diff --git a/kubernetes/main/apps/database/kustomization.yaml b/kubernetes/main/apps/database/kustomization.yaml index 02de375..c85a799 100644 --- a/kubernetes/main/apps/database/kustomization.yaml +++ b/kubernetes/main/apps/database/kustomization.yaml @@ -3,7 +3,7 @@ kind: Kustomization resources: - ./namespace.yaml #- ./network_policy.yaml -- ./postgresql +- ./postgresql/ks.yaml - ./redis - ./minio - ./mysql \ No newline at end of file diff --git a/kubernetes/main/apps/database/postgresql/app/helm-release.yaml b/kubernetes/main/apps/database/postgresql/app/helm-release.yaml new file mode 100644 index 0000000..d0ea2fb --- /dev/null +++ b/kubernetes/main/apps/database/postgresql/app/helm-release.yaml @@ -0,0 +1,37 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: cloudnative-pg + namespace: database +spec: + interval: 30m + chart: + spec: + chart: cloudnative-pg + version: 0.22.0 + sourceRef: + kind: HelmRepository + name: cloudnative-pg + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + dependsOn: + - name: minio + namespace: database + - name: openebs + namespace: openebs-system + values: + crds: + create: true + monitoring: + podMonitorEnabled: false + grafanaDashboard: + create: true \ No newline at end of file diff --git a/kubernetes/main/apps/database/postgresql/pgadmin4/helm-repository.yaml b/kubernetes/main/apps/database/postgresql/app/helm-repository.yaml similarity index 56% rename from kubernetes/main/apps/database/postgresql/pgadmin4/helm-repository.yaml rename to kubernetes/main/apps/database/postgresql/app/helm-repository.yaml index 8348d74..499ed98 100644 --- a/kubernetes/main/apps/database/postgresql/pgadmin4/helm-repository.yaml +++ b/kubernetes/main/apps/database/postgresql/app/helm-repository.yaml @@ -1,8 +1,8 @@ apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: - name: runix-charts + name: cloudnative-pg namespace: flux-system spec: - interval: 1m - url: https://helm.runix.net + interval: 2h + url: https://cloudnative-pg.io/charts \ No newline at end of file diff --git a/kubernetes/main/apps/database/postgresql/pgadmin4/kustomization.yaml b/kubernetes/main/apps/database/postgresql/app/kustomization.yaml similarity index 69% rename from kubernetes/main/apps/database/postgresql/pgadmin4/kustomization.yaml rename to kubernetes/main/apps/database/postgresql/app/kustomization.yaml index a83bec5..7414970 100644 --- a/kubernetes/main/apps/database/postgresql/pgadmin4/kustomization.yaml +++ b/kubernetes/main/apps/database/postgresql/app/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ./pgadmin4.sops.yaml +- ./secret.sops.yaml - ./helm-repository.yaml - ./helm-release.yaml \ No newline at end of file diff --git a/kubernetes/main/apps/database/postgresql/app/secret.sops.yaml b/kubernetes/main/apps/database/postgresql/app/secret.sops.yaml new file mode 100644 index 0000000..bb180cd --- /dev/null +++ b/kubernetes/main/apps/database/postgresql/app/secret.sops.yaml @@ -0,0 +1,76 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cloudnative-pg-secret + namespace: database + labels: + cnpg.io/reload: "true" +stringData: + username: ENC[AES256_GCM,data:SZUXJOMnDmI=,iv:huI5AHvtfU6aCo6drbdZxJ2QwOGwKAd4CfSi8WWUQHU=,tag:fIETu/Yyx01raNTnmBt8AA==,type:str] + password: ENC[AES256_GCM,data:qlcpDS3RhNtSowFuMYlpL11WdR4tZK9M3eZug9TerA4=,iv:9d7ChBA4VcFRszCm3rfPJSYESK2it/dryK0TetDM2Ns=,tag:Z7EI76aBEltrUym/T8MuiA==,type:str] + minioAccessKey: ENC[AES256_GCM,data:CsmN8wuSLLOtiA0PWeaWuw==,iv:oRNB1nhRPH7fRf98exEZ7lGSpvqVRx4l+tQyjPU2rog=,tag:Gx9SRd2UnHNgBiVtalrHAA==,type:str] + minioSecretKey: ENC[AES256_GCM,data:gW5lUoSY2oTLhczB0CySIOadmrltk+zMpYJ6XPRQmtI=,iv:NfnjIwfILvCS99tUdHbCvJwztNPpT8ne4oAg4yOjgFM=,tag:kC6EKVPCGbQxwKySjkgYhw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-10-16T23:46:50Z" + mac: ENC[AES256_GCM,data:1j9tp3Z30k3LC40djCriXYr78LLmSAUkssqBJgk/RKDt6eHbBPwtUhzmLewF8dSxo2shLl/jzKPCsL8HP+kHSvL9bCtrgDBnIEJabGISAHDTDBXkLB+uzVlfx0diDbX0fpZZNBSPCzFHYiebGqY1scUVsN1sBOPxUNrbIi9iKro=,iv:rYsu3+KPmuXBAp/ciYmojj3LEBL8F6PjwXQ1pmJVm5c=,tag:d3r+p29s4POVhCKeAal1cg==,type:str] + pgp: + - created_at: "2024-10-16T23:46:50Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAwAAAAAAAAAAAQ/8CSIYw9BE0BxpPpMtJ9xK6xTHIuWnlWAOwhugvLal6i5T + xPFPfRH0uJp9fhayw//pvGz+4JaoqjcHymxEVtqWhAlFRo1WZdllAx97svKySZpC + WxtpEZhur1iwaylKLUinxaltGxumIGD6pGw8VowlyFic944SKqgJAfM8myuddnAk + waWX8H4coSBFLOcsEavieKhOOrsd6D3ppzKNtvYFOb4BAy3YyJHkfw3N1zkraw2L + D5kdBBugLITYpZX8Iqj/UiOAOn05Xgy31p2XjsX0c3JGm5oCcwf+u3BgrVyHvYXN + Z2k7j8e5FbjaxOcBzS0rrrHM+yJahJfQOyCL4A7guISBlLYaJ+BHh3qg4kxhtCau + jHKjglj1Jz50xY9hnH/+UK9jhCMActmZmAQg45hTDynGr6NsOPr43Q6XoUoGUB6X + WbamAIbEnM9u6/Ve6MUkCxMBlA45pQc72v6j4p40aZDqoNWp0PTr4BcYfYvgJafq + MIzxI431+l5x4MAw4ZC14tvhKJX6wNqujn7ZZW8qFAixQwIBuZcogh8YrcLGqHEo + iTbrg2xRnT9C3npm+gQsk80h78sHyPlm0P9EAOCWjnRSZeixSjly9htn5sIKBS+O + yxWfQVDlplYv5V10roKxbfCzMIzHEeayyUaAQib0Z5RsYZfQkemT7zE/U8DftK+F + AgwDAAAAAAAAAAABEACy1DQRnTKLAY8UzS6xRQrauc82a6VzW5TDfiMGiXDZKa+y + 9mij9kY7n+727YFZqZiUfEUpOL3pArj+I3PDSv2viPLWo0+1mN4stLt9SwMt+F0m + 5DuoTCslrJpupoFxrw+N1uzI0c6UZtYFP5c2iLy3JLPlbCCAdbB6vLqDDaXko8J/ + Mf/i5H5Q1Qqfa33NbdfeDkVU6yN+QlbFK3P42FkddUwfKHc7hBn0XpkwheCR+WIj + ocntnX6ksgbbZQmiISWIfBRbxDQaKQ+OIW72OxAY5g6/E2+mIOMraV2YC7zfT/aO + zARTjdoV+hknKlv788i4JBN569YligYo3BB/j6YAczp0V5KvF/4RmcDQYGXIWSjG + 9kevuO/5uD82aQCkXkmrjyeNsBUQAFxjTU/ULxanMzud3bcistbejrGkfunuYune + bnPlMDwjd0Wnxv05fmaJ05K5W35ngLCa+7bsoTdqi4KLmWe/OQDOkbRL7awRfEXA + J2JqCiPfZeC+VxM+ysMIYMvpaTyQ+LXNbRRYpMXlHRlqkU2WXeM5vKwj0wqivQ30 + mmffcBpTFBspHjO1Gz4asrZnoKh9IiPK/qtoi0EEKXQAPFV8AQcN7gtzCSUpASq6 + mkL+uhjeRd8UjQZnGrZnhNOkQuwiM/pvoAODz5NgNgi5NBTnsgvi4rtXopiTytRm + AQkCEMbcxdunAlkuYk3TYUGstkww6uVItWY+9pgipjTEhXXDXdNvjpler7793AJj + 1XSt0W1FGnpJUYMrhnMFgUAdDh+pCXkKnyk8bR6OlEnoDlR6AZqlqtcYUn8lIRq5 + dXeV4tC4 + =xH0Y + -----END PGP MESSAGE----- + fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD + - created_at: "2024-10-16T23:46:50Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAwAAAAAAAAAAAQ/+Im71eAhkMXAiemDau+TBGU3DEsw9LrdmOPvODknhmUF5 + kONOLSDoN9C4F36iGhFrnAFBa/Z/y3wgZdzgSdFZaXjZyja9aRzwu0eC5jfniR/6 + r8MFHwP0OA9Vi66Iin77fzpl9bK7W/XY+KHtI6a6rxcGYcp8cqeeIRqUco8jPUpx + gTwaYyi3C/vzLdZhljQw/5TR8HN11P/pvDu4SGDhNMMEEZi3AphimExrbD9efXFJ + QYVvMlgN0X+CqVHmeyasXnsR9dcMoJXxz054BsPiRkJVPPQOR7+1lRu3h3gVfvym + ZzgMikmZArI+lUVXwppNHPRj9fVpqTq7GBuUrwdOCU9crXx/vi4+M20ocesRaV58 + bZqzyV92fN8YeqLRkpHm3Mlf8HK9L/Rk4tdpD2MtL29uUlu8wEecLW0dLXx8QoLG + h+m9XOqFHssmCRY5QxHhtzk5BclE3X8iYZRns43puMC3ZZwdINqE8t9FOMJ0lZJq + Q2mzkpyo3ozCh8gKOOAO1McjVGdoqURSngbQgGmmX+qBBcSuHv03134aEq4aqYkB + F7g+9dbacs1MphuN5CaMRhOMY7v87KOQKtziVK4DcX1AsR8EoGc9TzNa1h/7jJ2Y + gfA0Mg1kAYdm9973o6PHV7fpJ/AS6xqvma9N6SaQJtyiqquXFU7Fuf0hNEsI1+TU + ZgEJAhCImWzfnwav7b6R9xzAYrwkkKhrHA4B4cG8XzvZfmWOEMvWkr+CaOppbVxJ + zg0KInkWzw0RU/NVx3bTrKOXwv4Q8vlswFaioA+eDkYEcMtqAiT3LEvhF5Ueqi6d + BhnMEZd1cw== + =txQ7 + -----END PGP MESSAGE----- + fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D + encrypted_regex: ^(data|stringData)$ + version: 3.9.1 diff --git a/kubernetes/main/apps/database/postgresql/cert.yaml b/kubernetes/main/apps/database/postgresql/cert.yaml deleted file mode 100644 index baa0653..0000000 --- a/kubernetes/main/apps/database/postgresql/cert.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: postgres-cert - namespace: database -spec: - secretName: postgres-cert - - duration: 2160h # 90d - renewBefore: 360h # 15d - - issuerRef: - name: ca-issuer - kind: ClusterIssuer - - dnsNames: - - postgresql.database \ No newline at end of file diff --git a/kubernetes/main/apps/database/postgresql/cluster/cluster16.yaml b/kubernetes/main/apps/database/postgresql/cluster/cluster16.yaml new file mode 100644 index 0000000..d3fe895 --- /dev/null +++ b/kubernetes/main/apps/database/postgresql/cluster/cluster16.yaml @@ -0,0 +1,83 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/cluster_v1.json +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: postgres16 + namespace: database +spec: + instances: 3 + imageName: ghcr.io/cloudnative-pg/postgresql:16.4-28 + primaryUpdateStrategy: unsupervised + storage: + size: 20Gi + storageClass: openebs-zfs-mainpool + superuserSecret: + name: cloudnative-pg-secret + enableSuperuserAccess: true + postgresql: + parameters: + max_connections: "400" + shared_buffers: 256MB + nodeMaintenanceWindow: + inProgress: false + reusePVC: true + resources: + requests: + cpu: 500m + limits: + memory: 4Gi + monitoring: + enablePodMonitor: true + backup: + retentionPolicy: 30d + barmanObjectStore: &barmanObjectStore + data: + compression: bzip2 + wal: + compression: bzip2 + maxParallel: 8 + destinationPath: s3://cloudnative-pg/ + endpointURL: http://minio.database.svc:9000 + # Note: serverName version needs to be inclemented + # when recovering from an existing cnpg cluster + serverName: ¤tCluster postgres16-v2 + s3Credentials: + accessKeyId: + name: cloudnative-pg-secret + key: minioAccessKey + secretAccessKey: + name: cloudnative-pg-secret + key: minioSecretKey + + # Note: previousCluster needs to be set to the name of the previous + # cluster when recovering from an existing cnpg cluster + bootstrap: + recovery: + source: &previousCluster postgres16-v1 + # initdb: + # import: + # type: monolith + # databases: + # - "*" + # roles: + # - "*" + # source: + # externalCluster: old-cluster + + # Note: externalClusters is needed when recovering from an existing cnpg cluster + externalClusters: + - name: *previousCluster + barmanObjectStore: + <<: *barmanObjectStore + serverName: *previousCluster + # - name: old-cluster + # connectionParameters: + # # Use the correct IP or host name for the source database + # host: postgresql.database.svc + # user: postgres + # dbname: postgres + # #sslmode: require + # password: + # name: cloudnative-pg-secret + # key: password diff --git a/kubernetes/main/apps/database/postgresql/cluster/kustomization.yaml b/kubernetes/main/apps/database/postgresql/cluster/kustomization.yaml new file mode 100644 index 0000000..9c74817 --- /dev/null +++ b/kubernetes/main/apps/database/postgresql/cluster/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./cluster16.yaml +- ./scheduledbackup.yaml +- ./prometheusrule.yaml \ No newline at end of file diff --git a/kubernetes/main/apps/database/postgresql/cluster/prometheusrule.yaml b/kubernetes/main/apps/database/postgresql/cluster/prometheusrule.yaml new file mode 100644 index 0000000..1c8d93c --- /dev/null +++ b/kubernetes/main/apps/database/postgresql/cluster/prometheusrule.yaml @@ -0,0 +1,76 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/prometheusrule_v1.json +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: cloudnative-pg-rules + labels: + prometheus: k8s + role: alert-rules +spec: + groups: + - name: cloudnative-pg.rules + rules: + - alert: LongRunningTransaction + annotations: + description: Pod {{ $labels.pod }} is taking more than 5 minutes (300 seconds) for a query. + summary: A query is taking longer than 5 minutes. + expr: |- + cnpg_backends_max_tx_duration_seconds > 300 + for: 1m + labels: + severity: warning + - alert: BackendsWaiting + annotations: + description: Pod {{ $labels.pod }} has been waiting for longer than 5 minutes + summary: If a backend is waiting for longer than 5 minutes + expr: |- + cnpg_backends_waiting_total > 300 + for: 1m + labels: + severity: warning + - alert: PGDatabase + annotations: + description: Over 300,000,000 transactions from frozen xid on pod {{ $labels.pod }} + summary: Number of transactions from the frozen XID to the current one + expr: |- + cnpg_pg_database_xid_age > 300000000 + for: 1m + labels: + severity: warning + - alert: PGReplication + annotations: + description: Standby is lagging behind by over 300 seconds (5 minutes) + summary: The standby is lagging behind the primary + expr: |- + cnpg_pg_replication_lag > 300 + for: 1m + labels: + severity: warning + - alert: LastFailedArchiveTime + annotations: + description: Archiving failed for {{ $labels.pod }} + summary: Checks the last time archiving failed. Will be < 0 when it has not failed. + expr: |- + (cnpg_pg_stat_archiver_last_failed_time - cnpg_pg_stat_archiver_last_archived_time) > 1 + for: 1m + labels: + severity: warning + - alert: DatabaseDeadlockConflicts + annotations: + description: There are over 10 deadlock conflicts in {{ $labels.pod }} + summary: Checks the number of database conflicts + expr: |- + cnpg_pg_stat_database_deadlocks > 10 + for: 1m + labels: + severity: warning + - alert: ReplicaFailingReplication + annotations: + description: Replica {{ $labels.pod }} is failing to replicate + summary: Checks if the replica is failing to replicate + expr: |- + cnpg_pg_replication_in_recovery > cnpg_pg_replication_is_wal_receiver_up + for: 1m + labels: + severity: warning \ No newline at end of file diff --git a/kubernetes/main/apps/database/postgresql/cluster/scheduledbackup.yaml b/kubernetes/main/apps/database/postgresql/cluster/scheduledbackup.yaml new file mode 100644 index 0000000..67525d0 --- /dev/null +++ b/kubernetes/main/apps/database/postgresql/cluster/scheduledbackup.yaml @@ -0,0 +1,12 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/scheduledbackup_v1.json +apiVersion: postgresql.cnpg.io/v1 +kind: ScheduledBackup +metadata: + name: postgres +spec: + schedule: "@daily" + immediate: true + backupOwnerReference: self + cluster: + name: postgres16 \ No newline at end of file diff --git a/kubernetes/main/apps/database/postgresql/helm-release.yaml b/kubernetes/main/apps/database/postgresql/helm-release.yaml deleted file mode 100644 index 169a68a..0000000 --- a/kubernetes/main/apps/database/postgresql/helm-release.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: postgresql - namespace: database -spec: - interval: 5m - chart: - spec: - chart: postgresql - version: 14.3.x - sourceRef: - kind: HelmRepository - name: bitnami-charts - namespace: flux-system - values: - auth: - existingSecret: "pgsql-secrets" - secretKeys: - adminPasswordKey: "adminPassword" - replicationPasswordKey: "replicationPassword" - - tls: - enabled: true - certificatesSecret: postgres-cert - certFilename: "tls.crt" - certKeyFilename: "tls.key" - - serviceMonitor: - enabled: true - labels: - release: kube-prometheus-stack - - volumePermissions: - enabled: true - - primary: - persistence: - existingClaim: "postgresql-pv-claim" - - containerSecurityContext: - enabled: true - runAsUser: 10000 - - readReplicas: - containerSecurityContext: - enabled: true - runAsUser: 10000 - \ No newline at end of file diff --git a/kubernetes/main/apps/database/postgresql/ks.yaml b/kubernetes/main/apps/database/postgresql/ks.yaml new file mode 100644 index 0000000..d2c49db --- /dev/null +++ b/kubernetes/main/apps/database/postgresql/ks.yaml @@ -0,0 +1,56 @@ +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cloudnative-pg + namespace: flux-system +spec: + timeout: 5m + interval: 10m + path: ./kubernetes/main/apps/database/postgresql/app + prune: true + sourceRef: + kind: GitRepository + name: home-cluster + decryption: + provider: sops + secretRef: + name: sops-gpg + dependsOn: + - name: openebs + - name: openebs-sc + postBuild: + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cloudnative-pg-cluster + namespace: flux-system +spec: + timeout: 5m + interval: 10m + path: ./kubernetes/main/apps/database/postgresql/cluster + prune: true + sourceRef: + kind: GitRepository + name: home-cluster + decryption: + provider: sops + secretRef: + name: sops-gpg + dependsOn: + - name: openebs + - name: openebs-sc + - name: cloudnative-pg + postBuild: + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets \ No newline at end of file diff --git a/kubernetes/main/apps/database/postgresql/kustomization.yaml b/kubernetes/main/apps/database/postgresql/kustomization.yaml deleted file mode 100644 index 159f941..0000000 --- a/kubernetes/main/apps/database/postgresql/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- ./pgsql-pv.yaml -- ./pgsql.sops.yaml -- ./cert.yaml -- ./helm-release.yaml -#- ./pgadmin4 \ No newline at end of file diff --git a/kubernetes/main/apps/database/postgresql/pgadmin4/helm-release.yaml b/kubernetes/main/apps/database/postgresql/pgadmin4/helm-release.yaml deleted file mode 100644 index 4d2c5fd..0000000 --- a/kubernetes/main/apps/database/postgresql/pgadmin4/helm-release.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: pgadmin4 - namespace: database -spec: - interval: 5m - chart: - spec: - chart: pgadmin4 - version: "1.29.0" - sourceRef: - kind: HelmRepository - name: runix-charts - namespace: flux-system - values: - ingress: - enabled: true - annotations: - cert-manager.io/cluster-issuer: letsencrypt-production - traefik.ingress.kubernetes.io/router.entrypoints: websecure - hosts: - - host: &host pgadm.${SECRET_NEW_DOMAIN} - paths: - - path: "/" - pathType: Prefix - tls: - - hosts: - - *host - -# securityContext: -# runAsUser: 10000 -# runAsGroup: 10000 -# fsGroup: 10000 -# -# containerSecurityContext: -# enabled: true -# allowPrivilegeEscalation: false - -# envVarsFromConfigMaps: -# - pgadmin4-secret - - persistentVolume: - enabled: false - - volumePermissions: - enabled: true \ No newline at end of file diff --git a/kubernetes/main/apps/database/postgresql/pgsql-pv.yaml b/kubernetes/main/apps/database/postgresql/pgsql-pv.yaml deleted file mode 100644 index c33cb4f..0000000 --- a/kubernetes/main/apps/database/postgresql/pgsql-pv.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: postgresql-pv - namespace: database -spec: - storageClassName: hostpath - persistentVolumeReclaimPolicy: Retain - capacity: - storage: 12Gi - accessModes: - - ReadWriteOnce - hostPath: - path: "/mnt/MainPool/Kubernetes/databases/postgresql" ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: postgresql-pv-claim - namespace: database -spec: - storageClassName: hostpath - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 10Gi \ No newline at end of file diff --git a/kubernetes/main/apps/database/postgresql/pgsql.sops.yaml b/kubernetes/main/apps/database/postgresql/pgsql.sops.yaml deleted file mode 100644 index 9c1b403..0000000 --- a/kubernetes/main/apps/database/postgresql/pgsql.sops.yaml +++ /dev/null @@ -1,62 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: pgsql-secrets - namespace: database -stringData: - adminPassword: ENC[AES256_GCM,data:gJ7rl2V/VlbIIRvRHcwMaZKN87t5n8bVWZCj/tRv8Uw=,iv:b/5eEnOrHzJrtnO+E2IGwJLHy2AdJQwv9WfUR5fUHY4=,tag:nTtaDNHVfYpChQX9UWwdKA==,type:str] - userPassword: ENC[AES256_GCM,data:gR7q508lUaRDRJ/z5lH99JLJSS9zWfg0O+TAm2B9uvo=,iv:9DDQxwd/BGtLQDacAH/crfT+qU4Pn5sGkWuEtmMprUI=,tag:tK3WoUd7729LQDVqU7pckQ==,type:str] - replicationPassword: ENC[AES256_GCM,data:BSA5IfYhhvN445yp2i3BI5zlIXgdj+LejCPzvlTMnVo=,iv:Qku2NAQPLxt+NUnk2dSx1+WAoyx3aEuA3+piU2mubYk=,tag:MnI+atK6VLZUc3eGS1OE1w==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-10-22T16:25:15Z" - mac: ENC[AES256_GCM,data:uWVPfKwPpR212js7f2RnCzEsMnxk2JpGPcf2L5i4gJCddJCrRJkdhjWGyVVpp/ociP3JLRTI95+WSEUH0KkPZpY1ptQevCVsUemRytOCtBlR0yR4qsBwEisSu8m4B5dbAYsqlXAndrBNL2WGB7uBv+ILgNxkhlN58unseSWJBDM=,iv:e7QyZSlhpyQ+A8OmV4p1848itIUxyam6CJOI9/N7DDY=,tag:N28mfrAjUTTYkly1hu0OhA==,type:str] - pgp: - - created_at: "2023-06-19T18:35:15Z" - enc: | - -----BEGIN PGP MESSAGE----- - - hQIMAzKleRwoSoixAQ//aQdUERyq3G7V29F5rpY6LdDgo8+hqrrZvdI3JnON0VUM - Tj3AAYg+xvYh8aPQywF9fJvn6qNw8fqrb2GiuuNTa9ZPCFsD+WXbuYHmQ9z6tAtV - opXe3QLNBuo9zEtUfGPbaCp8EH7f1TxQsTJoe9iE/1B2S69cHNUdgXZtfQyhpmlG - iyAk/G04kPazweIuFNjOYaN/12J/s2Cf5AZUeROkMxg8/GTPO68LeEBz9v4vl/1z - JlxmZyXR/9IeoBlO63asDrR85fcvSDb31K4qE3WVkag20bXClv1lehLVKO4bxA/F - lW1tXDR3odC9Ozme884Znd05L0NWkzYKYRta198IV6JuSCeMdjTscGGlMM9wqqKz - SZgs81FHXT16YCVupfI22CqMiD0EzQXrGEtJ4NqaBvhZu+MDxszNRzIl73b0HANc - 8JQqQqOJh7ltrWnf39Xlv73yVC/pYbaV1LWGnMfqWvOcksa9QjOH9Ysfj/RxdaMw - VQhydU+21+xeuEQBL7OsiJQUzgJjFREnTRPXcorCtWxocCn5zwdct1SFchFzCOTp - H0ubpD+MP4RTWxuYbZRhE5ty6GJU9liRH7dUJtVaQiv8V+G1DungTqq36AbbnHzd - 9cy+4cM3wZx2VYElL7DBom8nqqm7Xhffr0UaaY8VFuV5bBry3BmM5rOr8vDYqf7U - aAEJAhC/4yiBMuhEB+fwXIq/dBjMzW+p8SotK2QK03yaTFQchnBDknwVdqcKQxIZ - di3kupnjB+KllWOZhl121tT9L35ymL53BUu1FKCTFdIS2wXxy6UlIS98n0bvWJYN - c5WTfk81xmbT - =UE14 - -----END PGP MESSAGE----- - fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5 - - created_at: "2023-06-19T18:35:15Z" - enc: | - -----BEGIN PGP MESSAGE----- - - hQIMAy5t8IMoPu4VAQ/9G2JDsJw6YJMjstWPrv07tnU0ErWZx5WGcNUGhw6T5tOJ - kXCAuaZax8NxoTtZnQ9Cd+WgJr7R0FuVPEPTc4G2RsfntSZq5rBgCpT0fgwyASFX - 64b6YTbLcCL+G6sg/FwIi9SRqqCsaljATjoU685vrjaxYYfAdhyUoM3qSNjMMaMl - zVjn0kbWrQn4GqfuRMqcr+zCIQdHNTTJ12+c6UUo/zJp4zzjA68Yur9aiw1iHtR1 - rYCPHX2/ZmQjADTHXqwpuMdb5j0VDcd5JcZabdcJkhn/6MRJiN+XryZN/Neq9UbF - 5WrMaZz5v0iRnMUCr8HMw29P0ttu5Sma+RyCOZuWlpsXj+C84pJ8CjBbFhzSJzGP - cKI8Syn0CPLN3X6vKs+LJXEHg1jxJ9kuN+RgW+SQRctUX3A0JtFg2tWplkptNtLl - hN5rW+fWxk7BV9dP7wouwVJiKcW3Y/OMCF5H8YHwL/KVHvANBwNM+nmFPrHaqN2s - 0RghznmZMVG+9IYedSM6d8ZJLnO/QsNTE0QTGM/3dmBAn9jcndCLTgcgThAtvcmw - lFJYaMN3W455Cccaif93xnb44yn47actgEuM6GOuP15GGJaHD2iBQ2atHcaQhNQR - mxhIIouu+Kaa6g34MA/VGDNoN0eNYI5RZIUSSBl7bgaOXs9/3j1Uvap9yesCaOTU - aAEJAhDDqjX7RUazeEByAiKjv5TxpQzsi8gR4zyrhf6tTx34jHzQNoVjYEtLMEVl - ZlAJ06RoxOj8O6+8RGYd/ZUE+TQPQ4jx+PgWrZPUQx8TSxevuduw5XZ1lKytUSCZ - GFDjOxp0lMGV - =LHSB - -----END PGP MESSAGE----- - fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D - encrypted_regex: ^(data|stringData)$ - version: 3.8.0 diff --git a/kubernetes/main/apps/monitoring/kube-prometheus-stack/helm-release.yaml b/kubernetes/main/apps/monitoring/kube-prometheus-stack/helm-release.yaml index c7a081e..446c0b4 100644 --- a/kubernetes/main/apps/monitoring/kube-prometheus-stack/helm-release.yaml +++ b/kubernetes/main/apps/monitoring/kube-prometheus-stack/helm-release.yaml @@ -59,11 +59,21 @@ spec: prometheusSpec: enableAdminAPI: false - retention: 1d - remoteWrite: - url: http://victoria-metrics-server.monitoring.svc:8428/api/v1/write + + # select everything + podMonitorSelectorNilUsesHelmValues: false + podMonitorSelector: {} + serviceMonitorSelectorNilUsesHelmValues: false + serviceMonitorSelector: {} + ruleSelectorNilUsesHelmValues: false + ruleSelector: {} + probeSelectorNilUsesHelmValues: false + probeSelector: {} + scrapeConfigSelectorNilUsesHelmValues: false + scrapeConfigSelector: {} storageSpec: volumeClaimTemplate: