mirror of
https://github.com/auricom/home-cluster.git
synced 2025-09-17 18:24:14 +02:00
🔥 cloudnative-pg
This commit is contained in:
auricom
@@ -1,35 +0,0 @@
|
||||
---
|
||||
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: cloudnative-pg
|
||||
namespace: default
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: onepassword-connect
|
||||
target:
|
||||
name: cloudnative-pg-secret
|
||||
template:
|
||||
engineVersion: v2
|
||||
metadata:
|
||||
labels:
|
||||
cnpg.io/reload: "true"
|
||||
data:
|
||||
- secretKey: username
|
||||
remoteRef:
|
||||
key: cloudnative-pg
|
||||
property: POSTGRES_SUPER_USER
|
||||
- secretKey: password
|
||||
remoteRef:
|
||||
key: cloudnative-pg
|
||||
property: POSTGRES_SUPER_PASS
|
||||
- secretKey: aws-access-key-id
|
||||
remoteRef:
|
||||
key: cloudnative-pg
|
||||
property: AWS_ACCESS_KEY_ID
|
||||
- secretKey: aws-secret-access-key
|
||||
remoteRef:
|
||||
key: cloudnative-pg
|
||||
property: AWS_SECRET_ACCESS_KEY
|
||||
@@ -1,33 +0,0 @@
|
||||
---
|
||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2beta2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: cloudnative-pg
|
||||
namespace: default
|
||||
spec:
|
||||
interval: 30m
|
||||
chart:
|
||||
spec:
|
||||
chart: cloudnative-pg
|
||||
version: 0.20.0
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cloudnative-pg
|
||||
namespace: flux-system
|
||||
maxHistory: 2
|
||||
install:
|
||||
createNamespace: true
|
||||
crds: CreateReplace
|
||||
remediation:
|
||||
retries: 3
|
||||
upgrade:
|
||||
cleanupOnFail: true
|
||||
crds: CreateReplace
|
||||
remediation:
|
||||
retries: 3
|
||||
uninstall:
|
||||
keepHistory: false
|
||||
values:
|
||||
crds:
|
||||
create: true
|
||||
@@ -1,18 +0,0 @@
|
||||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: default
|
||||
resources:
|
||||
- ./externalsecret.yaml
|
||||
- ./helmrelease.yaml
|
||||
configMapGenerator:
|
||||
- name: cloudnative-pg-dashboard
|
||||
files:
|
||||
- cloudnative-pg-dashboard.json=https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/main/docs/src/samples/monitoring/grafana-dashboard.json
|
||||
generatorOptions:
|
||||
disableNameSuffixHash: true
|
||||
annotations:
|
||||
kustomize.toolkit.fluxcd.io/substitute: disabled
|
||||
labels:
|
||||
grafana_dashboard: "true"
|
||||
@@ -1,53 +0,0 @@
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: &app cloudnative-pg-external-backup
|
||||
namespace: default
|
||||
spec:
|
||||
schedule: "@daily"
|
||||
jobTemplate:
|
||||
spec:
|
||||
ttlSecondsAfterFinished: 86400
|
||||
template:
|
||||
spec:
|
||||
automountServiceAccountToken: false
|
||||
restartPolicy: OnFailure
|
||||
containers:
|
||||
- name: *app
|
||||
image: prodrigestivill/postgres-backup-local:15-alpine@sha256:30473b9a3f2e884b7a17d6da1287e962933ab9d69ea5ba604c2e2afb89d16bb9
|
||||
env:
|
||||
- name: POSTGRES_HOST
|
||||
value: ${POSTGRES_HOST}
|
||||
- name: POSTGRES_DB
|
||||
value: "atuin,authelia,bazarr,freshrss,gatus,ghostfolio,lidarr_main,immich,invidious,joplin,kresus,linkding,lldap,lychee,outline,paperless,prowlarr_main,pushover-notifier,radarr_main,sharry,tandoor,vaultwarden,vikunja,wallabag"
|
||||
- name: POSTGRES_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: cloudnative-pg-secret
|
||||
key: username
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: cloudnative-pg-secret
|
||||
key: password
|
||||
- name: POSTGRES_EXTRA_OPTS
|
||||
value: "-Z9 --schema=public --blobs"
|
||||
- name: BACKUP_KEEP_DAYS
|
||||
value: "7"
|
||||
- name: BACKUP_KEEP_WEEKS
|
||||
value: "4"
|
||||
- name: BACKUP_KEEP_MONTHS
|
||||
value: "3"
|
||||
- name: HEALTHCHECK_PORT
|
||||
value: "8080"
|
||||
command:
|
||||
- "/backup.sh"
|
||||
volumeMounts:
|
||||
- name: backups
|
||||
mountPath: /backups
|
||||
volumes:
|
||||
- name: backups
|
||||
nfs:
|
||||
server: "${LOCAL_LAN_TRUENAS}"
|
||||
path: /mnt/storage/backups/postgresql
|
||||
@@ -1,7 +0,0 @@
|
||||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: default
|
||||
resources:
|
||||
- ./external-backup.yaml
|
||||
@@ -1,51 +0,0 @@
|
||||
---
|
||||
apiVersion: postgresql.cnpg.io/v1
|
||||
kind: Cluster
|
||||
metadata:
|
||||
name: postgres
|
||||
namespace: default
|
||||
spec:
|
||||
instances: 3
|
||||
imageName: ghcr.io/bo0tzz/cnpgvecto.rs:15.5@sha256:a02838b9531af52dea5f8978bc0961640eea7ff2ad1b090978c561e6c52f1394
|
||||
primaryUpdateStrategy: unsupervised
|
||||
enableSuperuserAccess: true
|
||||
storage:
|
||||
size: 50Gi
|
||||
storageClass: rook-ceph-block
|
||||
superuserSecret:
|
||||
name: cloudnative-pg-secret
|
||||
monitoring:
|
||||
enablePodMonitor: true
|
||||
backup:
|
||||
retentionPolicy: 7d
|
||||
barmanObjectStore:
|
||||
wal:
|
||||
compression: bzip2
|
||||
maxParallel: 8
|
||||
destinationPath: s3://postgresql/
|
||||
endpointURL: https://.${SECRET_DOMAIN}:9000
|
||||
serverName: postgres-v8
|
||||
s3Credentials:
|
||||
accessKeyId:
|
||||
name: cloudnative-pg-secret
|
||||
key: aws-access-key-id
|
||||
secretAccessKey:
|
||||
name: cloudnative-pg-secret
|
||||
key: aws-secret-access-key
|
||||
# bootstrap:
|
||||
# recovery:
|
||||
# source: postgres-v6
|
||||
# externalClusters:
|
||||
# - name: postgres-v6
|
||||
# barmanObjectStore:
|
||||
# destinationPath: s3://postgresql/
|
||||
# endpointURL: https://minio.${SECRET_DOMAIN}:9000
|
||||
# s3Credentials:
|
||||
# accessKeyId:
|
||||
# name: postgres-minio
|
||||
# key: MINIO_ACCESS_KEY
|
||||
# secretAccessKey:
|
||||
# name: postgres-minio
|
||||
# key: MINIO_SECRET_KEY
|
||||
# wal:
|
||||
# maxParallel: 8
|
||||
@@ -1,9 +0,0 @@
|
||||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: default
|
||||
resources:
|
||||
- backups
|
||||
- ./cluster.yaml
|
||||
- ./scheduledbackup.yaml
|
||||
@@ -1,12 +0,0 @@
|
||||
---
|
||||
apiVersion: postgresql.cnpg.io/v1
|
||||
kind: ScheduledBackup
|
||||
metadata:
|
||||
name: postgres
|
||||
namespace: default
|
||||
spec:
|
||||
schedule: "@daily"
|
||||
immediate: true
|
||||
backupOwnerReference: self
|
||||
cluster:
|
||||
name: postgres
|
||||
@@ -1,37 +0,0 @@
|
||||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: cluster-apps-cloudnative-pg-app
|
||||
namespace: flux-system
|
||||
spec:
|
||||
dependsOn:
|
||||
- name: cluster-apps-external-secrets-stores
|
||||
path: ./kubernetes/apps/default/cloudnative-pg/app
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: home-ops-kubernetes
|
||||
interval: 30m
|
||||
retryInterval: 1m
|
||||
timeout: 3m
|
||||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: cluster-apps-cloudnative-pg-cluster
|
||||
namespace: flux-system
|
||||
spec:
|
||||
dependsOn:
|
||||
- name: cluster-apps-cloudnative-pg-app
|
||||
path: ./kubernetes/apps/default/cloudnative-pg/cluster
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: home-ops-kubernetes
|
||||
wait: true
|
||||
interval: 30m
|
||||
retryInterval: 1m
|
||||
timeout: 3m
|
||||
@@ -1,65 +0,0 @@
|
||||
# cloudnative-pg
|
||||
|
||||
## S3 Configuration
|
||||
|
||||
1. Create `~/.mc/config.json`
|
||||
|
||||
```json
|
||||
{
|
||||
"version": "10",
|
||||
"aliases": {
|
||||
"minio": {
|
||||
"url": "https://s3.<domain>",
|
||||
"accessKey": "<access-key>",
|
||||
"secretKey": "<secret-key>",
|
||||
"api": "S3v4",
|
||||
"path": "auto"
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
2. Create the outline user and password
|
||||
|
||||
```sh
|
||||
mc admin user add minio postgresql <super-secret-password>
|
||||
```
|
||||
|
||||
3. Create the outline bucket
|
||||
|
||||
```sh
|
||||
mc mb minio/postgresql
|
||||
```
|
||||
|
||||
4. Create `postgresql-user-policy.json`
|
||||
|
||||
```json
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Action": [
|
||||
"s3:ListBucket",
|
||||
"s3:PutObject",
|
||||
"s3:GetObject",
|
||||
"s3:DeleteObject"
|
||||
],
|
||||
"Effect": "Allow",
|
||||
"Resource": ["arn:aws:s3:::postgresql/*", "arn:aws:s3:::postgresql"],
|
||||
"Sid": ""
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
5. Apply the bucket policies
|
||||
|
||||
```sh
|
||||
mc admin policy add minio postgresql-private postgresql-user-policy.json
|
||||
```
|
||||
|
||||
6. Associate private policy with the user
|
||||
|
||||
```sh
|
||||
mc admin policy set minio postgresql-private user=postgresql
|
||||
```
|
||||
@@ -11,7 +11,6 @@ resources:
|
||||
- ./babybuddy/ks.yaml
|
||||
- ./bazarr/ks.yaml
|
||||
- ./calibre/ks.yaml
|
||||
- ./cloudnative-pg/ks.yaml
|
||||
- ./emqx/ks.yaml
|
||||
- ./flood/ks.yaml
|
||||
- ./freshrss/ks.yaml
|
||||
|
||||
Reference in New Issue
Block a user