iac/clusters/yc-infra-prod/infrastructure/patches/postgresql.yaml

apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: postgresql
  namespace: postgresql
spec:
  chart:
    spec:
      version: "13.0.9"
  values:
    global:
      security:
        allowInsecureImages: true
    image:
      registry: cr.yandex/crp3ccidau046kdj8g9q
      repository: contour/postgresql
      tag: "13.0.9"
      pullPolicy: IfNotPresent
    postgresqlSharedPreloadLibraries: "timescaledb,pg_stat_statements"
    primary:
      containerSecurityContext:
        readOnlyRootFilesystem: false
      extendedConfiguration: |-
        listen_addresses = '*'
        fsync = off
        full_page_writes = off
        synchronous_commit = off
        shared_buffers = 8GB
        effective_cache_size = 18GB
        work_mem = 256MB
        maintenance_work_mem = 2GB
        temp_buffers = 256MB
        max_wal_size = 32GB
        checkpoint_timeout = 1h
        checkpoint_completion_target = 0.9
        wal_level = minimal
        max_wal_senders = 0
        archive_mode = off
        random_page_cost = 1.1        
      resources:
        requests:
          cpu: "6"
          memory: 25Gi
        limits:
          cpu: "6"
          memory: 25Gi
      nodeSelector:
        dedicated: sts
      tolerations:
        - key: dedicated
          operator: Equal
          value: sts
          effect: NoSchedule
      persistence:
        storageClass: database-storage
        size: 500Gi
    metrics:
      containerSecurityContext:
        readOnlyRootFilesystem: false
    contour:
      enabled: true
      vault:
        enabled: true
        role: postgresql-contour
        authPath: auth/kubernetes
        secretPath: secrets/data/yc-infra-prod/infra/postgresql_contour/postgresql_contour_secret
        secretKey: postgres-password
        usersSecretPath: secrets/data/yc-infra-prod/infra/postgresql_contour/postgresql_users_secret
      sharedPreloadLibraries: "timescaledb,pg_stat_statements"
      "s3-proxy":
        endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local"
      databases:
        - name: sanitizer
          user: sanitizer
          passwordKey: sanitizer
          extensions:
            - ltree
            - pg_stat_statements
            - postgis
            - timescaledb
            - uuid-ossp
            - pg_trgm
            - btree_gin
            - btree_gist
            - hstore
            - pg_partman
            - vector
          restoreFromDump: false