diff --git a/kubernetes/apps/kustomization.yaml b/kubernetes/apps/kustomization.yaml index 5ee0d1b..f81e383 100644 --- a/kubernetes/apps/kustomization.yaml +++ b/kubernetes/apps/kustomization.yaml @@ -6,4 +6,5 @@ resources: - ./cert-manager/cert-manager.yaml - ./homer/homer.yaml - ./podinfo/podinfo.yaml + - ./postgresql/postgresql.yaml - ./weave-gitops/weave-gitops.yaml \ No newline at end of file diff --git a/kubernetes/apps/postgresql/app/ingress.yaml b/kubernetes/apps/postgresql/app/ingress.yaml new file mode 100644 index 0000000..ce611d2 --- /dev/null +++ b/kubernetes/apps/postgresql/app/ingress.yaml @@ -0,0 +1,51 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: postgresql-ingress + namespace: flux-system + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/use-regex: "true" +spec: + ingressClassName: nginx + rules: + - host: "postgresql.edward.sydney" + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: postgresql + port: + number: 5432 + - host: "postgresql.cluster.local" + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: postgresql + port: + number: 5432 + - host: "replica.postgresql.edward.sydney" + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: postgresql + port: + number: 5432 + - host: "replica.postgresql.cluster.local" + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: postgresql + port: + number: 5432 \ No newline at end of file diff --git a/kubernetes/apps/postgresql/app/pvc.yaml b/kubernetes/apps/postgresql/app/pvc.yaml new file mode 100644 index 0000000..461750e --- /dev/null +++ b/kubernetes/apps/postgresql/app/pvc.yaml @@ -0,0 +1,63 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: postgresql-primary-pv + namespace: postgresql + labels: + type: local +spec: + storageClassName: manual + capacity: + storage: 8Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + hostPath: + path: "/mnt/nfs/AppData/postgresql/primary" +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: postgresql-primary-pvc + namespace: postgresql + labels: + name: postgresql-primary-pvc +spec: + storageClassName: manual + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: postgresql-replica-pv + namespace: flux-system + labels: + type: local +spec: + storageClassName: manual + capacity: + storage: 8Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + hostPath: + path: "/mnt/nfs/AppData/postgresql/replica" +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: postgresql-replica-pvc + namespace: postgresql + labels: + name: postgresql-replica-pvc +spec: + storageClassName: manual + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi diff --git a/kubernetes/apps/postgresql/app/release.yaml b/kubernetes/apps/postgresql/app/release.yaml new file mode 100644 index 0000000..4b22356 --- /dev/null +++ b/kubernetes/apps/postgresql/app/release.yaml @@ -0,0 +1,99 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: postgresql-secrets + namespace: postgresql +spec: + interval: 10m + timeout: 1m30s + retryInterval: 30s + targetNamespace: postgresql + path: ./postgresql + prune: true + sourceRef: + kind: GitRepository + namespace: flux-system + name: home-cluster-ops-secrets + dependsOn: + - name: repositories + namespace: flux-system + decryption: + provider: sops + secretRef: + name: postgresql-sops-age +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: postgresql +spec: + releaseName: postgresql + chart: + spec: + chart: postgresql + sourceRef: + kind: HelmRepository + name: bitnami + interval: 1h + install: + remediation: + retries: 3 + values: + postgresql: + auth: + postgresPassword: ${postgresql_password} + username: ${username} + password: ${password} + database: ${database} + replicationPassword: ${replication_password} + architecture: "replication" + replication: + synchronousCommit: "on" + numSynchronousReplicas: 1 + applicationName: "postgresqlReplication" + primary: + podSecurityContext: + fsGroup: 1000 + containerSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + podLabels: + name: "postgresql-primary" + persistence: + existingClaim: postgresql-primary-pvc + selector: + matchLabels: + name: postgresql-primary-pvc + readReplicas: + name: "replica" + podSecurityContext: + fsGroup: 1000 + containerSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + podLabels: + name: "postgresql-replica" + persistence: + existingClaim: postgresql-replica-pvc + selector: + matchLabels: + name: postgresql-replica-pvc + + + + + controller: + spec: + template: + spec: + containers: + volumeMounts: + - mountPath: /bitnami/postgresql + name: postgresql-volume + readOnly: false + volumes: + - name: postgresql-volume + hostPath: + path: /mnt/nfs/AppData/postgresql + type: Directory \ No newline at end of file diff --git a/kubernetes/apps/postgresql/postgresql.yaml b/kubernetes/apps/postgresql/postgresql.yaml new file mode 100644 index 0000000..da01d94 --- /dev/null +++ b/kubernetes/apps/postgresql/postgresql.yaml @@ -0,0 +1,23 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: postgresql + namespace: postgresql +spec: + interval: 10m + timeout: 1m30s + retryInterval: 30s + path: ./kubernetes/apps/postgresql/app + prune: true + sourceRef: + kind: GitRepository + namespace: flux-system + name: flux-system + dependsOn: + - name: postgresql-secrets + namespace: postgresql + postBuild: + substituteFrom: + - kind: Secret + name: postgresql-secrets +