2024-04-09 05:17:44 -05:00
---
# yaml-language-server: $schema=https://ks.hsn.dev/postgres-operator.crunchydata.com/postgrescluster_v1beta1.json
apiVersion : postgres-operator.crunchydata.com/v1beta1
kind : PostgresCluster
metadata :
name : &name postgres
spec :
postgresVersion : 16
metadata :
labels :
crunchy-userinit.ramblurr.github.com/enabled : "true"
crunchy-userinit.ramblurr.github.com/superuser : "postgres"
service :
type : LoadBalancer
metadata :
annotations :
external-dns.alpha.kubernetes.io/hostname : postgres.jahanson.tech
2024-04-09 05:35:07 -05:00
io.cilium/lb-ipam-ips : 10.45 .0 .7
2024-04-09 05:17:44 -05:00
2024-04-10 13:13:29 -05:00
monitoring :
pgmonitor :
exporter :
# https://github.com/CrunchyData/postgres-operator-examples/blob/main/helm/install/values.yaml
image : registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi8-0.15.0-3
2024-04-09 05:17:44 -05:00
patroni : # turn on sync writes to at least 1 other replica
dynamicConfiguration :
synchronous_mode : true
postgresql :
synchronous_commit : "on"
pg_hba :
- hostnossl all all 10.244.0.0/16 md5 # Needed because dbman does not support SSL yet
- hostssl all all all md5
instances :
- name : postgres
metadata :
labels :
app.kubernetes.io/name : crunchy-postgres
replicas : &replica 3
dataVolumeClaimSpec :
storageClassName : openebs-hostpath
accessModes :
- ReadWriteOnce
resources :
requests :
storage : 20Gi
topologySpreadConstraints :
- maxSkew : 1
topologyKey : "kubernetes.io/hostname"
whenUnsatisfiable : "DoNotSchedule"
labelSelector :
matchLabels :
postgres-operator.crunchydata.com/cluster : *name
postgres-operator.crunchydata.com/data : postgres
users :
# Superuser
- name : postgres
databases :
- postgres
options : "SUPERUSER"
password :
type : AlphaNumeric
# Applications
- name : atuin
databases :
- atuin
password :
type : AlphaNumeric
2024-04-10 10:43:13 -05:00
- name : gatus
databases :
- gatus
password :
type : AlphaNumeric
2024-04-09 10:08:32 -05:00
- name : grafana
databases :
- grafana
password :
type : AlphaNumeric
2024-04-10 10:43:13 -05:00
- name : prowlarr
databases :
2024-04-10 11:17:36 -05:00
- prowlarr_logs
- prowlarr_main
2024-04-10 10:43:13 -05:00
password :
type : AlphaNumeric
- name : radarr
databases :
2024-04-10 11:17:36 -05:00
- radarr_logs
- radarr_main
2024-04-10 10:43:13 -05:00
password :
type : AlphaNumeric
- name : sonarr
databases :
2024-04-10 11:17:36 -05:00
- sonarr_logs
- sonarr_main
2024-04-10 10:43:13 -05:00
password :
type : AlphaNumeric
2024-04-09 05:17:44 -05:00
backups :
pgbackrest :
configuration : &backupConfig
- secret :
name : crunchy-postgres-secret
global : &backupFlag
archive-timeout : "60"
compress-type : "bz2"
compress-level : "9"
delta : "y"
repo1-retention-full-type : "time"
repo1-retention-full : "14"
repo1-retention-diff : "30"
repo1-path : "/crunchy-pgo"
repo1-s3-uri-style : path
archive-push-queue-max : 4GiB
manual :
repoName : repo1
options :
- --type=full
metadata :
labels :
app.kubernetes.io/name : crunchy-postgres-backup
repos :
- name : repo1 # Minio
s3 : &minio
bucket : "crunchy-main"
endpoint : "s3.hsn.dev"
region : "us-east-1"
schedules :
full : "0 1 * * 0" # Sunday at 01:00
differential : "0 1 * * 1-6" # Mon-Sat at 01:00
incremental : "0 2-23 * * *" # Every hour except 01:00
2024-04-09 05:39:31 -05:00
dataSource :
pgbackrest :
stanza : "db"
configuration : *backupConfig
global : *backupFlag
repo :
name : "repo1"
s3 : *minio
2024-04-09 05:17:44 -05:00
proxy :
pgBouncer :
port : 5432
replicas : *replica
metadata :
labels :
app.kubernetes.io/name : crunchy-postgres-pgbouncer
config :
global :
pool_mode : "transaction" # pgBouncer is set to transaction for Authentik. Grafana requires session https://github.com/grafana/grafana/issues/74260#issuecomment-1702795311. Everything else is happy with transaction
client_tls_sslmode : prefer
topologySpreadConstraints :
- maxSkew : 1
topologyKey : "kubernetes.io/hostname"
whenUnsatisfiable : "DoNotSchedule"
labelSelector :
matchLabels :
postgres-operator.crunchydata.com/cluster : *name
postgres-operator.crunchydata.com/role : "pgbouncer"