diff --git a/kubernetes/common/apps/database/dbs/ks.yaml b/kubernetes/common/apps/database/dbs/ks.yaml new file mode 100644 index 0000000..4eb472d --- /dev/null +++ b/kubernetes/common/apps/database/dbs/ks.yaml @@ -0,0 +1,28 @@ +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: postgresql + namespace: flux-system +spec: + timeout: 5m + interval: 10m + path: ./kubernetes/common/apps/database/dbs/postgresql + prune: true + sourceRef: + kind: GitRepository + name: home-cluster + decryption: + provider: sops + secretRef: + name: sops-gpg + dependsOn: + - name: openebs + namespace: flux-system + postBuild: + substitute: {} + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets \ No newline at end of file diff --git a/kubernetes/common/apps/database/dbs/postgresql/helm-release.yaml b/kubernetes/common/apps/database/dbs/postgresql/helm-release.yaml new file mode 100644 index 0000000..df00d37 --- /dev/null +++ b/kubernetes/common/apps/database/dbs/postgresql/helm-release.yaml @@ -0,0 +1,42 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: database +spec: + interval: 5m + chart: + spec: + chart: postgresql + version: 14.3.x + sourceRef: + kind: HelmRepository + name: bitnami-charts + namespace: flux-system + values: + auth: + existingSecret: "pgsql-secrets" + secretKeys: + adminPasswordKey: "adminPassword" + replicationPasswordKey: "replicationPassword" + + serviceMonitor: + enabled: true + labels: + release: kube-prometheus-stack + + volumePermissions: + enabled: true + + primary: + persistence: + existingClaim: "postgresql-pvc" + + containerSecurityContext: + enabled: true + runAsUser: 655 + + readReplicas: + containerSecurityContext: + enabled: true + runAsUser: 655 \ No newline at end of file diff --git a/kubernetes/common/apps/database/dbs/postgresql/kustomization.yaml b/kubernetes/common/apps/database/dbs/postgresql/kustomization.yaml new file mode 100644 index 0000000..b52eb49 --- /dev/null +++ b/kubernetes/common/apps/database/dbs/postgresql/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./pgsql-pv.yaml +- ./pgsql.sops.yaml +- ./helm-release.yaml +#- ./pgadmin4 \ No newline at end of file diff --git a/kubernetes/common/apps/database/dbs/postgresql/pgadmin4/helm-release.yaml b/kubernetes/common/apps/database/dbs/postgresql/pgadmin4/helm-release.yaml new file mode 100644 index 0000000..6e347ba --- /dev/null +++ b/kubernetes/common/apps/database/dbs/postgresql/pgadmin4/helm-release.yaml @@ -0,0 +1,47 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: pgadmin4 + namespace: database +spec: + interval: 5m + chart: + spec: + chart: pgadmin4 + version: "1.28.0" + sourceRef: + kind: HelmRepository + name: runix-charts + namespace: flux-system + values: + ingress: + enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + traefik.ingress.kubernetes.io/router.entrypoints: websecure + hosts: + - host: &host pgadm.${SECRET_NEW_DOMAIN} + paths: + - path: "/" + pathType: Prefix + tls: + - hosts: + - *host + +# securityContext: +# runAsUser: 10000 +# runAsGroup: 10000 +# fsGroup: 10000 +# +# containerSecurityContext: +# enabled: true +# allowPrivilegeEscalation: false + +# envVarsFromConfigMaps: +# - pgadmin4-secret + + persistentVolume: + enabled: false + + volumePermissions: + enabled: true \ No newline at end of file diff --git a/kubernetes/common/apps/database/dbs/postgresql/pgadmin4/helm-repository.yaml b/kubernetes/common/apps/database/dbs/postgresql/pgadmin4/helm-repository.yaml new file mode 100644 index 0000000..8348d74 --- /dev/null +++ b/kubernetes/common/apps/database/dbs/postgresql/pgadmin4/helm-repository.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: runix-charts + namespace: flux-system +spec: + interval: 1m + url: https://helm.runix.net diff --git a/kubernetes/common/apps/database/dbs/postgresql/pgadmin4/kustomization.yaml b/kubernetes/common/apps/database/dbs/postgresql/pgadmin4/kustomization.yaml new file mode 100644 index 0000000..a83bec5 --- /dev/null +++ b/kubernetes/common/apps/database/dbs/postgresql/pgadmin4/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./pgadmin4.sops.yaml +- ./helm-repository.yaml +- ./helm-release.yaml \ No newline at end of file diff --git a/kubernetes/common/apps/database/dbs/postgresql/pgsql-pv.yaml b/kubernetes/common/apps/database/dbs/postgresql/pgsql-pv.yaml new file mode 100644 index 0000000..fa77932 --- /dev/null +++ b/kubernetes/common/apps/database/dbs/postgresql/pgsql-pv.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: postgresql-pvc + namespace: database +spec: + storageClassName: openebs-dual + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi \ No newline at end of file diff --git a/kubernetes/common/apps/database/dbs/postgresql/pgsql.sops.yaml b/kubernetes/common/apps/database/dbs/postgresql/pgsql.sops.yaml new file mode 100644 index 0000000..9c1b403 --- /dev/null +++ b/kubernetes/common/apps/database/dbs/postgresql/pgsql.sops.yaml @@ -0,0 +1,62 @@ +apiVersion: v1 +kind: Secret +metadata: + name: pgsql-secrets + namespace: database +stringData: + adminPassword: ENC[AES256_GCM,data:gJ7rl2V/VlbIIRvRHcwMaZKN87t5n8bVWZCj/tRv8Uw=,iv:b/5eEnOrHzJrtnO+E2IGwJLHy2AdJQwv9WfUR5fUHY4=,tag:nTtaDNHVfYpChQX9UWwdKA==,type:str] + userPassword: ENC[AES256_GCM,data:gR7q508lUaRDRJ/z5lH99JLJSS9zWfg0O+TAm2B9uvo=,iv:9DDQxwd/BGtLQDacAH/crfT+qU4Pn5sGkWuEtmMprUI=,tag:tK3WoUd7729LQDVqU7pckQ==,type:str] + replicationPassword: ENC[AES256_GCM,data:BSA5IfYhhvN445yp2i3BI5zlIXgdj+LejCPzvlTMnVo=,iv:Qku2NAQPLxt+NUnk2dSx1+WAoyx3aEuA3+piU2mubYk=,tag:MnI+atK6VLZUc3eGS1OE1w==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-10-22T16:25:15Z" + mac: ENC[AES256_GCM,data:uWVPfKwPpR212js7f2RnCzEsMnxk2JpGPcf2L5i4gJCddJCrRJkdhjWGyVVpp/ociP3JLRTI95+WSEUH0KkPZpY1ptQevCVsUemRytOCtBlR0yR4qsBwEisSu8m4B5dbAYsqlXAndrBNL2WGB7uBv+ILgNxkhlN58unseSWJBDM=,iv:e7QyZSlhpyQ+A8OmV4p1848itIUxyam6CJOI9/N7DDY=,tag:N28mfrAjUTTYkly1hu0OhA==,type:str] + pgp: + - created_at: "2023-06-19T18:35:15Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMAzKleRwoSoixAQ//aQdUERyq3G7V29F5rpY6LdDgo8+hqrrZvdI3JnON0VUM + Tj3AAYg+xvYh8aPQywF9fJvn6qNw8fqrb2GiuuNTa9ZPCFsD+WXbuYHmQ9z6tAtV + opXe3QLNBuo9zEtUfGPbaCp8EH7f1TxQsTJoe9iE/1B2S69cHNUdgXZtfQyhpmlG + iyAk/G04kPazweIuFNjOYaN/12J/s2Cf5AZUeROkMxg8/GTPO68LeEBz9v4vl/1z + JlxmZyXR/9IeoBlO63asDrR85fcvSDb31K4qE3WVkag20bXClv1lehLVKO4bxA/F + lW1tXDR3odC9Ozme884Znd05L0NWkzYKYRta198IV6JuSCeMdjTscGGlMM9wqqKz + SZgs81FHXT16YCVupfI22CqMiD0EzQXrGEtJ4NqaBvhZu+MDxszNRzIl73b0HANc + 8JQqQqOJh7ltrWnf39Xlv73yVC/pYbaV1LWGnMfqWvOcksa9QjOH9Ysfj/RxdaMw + VQhydU+21+xeuEQBL7OsiJQUzgJjFREnTRPXcorCtWxocCn5zwdct1SFchFzCOTp + H0ubpD+MP4RTWxuYbZRhE5ty6GJU9liRH7dUJtVaQiv8V+G1DungTqq36AbbnHzd + 9cy+4cM3wZx2VYElL7DBom8nqqm7Xhffr0UaaY8VFuV5bBry3BmM5rOr8vDYqf7U + aAEJAhC/4yiBMuhEB+fwXIq/dBjMzW+p8SotK2QK03yaTFQchnBDknwVdqcKQxIZ + di3kupnjB+KllWOZhl121tT9L35ymL53BUu1FKCTFdIS2wXxy6UlIS98n0bvWJYN + c5WTfk81xmbT + =UE14 + -----END PGP MESSAGE----- + fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5 + - created_at: "2023-06-19T18:35:15Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMAy5t8IMoPu4VAQ/9G2JDsJw6YJMjstWPrv07tnU0ErWZx5WGcNUGhw6T5tOJ + kXCAuaZax8NxoTtZnQ9Cd+WgJr7R0FuVPEPTc4G2RsfntSZq5rBgCpT0fgwyASFX + 64b6YTbLcCL+G6sg/FwIi9SRqqCsaljATjoU685vrjaxYYfAdhyUoM3qSNjMMaMl + zVjn0kbWrQn4GqfuRMqcr+zCIQdHNTTJ12+c6UUo/zJp4zzjA68Yur9aiw1iHtR1 + rYCPHX2/ZmQjADTHXqwpuMdb5j0VDcd5JcZabdcJkhn/6MRJiN+XryZN/Neq9UbF + 5WrMaZz5v0iRnMUCr8HMw29P0ttu5Sma+RyCOZuWlpsXj+C84pJ8CjBbFhzSJzGP + cKI8Syn0CPLN3X6vKs+LJXEHg1jxJ9kuN+RgW+SQRctUX3A0JtFg2tWplkptNtLl + hN5rW+fWxk7BV9dP7wouwVJiKcW3Y/OMCF5H8YHwL/KVHvANBwNM+nmFPrHaqN2s + 0RghznmZMVG+9IYedSM6d8ZJLnO/QsNTE0QTGM/3dmBAn9jcndCLTgcgThAtvcmw + lFJYaMN3W455Cccaif93xnb44yn47actgEuM6GOuP15GGJaHD2iBQ2atHcaQhNQR + mxhIIouu+Kaa6g34MA/VGDNoN0eNYI5RZIUSSBl7bgaOXs9/3j1Uvap9yesCaOTU + aAEJAhDDqjX7RUazeEByAiKjv5TxpQzsi8gR4zyrhf6tTx34jHzQNoVjYEtLMEVl + ZlAJ06RoxOj8O6+8RGYd/ZUE+TQPQ4jx+PgWrZPUQx8TSxevuduw5XZ1lKytUSCZ + GFDjOxp0lMGV + =LHSB + -----END PGP MESSAGE----- + fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D + encrypted_regex: ^(data|stringData)$ + version: 3.8.0 diff --git a/kubernetes/common/apps/database/kustomization.yaml b/kubernetes/common/apps/database/kustomization.yaml new file mode 100644 index 0000000..1e1e858 --- /dev/null +++ b/kubernetes/common/apps/database/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./namespace +- ./dbs/ks.yaml \ No newline at end of file diff --git a/kubernetes/common/apps/database/namespace.yaml b/kubernetes/common/apps/database/namespace.yaml new file mode 100644 index 0000000..12a2a91 --- /dev/null +++ b/kubernetes/common/apps/database/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: database \ No newline at end of file diff --git a/kubernetes/thin/apps/kustomization.yaml b/kubernetes/thin/apps/kustomization.yaml index 35ba11f..ba010a8 100644 --- a/kubernetes/thin/apps/kustomization.yaml +++ b/kubernetes/thin/apps/kustomization.yaml @@ -13,4 +13,5 @@ resources: - ../../common/apps/nfd/ks.yaml - ../../common/apps/intel-gpu/ks.yaml +- ../../common/apps/database - ./default \ No newline at end of file