo_tag
digest = data.oci_string.ref.digest
}
volumePermissions = {
enabled = true
}
tls = {
enabled = true
autoGenerated = true
}
}
}

resource "imagetest_feature" "basic" {

Check failure on line 57 in images/postgres-bitnami/tests/main.tf

View workflow job for this annotation

GitHub Actions / build-the-world (0, postgres-bitnami)

failed to test feature

module.postgres-bitnami.module.latest-test.imagetest_feature.basic

Check failure on line 57 in images/postgres-bitnami/tests/main.tf

View workflow job for this annotation

GitHub Actions / build-the-world (0, postgres-bitnami)

failed to destroy harness

module.postgres-bitnami.module.latest-test.imagetest_feature.basic
harness = imagetest_harness_k3s.this
name = "Basic"
description = "Basic functionality of the Postgres Helm chart."

steps = [
{
name = "Install Helm chart"
cmd = module.helm.install_cmd
},
{
name = "Postgres TLS test"
workdir = "/tests"
cmd = <<EOF
./tls.sh
EOF
},
]

labels = {
type = "k8s"
}
}
28 changes: 28 additions & 0 deletions images/postgres-bitnami/tests/tls.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
#!/usr/bin/env bash

set -o errexit -o nounset -o errtrace -o pipefail -x

wait_for_pod() {
kubectl wait pod/"${NAME}"-postgresql-0 --for=condition=Ready --timeout=120s -n "${NAMESPACE}"
}

check_tls() {
# Add Postgres client utilities
apk add postgresql-client

# Copy autogenerated TLS certs
mkdir -p /certs
kubectl cp "${NAMESPACE}"/"${NAME}"-postgresql-0:/opt/bitnami/postgresql/certs /certs

# Forward port
kubectl port-forward service/"${NAME}"-postgresql -n "${NAMESPACE}" 5432:5432

# Validate TLS works
psql host="${NAME}"-postgresql."${NAME}".svc.cluster.local port=5432 \
sslmode=require sslcert=/certs/tls.crt sslkey=/certs/tls.key sslrootcert=/certs/ca.crt \
-c SELECT 1
}

# Run tests
wait_for_pod
check_tls

0 comments on commit 4c96f77

Please sign in to comment.