232 lines
6.1 KiB
YAML
232 lines
6.1 KiB
YAML
---
|
|
# yaml-language-server: $schema=https://ks.hsn.dev/postgres-operator.crunchydata.com/postgrescluster_v1beta1.json
|
|
apiVersion: postgres-operator.crunchydata.com/v1beta1
|
|
kind: PostgresCluster
|
|
metadata:
|
|
name: &name postgres
|
|
spec:
|
|
postgresVersion: 16
|
|
|
|
metadata:
|
|
labels:
|
|
crunchy-userinit.ramblurr.github.com/enabled: "true"
|
|
crunchy-userinit.ramblurr.github.com/superuser: "postgres"
|
|
|
|
service:
|
|
type: LoadBalancer
|
|
metadata:
|
|
annotations:
|
|
external-dns.alpha.kubernetes.io/hostname: postgres.jahanson.tech
|
|
io.cilium/lb-ipam-ips: 10.1.1.35
|
|
|
|
monitoring:
|
|
pgmonitor:
|
|
exporter:
|
|
# https://github.com/CrunchyData/postgres-operator-examples/blob/main/helm/install/values.yaml
|
|
# image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi8-0.15.0-12
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 64M
|
|
limits:
|
|
memory: 512M
|
|
|
|
patroni: # turn on sync writes to at least 1 other replica
|
|
dynamicConfiguration:
|
|
synchronous_mode: true
|
|
postgresql:
|
|
synchronous_commit: "on"
|
|
pg_hba:
|
|
- hostnossl all all 10.244.0.0/16 md5 # Needed because dbman does not support SSL yet
|
|
- hostssl all all all md5
|
|
|
|
instances:
|
|
- name: postgres
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: crunchy-postgres
|
|
replicas: &replica 2
|
|
dataVolumeClaimSpec:
|
|
storageClassName: openebs-hostpath
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 20Gi
|
|
topologySpreadConstraints:
|
|
- maxSkew: 1
|
|
topologyKey: "kubernetes.io/hostname"
|
|
whenUnsatisfiable: "DoNotSchedule"
|
|
labelSelector:
|
|
matchLabels:
|
|
postgres-operator.crunchydata.com/cluster: *name
|
|
postgres-operator.crunchydata.com/data: postgres
|
|
|
|
users:
|
|
# Superuser
|
|
- name: postgres
|
|
databases:
|
|
- postgres
|
|
options: "SUPERUSER"
|
|
password:
|
|
type: AlphaNumeric
|
|
# Applications
|
|
- name: atuin
|
|
databases:
|
|
- atuin
|
|
password:
|
|
type: AlphaNumeric
|
|
- name: autobrr
|
|
databases:
|
|
- autobrr
|
|
password:
|
|
type: AlphaNumeric
|
|
- name: coder
|
|
databases:
|
|
- coder
|
|
password:
|
|
type: AlphaNumeric
|
|
- name: gatus
|
|
databases:
|
|
- gatus
|
|
password:
|
|
type: AlphaNumeric
|
|
- name: grafana
|
|
databases:
|
|
- grafana
|
|
password:
|
|
type: AlphaNumeric
|
|
- name: kasm
|
|
databases:
|
|
- kasm
|
|
password:
|
|
type: AlphaNumeric
|
|
- name: linkwarden
|
|
databases:
|
|
- linkwarden
|
|
password:
|
|
type: AlphaNumeric
|
|
- name: piped
|
|
databases:
|
|
- piped
|
|
password:
|
|
type: AlphaNumeric
|
|
- name: prowlarr
|
|
databases:
|
|
- prowlarr_logs
|
|
- prowlarr_main
|
|
password:
|
|
type: AlphaNumeric
|
|
- name: radarr
|
|
databases:
|
|
- radarr_logs
|
|
- radarr_main
|
|
password:
|
|
type: AlphaNumeric
|
|
- name: radarr-anime
|
|
databases:
|
|
- radarr_anime
|
|
password:
|
|
type: AlphaNumeric
|
|
- name: sonarr
|
|
databases:
|
|
- sonarr_logs
|
|
- sonarr_main
|
|
password:
|
|
type: AlphaNumeric
|
|
- name: sonarr-anime
|
|
databases:
|
|
- sonarr_anime
|
|
password:
|
|
type: AlphaNumeric
|
|
- name: jellyseerr
|
|
databases:
|
|
- jellyseerr
|
|
password:
|
|
type: AlphaNumeric
|
|
- name: ptero
|
|
databases:
|
|
- ptero
|
|
password:
|
|
type: AlphaNumeric
|
|
|
|
|
|
backups:
|
|
pgbackrest:
|
|
configuration: &backupConfig
|
|
- secret:
|
|
name: crunchy-postgres-secret
|
|
global: &backupFlag
|
|
compress-type: "bz2"
|
|
compress-level: "9"
|
|
# Minio
|
|
repo1-retention-full-type: "time"
|
|
repo1-retention-full: "14"
|
|
repo1-retention-diff: "30"
|
|
repo1-path: "/crunchy-pgo"
|
|
repo1-s3-uri-style: path
|
|
# Hetzner
|
|
repo2-retention-full-type: "time"
|
|
repo2-retention-full: "7"
|
|
repo2-path: "/crunchy-pgo"
|
|
repo2-s3-uri-style: path
|
|
manual:
|
|
repoName: repo1
|
|
options:
|
|
- --type=full
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: crunchy-postgres-backup
|
|
repos:
|
|
- name: repo1 # Minio
|
|
s3: &minio
|
|
bucket: "crunchy-main"
|
|
endpoint: "s3.jahanson.tech:9000"
|
|
region: "us-east-1"
|
|
schedules:
|
|
full: "0 1 * * 0" # Sunday at 01:00
|
|
differential: "0 1 * * 1-6" # Mon-Sat at 01:00
|
|
incremental: "0 2-23 * * *" # Every hour except 01:00
|
|
- name: repo2 # Hetzner Object Storage
|
|
s3: &hetzner
|
|
bucket: "hsn-pgb"
|
|
endpoint: ${CLUSTER_SECRET_HETZNER_PGB_ENDPOINT}
|
|
region: "fsn1"
|
|
schedules:
|
|
full: "0 2 * * 0" # Sunday at 02:00
|
|
differential: "0 2 * * 1-6/2" # Mon,Wed,Fri at 02:00
|
|
|
|
dataSource:
|
|
pgbackrest:
|
|
stanza: "db"
|
|
configuration: *backupConfig
|
|
global: *backupFlag
|
|
repo:
|
|
name: "repo1"
|
|
s3: *minio
|
|
|
|
proxy:
|
|
pgBouncer:
|
|
port: 5432
|
|
replicas: *replica
|
|
service:
|
|
type: LoadBalancer
|
|
metadata:
|
|
annotations:
|
|
external-dns.alpha.kubernetes.io/hostname: pgbouncer.jahanson.tech
|
|
io.cilium/lb-ipam-ips: 10.1.1.36
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: crunchy-postgres-pgbouncer
|
|
config:
|
|
global:
|
|
pool_mode: "transaction" # pgBouncer is set to transaction for Authentik. Grafana requires session https://github.com/grafana/grafana/issues/74260#issuecomment-1702795311. Everything else is happy with transaction
|
|
client_tls_sslmode: prefer
|
|
topologySpreadConstraints:
|
|
- maxSkew: 1
|
|
topologyKey: "kubernetes.io/hostname"
|
|
whenUnsatisfiable: "DoNotSchedule"
|
|
labelSelector:
|
|
matchLabels:
|
|
postgres-operator.crunchydata.com/cluster: *name
|
|
postgres-operator.crunchydata.com/role: "pgbouncer"
|