Use separate postgres cluster per app

2024-11-15 02:03:57 +01:00 · 2024-11-15 02:03:57 +01:00 · eae71f20f3
commit eae71f20f3
parent e0977c9da1
9 changed files with 35 additions and 56 deletions
--- a/apps/lldap/database.yaml
+++ b/apps/lldap/database.yaml
@ -0,0 +1,30 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: lldap
+spec:
+  chart:
+    spec:
+      chart: cluster
+      reconcileStrategy: ChartVersion
+      sourceRef:
+        kind: HelmRepository
+        name: cnpg
+        namespace: cnpg-system
+      version: 0.0.11
+  interval: 1m0s
+  values:
+    type: postgresql
+    mode: standalone
+    cluster:
+      instances: 1
+    backups:
+      enabled: true
+      provider: s3
+      endpointURL: https://s3.us-west-002.backblazeb2.com
+      s3:
+        bucket: titan-k3s-backup
+        path: /postgres
+      secret:
+        create: false
+        name: b2-access-key
--- a/apps/lldap/deployment.yaml
+++ b/apps/lldap/deployment.yaml
@ -7,7 +7,6 @@ metadata:
  labels:
    app: lldap
  name: lldap
-  namespace: lldap
 spec:
  replicas: 1
  selector:
--- a/apps/lldap/kustomization.yaml
+++ b/apps/lldap/kustomization.yaml
@ -1,8 +1,11 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
+namespace: lldap
 resources:
  - ./namespace.yaml
  - ./pvc.yaml
  - ./secret.yaml
+  - ./database.yaml
  - ./deployment.yaml
  - ./service.yaml
+  - ../../secrets/b2-access-key.yaml
--- a/apps/lldap/secret.yaml
+++ b/apps/lldap/secret.yaml
@ -2,7 +2,6 @@ apiVersion: v1
 kind: Secret
 metadata:
    name: lldap-credentials
-    namespace: lldap
 type: Opaque
 data:
    lldap-jwt-secret: ENC[AES256_GCM,data:099Cx7Wcf4yUmIE6npIiz7axzHyuHbbKpRII9pLqyY34FksvBPUy7XFJg4U=,iv:mHviMV32LkimVcUAEKJESBJHs/sH4UMARg0uA9DAyzs=,tag:YmczpX3ESNY87jG59SJfDA==,type:str]
--- a/apps/lldap/service.yaml
+++ b/apps/lldap/service.yaml
@ -7,7 +7,6 @@ metadata:
  labels:
    app: lldap-service
  name: lldap-service
-  namespace: lldap
 spec:
  ports:
    - name: "3890"
--- a/infrastructure/controllers/cloudnative-pg.yaml
+++ b/infrastructure/controllers/cloudnative-pg.yaml
@ -27,48 +27,3 @@ spec:
        name: cnpg
      version: 0.22.0
  interval: 1m0s
---
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: cnpg-database
---
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: cnpg
-  namespace: cnpg-database
-spec:
-  interval: 1m0s
-  url: https://cloudnative-pg.github.io/charts
---
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: cnpg
-  namespace: cnpg-database
-spec:
-  chart:
-    spec:
-      chart: cluster
-      reconcileStrategy: ChartVersion
-      sourceRef:
-        kind: HelmRepository
-        name: cnpg
-      version: 0.0.11
-  interval: 1m0s
-  values:
-    type: postgresql
-    mode: standalone
-    cluster:
-      instances: 1
-    backups:
-      enabled: true
-      provider: s3
-      endpointURL: https://s3.us-west-002.backblazeb2.com
-      s3:
-        bucket: titan-k3s-backup
-        path: /postgres
-      secret:
-        create: false
-        name: b2-access-key
--- a/infrastructure/controllers/kustomization.yaml
+++ b/infrastructure/controllers/kustomization.yaml
@ -1,7 +1,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ./secrets/
  - akri.yaml
  - cert-manager.yaml
  - traefik.yaml
--- a/infrastructure/controllers/secrets/kustomization.yaml
+++ b/infrastructure/controllers/secrets/kustomization.yaml
@ -1,4 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - b2-access-key.yaml
--- a/infrastructure/controllers/secrets/b2-access-key.yaml
+++ b/infrastructure/controllers/secrets/b2-access-key.yaml
@ -2,7 +2,6 @@ apiVersion: v1
 kind: Secret
 metadata:
    name: b2-access-key
-    namespace: cnpg-database
 type: Opaque
 data:
    ACCESS_KEY_ID: ENC[AES256_GCM,data:YpYkexRxH4mVyufrS/Blw3PSrU9H1eO3O6urN9tCZvYBenp7,iv:1ka5Otp0u4HJ5WC3yj+YJLAQC0Cy8Y2vWGqxLSaAGfM=,tag:8SKOcUoUuOWLm0Na2r7Hfw==,type:str]
@ -13,8 +12,8 @@ sops:
    azure_kv: []
    hc_vault: []
    age: []
-    lastmodified: "2024-10-10T23:09:06Z"
-    mac: ENC[AES256_GCM,data:h7zG2uHCxmhvsdShoPYizxLoDPJ9fJAYyhxQxZ/oqF88/4NIUUw6hItyEXzELBt7PPU4VDjOu5DuyNaTFsHAJkMOBzof7x11JInvtZYvyId73H0uIyT1l7vliz9zae9X4hQPkID27g+mIJLfmT4IRND9CMTTKWVhVw4zAepi3co=,iv:ZqQahzaZqlOJLa0TjxCwr9hrkE6LqXKDzHafEPGWGKQ=,tag:sMvthhyrtkhzgKWvSf7mLg==,type:str]
+    lastmodified: "2024-11-15T01:21:23Z"
+    mac: ENC[AES256_GCM,data:K8ATLj5nZfibvMPXR3ls7zXav0IVxSajyeFb/Qs/P3pPfHQ1p5ZRWaWTuNAFST04ynZ5BOcZyZCi9niMSZOGYBnDtOiJQAT1t3RxYS6j2X2HDX+nFTW6e4uDSOZMWk1poLP5lgBRvYxjsaco6X9F0hdvF7T7xvm7IHbHY7HAckg=,iv:C/bCoZKYy8gudmH8D/5R/MWlkC1ORlWZIvntjqt2dRk=,tag:yJsg7jj6p066CDzPXntOzA==,type:str]
    pgp:
        - created_at: "2024-10-10T22:08:04Z"
          enc: |-