2024-09-05 01:33:23 -05:00
---
# yaml-language-server: $schema=https://ks.hsn.dev/postgres-operator.crunchydata.com/postgrescluster_v1beta1.json
apiVersion : postgres-operator.crunchydata.com/v1beta1
kind : PostgresCluster
metadata :
name : &name postgres
spec :
postgresVersion : 16
metadata :
labels :
crunchy-userinit.ramblurr.github.com/enabled : "true"
crunchy-userinit.ramblurr.github.com/superuser : "postgres"
service :
type : LoadBalancer
metadata :
annotations :
external-dns.alpha.kubernetes.io/hostname : postgres.jahanson.tech
io.cilium/lb-ipam-ips : 10.1 .1 .35
monitoring :
pgmonitor :
exporter :
# https://github.com/CrunchyData/postgres-operator-examples/blob/main/helm/install/values.yaml
image : registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi8-0.15.0-3
patroni : # turn on sync writes to at least 1 other replica
dynamicConfiguration :
synchronous_mode : true
postgresql :
synchronous_commit : "on"
pg_hba :
- hostnossl all all 10.244.0.0/16 md5 # Needed because dbman does not support SSL yet
- hostssl all all all md5
instances :
- name : postgres
metadata :
labels :
app.kubernetes.io/name : crunchy-postgres
replicas : &replica 1
dataVolumeClaimSpec :
storageClassName : openebs-hostpath
accessModes :
- ReadWriteOnce
resources :
requests :
storage : 20Gi
topologySpreadConstraints :
- maxSkew : 1
topologyKey : "kubernetes.io/hostname"
whenUnsatisfiable : "DoNotSchedule"
labelSelector :
matchLabels :
postgres-operator.crunchydata.com/cluster : *name
postgres-operator.crunchydata.com/data : postgres
users :
# Superuser
- name : postgres
databases :
- postgres
options : "SUPERUSER"
password :
type : AlphaNumeric
# Applications
- name : atuin
databases :
- atuin
password :
type : AlphaNumeric
- name : autobrr
databases :
- autobrr
password :
type : AlphaNumeric
2024-09-14 13:27:58 -05:00
- name : coder
databases :
- coder
password :
type : AlphaNumeric
2024-09-05 01:33:23 -05:00
- name : gatus
databases :
- gatus
password :
type : AlphaNumeric
- name : grafana
databases :
- grafana
password :
type : AlphaNumeric
- name : kasm
databases :
- kasm
password :
type : AlphaNumeric
- name : prowlarr
databases :
- prowlarr_logs
- prowlarr_main
password :
type : AlphaNumeric
- name : radarr
databases :
- radarr_logs
- radarr_main
password :
type : AlphaNumeric
- name : sonarr
databases :
- sonarr_logs
- sonarr_main
password :
type : AlphaNumeric
- name : jellyseerr
databases :
- jellyseerr
password :
type : AlphaNumeric
backups :
pgbackrest :
configuration : &backupConfig
- secret :
name : crunchy-postgres-secret
global : &backupFlag
archive-timeout : "60"
compress-type : "bz2"
compress-level : "9"
delta : "y"
repo1-retention-full-type : "time"
repo1-retention-full : "14"
repo1-retention-diff : "30"
repo1-path : "/crunchy-pgo"
repo1-s3-uri-style : path
archive-push-queue-max : 4GiB
manual :
repoName : repo1
options :
- --type=full
metadata :
labels :
app.kubernetes.io/name : crunchy-postgres-backup
repos :
- name : repo1 # Minio
s3 : &minio
bucket : "crunchy-main"
endpoint : "s3.hsn.dev"
region : "us-east-1"
schedules :
full : "0 1 * * 0" # Sunday at 01:00
differential : "0 1 * * 1-6" # Mon-Sat at 01:00
incremental : "0 2-23 * * *" # Every hour except 01:00
dataSource :
pgbackrest :
stanza : "db"
configuration : *backupConfig
global : *backupFlag
repo :
name : "repo1"
s3 : *minio
proxy :
pgBouncer :
port : 5432
replicas : *replica
metadata :
labels :
app.kubernetes.io/name : crunchy-postgres-pgbouncer
config :
global :
pool_mode : "transaction" # pgBouncer is set to transaction for Authentik. Grafana requires session https://github.com/grafana/grafana/issues/74260#issuecomment-1702795311. Everything else is happy with transaction
client_tls_sslmode : prefer
topologySpreadConstraints :
- maxSkew : 1
topologyKey : "kubernetes.io/hostname"
whenUnsatisfiable : "DoNotSchedule"
labelSelector :
matchLabels :
postgres-operator.crunchydata.com/cluster : *name
postgres-operator.crunchydata.com/role : "pgbouncer"