refactor: move to new repo

postgres-operator/resources/db/default-cluster.yaml

@@ -0,0 +1,77 @@
+---
+apiVersion: postgres-operator.crunchydata.com/v1beta1
+kind: PostgresCluster
+metadata:
+  name: default-cluster
+  namespace: postgres
+spec:
+  image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-15.4-1
+  postgresVersion: 15
+  users:
+    - name: postgres
+    - name: coder
+      databases:
+        - coder
+    - name: drone
+      databases:
+        - drone
+    - name: fider
+      databases:
+        - fider
+    - name: forgejo
+      databases:
+        - forgejo
+    - name: grafana
+      databases:
+        - grafana
+    - name: hedgedoc
+      databases:
+        - hedgedoc
+    - name: nextcloud
+      databases:
+        - nextcloud
+    - name: noco
+      databases:
+        - noco
+    - name: vikunja
+      databases:
+        - vikunja
+    - name: zipline
+      databases:
+        - zipline
+  instances:
+    - name: instance1
+      replicas: 2
+      dataVolumeClaimSpec:
+        storageClassName: hcloud-volumes
+        accessModes:
+        - "ReadWriteOnce"
+        resources:
+          requests:
+            storage: 10Gi
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 1
+            podAffinityTerm:
+              topologyKey: kubernetes.io/hostname
+              labelSelector:
+                matchLabels:
+                  postgres-operator.crunchydata.com/cluster: default-cluster
+                  postgres-operator.crunchydata.com/instance-set: instance1
+
+  backups:
+    pgbackrest:
+      image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.47-1
+      configuration:
+      - secret:
+          name: pgo-s3-creds
+      global:
+        repo1-path: /pgbackrest/default-cluster/repo1
+        repo1-s3-uri-style: path
+      repos:
+      - name: repo1
+        s3:
+          bucket: backup
+          endpoint: 2df513adaee2eeae12106af900bed297.r2.cloudflarestorage.com
+          region: us-east-1

postgres-operator/resources/db/pgo-s3-creds.enc.yaml

@@ -0,0 +1,37 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: pgo-s3-creds
+    namespace: postgres
+type: Opaque
+stringData:
+    s3.conf: ENC[AES256_GCM,data:nd12eOx2aXNyvUyNxZVP7v9dgh/P51f5UM+vgvP2odnBX9dzE79/2/kI5dn/hJsa/6Jibmk/3Pvexl9PTc1BmYFogVXfkVH04RhH1iaP6Jsl8oycIaG4oPdPgfwSseZlGCmSIBP+GTRoQ8mUmNDVxaSb4SwYHI9vjTalxoSyo+vnE8ABBt7h5J5QgXo=,iv:av60ntIqiRfv7gum585jjO1McCOXmMVD+voBuWfukm0=,tag:+GgMk3Z16JFyfLvsHH/m0Q==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoU3pnbVhrREF3d3ZiU040
+            UjU1TUMraXhlV0k3aGprSnZvaUZncDU3Q1hFCkZtMklKS0VWS0w1SllxQ3lKYmxC
+            b2NFSitjSEtqMEpiZnNmeEhPb2RBa28KLS0tIFYxQ2w1aW1zaFVGY1RZekJVOEdH
+            UGZwVWhNTHdCS1hDMjJYcy9kVittTlEKLMWQALBbEmqMLx2gGMWr6m6CHb7vP9k3
+            lIZNhA5nwpH2R7TSbbNpnzsq3yhC9ClM8smfAmr+02rUK6T4RYaZiQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RVRxb2h5WjRFc0xBdE5m
+            b0JrbHJvM1pCZDlFVXU4bG0wdVpnQjRRaUd3CmphMU9LbGx4NURrNUlUekJMUHN6
+            ZVFncDgvcXdNeVVjSk52LzZ1N2NmSk0KLS0tIEJvQlBnNHFEQnVvZFZESDlRSHox
+            RHhmT1VJWHNsK2QrS1p1dEkyM2JrcTQKs4gzaEY/ofkMHkD03Yu9JIgnR12c5LWm
+            2bwb+wJ056Sxz2jwC66gW2F7CcX8tIBOuWW99JqfHhFBj9oYZGoDxw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-11-07T18:09:57Z"
+    mac: ENC[AES256_GCM,data:yndsk1ZStyVRDFm8h3dTARBzsiXAgWNNvrVmQeHuzYAYO78UxDXljbuQHBIJHGpSD4jEZl569cy3VY8Wk8ulUHHJM82LSMtYeAabv3GMJIpPxMHsczngBpbqmLQEpW6Yb6EB8eY7F8gL0MtZu46r4Dw9zZJKmGW6V1cIPK6G6As=,iv:udMhvZbf966Rdyl/2I/0IQL6kOvUOY4OSQMj+bWEKvM=,tag:BQPy3GoWP9FKcH6+o4B/8g==,type:str]
+    pgp: []
+    unencrypted_regex: ^(apiVersion|metadata|kind|type)$
+    version: 3.8.1

postgres-operator/resources/manager.yaml

@@ -0,0 +1,63 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pgo
+  namespace: postgres-system
+  labels:
+    postgres-operator.crunchydata.com/control-plane: postgres-operator
+spec:
+  replicas: 1
+  strategy: { type: Recreate }
+  selector:
+    matchLabels:
+      postgres-operator.crunchydata.com/control-plane: postgres-operator
+  template:
+    metadata:
+      labels:
+        postgres-operator.crunchydata.com/control-plane: postgres-operator
+    spec:
+      containers:
+      - name: operator
+        image: postgres-operator
+        env:
+        - name: PGO_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: CRUNCHY_DEBUG
+          value: "true"
+        - name: RELATED_IMAGE_POSTGRES_14
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-14.9-1"
+        - name: RELATED_IMAGE_POSTGRES_14_GIS_3.1
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-14.9-3.1-1"
+        - name: RELATED_IMAGE_POSTGRES_14_GIS_3.2
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-14.9-3.2-1"
+        - name: RELATED_IMAGE_POSTGRES_14_GIS_3.3
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-14.9-3.3-1"
+        - name: RELATED_IMAGE_POSTGRES_15
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-15.4-1"
+        - name: RELATED_IMAGE_POSTGRES_15_GIS_3.3
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-15.4-3.3-1"
+        - name: RELATED_IMAGE_POSTGRES_16
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-16.0-0"
+        - name: RELATED_IMAGE_POSTGRES_16_GIS_3.3
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-16.0-3.3-0"
+        - name: RELATED_IMAGE_POSTGRES_16_GIS_3.4
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-16.0-3.4-0"
+        - name: RELATED_IMAGE_PGADMIN
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4:ubi8-4.30-18"
+        - name: RELATED_IMAGE_PGBACKREST
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.47-1"
+        - name: RELATED_IMAGE_PGBOUNCER
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi8-1.19-5"
+        - name: RELATED_IMAGE_PGEXPORTER
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi8-5.4.3-0"
+        - name: RELATED_IMAGE_PGUPGRADE
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-upgrade:ubi8-5.4.3-0"
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities: { drop: [ALL] }
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+      serviceAccountName: pgo

postgres-operator/resources/namespace.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: postgres-system
+  labels:
+    prometheus: default
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: postgres
+  labels:
+    prometheus: default

postgres-operator/resources/rbac/role.yaml

@@ -0,0 +1,156 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: postgres-operator
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - configmaps
+  - persistentvolumeclaims
+  - secrets
+  - services
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - ''
+  resources:
+  - endpoints
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - ''
+  resources:
+  - endpoints/restricted
+  - pods/exec
+  verbs:
+  - create
+- apiGroups:
+  - ''
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+- apiGroups:
+  - ''
+  resources:
+  - pods
+  verbs:
+  - delete
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - ''
+  resources:
+  - serviceaccounts
+  verbs:
+  - create
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - statefulsets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - batch
+  resources:
+  - cronjobs
+  - jobs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - policy
+  resources:
+  - poddisruptionbudgets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - postgres-operator.crunchydata.com
+  resources:
+  - pgupgrades
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - postgres-operator.crunchydata.com
+  resources:
+  - pgupgrades/finalizers
+  verbs:
+  - patch
+  - update
+- apiGroups:
+  - postgres-operator.crunchydata.com
+  resources:
+  - pgupgrades/status
+  verbs:
+  - get
+  - patch
+  - watch
+- apiGroups:
+  - postgres-operator.crunchydata.com
+  resources:
+  - postgresclusters
+  verbs:
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - postgres-operator.crunchydata.com
+  resources:
+  - postgresclusters/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - postgres-operator.crunchydata.com
+  resources:
+  - postgresclusters/status
+  verbs:
+  - patch
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - rolebindings
+  - roles
+  verbs:
+  - create
+  - get
+  - list
+  - patch
+  - watch

postgres-operator/resources/rbac/role_binding.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: postgres-operator
+  labels:
+    postgres-operator.crunchydata.com/control-plane: postgres-operator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: postgres-operator
+subjects:
+- kind: ServiceAccount
+  name: pgo
+  namespace: postgres-system

postgres-operator/resources/rbac/service_account.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: pgo
+  namespace: postgres-system
+  labels:
+    postgres-operator.crunchydata.com/control-plane: postgres-operator