From 2731af1bfe01950f383bdc0e777e4385c3ecbaf4 Mon Sep 17 00:00:00 2001
From: Shahab Dogar <shahab@dogar.dev>
Date: Thu, 22 Aug 2024 19:11:17 +0500
Subject: [PATCH] add postgres

---
 .gitignore                             |  1 +
 helm/helmfile.yaml                     | 16 ++++++------
 helm/values/1password.values.yaml      |  8 ------
 helm/values/nginx-internal.values.yaml | 14 ++++-------
 postgres/cluster.yaml                  | 34 ++++++++++++++++++++++++++
 5 files changed, 47 insertions(+), 26 deletions(-)
 create mode 100644 .gitignore
 delete mode 100644 helm/values/1password.values.yaml
 create mode 100644 postgres/cluster.yaml

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..51fc4ea
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+1password-credentials.json
diff --git a/helm/helmfile.yaml b/helm/helmfile.yaml
index 03935aa..e2c5d24 100644
--- a/helm/helmfile.yaml
+++ b/helm/helmfile.yaml
@@ -9,8 +9,8 @@ repositories:
     url: https://kubernetes.github.io/ingress-nginx
   - name: bitnami
     url: https://charts.bitnami.com/bitnami
-  - name: 1password
-    url: https://1password.github.io/connect-helm-charts
+  - name: postgres
+    url: https://cloudnative-pg.github.io/charts
 ---
 releases:
   # Distributed Storage
@@ -49,10 +49,8 @@ releases:
     values:
       - ./values/externaldns.values.yaml
 
-  # 1Password Operator
-  - name: 1password-system
-    namespace: 1password-system
-    chart: 1password/connect
-    version: 1.15.1
-    values:
-      - ./values/1password.values.yaml
+  # Postgres operator
+  - name: postgres-system
+    namespace: postgres-system
+    chart: cnpg/cloudnative-pg
+    version: 0.21.6
diff --git a/helm/values/1password.values.yaml b/helm/values/1password.values.yaml
deleted file mode 100644
index 2a69c41..0000000
--- a/helm/values/1password.values.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-connect:
-  credentials: "1password-credentials.json"
-operator:
-  create: true
-  token:
-    value: ${OP_TOKEN}
-  autoRestart: true
diff --git a/helm/values/nginx-internal.values.yaml b/helm/values/nginx-internal.values.yaml
index 0883dcc..122b8e2 100644
--- a/helm/values/nginx-internal.values.yaml
+++ b/helm/values/nginx-internal.values.yaml
@@ -1,17 +1,13 @@
 controller:
   ingressClassResource:
-    # -- Name of the ingressClass
     name: nginx-internal
-    # -- Is this ingressClass enabled or not
     enabled: true
-    # -- Is this the default ingressClass for the cluster
     default: true
-    # -- Controller-value of the controller that is processing this ingressClass
     controllerValue: "k8s.io/ingress-nginx"
-    # -- Parameters is a link to a custom resource containing additional
-    # configuration for the controller. This is optional if the controller
-    # does not require extra parameters.
     parameters: {}
-  # -- For backwards compatibility with ingress.class annotation, use ingressClass.
-  # Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation
   ingressClass: nginx-internal
+  service:
+    annotations:
+      external-dns.alpha.kubernetes.io/hostname: postgres.home
+tcp:
+  5432: "postgres-system/postgres-cluster-rw:5432"
diff --git a/postgres/cluster.yaml b/postgres/cluster.yaml
new file mode 100644
index 0000000..58b6cfe
--- /dev/null
+++ b/postgres/cluster.yaml
@@ -0,0 +1,34 @@
+---
+apiVersion: onepassword.com/v1
+kind: OnePasswordItem
+metadata:
+  name: postgres-password
+  namespace: postgres-system
+spec:
+  itemPath: "vaults/Lab/items/Postgres"
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: postgres-cluster
+  namespace: postgres-system
+spec:
+  instances: 3
+  minSyncReplicas: 1
+  maxSyncReplicas: 2
+  primaryUpdateStrategy: unsupervised
+
+  postgresql:
+    pg_hba:
+      - host all all all md5
+
+  enableSuperuserAccess: false
+
+  bootstrap:
+    initdb:
+      database: postgres
+      secret:
+        name: postgres-password
+
+  storage:
+    size: 1Gi