--- # yaml-language-server: $schema=https://ks.hsn.dev/postgres-operator.crunchydata.com/postgrescluster_v1beta1.json apiVersion: postgres-operator.crunchydata.com/v1beta1 kind: PostgresCluster metadata: name: &name postgres spec: postgresVersion: 16 metadata: labels: crunchy-userinit.ramblurr.github.com/enabled: "true" crunchy-userinit.ramblurr.github.com/superuser: "postgres" service: type: LoadBalancer metadata: annotations: external-dns.alpha.kubernetes.io/hostname: postgres.jahanson.tech io.cilium/lb-ipam-ips: 10.45.0.7 monitoring: pgmonitor: exporter: # https://github.com/CrunchyData/postgres-operator-examples/blob/main/helm/install/values.yaml image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi8-0.15.0-3 patroni: # turn on sync writes to at least 1 other replica dynamicConfiguration: synchronous_mode: true postgresql: synchronous_commit: "on" pg_hba: - hostnossl all all 10.244.0.0/16 md5 # Needed because dbman does not support SSL yet - hostssl all all all md5 instances: - name: postgres metadata: labels: app.kubernetes.io/name: crunchy-postgres replicas: &replica 1 dataVolumeClaimSpec: storageClassName: openebs-zfs accessModes: - ReadWriteOnce resources: requests: storage: 20Gi topologySpreadConstraints: - maxSkew: 1 topologyKey: "kubernetes.io/hostname" whenUnsatisfiable: "DoNotSchedule" labelSelector: matchLabels: postgres-operator.crunchydata.com/cluster: *name postgres-operator.crunchydata.com/data: postgres users: # Superuser - name: postgres databases: - postgres options: "SUPERUSER" password: type: AlphaNumeric # Applications - name: atuin databases: - atuin password: type: AlphaNumeric - name: gatus databases: - gatus password: type: AlphaNumeric - name: grafana databases: - grafana password: type: AlphaNumeric - name: prowlarr databases: - prowlarr_logs - prowlarr_main password: type: AlphaNumeric - name: radarr databases: - radarr_logs - radarr_main password: type: AlphaNumeric - name: sonarr databases: - sonarr_logs - sonarr_main password: type: AlphaNumeric backups: pgbackrest: configuration: &backupConfig - secret: name: crunchy-postgres-secret global: &backupFlag archive-timeout: "60" compress-type: "bz2" compress-level: "9" delta: "y" repo1-retention-full-type: "time" repo1-retention-full: "14" repo1-retention-diff: "30" repo1-path: "/crunchy-pgo" repo1-s3-uri-style: path archive-push-queue-max: 4GiB manual: repoName: repo1 options: - --type=full metadata: labels: app.kubernetes.io/name: crunchy-postgres-backup repos: - name: repo1 # Minio s3: &minio bucket: "crunchy-main" endpoint: "s3.hsn.dev" region: "us-east-1" schedules: full: "0 1 * * 0" # Sunday at 01:00 differential: "0 1 * * 1-6" # Mon-Sat at 01:00 incremental: "0 2-23 * * *" # Every hour except 01:00 dataSource: pgbackrest: stanza: "db" configuration: *backupConfig global: *backupFlag repo: name: "repo1" s3: *minio proxy: pgBouncer: port: 5432 replicas: *replica metadata: labels: app.kubernetes.io/name: crunchy-postgres-pgbouncer config: global: pool_mode: "transaction" # pgBouncer is set to transaction for Authentik. Grafana requires session https://github.com/grafana/grafana/issues/74260#issuecomment-1702795311. Everything else is happy with transaction client_tls_sslmode: prefer topologySpreadConstraints: - maxSkew: 1 topologyKey: "kubernetes.io/hostname" whenUnsatisfiable: "DoNotSchedule" labelSelector: matchLabels: postgres-operator.crunchydata.com/cluster: *name postgres-operator.crunchydata.com/role: "pgbouncer"