shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

🚀 cloudnative-pg

Browse Source
This commit is contained in:
auricom
2024-01-25 01:26:56 +01:00
parent 05e8b34b3a
commit bc41f2d151
14 changed files with 150 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
kubernetes/apps/database/cloudnative-pg/app/externalsecret.yaml Normal file
View File

@@ -0,0 +1,34 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: cloudnative-pg
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: cloudnative-pg-secret
template:
engineVersion: v2
metadata:
labels:
cnpg.io/reload: "true"
data:
- secretKey: username
remoteRef:
key: cloudnative-pg
property: POSTGRES_SUPER_USER
- secretKey: password
remoteRef:
key: cloudnative-pg
property: POSTGRES_SUPER_PASS
- secretKey: aws-access-key-id
remoteRef:
key: cloudnative-pg
property: AWS_ACCESS_KEY_ID
- secretKey: aws-secret-access-key
remoteRef:
key: cloudnative-pg
property: AWS_SECRET_ACCESS_KEY

34
kubernetes/apps/database/cloudnative-pg/app/helmrelease.yaml Normal file
View File

@@ -0,0 +1,34 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: cloudnative-pg
spec:
interval: 30m
chart:
spec:
chart: cloudnative-pg
version: 0.20.0
sourceRef:
kind: HelmRepository
name: cloudnative-pg
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
uninstall:
keepHistory: false
dependsOn:
- name: local-path-provisioner
namespace: kube-system
values:
crds:
create: true
config:
data:
INHERITED_ANNOTATIONS: kyverno.io/ignore

18
kubernetes/apps/database/cloudnative-pg/app/kustomization.yaml Normal file
View File

@@ -0,0 +1,18 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
resources:
- ./externalsecret.yaml
- ./helmrelease.yaml
configMapGenerator:
- name: cloudnative-pg-dashboard
files:
- cloudnative-pg-dashboard.json=https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/main/docs/src/samples/monitoring/grafana-dashboard.json
generatorOptions:
disableNameSuffixHash: true
annotations:
kustomize.toolkit.fluxcd.io/substitute: disabled
labels:
grafana_dashboard: "true"

70
kubernetes/apps/database/cloudnative-pg/cluster/cluster16.yaml Normal file
View File

@@ -0,0 +1,70 @@
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: postgres16
spec:
instances: 3
imageName: ghcr.io/bo0tzz/cnpgvecto.rs:16.1
primaryUpdateStrategy: unsupervised
storage:
size: 50Gi
storageClass: local-hostpath
superuserSecret:
name: cloudnative-pg-secret
enableSuperuserAccess: true
resources:
requests:
cpu: 500m
limits:
memory: 4Gi
postgresql:
parameters:
max_connections: "600"
max_slot_wal_keep_size: 10GB
shared_buffers: 512MB
monitoring:
enablePodMonitor: true
# Ref: https://github.com/cloudnative-pg/cloudnative-pg/issues/2501
podMonitorMetricRelabelings:
- { sourceLabels: ["cluster"], targetLabel: cnpg_cluster, action: replace }
- { regex: cluster, action: labeldrop }
backup:
retentionPolicy: 30d
barmanObjectStore:
data:
compression: bzip2
wal:
compression: bzip2
maxParallel: 8
destinationPath: s3://postgresql/
endpointURL: https://minio.${SECRET_DOMAIN}:9000
# Note: serverName version needs to be inclemented
# when recovering from an existing cnpg cluster
serverName: postgres16-v1
s3Credentials:
accessKeyId:
name: cloudnative-pg-secret
key: aws-access-key-id
secretAccessKey:
name: cloudnative-pg-secret
key: aws-secret-access-key
# # Note: previousCluster needs to be set to the name of the previous
# # cluster when recovering from an existing cnpg cluster
# bootstrap:
# recovery:
# source: postgres-v6
# externalClusters:
# - name: postgres-v6
# barmanObjectStore:
# destinationPath: s3://postgresql/
# endpointURL: https://minio.${SECRET_DOMAIN}:9000
# s3Credentials:
# accessKeyId:
# name: postgres-minio
# key: MINIO_ACCESS_KEY
# secretAccessKey:
# name: postgres-minio
# key: MINIO_SECRET_KEY
# wal:
# maxParallel: 8

9
kubernetes/apps/database/cloudnative-pg/cluster/kustomization.yaml Normal file
View File

@@ -0,0 +1,9 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
resources:
- ./cluster16.yaml
- ./prometheusrule.yaml
- ./scheduledbackup.yaml

67
kubernetes/apps/database/cloudnative-pg/cluster/prometheusrule.yaml Normal file
View File

@@ -0,0 +1,67 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/prometheusrule_v1.json
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: cloudnative-pg-rules
labels:
prometheus: k8s
role: alert-rules
spec:
groups:
- name: cloudnative-pg.rules
rules:
- alert: LongRunningTransaction
annotations:
description: Pod {{ $labels.pod }} is taking more than 5 minutes (300 seconds) for a query.
summary: A query is taking longer than 5 minutes.
expr: |-
cnpg_backends_max_tx_duration_seconds > 300
for: 1m
labels:
severity: warning
- alert: BackendsWaiting
annotations:
description: Pod {{ $labels.pod }} has been waiting for longer than 5 minutes
summary: If a backend is waiting for longer than 5 minutes
expr: |-
cnpg_backends_waiting_total > 300
for: 1m
labels:
severity: warning
- alert: PGDatabase
annotations:
description: Over 150,000,000 transactions from frozen xid on pod {{ $labels.pod }}
summary: Number of transactions from the frozen XID to the current one
expr: |-
cnpg_pg_database_xid_age > 150000000
for: 1m
labels:
severity: warning
- alert: PGReplication
annotations:
description: Standby is lagging behind by over 300 seconds (5 minutes)
summary: The standby is lagging behind the primary
expr: |-
cnpg_pg_replication_lag > 300
for: 1m
labels:
severity: warning
- alert: LastFailedArchiveTime
annotations:
description: Archiving failed for {{ $labels.pod }}
summary: Checks the last time archiving failed. Will be < 0 when it has not failed.
expr: |-
(cnpg_pg_stat_archiver_last_failed_time - cnpg_pg_stat_archiver_last_archived_time) > 1
for: 1m
labels:
severity: warning
- alert: DatabaseDeadlockConflicts
annotations:
description: There are over 10 deadlock conflicts in {{ $labels.pod }}
summary: Checks the number of database conflicts
expr: |-
cnpg_pg_stat_database_deadlocks > 10
for: 1m
labels:
severity: warning

11
kubernetes/apps/database/cloudnative-pg/cluster/scheduledbackup.yaml Normal file
View File

@@ -0,0 +1,11 @@
---
apiVersion: postgresql.cnpg.io/v1
kind: ScheduledBackup
metadata:
name: postgres
spec:
schedule: "@daily"
immediate: true
backupOwnerReference: self
cluster:
name: postgres16

46
kubernetes/apps/database/cloudnative-pg/ks.yaml Normal file
View File

@@ -0,0 +1,46 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app cloudnative-pg
namespace: flux-system
spec:
targetNamespace: database
commonMetadata:
labels:
app.kubernetes.io/name: *app
dependsOn:
- name: external-secrets-stores
path: ./kubernetes/apps/database/cloudnative-pg/app
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
wait: true
interval: 30m
retryInterval: 1m
timeout: 5m
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cloudnative-pg-cluster
namespace: flux-system
spec:
targetNamespace: database
commonMetadata:
labels:
app.kubernetes.io/name: cloudnative-pg
dependsOn:
- name: cloudnative-pg
path: ./kubernetes/apps/database/cloudnative-pg/cluster
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
wait: true
interval: 30m
retryInterval: 1m
timeout: 5m

65
kubernetes/apps/database/cloudnative-pg/readme.md Normal file
View File

@@ -0,0 +1,65 @@
# cloudnative-pg
## S3 Configuration
1. Create `~/.mc/config.json`
```json
{
"version": "10",
"aliases": {
"minio": {
"url": "https://s3.<domain>",
"accessKey": "<access-key>",
"secretKey": "<secret-key>",
"api": "S3v4",
"path": "auto"
}
}
}
```
2. Create the outline user and password
```sh
mc admin user add minio postgresql <super-secret-password>
```
3. Create the outline bucket
```sh
mc mb minio/postgresql
```
4. Create `postgresql-user-policy.json`
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:ListBucket",
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Effect": "Allow",
"Resource": ["arn:aws:s3:::postgresql/*", "arn:aws:s3:::postgresql"],
"Sid": ""
}
]
}
```
5. Apply the bucket policies
```sh
mc admin policy add minio postgresql-private postgresql-user-policy.json
```
6. Associate private policy with the user
```sh
mc admin policy set minio postgresql-private user=postgresql
```

9
kubernetes/apps/database/kustomization.yaml Normal file
View File

@@ -0,0 +1,9 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
# Pre Flux-Kustomizations
- ./namespace.yaml
# Flux-Kustomizations
- ./cloudnative-pg/ks.yaml

7
kubernetes/apps/database/namespace.yaml Normal file
View File

@@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: database
labels:
kustomize.toolkit.fluxcd.io/prune: disabled