Initial commit of the Crunchy PGO (#1673)

* intial commit of crunchy pgo * add to ks * update secret and replicacount
joryirving · Feb 14, 2024 · a6b4c58 · a6b4c58
1 parent 4ebf2ff
commit a6b4c58
Show file tree

Hide file tree

Showing 9 changed files with 266 additions and 0 deletions.
diff --git a/kubernetes/teyvat/apps/database/crunchy-postgres-operator/app/helmrelease.yaml b/kubernetes/teyvat/apps/database/crunchy-postgres-operator/app/helmrelease.yaml
@@ -0,0 +1,32 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: &app crunchy-postgres-operator
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: pgo
+      version: 5.5.0
+      sourceRef:
+        kind: HelmRepository
+        name: crunchydata
+        namespace: flux-system
+  maxHistory: 2
+  install:
+    crds: CreateReplace
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    crds: CreateReplace
+    remediation:
+      retries: 3
+  uninstall:
+    keepHistory: false
+  values:
+    install:
+      clusterLabels:
+        app.kubernetes.io/name: pgo
diff --git a/kubernetes/teyvat/apps/database/crunchy-postgres-operator/app/kustomization.yaml b/kubernetes/teyvat/apps/database/crunchy-postgres-operator/app/kustomization.yaml
@@ -0,0 +1,6 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./helmrelease.yaml
diff --git a/kubernetes/teyvat/apps/database/crunchy-postgres-operator/cluster/cluster.yaml b/kubernetes/teyvat/apps/database/crunchy-postgres-operator/cluster/cluster.yaml
@@ -0,0 +1,139 @@
+---
+apiVersion: postgres-operator.crunchydata.com/v1beta1
+kind: PostgresCluster
+metadata:
+  name: &name postgres
+spec:
+  postgresVersion: 16
+  patroni: # turn on sync writes to at least 1 other replica
+    dynamicConfiguration:
+      synchronous_mode: true
+      postgresql:
+        synchronous_commit: "on"
+  service:
+    type: LoadBalancer
+  instances:
+    - name: postgres
+      metadata:
+        labels:
+          app.kubernetes.io/name: crunchy-postgres
+      replicas: &replica 3
+      dataVolumeClaimSpec:
+        storageClassName: local-hostpath
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 20Gi
+      topologySpreadConstraints:
+        - maxSkew: 1
+          topologyKey: "kubernetes.io/hostname"
+          whenUnsatisfiable: "DoNotSchedule"
+          labelSelector:
+            matchLabels:
+              postgres-operator.crunchydata.com/data: postgres
+  users:
+    - name: "atuin"
+      databases: ["atuin"]
+    - name: "authentik"
+      databases: ["authentik"]
+    - name: "bazarr"
+      databases: ["bazarr"]
+    - name: "gatus"
+      databases: ["gatus"]
+    - name: "grafana"
+      databases: ["grafana"]
+    - name: "paperless"
+      databases: ["paperless"]
+    - name: "postgres"
+    - name: "prowlarr"
+      databases: ["prowlarr_main, prowlarr_log"]
+    - name: "radarr"
+      databases: ["radarr_main, radarr_log"]
+    - name: "readarr"
+      databases: ["readarr_cache, readarr_main, readarr_log"]
+    - name: "sonarr"
+      databases: ["sonarr_main, sonarr_log"]
+  backups:
+    pgbackrest:
+      configuration: &backupConfig
+        - secret:
+            name: crunchy-postgres
+      global: &backupFlag
+        archive-timeout: "60"
+        compress-type: "bz2"
+        compress-level: "9"
+        delta: "y"
+        repo1-retention-full-type: "time"
+        repo1-retention-full: "14"
+        repo1-retention-diff: "30"
+        repo1-path: "/crunchy-pgo"
+        repo1-s3-uri-style: path
+        repo2-bundle: "y"
+        repo2-block: "y"
+        repo2-path: "/crunchy-pgo"
+        repo2-s3-uri-style: "path"
+        repo2-retention-full-type: "time"
+        repo2-retention-full: "2"
+        repo2-retention-diff: "7"
+        repo2-cipher-type: "aes-256-cbc"
+        repo3-bundle: "y"
+        repo3-block: "y"
+        repo3-s3-uri-style: "path"
+        repo3-retention-full-type: "time"
+        repo3-retention-full: "5"
+        repo3-retention-diff: "30"
+        repo3-cipher-type: "aes-256-cbc"
+        archive-push-queue-max: 4GiB
+      manual:
+        repoName: repo1
+        options:
+          - --type=full
+      metadata:
+        labels:
+          app.kubernetes.io/name: crunchy-postgres-backup
+      repos:
+        - name: repo1 # Minio
+          s3: &minio
+            bucket: "postgresql"
+            endpoint: "s3.${SECRET_DOMAIN}"
+            region: "ca-west-1"
+          schedules:
+            full: "0 1 * * 0" # Sunday at 01:00
+            differential: "0 1 * * 1-6" # Mon-Sat at 01:00
+            incremental: "0 2-23 * * *" # Every hour except 01:00
+        - name: "repo2" # Cloudflare R2
+          s3: &r2
+            bucket: "postgresql"
+            endpoint: "${SECRET_PGBACKREST_WAL_R2_ENDPOINT}"
+            region: "ca-west-1"
+          schedules:
+            full: "0 2 * * 0" # Sunday at 02:00
+            differential: "0 2 * * 1-6" # Mon-Sat at 02:00
+  # dataSource:
+  #   pgbackrest:
+  #     stanza: "db"
+  #     configuration: *backupConfig
+  #     global: *backupFlag
+  #     repo:
+  #       name: "repo1"
+  #       s3: *minio
+  proxy:
+    pgBouncer:
+      port: 5432
+      replicas: *replica
+      # config:
+      #   global:
+      #     pool_mode: "transaction"
+      topologySpreadConstraints:
+        - maxSkew: 1
+          topologyKey: "kubernetes.io/hostname"
+          whenUnsatisfiable: "DoNotSchedule"
+          labelSelector:
+            matchLabels:
+              postgres-operator.crunchydata.com/cluster: *name
+              postgres-operator.crunchydata.com/role: "pgbouncer"
+  metadata:
+    annotations:
+      replicator.v1.mittwald.de/replication-allowed: "true"
+      replicator.v1.mittwald.de/replication-allowed-namespaces: "*"
diff --git a/kubernetes/teyvat/apps/database/crunchy-postgres-operator/cluster/externalsecret.yaml b/kubernetes/teyvat/apps/database/crunchy-postgres-operator/cluster/externalsecret.yaml
@@ -0,0 +1,24 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: &name crunchy-postgres
+spec:
+  secretStoreRef:
+    name: bitwarden-secrets-manager
+    kind: ClusterSecretStore
+  target:
+    name: *name
+    template:
+      engineVersion: v2
+      data:
+        s3.conf: |
+          [global]
+          repo1-s3-key={{ .MINIO_POSTGRES_ACCESS_KEY }}
+          repo1-s3-key-secret={{ .MINIO_POSTGRES_SECRET_KEY }}
+          rpeo2-s3-key={{ .CLOUDFLARE_POSTGRES_ACCESS_KEY }}
+          repo2-s3-key-secret={{ .CLOUDFLARE_POSTGRES_SECRET_KEY }}
+  dataFrom:
+    - extract:
+        key: postgresql_bucket
diff --git a/kubernetes/teyvat/apps/database/crunchy-postgres-operator/cluster/kustomization.yaml b/kubernetes/teyvat/apps/database/crunchy-postgres-operator/cluster/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./cluster.yaml
+  - ./externalsecret.yaml
diff --git a/kubernetes/teyvat/apps/database/crunchy-postgres-operator/ks.yaml b/kubernetes/teyvat/apps/database/crunchy-postgres-operator/ks.yaml
@@ -0,0 +1,45 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app crunchy-postgres-operator
+  namespace: flux-system
+spec:
+  targetNamespace: database
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./kubernetes/teyvat/apps/database/crunchy-postgres-operator/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-kubernetes
+  wait: true
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app crunchy-postgres-operator-cluster
+  namespace: flux-system
+spec:
+  targetNamespace: database
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: crunchy-postgres-operator
+    - name: external-secrets-bitwarden-secrets-manager
+  path: ./kubernetes/teyvat/apps/database/crunchy-postgres-operator/cluster
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-kubernetes
+  wait: true
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
diff --git a/kubernetes/teyvat/apps/database/kustomization.yaml b/kubernetes/teyvat/apps/database/kustomization.yaml
@@ -7,4 +7,5 @@ resources:
   - ./namespace.yaml
   # Flux-Kustomizations
   - ./cloudnative-pg/ks.yaml
+  - ./crunchy-postgres-operator/ks.yaml
   - ./dragonfly-operator/ks.yaml
diff --git a/kubernetes/teyvat/flux/repositories/helm/crunchydata.yaml b/kubernetes/teyvat/flux/repositories/helm/crunchydata.yaml
@@ -0,0 +1,11 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: crunchydata
+  namespace: flux-system
+spec:
+  type: oci
+  interval: 5m
+  url: oci://registry.developers.crunchydata.com/crunchydata
diff --git a/kubernetes/teyvat/flux/repositories/helm/kustomization.yaml b/kubernetes/teyvat/flux/repositories/helm/kustomization.yaml
@@ -12,6 +12,7 @@ resources:
   - ./cilium.yaml
   - ./cloudnative-pg.yaml
   - ./coredns.yaml
+  - ./crunchydata.yaml
   - ./democratic-csi.yaml
   - ./descheduler.yaml
   - ./dragonfly.yaml