diff --git a/infrastructures/postgresql/env/k3s-cluster/config.json b/infrastructures/postgresql/env/k3s-cluster/config.json new file mode 100644 index 0000000..689550c --- /dev/null +++ b/infrastructures/postgresql/env/k3s-cluster/config.json @@ -0,0 +1,12 @@ +{ + "appName": "postgresql", + "userGivenName": "postgresql", + "namespace": "postgresql", + "destNamespace": "postgresql", + "destServer": "https://kubernetes.default.svc", + "srcPath": "infrastructure/postgresql/env/k3s-cluster", + "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git", + "srcTargetRevision": "", + "labels": null, + "annotations": null +} \ No newline at end of file diff --git a/infrastructures/postgresql/env/k3s-cluster/templates/ingress.yaml b/infrastructures/postgresql/env/k3s-cluster/templates/ingress.yaml new file mode 100644 index 0000000..cb15c97 --- /dev/null +++ b/infrastructures/postgresql/env/k3s-cluster/templates/ingress.yaml @@ -0,0 +1,31 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: postgresql-ingress + namespace: postgresql + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/use-regex: "true" +spec: + ingressClassName: nginx + rules: + - host: "postgres.cluster.local" + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: postgresql-primary + port: + number: 5432 + - host: "replica.postgres.cluster.local" + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: postgresql-replica + port: + number: 5432 \ No newline at end of file diff --git a/infrastructures/postgresql/env/k3s-cluster/templates/volume.yaml b/infrastructures/postgresql/env/k3s-cluster/templates/volume.yaml new file mode 100644 index 0000000..3875f79 --- /dev/null +++ b/infrastructures/postgresql/env/k3s-cluster/templates/volume.yaml @@ -0,0 +1,93 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: postgresql-primary-pv + namespace: postgresql + labels: + type: local +spec: + storageClassName: local-path + volumeMode: Filesystem + capacity: + storage: 8Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + local: + path: "/mnt/nfs/AppData/postgresql/primary" + claimRef: + apiVersion: v1 + kind: PersistentVolumeClaim + name: postgresql-primary-pvc + namespace: postgresql + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - rpi5-cluster-node-2 +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: postgresql-primary-pvc + namespace: postgresql + labels: + name: postgresql-primary-pvc +spec: + storageClassName: local-path + volumeMode: Filesystem + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: postgresql-replica-pv + namespace: flux-system + labels: + type: local +spec: + storageClassName: local-path + volumeMode: Filesystem + capacity: + storage: 8Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + local: + path: "/mnt/nfs/AppData/postgresql/replica" + claimRef: + apiVersion: v1 + kind: PersistentVolumeClaim + name: postgresql-replica-pvc + namespace: postgresql + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - rpi5-cluster-node-2 +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: postgresql-replica-pvc + namespace: postgresql + labels: + name: postgresql-replica-pvc +spec: + storageClassName: local-path + volumeMode: Filesystem + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi diff --git a/infrastructures/postgresql/env/k3s-cluster/values.yaml b/infrastructures/postgresql/env/k3s-cluster/values.yaml new file mode 100644 index 0000000..278771c --- /dev/null +++ b/infrastructures/postgresql/env/k3s-cluster/values.yaml @@ -0,0 +1,60 @@ +auth: + postgresPassword: ${postgres_password} + username: ${username} + password: ${password} + database: ${database} + replicationPassword: ${replication_password} +architecture: "replication" +replication: + synchronousCommit: "on" + numSynchronousReplicas: 1 + applicationName: "postgres_repl" +primary: + podSecurityContext: + fsGroup: 1000 + containerSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + podLabels: + name: "postgresql-primary" + service: + type: "LoadBalancer" + persistence: + existingClaim: postgresql-primary-pvc + selector: + matchLabels: + name: postgresql-primary-pvc + extraVolumes: + - name: "postgresql-secrets" + secret: + secretName: postgresql-secrets + extraVolumeMounts: + - name: "postgresql-secrets" + mountPath: "/secrets/postgresql" + readOnly: true +readReplicas: + name: "replica" + podSecurityContext: + fsGroup: 1000 + containerSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + podLabels: + name: "postgresql-replica" + service: + type: "LoadBalancer" + ports: + postgresql: 5433 + persistence: + existingClaim: postgresql-replica-pvc + selector: + matchLabels: + name: postgresql-replica-pvc + extraVolumes: + - name: "postgresql-secrets" + secret: + secretName: postgresql-secrets + extraVolumeMounts: + - name: "postgresql-secrets" + mountPath: "/secrets/postgresql" + readOnly: true \ No newline at end of file diff --git a/scripts/encrypt-file-by-kubeseal.sh b/scripts/encrypt-file-by-kubeseal.sh new file mode 100644 index 0000000..351f79a --- /dev/null +++ b/scripts/encrypt-file-by-kubeseal.sh @@ -0,0 +1,7 @@ +#!/usr/bin/bash +set -e + +filePath=$1 + +kubeseal --format=yaml --scope cluster-wide -n argocd --controller-name sealed-secrets --controller-namespace argocd < $filePath > $filePath +