Dreaded_X/flux-infra
1
0
Fork 0
Code Issues 11 Pull Requests Actions Packages Projects Releases Wiki Activity

Use separate postgres cluster per app

Browse Source
This commit is contained in:
Dreaded_X 2024-11-15 02:03:57 +01:00
parent e0977c9da1
commit eae71f20f3
Signed by: Dreaded_X
GPG Key ID: FA5F485356B0D2D4
9 changed files with 35 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
apps/lldap/database.yaml Normal file
View File

@ -0,0 +1,30 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: lldap
spec:
chart:
spec:
chart: cluster
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
name: cnpg
namespace: cnpg-system
version: 0.0.11
interval: 1m0s
values:
type: postgresql
mode: standalone
cluster:
instances: 1
backups:
enabled: true
provider: s3
endpointURL: https://s3.us-west-002.backblazeb2.com
s3:
bucket: titan-k3s-backup
path: /postgres
secret:
create: false
name: b2-access-key

1
apps/lldap/deployment.yaml
View File

@ -7,7 +7,6 @@ metadata:
labels: labels:
app: lldap app: lldap
name: lldap name: lldap
namespace: lldap
spec: spec:
replicas: 1 replicas: 1
selector: selector:

3
apps/lldap/kustomization.yaml
View File

@ -1,8 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: lldap
resources: resources:
- ./namespace.yaml - ./namespace.yaml
- ./pvc.yaml - ./pvc.yaml
- ./secret.yaml - ./secret.yaml
- ./database.yaml
- ./deployment.yaml - ./deployment.yaml
- ./service.yaml - ./service.yaml
- ../../secrets/b2-access-key.yaml

1
apps/lldap/secret.yaml
View File

@ -2,7 +2,6 @@ apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: lldap-credentials name: lldap-credentials
namespace: lldap
type: Opaque type: Opaque
data: data:
lldap-jwt-secret: ENC[AES256_GCM,data:099Cx7Wcf4yUmIE6npIiz7axzHyuHbbKpRII9pLqyY34FksvBPUy7XFJg4U=,iv:mHviMV32LkimVcUAEKJESBJHs/sH4UMARg0uA9DAyzs=,tag:YmczpX3ESNY87jG59SJfDA==,type:str] lldap-jwt-secret: ENC[AES256_GCM,data:099Cx7Wcf4yUmIE6npIiz7axzHyuHbbKpRII9pLqyY34FksvBPUy7XFJg4U=,iv:mHviMV32LkimVcUAEKJESBJHs/sH4UMARg0uA9DAyzs=,tag:YmczpX3ESNY87jG59SJfDA==,type:str]

1
apps/lldap/service.yaml
View File

@ -7,7 +7,6 @@ metadata:
labels: labels:
app: lldap-service app: lldap-service
name: lldap-service name: lldap-service
namespace: lldap
spec: spec:
ports: ports:
- name: "3890" - name: "3890"

45
infrastructure/controllers/cloudnative-pg.yaml
View File

@ -27,48 +27,3 @@ spec:
name: cnpg name: cnpg
version: 0.22.0 version: 0.22.0
interval: 1m0s interval: 1m0s
---
apiVersion: v1
kind: Namespace
metadata:
name: cnpg-database
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: cnpg
namespace: cnpg-database
spec:
interval: 1m0s
url: https://cloudnative-pg.github.io/charts
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: cnpg
namespace: cnpg-database
spec:
chart:
spec:
chart: cluster
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
name: cnpg
version: 0.0.11
interval: 1m0s
values:
type: postgresql
mode: standalone
cluster:
instances: 1
backups:
enabled: true
provider: s3
endpointURL: https://s3.us-west-002.backblazeb2.com
s3:
bucket: titan-k3s-backup
path: /postgres
secret:
create: false
name: b2-access-key

1
infrastructure/controllers/kustomization.yaml
View File

@ -1,7 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ./secrets/
- akri.yaml - akri.yaml
- cert-manager.yaml - cert-manager.yaml
- traefik.yaml - traefik.yaml

4
infrastructure/controllers/secrets/kustomization.yaml
View File

@ -1,4 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- b2-access-key.yaml

5
infrastructure/controllers/secrets/b2-access-key.yaml → secrets/b2-access-key.yaml
View File

@ -2,7 +2,6 @@ apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: b2-access-key name: b2-access-key
namespace: cnpg-database
type: Opaque type: Opaque
data: data:
ACCESS_KEY_ID: ENC[AES256_GCM,data:YpYkexRxH4mVyufrS/Blw3PSrU9H1eO3O6urN9tCZvYBenp7,iv:1ka5Otp0u4HJ5WC3yj+YJLAQC0Cy8Y2vWGqxLSaAGfM=,tag:8SKOcUoUuOWLm0Na2r7Hfw==,type:str] ACCESS_KEY_ID: ENC[AES256_GCM,data:YpYkexRxH4mVyufrS/Blw3PSrU9H1eO3O6urN9tCZvYBenp7,iv:1ka5Otp0u4HJ5WC3yj+YJLAQC0Cy8Y2vWGqxLSaAGfM=,tag:8SKOcUoUuOWLm0Na2r7Hfw==,type:str]
@ -13,8 +12,8 @@ sops:
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2024-10-10T23:09:06Z" lastmodified: "2024-11-15T01:21:23Z"
mac: ENC[AES256_GCM,data:h7zG2uHCxmhvsdShoPYizxLoDPJ9fJAYyhxQxZ/oqF88/4NIUUw6hItyEXzELBt7PPU4VDjOu5DuyNaTFsHAJkMOBzof7x11JInvtZYvyId73H0uIyT1l7vliz9zae9X4hQPkID27g+mIJLfmT4IRND9CMTTKWVhVw4zAepi3co=,iv:ZqQahzaZqlOJLa0TjxCwr9hrkE6LqXKDzHafEPGWGKQ=,tag:sMvthhyrtkhzgKWvSf7mLg==,type:str] mac: ENC[AES256_GCM,data:K8ATLj5nZfibvMPXR3ls7zXav0IVxSajyeFb/Qs/P3pPfHQ1p5ZRWaWTuNAFST04ynZ5BOcZyZCi9niMSZOGYBnDtOiJQAT1t3RxYS6j2X2HDX+nFTW6e4uDSOZMWk1poLP5lgBRvYxjsaco6X9F0hdvF7T7xvm7IHbHY7HAckg=,iv:C/bCoZKYy8gudmH8D/5R/MWlkC1ORlWZIvntjqt2dRk=,tag:yJsg7jj6p066CDzPXntOzA==,type:str]
pgp: pgp:
- created_at: "2024-10-10T22:08:04Z" - created_at: "2024-10-10T22:08:04Z"
enc: |- enc: |-