diff --git a/cnpg/.gitattributes b/cnpg/.gitattributes new file mode 100644 index 0000000..f93d84a --- /dev/null +++ b/cnpg/.gitattributes @@ -0,0 +1 @@ +**/secrets/*.y*ml filter=age diff=age merge=age -text diff --git a/cnpg/config/values.yaml b/cnpg/config/values.cnpg.yaml similarity index 86% rename from cnpg/config/values.yaml rename to cnpg/config/values.cnpg.yaml index 1e6d62a..0768b2a 100644 --- a/cnpg/config/values.yaml +++ b/cnpg/config/values.cnpg.yaml @@ -1,3 +1,5 @@ +replicaCount: 2 + monitoring: podMonitorEnabled: true grafanaDashboard: diff --git a/cnpg/config/values.ext-pgo.yaml b/cnpg/config/values.ext-pgo.yaml new file mode 100644 index 0000000..9384887 --- /dev/null +++ b/cnpg/config/values.ext-pgo.yaml @@ -0,0 +1,3 @@ +replicaCount: 2 + +existingSecret: ext-postgres-operator diff --git a/cnpg/kustomization.yaml b/cnpg/kustomization.yaml index acafb54..bc15f24 100644 --- a/cnpg/kustomization.yaml +++ b/cnpg/kustomization.yaml @@ -1,12 +1,23 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: postgres-system +resources: + - resources/secrets/ext-pgo-creds.yaml + - resources/secrets/ext-pgo-admin.yaml + - resources/secrets/cnpg-backup-creds.yaml + - resources/cluster.yaml helmCharts: - releaseName: cnpg name: cloudnative-pg repo: https://cloudnative-pg.github.io/charts version: 0.21.5 - valuesFile: config/values.yaml + valuesFile: config/values.cnpg.yaml namespace: postgres-system + + - releaseName: ext-pgo + name: ext-postgres-operator + repo: https://movetokube.github.io/postgres-operator/ + version: 1.2.6 + valuesFile: config/values.ext-pgo.yaml + namespace: postgres diff --git a/cnpg/resources/cluster.yaml b/cnpg/resources/cluster.yaml new file mode 100644 index 0000000..504bd74 --- /dev/null +++ b/cnpg/resources/cluster.yaml @@ -0,0 +1,48 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: app-cluster + namespace: postgres +spec: + instances: 2 + + managed: + roles: + - name: ext_pgo_admin + ensure: present + superuser: true + createrole: true + createdb: true + + storage: + size: 10Gi + storageClass: hcloud-volumes + + backup: + barmanObjectStore: + destinationPath: cnpg + s3Credentials: + accessKeyId: + name: cnpg-backup-creds + key: ACCESS_KEY_ID + secretAccessKey: + name: cnpg-backup-creds + key: ACCESS_SECRET_KEY + retentionPolicy: "30d" + + resources: + requests: + cpu: 100m + memory: 400Mi + limits: + cpu: 500m + memory: 800Mi + + affinity: + enablePodAntiAffinity: true + topologyKey: kubernetes.io/hostname + podAntiAffinityType: preferred + + enablePDB: true + monitoring: + enablePodMonitor: true diff --git a/cnpg/resources/secrets/cnpg-backup-creds.yaml b/cnpg/resources/secrets/cnpg-backup-creds.yaml new file mode 100644 index 0000000..4c34f28 Binary files /dev/null and b/cnpg/resources/secrets/cnpg-backup-creds.yaml differ diff --git a/cnpg/resources/secrets/ext-pgo-admin.yaml b/cnpg/resources/secrets/ext-pgo-admin.yaml new file mode 100644 index 0000000..d9c310b --- /dev/null +++ b/cnpg/resources/secrets/ext-pgo-admin.yaml @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> X25519 SQkKLcgCsGBZ6FM800HldDftkLV/u53xliCGnGU6Gz0 +TvQkvxIdoIydgUshJXYai2pJjo/GsEklyGfba/zj31Y +-> X25519 V60zpoLahYcT/dGVnixvv471qCE8xAOP+LoAdq04ryM +q7iTcIfP6xgpJaQZJuW0kpY9dEwbwsleyyorsFK4atA +--- W40yHxyT9ZMPvnQ0WYg7K1sG0qd4loHmyW6HYZL5zBM +#W5+D`HUdNSƐf.vC]u"gfp:ϬNBv O%3cQ9m (EK 4gܞo&vztPވ2  >&Z{'Qj:܈ "Ck)V1V] +'sw~oEFhS 7}'&[lUM=w \ No newline at end of file diff --git a/cnpg/resources/secrets/ext-pgo-creds.yaml b/cnpg/resources/secrets/ext-pgo-creds.yaml new file mode 100644 index 0000000..5fd5153 Binary files /dev/null and b/cnpg/resources/secrets/ext-pgo-creds.yaml differ