install postgres

willianpaixao · May 13, 2024 · 4175938 · 4175938
1 parent d4b6d4d
commit 4175938
Show file tree

Hide file tree

Showing 10 changed files with 169 additions and 0 deletions.
diff --git a/kubernetes/apps/database/kustomization.yaml b/kubernetes/apps/database/kustomization.yaml
@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./namespace.yaml
+  - ./postgres/ks.yaml
diff --git a/kubernetes/apps/database/namespace.yaml b/kubernetes/apps/database/namespace.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: database
+  labels:
+    kubernetes.io/metadata.name: database
+    kustomize.toolkit.fluxcd.io/prune: disabled
diff --git a/kubernetes/apps/database/postgres/app/helmrelease.yaml b/kubernetes/apps/database/postgres/app/helmrelease.yaml
@@ -0,0 +1,51 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: &app postgresql
+  namespace: &namespace database
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: postgresql
+      version: 15.2.12
+      sourceRef:
+        kind: HelmRepository
+        name: bitnami
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  values:
+    global:
+      postgresql:
+        auth:
+          existingSecret: postgresql-secret
+          database: main
+    image:
+      repository: bitnami/postgresql
+      tag: "16.3.0"
+    primary:
+      containerSecurityContext:
+        runAsUser: 0
+      persistence:
+        enabled: true
+        type: persistentVolumeClaim
+        accessMode: ReadWriteOnce
+        size: 16Gi
+    metrics:
+      enabled: true
+      serviceMonitor:
+        enabled: true
+    backup:
+      enabled: true
+      cronjob:
+        storage:
+          storageClass: longhorn
+          size: 16Gi
diff --git a/kubernetes/apps/database/postgres/app/kustomization.yaml b/kubernetes/apps/database/postgres/app/kustomization.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helmrelease.yaml
diff --git a/kubernetes/apps/database/postgres/app/postgresql-secret.sops.yaml b/kubernetes/apps/database/postgres/app/postgresql-secret.sops.yaml
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: postgresql-secret
+    namespace: database
+    creationTimestamp: "2024-05-13T13:57:19Z"
+    uid: e128cd7f-59ac-48f1-8a39-c23618239268
+type: Opaque
+data:
+    password: ENC[AES256_GCM,data:baJEArjpxp4QcTSz/fjoaaGRbKLSogOp/RJDpFzylbiRNxrkTQITbeH6euo=,iv:OmjcsrYsECOlR/T/wVy0ABt/kjOJsfXwhhvSUeMTJm4=,tag:jTIbSoKO740UC4/ItkGkRA==,type:str]
+    postgres-password: ENC[AES256_GCM,data:25thpO2WeTaYYWGOQ6CImChVanfJN5p7Br9wdH4sJ92bNWJnqC/PacJdrQU=,iv:ZxLCbi8B5/LW0NgXRm2iS42VOmN8SV4PZhztUrk4IYU=,tag:HyRM8WnKt7Gh8kiZEK3KfA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age17ary36xtm566uptguuhsj7xmuqzyz06ce54tcf6p3mge2thphqfs3gln40
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFbzkxVyt6ek5pTGQwK0Ez
+            ZXQrd3pRMjVnUFRCazUxaEY2K1pTRFg2bm1vCjBjYjlvVVMzSWFheDZWRnZmcGpp
+            cVh2UU11dXRPc3FRN2R0YVViT2pQQXMKLS0tIGVibkxlcWxXUnFQcDFmZXJmdkd1
+            SStycTUxMUY3TTRNS2wrc1J3blRielEKnq+VPDIzCiYAF3TzXEF6vxuavddXB2Rv
+            0ndgAfG+CnL92adpH8YOlB4V/EWxjDdHTwPR8MbgB6zxtb0FOEyjEg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-05-13T14:25:48Z"
+    mac: ENC[AES256_GCM,data:zUNpn95cbNxrnyCgRoIw1PyOw4kXemMUj2Q0/LdRFt/ojyTIXx99ExVYsyNQBMuqTYfqc+XD7De6cg0BhEkBkstgDvgfKRJq/btQBsIzLWRgRUNUdPStVJx30Ylqp+qp1jyJtD5ID+uuHUy3eqIs4fbnXDueR4lolgetUNxlDCI=,iv:0ZIGOfCNaTgRc71pFf1rIv37+Z2BfuGl/SEhm55zssg=,tag:Ktq8xNxzu0UCYde/Arx7uw==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.7.3
diff --git a/kubernetes/apps/database/postgres/ks.yaml b/kubernetes/apps/database/postgres/ks.yaml
@@ -0,0 +1,21 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app postgres
+  namespace: flux-system
+spec:
+  targetNamespace: database
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./kubernetes/apps/database/postgres/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-kubernetes
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 15m
diff --git a/kubernetes/apps/media/immich/app/helmrelease.yaml b/kubernetes/apps/media/immich/app/helmrelease.yaml
@@ -45,6 +45,13 @@ spec:
               pullPolicy: IfNotPresent
             command: [./start-server.sh]
             env: &env
+              DB_HOSTNAME: postgresql.database.svc.cluster.local
+              DB_DATABASE_NAME: immich
+              DB_USERNAME: immich
+              DB_PASSWORD:
+                secretKeyRef:
+                  name: immich-secret
+                  key: postgres-password
               TZ: ${TIMEZONE}
             securityContext:
               allowPrivilegeEscalation: false

diff --git a/kubernetes/apps/media/immich/app/immich-secret.sops.yaml b/kubernetes/apps/media/immich/app/immich-secret.sops.yaml
@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: immich-secret
+    namespace: media
+    creationTimestamp: "2024-05-13T14:31:11Z"
+    uid: 41abc95e-b44b-4eae-9e87-bccb48ff2a46
+type: Opaque
+data:
+    postgres-password: ENC[AES256_GCM,data:1TuQpzQ2MmE9lpz2hY/vONsBZgioVJ7HfcgAQuJKiRH8uvdPF/OY8hOGd9Q=,iv:j35UQMdN2VWBpSanWtEcsAnXrDB9NDf4HaM/5JzjbNY=,tag:HSEZ5KhpnWMCP/8tBGJ/SA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age17ary36xtm566uptguuhsj7xmuqzyz06ce54tcf6p3mge2thphqfs3gln40
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKSXJkb1ZWaGdYZUhYTisx
+            T2w3cmsxcDYwWE9RNW5OVnNYM3RiRE9zaG5rClBFK0FBaWxrQ25ycVZDdDFVQi9O
+            dW51SC8yVmE1VGVCWFVyd1NOWDRkSU0KLS0tIGN3RFJQZlhMQUVNWFRsZCt0RFo3
+            Y1pybUVpUzhDejdpNVByMUtMMlNMODQKlo+r8aYU3obAQpVZXvADuiDKoP0ZIAEd
+            BXEmTMwZbpq4I0fr+OzMrJCm60h7QVyXvnA79NOwbsUQXr5tQ9Xhig==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-05-13T14:32:04Z"
+    mac: ENC[AES256_GCM,data:x7Y0qYF472DrvL6pJAySIfbYKyUcXhS1pSWf1NeGoO3ACdq/kX3aSxV97/zwDbrshHAade73jtCnuCN73Mn1BnOsdg23sLa0U4xS/wUEf8DLfwWGUhqrR3nlLOjJ756NOtFOZt0H0hL2zA04+I4Vrmn9gqQtHqAXWaHBRoS1QDk=,iv:stUHRLer1H3eeOc4s+k63UkIzzM1bNMS8tazZe6x/Nk=,tag:3sS1Z+KFWyPh/GobVtsFmA==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.7.3
diff --git a/kubernetes/flux/repositories/helm/bitnami.yaml b/kubernetes/flux/repositories/helm/bitnami.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: bitnami
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://charts.bitnami.com/bitnami
diff --git a/kubernetes/flux/repositories/helm/kustomization.yaml b/kubernetes/flux/repositories/helm/kustomization.yaml
@@ -2,6 +2,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
+  - ./bitnami.yaml
   - ./bjw-s.yaml
   - ./cilium.yaml
   - ./external-dns.yaml