From 41759380b1a7172eac94cd8d438258c6dd6048ef Mon Sep 17 00:00:00 2001
From: Willian Paixao <willian@ufpa.br>
Date: Mon, 13 May 2024 16:01:13 +0200
Subject: [PATCH] install postgres
---
kubernetes/apps/database/kustomization.yaml | 6 +++
kubernetes/apps/database/namespace.yaml | 8 +++
.../database/postgres/app/helmrelease.yaml | 51 +++++++++++++++++++
.../database/postgres/app/kustomization.yaml | 5 ++
.../postgres/app/postgresql-secret.sops.yaml | 31 +++++++++++
kubernetes/apps/database/postgres/ks.yaml | 21 ++++++++
.../apps/media/immich/app/helmrelease.yaml | 7 +++
.../media/immich/app/immich-secret.sops.yaml | 30 +++++++++++
.../flux/repositories/helm/bitnami.yaml | 9 ++++
.../flux/repositories/helm/kustomization.yaml | 1 +
10 files changed, 169 insertions(+)
create mode 100644 kubernetes/apps/database/kustomization.yaml
create mode 100644 kubernetes/apps/database/namespace.yaml
create mode 100644 kubernetes/apps/database/postgres/app/helmrelease.yaml
create mode 100644 kubernetes/apps/database/postgres/app/kustomization.yaml
create mode 100644 kubernetes/apps/database/postgres/app/postgresql-secret.sops.yaml
create mode 100644 kubernetes/apps/database/postgres/ks.yaml
create mode 100644 kubernetes/apps/media/immich/app/immich-secret.sops.yaml
create mode 100644 kubernetes/flux/repositories/helm/bitnami.yaml
diff --git a/kubernetes/apps/database/kustomization.yaml b/kubernetes/apps/database/kustomization.yaml
new file mode 100644
index 000000000..3c877742e
--- /dev/null
+++ b/kubernetes/apps/database/kustomization.yaml
@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+ - ./namespace.yaml
+ - ./postgres/ks.yaml
diff --git a/kubernetes/apps/database/namespace.yaml b/kubernetes/apps/database/namespace.yaml
new file mode 100644
index 000000000..c526a84a2
--- /dev/null
+++ b/kubernetes/apps/database/namespace.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: database
+ labels:
+ kubernetes.io/metadata.name: database
+ kustomize.toolkit.fluxcd.io/prune: disabled
diff --git a/kubernetes/apps/database/postgres/app/helmrelease.yaml b/kubernetes/apps/database/postgres/app/helmrelease.yaml
new file mode 100644
index 000000000..a09312c32
--- /dev/null
+++ b/kubernetes/apps/database/postgres/app/helmrelease.yaml
@@ -0,0 +1,51 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+ name: &app postgresql
+ namespace: &namespace database
+spec:
+ interval: 30m
+ chart:
+ spec:
+ chart: postgresql
+ version: 15.2.12
+ sourceRef:
+ kind: HelmRepository
+ name: bitnami
+ namespace: flux-system
+ install:
+ remediation:
+ retries: 3
+ upgrade:
+ cleanupOnFail: true
+ remediation:
+ strategy: rollback
+ retries: 3
+ values:
+ global:
+ postgresql:
+ auth:
+ existingSecret: postgresql-secret
+ database: main
+ image:
+ repository: bitnami/postgresql
+ tag: "16.3.0"
+ primary:
+ containerSecurityContext:
+ runAsUser: 0
+ persistence:
+ enabled: true
+ type: persistentVolumeClaim
+ accessMode: ReadWriteOnce
+ size: 16Gi
+ metrics:
+ enabled: true
+ serviceMonitor:
+ enabled: true
+ backup:
+ enabled: true
+ cronjob:
+ storage:
+ storageClass: longhorn
+ size: 16Gi
diff --git a/kubernetes/apps/database/postgres/app/kustomization.yaml b/kubernetes/apps/database/postgres/app/kustomization.yaml
new file mode 100644
index 000000000..dbc604ed7
--- /dev/null
+++ b/kubernetes/apps/database/postgres/app/kustomization.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+ - helmrelease.yaml
diff --git a/kubernetes/apps/database/postgres/app/postgresql-secret.sops.yaml b/kubernetes/apps/database/postgres/app/postgresql-secret.sops.yaml
new file mode 100644
index 000000000..ca7015dba
--- /dev/null
+++ b/kubernetes/apps/database/postgres/app/postgresql-secret.sops.yaml
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: postgresql-secret
+ namespace: database
+ creationTimestamp: "2024-05-13T13:57:19Z"
+ uid: e128cd7f-59ac-48f1-8a39-c23618239268
+type: Opaque
+data:
+ password: ENC[AES256_GCM,data:baJEArjpxp4QcTSz/fjoaaGRbKLSogOp/RJDpFzylbiRNxrkTQITbeH6euo=,iv:OmjcsrYsECOlR/T/wVy0ABt/kjOJsfXwhhvSUeMTJm4=,tag:jTIbSoKO740UC4/ItkGkRA==,type:str]
+ postgres-password: ENC[AES256_GCM,data:25thpO2WeTaYYWGOQ6CImChVanfJN5p7Br9wdH4sJ92bNWJnqC/PacJdrQU=,iv:ZxLCbi8B5/LW0NgXRm2iS42VOmN8SV4PZhztUrk4IYU=,tag:HyRM8WnKt7Gh8kiZEK3KfA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age17ary36xtm566uptguuhsj7xmuqzyz06ce54tcf6p3mge2thphqfs3gln40
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFbzkxVyt6ek5pTGQwK0Ez
+ ZXQrd3pRMjVnUFRCazUxaEY2K1pTRFg2bm1vCjBjYjlvVVMzSWFheDZWRnZmcGpp
+ cVh2UU11dXRPc3FRN2R0YVViT2pQQXMKLS0tIGVibkxlcWxXUnFQcDFmZXJmdkd1
+ SStycTUxMUY3TTRNS2wrc1J3blRielEKnq+VPDIzCiYAF3TzXEF6vxuavddXB2Rv
+ 0ndgAfG+CnL92adpH8YOlB4V/EWxjDdHTwPR8MbgB6zxtb0FOEyjEg==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2024-05-13T14:25:48Z"
+ mac: ENC[AES256_GCM,data:zUNpn95cbNxrnyCgRoIw1PyOw4kXemMUj2Q0/LdRFt/ojyTIXx99ExVYsyNQBMuqTYfqc+XD7De6cg0BhEkBkstgDvgfKRJq/btQBsIzLWRgRUNUdPStVJx30Ylqp+qp1jyJtD5ID+uuHUy3eqIs4fbnXDueR4lolgetUNxlDCI=,iv:0ZIGOfCNaTgRc71pFf1rIv37+Z2BfuGl/SEhm55zssg=,tag:Ktq8xNxzu0UCYde/Arx7uw==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/apps/database/postgres/ks.yaml b/kubernetes/apps/database/postgres/ks.yaml
new file mode 100644
index 000000000..10a039a48
--- /dev/null
+++ b/kubernetes/apps/database/postgres/ks.yaml
@@ -0,0 +1,21 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: &app postgres
+ namespace: flux-system
+spec:
+ targetNamespace: database
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: *app
+ path: ./kubernetes/apps/database/postgres/app
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-kubernetes
+ wait: false
+ interval: 30m
+ retryInterval: 1m
+ timeout: 15m
diff --git a/kubernetes/apps/media/immich/app/helmrelease.yaml b/kubernetes/apps/media/immich/app/helmrelease.yaml
index b74b581fe..5980ac023 100644
--- a/kubernetes/apps/media/immich/app/helmrelease.yaml
+++ b/kubernetes/apps/media/immich/app/helmrelease.yaml
@@ -45,6 +45,13 @@ spec:
pullPolicy: IfNotPresent
command: [./start-server.sh]
env: &env
+ DB_HOSTNAME: postgresql.database.svc.cluster.local
+ DB_DATABASE_NAME: immich
+ DB_USERNAME: immich
+ DB_PASSWORD:
+ secretKeyRef:
+ name: immich-secret
+ key: postgres-password
TZ: ${TIMEZONE}
securityContext:
allowPrivilegeEscalation: false
diff --git a/kubernetes/apps/media/immich/app/immich-secret.sops.yaml b/kubernetes/apps/media/immich/app/immich-secret.sops.yaml
new file mode 100644
index 000000000..bb964c841
--- /dev/null
+++ b/kubernetes/apps/media/immich/app/immich-secret.sops.yaml
@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: immich-secret
+ namespace: media
+ creationTimestamp: "2024-05-13T14:31:11Z"
+ uid: 41abc95e-b44b-4eae-9e87-bccb48ff2a46
+type: Opaque
+data:
+ postgres-password: ENC[AES256_GCM,data:1TuQpzQ2MmE9lpz2hY/vONsBZgioVJ7HfcgAQuJKiRH8uvdPF/OY8hOGd9Q=,iv:j35UQMdN2VWBpSanWtEcsAnXrDB9NDf4HaM/5JzjbNY=,tag:HSEZ5KhpnWMCP/8tBGJ/SA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age17ary36xtm566uptguuhsj7xmuqzyz06ce54tcf6p3mge2thphqfs3gln40
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKSXJkb1ZWaGdYZUhYTisx
+ T2w3cmsxcDYwWE9RNW5OVnNYM3RiRE9zaG5rClBFK0FBaWxrQ25ycVZDdDFVQi9O
+ dW51SC8yVmE1VGVCWFVyd1NOWDRkSU0KLS0tIGN3RFJQZlhMQUVNWFRsZCt0RFo3
+ Y1pybUVpUzhDejdpNVByMUtMMlNMODQKlo+r8aYU3obAQpVZXvADuiDKoP0ZIAEd
+ BXEmTMwZbpq4I0fr+OzMrJCm60h7QVyXvnA79NOwbsUQXr5tQ9Xhig==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2024-05-13T14:32:04Z"
+ mac: ENC[AES256_GCM,data:x7Y0qYF472DrvL6pJAySIfbYKyUcXhS1pSWf1NeGoO3ACdq/kX3aSxV97/zwDbrshHAade73jtCnuCN73Mn1BnOsdg23sLa0U4xS/wUEf8DLfwWGUhqrR3nlLOjJ756NOtFOZt0H0hL2zA04+I4Vrmn9gqQtHqAXWaHBRoS1QDk=,iv:stUHRLer1H3eeOc4s+k63UkIzzM1bNMS8tazZe6x/Nk=,tag:3sS1Z+KFWyPh/GobVtsFmA==,type:str]
+ pgp: []
+ encrypted_regex: ^(data|stringData)$
+ version: 3.7.3
diff --git a/kubernetes/flux/repositories/helm/bitnami.yaml b/kubernetes/flux/repositories/helm/bitnami.yaml
new file mode 100644
index 000000000..deac3b981
--- /dev/null
+++ b/kubernetes/flux/repositories/helm/bitnami.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+ name: bitnami
+ namespace: flux-system
+spec:
+ interval: 1h
+ url: https://charts.bitnami.com/bitnami
diff --git a/kubernetes/flux/repositories/helm/kustomization.yaml b/kubernetes/flux/repositories/helm/kustomization.yaml
index b8e251713..768d492df 100644
--- a/kubernetes/flux/repositories/helm/kustomization.yaml
+++ b/kubernetes/flux/repositories/helm/kustomization.yaml
@@ -2,6 +2,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
+ - ./bitnami.yaml
- ./bjw-s.yaml
- ./cilium.yaml
- ./external-dns.yaml