Use custom Docker image

example/images/postgres-exporter/Dockerfile

@@ -0,0 +1,22 @@
+FROM danielberteaud/alpine:24.3-1 AS builder
+
+ARG EXPORTER_VERSION=0.15.0
+
+ADD https://github.com/prometheus-community/postgres_exporter/releases/download/v${EXPORTER_VERSION}/postgres_exporter-${EXPORTER_VERSION}.linux-amd64.tar.gz /tmp
+ADD https://github.com/prometheus-community/postgres_exporter/releases/download/v${EXPORTER_VERSION}/sha256sums.txt /tmp
+
+RUN set -euxo pipefail &&\
+    apk --no-cache add tar gzip &&\
+    cd /tmp &&\
+    grep postgres_exporter-${EXPORTER_VERSION}.linux-amd64.tar.gz sha256sums.txt | sha256sum -c &&\
+    tar xvzf postgres_exporter-${EXPORTER_VERSION}.linux-amd64.tar.gz &&\
+    mv postgres_exporter-${EXPORTER_VERSION}.linux-amd64/postgres_exporter /usr/local/bin/postgres_exporter &&\
+    chown root:root /usr/local/bin/postgres_exporter &&\
+    chmod 755 /usr/local/bin/postgres_exporter
+
+FROM danielberteaud/alpine:24.3-1
+MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
+
+COPY --from=builder /usr/local/bin/postgres_exporter /usr/local/bin/postgres_exporter
+
+CMD ["postgres_exporter"]

example/init/pki

@@ -30,9 +30,9 @@ vault secrets tune -max-lease-ttl=131400h pki/postgres
 # Configure PKI URLs
 echo "Configure URL endpoints"
 vault write pki/postgres/config/urls \
-  issuing_certificates="${VAULT_ADDR}/v1pki/postgres/ca" \
-  crl_distribution_points="${VAULT_ADDR}/v1pki/postgres/crl" \
-  ocsp_servers="${VAULT_ADDR}/v1pki/postgres/ocsp"
+  issuing_certificates="${VAULT_ADDR}/v1/pki/postgres/ca" \
+  crl_distribution_points="${VAULT_ADDR}/v1/pki/postgres/crl" \
+  ocsp_servers="${VAULT_ADDR}/v1/pki/postgres/ocsp"
 
 vault write pki/postgres/config/cluster \
   path="${VAULT_ADDR}/v1pki/postgres"

example/upgrade.nomad.hcl

@@ -1,70 +0,0 @@
-job "postgres-upgrade" {
-
-
-  datacenters = ["dc1"]
-  region      = "global"
-
-
-
-
-  type = "batch"
-
-  meta {
-    # Force job to be different for each execution
-    run_uuid = "${uuidv4()}"
-  }
-
-  group "upgrade" {
-
-    volume "data" {
-      type            = "csi"
-      source          = "postgres-data"
-      access_mode     = "single-node-writer"
-      attachment_mode = "file-system"
-      per_alloc       = true
-    }
-
-
-    task "postgres-upgrade" {
-      driver = "docker"
-
-      config {
-        image           = "danielberteaud/pg-major-upgrade:latest"
-        readonly_rootfs = true
-      }
-
-      env {
-        PG_FROM       = ""
-        PG_TO         = ""
-        PG_DO_UPGRADE = false
-      }
-
-
-
-      # Use a template block instead of env {} so we can fetch values from vault
-      template {
-        data        = <<_EOT
-LANG=fr_FR.utf8
-TZ=Europe/Paris
-_EOT
-        destination = "secrets/.env"
-        perms       = 400
-        env         = true
-      }
-
-
-      volume_mount {
-        volume      = "data"
-        destination = "/data"
-      }
-
-
-      resources {
-        cpu    = 1000
-        memory = 1024
-      }
-
-    }
-  }
-}
-

images/postgres-exporter/Dockerfile

@@ -0,0 +1,22 @@
+FROM [[ .docker.repo ]][[ .docker.base_images.alpine.image ]] AS builder
+
+ARG EXPORTER_VERSION=[[ .pg.exporter.version ]]
+
+ADD https://github.com/prometheus-community/postgres_exporter/releases/download/v${EXPORTER_VERSION}/postgres_exporter-${EXPORTER_VERSION}.linux-amd64.tar.gz /tmp
+ADD https://github.com/prometheus-community/postgres_exporter/releases/download/v${EXPORTER_VERSION}/sha256sums.txt /tmp
+
+RUN set -euxo pipefail &&\
+    apk --no-cache add tar gzip &&\
+    cd /tmp &&\
+    grep postgres_exporter-${EXPORTER_VERSION}.linux-amd64.tar.gz sha256sums.txt | sha256sum -c &&\
+    tar xvzf postgres_exporter-${EXPORTER_VERSION}.linux-amd64.tar.gz &&\
+    mv postgres_exporter-${EXPORTER_VERSION}.linux-amd64/postgres_exporter /usr/local/bin/postgres_exporter &&\
+    chown root:root /usr/local/bin/postgres_exporter &&\
+    chmod 755 /usr/local/bin/postgres_exporter
+
+FROM [[ .docker.repo ]][[ .docker.base_images.alpine.image ]]
+MAINTAINER [[ .docker.maintainer ]]
+
+COPY --from=builder /usr/local/bin/postgres_exporter /usr/local/bin/postgres_exporter
+
+CMD ["postgres_exporter"]

postgres.nomad.hcl

@@ -334,8 +334,9 @@ _EOT
       }
 
       config {
-        image = "[[ $e.image ]]"
-        args = [
+        image   = "[[ $e.image ]]"
+        command = "postgres_exporter"
+        args    = [
           "--web.listen-address=127.0.0.1:9187"
         ]
         readonly_rootfs = true

upgrade.nomad.hcl

@@ -1,51 +0,0 @@
-[[ $c := merge .pg.upgrade . -]]
-job "[[ .instance ]]-upgrade" {
-
-[[ template "common/job_start.tpl" $c ]]
-
-  type = "batch"
-
-  meta {
-    # Force job to be different for each execution
-    run_uuid = "${uuidv4()}"
-  }
-
-  group "upgrade" {
-
-    volume "data" {
-      type            = [[ .pg.volumes.data.type | toJSON ]]
-      source          = [[ .pg.volumes.data.source | toJSON ]]
-[[- if ne .pg.volumes.data.type "host" ]]
-      access_mode     = "single-node-writer"
-      attachment_mode = "file-system"
-[[- end ]]
-      per_alloc       = true
-    }
-
-    
-    task "[[ .instance ]]-upgrade" {
-      driver = [[ $c.nomad.driver | toJSON ]]
-
-      config {
-        image           = [[ $c.image | toJSON ]]
-        readonly_rootfs = true
-      }
-
-      env {
-        PG_FROM       = [[ $c.from | toJSON ]]
-        PG_TO         = [[ $c.to | toJSON ]]
-        PG_DO_UPGRADE = [[ $c.do_upgrade | toJSON ]]
-      }
-
-[[ template "common/file_env.tpl" $c ]]
-
-      volume_mount {
-        volume      = "data"
-        destination = "/data"
-      }
-
-[[ template "common/resources.tpl" $c.resources ]]
-    }
-  }
-}
-

variables.yml

@@ -183,8 +183,9 @@ pg:
   # Postgres exporter for prometheus
   # Only used if prometheus.enabled is true
   exporter:
+    version: 0.15.0
     # Image to use
-    image: quay.io/prometheuscommunity/postgres-exporter:latest
+    image: '[[ .docker.repo ]]postgres-exporter:[[ .pg.exporter.version ]]-1'
     # Additional env var
     env: {}
     # Resources