apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: postgresql
  namespace: postgresql
spec:
  chart:
    spec:
      version: "13.0.9"
  values:
    global:
      security:
        allowInsecureImages: true
    image:
      registry: cr.yandex/crp3ccidau046kdj8g9q
      repository: contour/postgresql
      tag: "13.0.9"
      pullPolicy: IfNotPresent
    postgresqlSharedPreloadLibraries: "timescaledb,pg_stat_statements"
    shmVolume:
      enabled: true
      sizeLimit: 1Gi
    primary:
      containerSecurityContext:
        readOnlyRootFilesystem: false
      extendedConfiguration: |-
        listen_addresses = '*'
        fsync = off
        full_page_writes = off
        synchronous_commit = off
        shared_buffers = 6GB
        effective_cache_size = 18GB
        work_mem = 64MB
        maintenance_work_mem = 1536MB
        temp_buffers = 64MB
        max_connections = 60
        autovacuum = off
        jit = off
        max_parallel_workers = 4
        max_parallel_maintenance_workers = 2
        max_wal_size = 16GB
        checkpoint_timeout = 1h
        checkpoint_completion_target = 0.9
        wal_level = minimal
        max_wal_senders = 0
        archive_mode = off
        random_page_cost = 1.1
      terminationGracePeriodSeconds: 3600
      customStartupProbe:
        exec:
          command:
            - /bin/sh
            - -ec
            - |
              pid_file="${PGDATA:-/bitnami/postgresql/data}/postmaster.pid"
              test -s "$pid_file" && kill -0 "$(head -n 1 "$pid_file")"
        initialDelaySeconds: 30
        periodSeconds: 10
        timeoutSeconds: 5
        successThreshold: 1
        failureThreshold: 720
      customLivenessProbe:
        exec:
          command:
            - /bin/sh
            - -ec
            - |
              pid_file="${PGDATA:-/bitnami/postgresql/data}/postmaster.pid"
              test -s "$pid_file" && kill -0 "$(head -n 1 "$pid_file")"
        initialDelaySeconds: 120
        periodSeconds: 30
        timeoutSeconds: 5
        successThreshold: 1
        failureThreshold: 20
      customReadinessProbe:
        exec:
          command:
            - /bin/sh
            - -ec
            - exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432
        initialDelaySeconds: 5
        periodSeconds: 10
        timeoutSeconds: 5
        successThreshold: 1
        failureThreshold: 6
      resources:
        requests:
          cpu: "6"
          memory: 25Gi
        limits:
          cpu: "6"
          memory: 25Gi
      nodeSelector:
        dedicated: sts
      tolerations:
        - key: dedicated
          operator: Equal
          value: sts
          effect: NoSchedule
      persistence:
        storageClass: database-storage
        size: 500Gi
    metrics:
      containerSecurityContext:
        readOnlyRootFilesystem: false
    contour:
      enabled: true
      vault:
        enabled: true
        role: postgresql-contour
        authPath: auth/kubernetes
        secretPath: secrets/data/yc-infra-prod/infra/postgresql_contour/postgresql_contour_secret
        secretKey: postgres-password
        usersSecretPath: secrets/data/yc-infra-prod/infra/postgresql_contour/postgresql_users_secret
      sharedPreloadLibraries: "timescaledb,pg_stat_statements"
      "s3-proxy":
        endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local"
      databases:
        - name: sanitizer
          user: sanitizer
          passwordKey: sanitizer
          extensions:
            - ltree
            - pg_stat_statements
            - postgis
            - timescaledb
            - uuid-ossp
            - pg_trgm
            - btree_gin
            - btree_gist
            - hstore
            - pg_partman
            - vector
          restoreFromDump: false