add postgres

2024-08-22 19:11:17 +05:00
parent 324ddccee3
commit 2731af1bfe
5 changed files with 47 additions and 26 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+1password-credentials.json
--- a/helm/helmfile.yaml
+++ b/helm/helmfile.yaml
@@ -9,8 +9,8 @@ repositories:
    url: https://kubernetes.github.io/ingress-nginx
  - name: bitnami
    url: https://charts.bitnami.com/bitnami
-  - name: 1password
-    url: https://1password.github.io/connect-helm-charts
+  - name: postgres
+    url: https://cloudnative-pg.github.io/charts
 ---
 releases:
  # Distributed Storage
@@ -49,10 +49,8 @@ releases:
    values:
      - ./values/externaldns.values.yaml

-  # 1Password Operator
-  - name: 1password-system
-    namespace: 1password-system
-    chart: 1password/connect
-    version: 1.15.1
-    values:
-      - ./values/1password.values.yaml
+  # Postgres operator
+  - name: postgres-system
+    namespace: postgres-system
+    chart: cnpg/cloudnative-pg
+    version: 0.21.6
--- a/helm/values/1password.values.yaml
+++ b/helm/values/1password.values.yaml
@@ -1,8 +0,0 @@
---
-connect:
-  credentials: "1password-credentials.json"
-operator:
-  create: true
-  token:
-    value: ${OP_TOKEN}
-  autoRestart: true
--- a/helm/values/nginx-internal.values.yaml
+++ b/helm/values/nginx-internal.values.yaml
@@ -1,17 +1,13 @@
 controller:
  ingressClassResource:
-    # -- Name of the ingressClass
    name: nginx-internal
-    # -- Is this ingressClass enabled or not
    enabled: true
-    # -- Is this the default ingressClass for the cluster
    default: true
-    # -- Controller-value of the controller that is processing this ingressClass
    controllerValue: "k8s.io/ingress-nginx"
-    # -- Parameters is a link to a custom resource containing additional
-    # configuration for the controller. This is optional if the controller
-    # does not require extra parameters.
    parameters: {}
-  # -- For backwards compatibility with ingress.class annotation, use ingressClass.
-  # Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation
  ingressClass: nginx-internal
+  service:
+    annotations:
+      external-dns.alpha.kubernetes.io/hostname: postgres.home
+tcp:
+  5432: "postgres-system/postgres-cluster-rw:5432"
--- a/postgres/cluster.yaml
+++ b/postgres/cluster.yaml
@@ -0,0 +1,34 @@
+---
+apiVersion: onepassword.com/v1
+kind: OnePasswordItem
+metadata:
+  name: postgres-password
+  namespace: postgres-system
+spec:
+  itemPath: "vaults/Lab/items/Postgres"
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: postgres-cluster
+  namespace: postgres-system
+spec:
+  instances: 3
+  minSyncReplicas: 1
+  maxSyncReplicas: 2
+  primaryUpdateStrategy: unsupervised
+
+  postgresql:
+    pg_hba:
+      - host all all all md5
+
+  enableSuperuserAccess: false
+
+  bootstrap:
+    initdb:
+      database: postgres
+      secret:
+        name: postgres-password
+
+  storage:
+    size: 1Gi