sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add postgresql to yc-k8s-test-02

Browse Source
This commit is contained in:
Kochetkov S 2026-05-28 18:39:15 +03:00
parent ae99372ecf
commit fb0c82dff2
2 changed files with 427 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
clusters/yc-k8s-test-02/infrastructure/kustomization.yaml
View File

@ -12,6 +12,7 @@ resources:
- ../../../infrastructure/kafka
- ../../../infrastructure/redis
- ../../../infrastructure/camunda
- ../../../infrastructure/postgresql
- ../../../infrastructure/zitadel
- ../../../infrastructure/keycloak
- ../../../infrastructure/vault
@ -93,6 +94,13 @@ patches:
kind: HelmRelease
name: camunda
namespace: camunda
- path: ./patches/postgresql.yaml
target:
group: helm.toolkit.fluxcd.io
version: v2
kind: HelmRelease
name: postgresql
namespace: postgresql
- path: ./patches/zitadel.yaml
target:
group: helm.toolkit.fluxcd.io

419
clusters/yc-k8s-test-02/infrastructure/patches/postgresql.yaml Normal file
View File

@ -0,0 +1,419 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: postgresql
namespace: postgresql
spec:
interval: 5m
timeout: 2h
install:
timeout: 2h
remediation:
retries: 3
upgrade:
timeout: 2h
remediation:
retries: 3
values:
global:
security:
allowInsecureImages: true
defaultStorageClass: local-path
postgresql:
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
image:
registry: cr.yandex/crp3ccidau046kdj8g9q
repository: contour/postgresql
tag: 17.0.7
pullPolicy: Always
metrics:
enabled: false
prometheusRule:
enabled: false
primary:
automountServiceAccountToken: true
containerSecurityContext:
readOnlyRootFilesystem: false
persistence:
storageClass: local-path
size: 20Gi
customLivenessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "postgres" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customReadinessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "postgres" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customStartupProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "postgres" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
nodeSelector:
dedicated: db
tolerations:
- key: dedicated
operator: Equal
value: db
effect: NoSchedule
contour:
enabled: true
adminUser: "postgres"
vault:
enabled: true
role: postgresql
authPath: auth/kubernetes
secretPath: secrets/data/postgresql/admin
secretKey: postgres-password
usersSecretPath: secrets/data/postgresql/users
sharedPreloadLibraries: "timescaledb,pg_stat_statements"
databases:
# - name: attachments_db
# user: attachments
# passwordKey: attachments
# extensions:
# - ltree
# - pg_stat_statements
# - uuid-ossp
# restoreFromDump: false
# dumpKey: attachments.sql
- name: zitadel
user: zitadel
passwordKey: zitadel
extensions: []
restoreFromDump: false
- name: keycloak
user: keycloak
passwordKey: keycloak
extensions: []
restoreFromDump: false
- name: automation
user: automation
passwordKey: automation
extensions:
- pg_stat_statements
- uuid-ossp
restoreFromDump: false
- name: bi
user: bi
passwordKey: bi
extensions:
- ltree
- pg_stat_statements
- uuid-ossp
restoreFromDump: false
- name: glitchtip
user: glitchtip
passwordKey: glitchtip
extensions: []
restoreFromDump: false
- name: openobserve
user: openobserve
passwordKey: openobserve
extensions: []
restoreFromDump: false
# - name: camunda_db
# user: camunda
# passwordKey: camunda
# extensions:
# - pg_stat_statements
# restoreFromDump: false
# - name: camunda_new
# user: camunda
# passwordKey: camunda
# extensions:
# - pg_stat_statements
# restoreFromDump: false
# - name: checklists
# user: checklists_user
# passwordKey: checklists
# extensions:
# - pg_stat_statements
# - uuid-ossp
# restoreFromDump: false
# - name: comparator
# user: prod_user
# passwordKey: comparator
# extensions:
# - pg_stat_statements
# - uuid-ossp
# restoreFromDump: false
# - name: comparisons
# user: comparisons_prod
# passwordKey: comparisons
# extensions:
# - pg_stat_statements
# - uuid-ossp
# restoreFromDump: false
# - name: contracts_prod_db
# user: prod_user
# passwordKey: contracts
# extensions:
# - btree_gist
# - ltree
# - pg_stat_statements
# - uuid-ossp
# restoreFromDump: false
# - name: data-engine_db
# user: data-engine
# passwordKey: data-engine
# extensions:
# - btree_gin
# - btree_gist
# - hstore
# - ltree
# - pg_partman
# - pg_trgm
# - uuid-ossp
# restoreFromDump: false
# - name: drawings
# user: prod_user
# passwordKey: drawings
# extensions:
# - pg_stat_statements
# - uuid-ossp
# restoreFromDump: false
# - name: flow_db
# user: flow
# passwordKey: flow
# extensions:
# - pg_stat_statements
# restoreFromDump: false
# - name: inspections
# user: prod_user
# passwordKey: inspections
# extensions:
# - ltree
# - pg_stat_statements
# - postgis
# - timescaledb
# - uuid-ossp
# restoreFromDump: false
# - name: issues
# user: prod_user
# passwordKey: issues
# extensions:
# - ltree
# - pg_stat_statements
# - pg_trgm
# - postgis
# - timescaledb
# - uuid-ossp
# restoreFromDump: false
# - name: mailer
# user: mailer
# passwordKey: mailer
# extensions:
# - pg_stat_statements
# - uuid-ossp
# restoreFromDump: false
# - name: notes_db
# user: note
# passwordKey: notes
# extensions:
# - pg_stat_statements
# restoreFromDump: false
# - name: pm_db
# user: pm
# passwordKey: pm
# extensions:
# - ltree
# - pg_stat_statements
# restoreFromDump: false
# - name: premises_db
# user: premises
# passwordKey: premises
# extensions:
# - uuid-ossp
# restoreFromDump: false
# - name: preprod_sarex_db
# user: preprod_sarex
# passwordKey: preprod-sarex
# extensions:
# - ltree
# - pg_stat_statements
# restoreFromDump: false
# - name: processing
# user: prod_user
# passwordKey: processing
# extensions:
# - pg_stat_statements
# - uuid-ossp
# restoreFromDump: false
# - name: pulse_db
# user: pulse
# passwordKey: pulse
# extensions:
# - pg_stat_statements
# restoreFromDump: false
# - name: remarks
# user: prod_user
# passwordKey: remarks
# extensions:
# - pg_stat_statements
# - uuid-ossp
# restoreFromDump: false
# - name: resources
# user: prod_user
# passwordKey: resources
# extensions:
# - ltree
# - pg_stat_statements
# - postgis
# restoreFromDump: false
# - name: restored_flow_db
# user: flow
# passwordKey: flow
# extensions:
# - pg_stat_statements
# restoreFromDump: false
# - name: rfi
# user: rfi_user
# passwordKey: rfi
# extensions:
# - pg_stat_statements
# restoreFromDump: false
# - name: sarex_compute
# user: prod_user
# passwordKey: sarex-compute
# extensions:
# - pg_stat_statements
# - uuid-ossp
# restoreFromDump: false
# - name: sarex_db
# user: sarex
# passwordKey: sarex
# extensions:
# - ltree
# - pg_stat_statements
# restoreFromDump: false
# - name: srx-data-engine
# user: admin_user
# passwordKey: srx-data-engine
# extensions:
# - btree_gist
# - ltree
# - pg_partman
# - pg_stat_statements
# - uuid-ossp
# restoreFromDump: false
# - name: subscriptions
# user: prod_user
# passwordKey: subscriptions
# extensions:
# - ltree
# - pg_stat_statements
# - postgis
# - timescaledb
# restoreFromDump: false
# - name: superset
# user: sarex
# passwordKey: superset
# extensions:
# - pg_stat_statements
# restoreFromDump: false
# - name: system_log
# user: prod_user
# passwordKey: system-log
# extensions:
# - ltree
# - pg_stat_statements
# - timescaledb
# restoreFromDump: false
# - name: transmittal
# user: transmittal
# passwordKey: transmittal
# extensions:
# - pg_stat_statements
# restoreFromDump: false
# - name: workspaces
# user: prod_user
# passwordKey: workspaces
# extensions:
# - pg_stat_statements
# - uuid-ossp
# restoreFromDump: false
# - name: bim
# user: bim
# passwordKey: bim
# extensions: []
# restoreFromDump: false
# - name: documentations
# user: documentations
# passwordKey: documentations
# extensions: []
# restoreFromDump: false
# - name: eav
# user: eav
# passwordKey: eav
# extensions: []
# restoreFromDump: false
s3-proxy:
endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local"