--- # yaml-language-server: $schema=https://ks.hsn.dev/postgres-operator.crunchydata.com/postgrescluster_v1beta1.json apiVersion: postgres-operator.crunchydata.com/v1beta1 kind: PostgresCluster metadata: name: &name postgres spec: postgresVersion: 16 metadata: labels: crunchy-userinit.ramblurr.github.com/enabled: "true" crunchy-userinit.ramblurr.github.com/superuser: "postgres" service: type: LoadBalancer metadata: annotations: external-dns.alpha.kubernetes.io/hostname: postgres.jahanson.tech io.cilium/lb-ipam-ips: 10.1.1.35 monitoring: pgmonitor: exporter: # https://github.com/CrunchyData/postgres-operator-examples/blob/main/helm/install/values.yaml # image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi8-0.15.0-12 resources: requests: cpu: 10m memory: 64M limits: memory: 512M patroni: # turn on sync writes to at least 1 other replica dynamicConfiguration: synchronous_mode: true postgresql: synchronous_commit: "on" pg_hba: - hostnossl all all 10.244.0.0/16 md5 # Needed because dbman does not support SSL yet - hostssl all all all md5 instances: - name: postgres metadata: labels: app.kubernetes.io/name: crunchy-postgres replicas: &replica 2 dataVolumeClaimSpec: storageClassName: openebs-hostpath accessModes: - ReadWriteOnce resources: requests: storage: 20Gi topologySpreadConstraints: - maxSkew: 1 topologyKey: "kubernetes.io/hostname" whenUnsatisfiable: "DoNotSchedule" labelSelector: matchLabels: postgres-operator.crunchydata.com/cluster: *name postgres-operator.crunchydata.com/data: postgres users: # Superuser - name: postgres databases: - postgres options: "SUPERUSER" password: type: AlphaNumeric # Applications - name: atuin databases: - atuin password: type: AlphaNumeric - name: autobrr databases: - autobrr password: type: AlphaNumeric - name: coder databases: - coder password: type: AlphaNumeric - name: gatus databases: - gatus password: type: AlphaNumeric - name: grafana databases: - grafana password: type: AlphaNumeric - name: kasm databases: - kasm password: type: AlphaNumeric - name: linkwarden databases: - linkwarden password: type: AlphaNumeric - name: piped databases: - piped password: type: AlphaNumeric - name: prowlarr databases: - prowlarr_logs - prowlarr_main password: type: AlphaNumeric - name: radarr databases: - radarr_logs - radarr_main password: type: AlphaNumeric - name: radarr-anime databases: - radarr_anime password: type: AlphaNumeric - name: sonarr databases: - sonarr_logs - sonarr_main password: type: AlphaNumeric - name: sonarr-anime databases: - sonarr_anime password: type: AlphaNumeric - name: jellyseerr databases: - jellyseerr password: type: AlphaNumeric - name: ptero databases: - ptero password: type: AlphaNumeric backups: pgbackrest: configuration: &backupConfig - secret: name: crunchy-postgres-secret global: &backupFlag archive-timeout: "1d" compress-type: "bz2" compress-level: "9" # Minio repo1-retention-full-type: "time" repo1-retention-full: "14" repo1-retention-diff: "30" repo1-path: "/crunchy-pgo" repo1-s3-uri-style: path # Hetzner repo2-retention-full-type: "time" repo2-retention-full: "7" repo2-path: "/crunchy-pgo" repo2-s3-uri-style: host manual: repoName: repo1 options: - --type=full metadata: labels: app.kubernetes.io/name: crunchy-postgres-backup repos: - name: repo1 # Minio s3: &minio bucket: "crunchy-main" endpoint: "s3.jahanson.tech:9000" region: "us-east-1" schedules: full: "0 1 * * 0" # Sunday at 01:00 differential: "0 1 * * 1-6" # Mon-Sat at 01:00 incremental: "0 2-23 * * *" # Every hour except 01:00 - name: repo2 # Hetzner Object Storage s3: &hetzner bucket: "hsn-pgb" endpoint: ${CLUSTER_SECRET_HETZNER_PGB_ENDPOINT} region: "fsn1" schedules: full: "0 2 * * 0" # Sunday at 02:00 differential: "0 2 * * 1-6/2" # Mon,Wed,Fri at 02:00 dataSource: pgbackrest: stanza: "db" configuration: *backupConfig global: *backupFlag repo: name: "repo1" s3: *minio proxy: pgBouncer: port: 5432 replicas: *replica service: type: LoadBalancer metadata: annotations: external-dns.alpha.kubernetes.io/hostname: pgbouncer.jahanson.tech io.cilium/lb-ipam-ips: 10.1.1.36 metadata: labels: app.kubernetes.io/name: crunchy-postgres-pgbouncer config: global: pool_mode: "transaction" # pgBouncer is set to transaction for Authentik. Grafana requires session https://github.com/grafana/grafana/issues/74260#issuecomment-1702795311. Everything else is happy with transaction client_tls_sslmode: prefer topologySpreadConstraints: - maxSkew: 1 topologyKey: "kubernetes.io/hostname" whenUnsatisfiable: "DoNotSchedule" labelSelector: matchLabels: postgres-operator.crunchydata.com/cluster: *name postgres-operator.crunchydata.com/role: "pgbouncer"