mirror of
https://github.com/auricom/home-cluster.git
synced 2025-09-17 18:24:14 +02:00
209 lines
5.4 KiB
YAML
209 lines
5.4 KiB
YAML
---
|
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/postgres-operator.crunchydata.com/postgrescluster_v1beta1.json
|
|
apiVersion: postgres-operator.crunchydata.com/v1beta1
|
|
kind: PostgresCluster
|
|
metadata:
|
|
name: &name postgres
|
|
spec:
|
|
postgresVersion: 17
|
|
|
|
metadata:
|
|
labels:
|
|
crunchy-userinit.ramblurr.github.com/enabled: "true"
|
|
crunchy-userinit.ramblurr.github.com/superuser: postgres
|
|
|
|
patroni: # turn on sync writes to at least 1 other replica
|
|
dynamicConfiguration:
|
|
synchronous_mode: true
|
|
postgresql:
|
|
max_wal_size: 5GB
|
|
synchronous_commit: "on"
|
|
pg_hba:
|
|
- hostnossl authelia all 192.168.8.0/22 md5 # Needed because authelia does not support SSL yet
|
|
- hostssl all all all md5
|
|
parameters:
|
|
max_connections: 500
|
|
instances:
|
|
- name: postgres
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: crunchy-postgres
|
|
replicas: &replica 1
|
|
dataVolumeClaimSpec:
|
|
storageClassName: openebs-hostpath
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 80Gi
|
|
topologySpreadConstraints:
|
|
- maxSkew: 1
|
|
topologyKey: kubernetes.io/hostname
|
|
whenUnsatisfiable: DoNotSchedule
|
|
labelSelector:
|
|
matchLabels:
|
|
postgres-operator.crunchydata.com/cluster: *name
|
|
postgres-operator.crunchydata.com/data: postgres
|
|
|
|
users:
|
|
# Superuser
|
|
- name: postgres
|
|
databases:
|
|
- postgres
|
|
options: SUPERUSER
|
|
password: &password
|
|
type: AlphaNumeric
|
|
# Applications
|
|
- name: authelia
|
|
databases:
|
|
- authelia
|
|
password: *password
|
|
- name: bazarr
|
|
databases:
|
|
- bazarr_main
|
|
- bazarr_log
|
|
password: *password
|
|
- name: ghostfolio
|
|
databases:
|
|
- ghostfolio
|
|
password: *password
|
|
- name: joplin
|
|
databases:
|
|
- joplin
|
|
password: *password
|
|
- name: lldap
|
|
databases:
|
|
- lldap
|
|
password: *password
|
|
- name: lidarr
|
|
databases:
|
|
- lidarr_main
|
|
- lidarr_log
|
|
password: *password
|
|
- name: lychee
|
|
databases:
|
|
- lychee
|
|
password: *password
|
|
- name: outline
|
|
databases:
|
|
- outline
|
|
password: *password
|
|
- name: paperless
|
|
databases:
|
|
- paperless
|
|
password: *password
|
|
- name: prowlarr
|
|
databases:
|
|
- prowlarr_main
|
|
- prowlarr_logs
|
|
password: *password
|
|
- name: pushover-notifier
|
|
databases:
|
|
- pushover-notifier
|
|
password: *password
|
|
- name: radarr
|
|
databases:
|
|
- radarr_main
|
|
- radarr_log
|
|
password: *password
|
|
- name: sonarr
|
|
databases:
|
|
- sonarr_main
|
|
- sonarr_log
|
|
password: *password
|
|
- name: tandoor
|
|
databases:
|
|
- tandoor
|
|
password: *password
|
|
- name: vaultwarden
|
|
databases:
|
|
- vaultwarden
|
|
password: *password
|
|
- name: vikunja
|
|
databases:
|
|
- vikunja
|
|
password: *password
|
|
backups:
|
|
pgbackrest:
|
|
configuration: &backupConfig
|
|
- secret:
|
|
name: crunchy-postgres-secret
|
|
global: &backupFlag
|
|
compress-type: bz2
|
|
compress-level: "9"
|
|
# Minio
|
|
repo1-block: y
|
|
repo1-bundle: y
|
|
repo1-path: /crunchy-pgo
|
|
repo1-retention-full: "30" # days
|
|
repo1-retention-full-type: time
|
|
repo1-s3-uri-style: path
|
|
manual:
|
|
repoName: repo1
|
|
options:
|
|
- --type=full
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: crunchy-postgres-backup
|
|
repos:
|
|
- name: repo1 # Minio
|
|
s3: &minio
|
|
bucket: crunchy-postgres-operator
|
|
endpoint: "s3.${SECRET_INTERNAL_DOMAIN}"
|
|
region: us-east-1
|
|
schedules:
|
|
full: 0 1 * * 0 # Sunday at 01:00
|
|
differential: 0 1 * * 1-6 # Mon-Sat at 01:00
|
|
incremental: 0 2-23 * * * # Every hour except 01:00
|
|
restore:
|
|
enabled: true
|
|
repoName: repo1
|
|
options:
|
|
- --set=20250413-010004F_20250418-020004I
|
|
|
|
dataSource:
|
|
pgbackrest:
|
|
stanza: "db"
|
|
configuration: *backupConfig
|
|
global: *backupFlag
|
|
repo:
|
|
name: "repo1"
|
|
s3: *minio
|
|
|
|
monitoring:
|
|
pgmonitor:
|
|
exporter:
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 64M
|
|
limits:
|
|
memory: 512M
|
|
|
|
proxy:
|
|
pgBouncer:
|
|
port: 5432
|
|
service:
|
|
metadata:
|
|
annotations:
|
|
lbipam.cilium.io/ips: ${CLUSTER_LB_POSTGRES}
|
|
type: LoadBalancer
|
|
replicas: *replica
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: crunchy-postgres-pgbouncer
|
|
config:
|
|
global:
|
|
pool_mode: session # Grafana requires session https://github.com/grafana/grafana/issues/74260#issuecomment-1702795311. Everything else is happy with transaction
|
|
client_tls_sslmode: prefer
|
|
default_pool_size: "100"
|
|
max_client_conn: "500"
|
|
topologySpreadConstraints:
|
|
- maxSkew: 1
|
|
topologyKey: kubernetes.io/hostname
|
|
whenUnsatisfiable: DoNotSchedule
|
|
labelSelector:
|
|
matchLabels:
|
|
postgres-operator.crunchydata.com/cluster: *name
|
|
postgres-operator.crunchydata.com/role: pgbouncer
|