From fb0c82dff2307962a908d63bb42bfbecac7a7164 Mon Sep 17 00:00:00 2001 From: Kochetkov S Date: Thu, 28 May 2026 18:39:15 +0300 Subject: [PATCH] Add postgresql to yc-k8s-test-02 --- .../infrastructure/kustomization.yaml | 8 + .../infrastructure/patches/postgresql.yaml | 419 ++++++++++++++++++ 2 files changed, 427 insertions(+) create mode 100644 clusters/yc-k8s-test-02/infrastructure/patches/postgresql.yaml diff --git a/clusters/yc-k8s-test-02/infrastructure/kustomization.yaml b/clusters/yc-k8s-test-02/infrastructure/kustomization.yaml index 3eb458c..97a1f19 100644 --- a/clusters/yc-k8s-test-02/infrastructure/kustomization.yaml +++ b/clusters/yc-k8s-test-02/infrastructure/kustomization.yaml @@ -12,6 +12,7 @@ resources: - ../../../infrastructure/kafka - ../../../infrastructure/redis - ../../../infrastructure/camunda + - ../../../infrastructure/postgresql - ../../../infrastructure/zitadel - ../../../infrastructure/keycloak - ../../../infrastructure/vault @@ -93,6 +94,13 @@ patches: kind: HelmRelease name: camunda namespace: camunda + - path: ./patches/postgresql.yaml + target: + group: helm.toolkit.fluxcd.io + version: v2 + kind: HelmRelease + name: postgresql + namespace: postgresql - path: ./patches/zitadel.yaml target: group: helm.toolkit.fluxcd.io diff --git a/clusters/yc-k8s-test-02/infrastructure/patches/postgresql.yaml b/clusters/yc-k8s-test-02/infrastructure/patches/postgresql.yaml new file mode 100644 index 0000000..c94b76e --- /dev/null +++ b/clusters/yc-k8s-test-02/infrastructure/patches/postgresql.yaml @@ -0,0 +1,419 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: postgresql +spec: + interval: 5m + timeout: 2h + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.7 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + automountServiceAccountToken: true + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "postgres" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "postgres" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "postgres" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "postgres" + vault: + enabled: true + role: postgresql + authPath: auth/kubernetes + secretPath: secrets/data/postgresql/admin + secretKey: postgres-password + usersSecretPath: secrets/data/postgresql/users + sharedPreloadLibraries: "timescaledb,pg_stat_statements" + databases: + # - name: attachments_db + # user: attachments + # passwordKey: attachments + # extensions: + # - ltree + # - pg_stat_statements + # - uuid-ossp + # restoreFromDump: false + # dumpKey: attachments.sql + - name: zitadel + user: zitadel + passwordKey: zitadel + extensions: [] + restoreFromDump: false + - name: keycloak + user: keycloak + passwordKey: keycloak + extensions: [] + restoreFromDump: false + - name: automation + user: automation + passwordKey: automation + extensions: + - pg_stat_statements + - uuid-ossp + restoreFromDump: false + + - name: bi + user: bi + passwordKey: bi + extensions: + - ltree + - pg_stat_statements + - uuid-ossp + restoreFromDump: false + - name: glitchtip + user: glitchtip + passwordKey: glitchtip + extensions: [] + restoreFromDump: false + - name: openobserve + user: openobserve + passwordKey: openobserve + extensions: [] + restoreFromDump: false + + # - name: camunda_db + # user: camunda + # passwordKey: camunda + # extensions: + # - pg_stat_statements + # restoreFromDump: false + + # - name: camunda_new + # user: camunda + # passwordKey: camunda + # extensions: + # - pg_stat_statements + # restoreFromDump: false + + # - name: checklists + # user: checklists_user + # passwordKey: checklists + # extensions: + # - pg_stat_statements + # - uuid-ossp + # restoreFromDump: false + + # - name: comparator + # user: prod_user + # passwordKey: comparator + # extensions: + # - pg_stat_statements + # - uuid-ossp + # restoreFromDump: false + + # - name: comparisons + # user: comparisons_prod + # passwordKey: comparisons + # extensions: + # - pg_stat_statements + # - uuid-ossp + # restoreFromDump: false + + # - name: contracts_prod_db + # user: prod_user + # passwordKey: contracts + # extensions: + # - btree_gist + # - ltree + # - pg_stat_statements + # - uuid-ossp + # restoreFromDump: false + + # - name: data-engine_db + # user: data-engine + # passwordKey: data-engine + # extensions: + # - btree_gin + # - btree_gist + # - hstore + # - ltree + # - pg_partman + # - pg_trgm + # - uuid-ossp + # restoreFromDump: false + + # - name: drawings + # user: prod_user + # passwordKey: drawings + # extensions: + # - pg_stat_statements + # - uuid-ossp + # restoreFromDump: false + + # - name: flow_db + # user: flow + # passwordKey: flow + # extensions: + # - pg_stat_statements + # restoreFromDump: false + + # - name: inspections + # user: prod_user + # passwordKey: inspections + # extensions: + # - ltree + # - pg_stat_statements + # - postgis + # - timescaledb + # - uuid-ossp + # restoreFromDump: false + + # - name: issues + # user: prod_user + # passwordKey: issues + # extensions: + # - ltree + # - pg_stat_statements + # - pg_trgm + # - postgis + # - timescaledb + # - uuid-ossp + # restoreFromDump: false + + # - name: mailer + # user: mailer + # passwordKey: mailer + # extensions: + # - pg_stat_statements + # - uuid-ossp + # restoreFromDump: false + + # - name: notes_db + # user: note + # passwordKey: notes + # extensions: + # - pg_stat_statements + # restoreFromDump: false + + # - name: pm_db + # user: pm + # passwordKey: pm + # extensions: + # - ltree + # - pg_stat_statements + # restoreFromDump: false + + # - name: premises_db + # user: premises + # passwordKey: premises + # extensions: + # - uuid-ossp + # restoreFromDump: false + + # - name: preprod_sarex_db + # user: preprod_sarex + # passwordKey: preprod-sarex + # extensions: + # - ltree + # - pg_stat_statements + # restoreFromDump: false + + # - name: processing + # user: prod_user + # passwordKey: processing + # extensions: + # - pg_stat_statements + # - uuid-ossp + # restoreFromDump: false + + # - name: pulse_db + # user: pulse + # passwordKey: pulse + # extensions: + # - pg_stat_statements + # restoreFromDump: false + + # - name: remarks + # user: prod_user + # passwordKey: remarks + # extensions: + # - pg_stat_statements + # - uuid-ossp + # restoreFromDump: false + + # - name: resources + # user: prod_user + # passwordKey: resources + # extensions: + # - ltree + # - pg_stat_statements + # - postgis + # restoreFromDump: false + + # - name: restored_flow_db + # user: flow + # passwordKey: flow + # extensions: + # - pg_stat_statements + # restoreFromDump: false + + # - name: rfi + # user: rfi_user + # passwordKey: rfi + # extensions: + # - pg_stat_statements + # restoreFromDump: false + + # - name: sarex_compute + # user: prod_user + # passwordKey: sarex-compute + # extensions: + # - pg_stat_statements + # - uuid-ossp + # restoreFromDump: false + + # - name: sarex_db + # user: sarex + # passwordKey: sarex + # extensions: + # - ltree + # - pg_stat_statements + # restoreFromDump: false + + # - name: srx-data-engine + # user: admin_user + # passwordKey: srx-data-engine + # extensions: + # - btree_gist + # - ltree + # - pg_partman + # - pg_stat_statements + # - uuid-ossp + # restoreFromDump: false + + # - name: subscriptions + # user: prod_user + # passwordKey: subscriptions + # extensions: + # - ltree + # - pg_stat_statements + # - postgis + # - timescaledb + # restoreFromDump: false + + # - name: superset + # user: sarex + # passwordKey: superset + # extensions: + # - pg_stat_statements + # restoreFromDump: false + + # - name: system_log + # user: prod_user + # passwordKey: system-log + # extensions: + # - ltree + # - pg_stat_statements + # - timescaledb + # restoreFromDump: false + + # - name: transmittal + # user: transmittal + # passwordKey: transmittal + # extensions: + # - pg_stat_statements + # restoreFromDump: false + + # - name: workspaces + # user: prod_user + # passwordKey: workspaces + # extensions: + # - pg_stat_statements + # - uuid-ossp + # restoreFromDump: false + + # - name: bim + # user: bim + # passwordKey: bim + # extensions: [] + # restoreFromDump: false + + # - name: documentations + # user: documentations + # passwordKey: documentations + # extensions: [] + # restoreFromDump: false + + # - name: eav + # user: eav + # passwordKey: eav + # extensions: [] + # restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local"