From 27838e5bad797726ef0bcbcfb702a2b37bc2dd69 Mon Sep 17 00:00:00 2001 From: Mayne0213 Date: Wed, 17 Dec 2025 15:09:48 +0900 Subject: [PATCH] INIT(postgresql): databases setup - with pg and pg-dev --- postgresql-dev/argocd/postgresql-dev.yaml | 48 ++++++++++ .../helm-values/postgresql-dev.yaml | 31 ++++++ postgresql-dev/kustomization.yaml | 7 ++ .../vault/postgresql-password-dev.yaml | 22 +++++ .../argocd/postgres-exporter-read-0.yaml | 41 ++++++++ .../argocd/postgres-exporter-read-1.yaml | 41 ++++++++ postgresql/argocd/postgres-exporter.yaml | 41 ++++++++ postgresql/argocd/postgresql.yaml | 50 ++++++++++ .../helm-values/postgres-exporter-read-0.yaml | 27 ++++++ .../helm-values/postgres-exporter-read-1.yaml | 27 ++++++ postgresql/helm-values/postgres-exporter.yaml | 27 ++++++ postgresql/helm-values/postgresql.yaml | 95 +++++++++++++++++++ postgresql/kustomization.yaml | 10 ++ postgresql/vault/postgresql-password.yaml | 26 +++++ 14 files changed, 493 insertions(+) create mode 100644 postgresql-dev/argocd/postgresql-dev.yaml create mode 100644 postgresql-dev/helm-values/postgresql-dev.yaml create mode 100644 postgresql-dev/kustomization.yaml create mode 100644 postgresql-dev/vault/postgresql-password-dev.yaml create mode 100644 postgresql/argocd/postgres-exporter-read-0.yaml create mode 100644 postgresql/argocd/postgres-exporter-read-1.yaml create mode 100644 postgresql/argocd/postgres-exporter.yaml create mode 100644 postgresql/argocd/postgresql.yaml create mode 100644 postgresql/helm-values/postgres-exporter-read-0.yaml create mode 100644 postgresql/helm-values/postgres-exporter-read-1.yaml create mode 100644 postgresql/helm-values/postgres-exporter.yaml create mode 100644 postgresql/helm-values/postgresql.yaml create mode 100644 postgresql/kustomization.yaml create mode 100644 postgresql/vault/postgresql-password.yaml diff --git a/postgresql-dev/argocd/postgresql-dev.yaml b/postgresql-dev/argocd/postgresql-dev.yaml new file mode 100644 index 0000000..c7d3a57 --- /dev/null +++ b/postgresql-dev/argocd/postgresql-dev.yaml @@ -0,0 +1,48 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: postgresql-dev + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + + sources: + - repoURL: https://charts.bitnami.com/bitnami + chart: postgresql + targetRevision: 16.2.1 + helm: + valueFiles: + - $values/postgresql-dev/helm-values/postgresql-dev.yaml + - repoURL: https://gitea0213.kro.kr/bluemayne/infrastructure.git + targetRevision: main + ref: values + # Vault secrets from Git repository + - repoURL: https://gitea0213.kro.kr/bluemayne/infrastructure.git + targetRevision: main + path: postgresql-dev + + destination: + server: https://kubernetes.default.svc + namespace: postgresql-dev + + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + + syncOptions: + - CreateNamespace=true + - PrunePropagationPolicy=foreground + - PruneLast=true + + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m + + revisionHistoryLimit: 10 diff --git a/postgresql-dev/helm-values/postgresql-dev.yaml b/postgresql-dev/helm-values/postgresql-dev.yaml new file mode 100644 index 0000000..245a225 --- /dev/null +++ b/postgresql-dev/helm-values/postgresql-dev.yaml @@ -0,0 +1,31 @@ +# PostgreSQL (Development) Helm Values +# Chart: https://github.com/bitnami/charts/tree/main/bitnami/postgresql +# Single instance for development + +fullnameOverride: postgresql-dev + +image: + tag: latest + +architecture: standalone + +auth: + existingSecret: postgresql-password-dev + secretKeys: + adminPasswordKey: postgres-password + userPasswordKey: password + username: bluemayne + database: postgres + +persistence: + enabled: true + size: 10Gi + storageClass: local-path + +resources: + requests: + memory: "256Mi" + cpu: "30m" # Reduced to 30% of original (100m -> 30m) + +metrics: + enabled: false diff --git a/postgresql-dev/kustomization.yaml b/postgresql-dev/kustomization.yaml new file mode 100644 index 0000000..6152871 --- /dev/null +++ b/postgresql-dev/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + # ArgoCD Application 리소스는 infrastructure/kustomization.yaml에서 관리 + # - argocd/postgresql-dev.yaml + - vault/postgresql-password-dev.yaml diff --git a/postgresql-dev/vault/postgresql-password-dev.yaml b/postgresql-dev/vault/postgresql-password-dev.yaml new file mode 100644 index 0000000..a9d5056 --- /dev/null +++ b/postgresql-dev/vault/postgresql-password-dev.yaml @@ -0,0 +1,22 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: postgresql-password-dev + namespace: postgresql-dev +spec: + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: vault-backend + target: + name: postgresql-password-dev + creationPolicy: Owner + data: + - secretKey: password + remoteRef: + key: postgresql-dev/root + property: PASSWORD + - secretKey: postgres-password + remoteRef: + key: postgresql-dev/root + property: POSTGRES_PASSWORD diff --git a/postgresql/argocd/postgres-exporter-read-0.yaml b/postgresql/argocd/postgres-exporter-read-0.yaml new file mode 100644 index 0000000..a23a250 --- /dev/null +++ b/postgresql/argocd/postgres-exporter-read-0.yaml @@ -0,0 +1,41 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: postgres-exporter-read-0 + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + + sources: + - repoURL: https://prometheus-community.github.io/helm-charts + chart: prometheus-postgres-exporter + targetRevision: 7.3.0 + helm: + valueFiles: + - $values/postgresql/helm-values/postgres-exporter-read-0.yaml + - repoURL: https://gitea0213.kro.kr/bluemayne/infrastructure.git + targetRevision: main + ref: values + + destination: + server: https://kubernetes.default.svc + namespace: monitoring + + syncPolicy: + automated: + prune: true + selfHeal: true + + syncOptions: + - CreateNamespace=true + + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m + + revisionHistoryLimit: 10 diff --git a/postgresql/argocd/postgres-exporter-read-1.yaml b/postgresql/argocd/postgres-exporter-read-1.yaml new file mode 100644 index 0000000..6d7646f --- /dev/null +++ b/postgresql/argocd/postgres-exporter-read-1.yaml @@ -0,0 +1,41 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: postgres-exporter-read-1 + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + + sources: + - repoURL: https://prometheus-community.github.io/helm-charts + chart: prometheus-postgres-exporter + targetRevision: 7.3.0 + helm: + valueFiles: + - $values/postgresql/helm-values/postgres-exporter-read-1.yaml + - repoURL: https://gitea0213.kro.kr/bluemayne/infrastructure.git + targetRevision: main + ref: values + + destination: + server: https://kubernetes.default.svc + namespace: monitoring + + syncPolicy: + automated: + prune: true + selfHeal: true + + syncOptions: + - CreateNamespace=true + + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m + + revisionHistoryLimit: 10 diff --git a/postgresql/argocd/postgres-exporter.yaml b/postgresql/argocd/postgres-exporter.yaml new file mode 100644 index 0000000..a633bc7 --- /dev/null +++ b/postgresql/argocd/postgres-exporter.yaml @@ -0,0 +1,41 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: postgres-exporter + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + + sources: + - repoURL: https://prometheus-community.github.io/helm-charts + chart: prometheus-postgres-exporter + targetRevision: 7.3.0 + helm: + valueFiles: + - $values/postgresql/helm-values/postgres-exporter.yaml + - repoURL: https://gitea0213.kro.kr/bluemayne/infrastructure.git + targetRevision: main + ref: values + + destination: + server: https://kubernetes.default.svc + namespace: monitoring + + syncPolicy: + automated: + prune: true + selfHeal: true + + syncOptions: + - CreateNamespace=true + + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m + + revisionHistoryLimit: 10 diff --git a/postgresql/argocd/postgresql.yaml b/postgresql/argocd/postgresql.yaml new file mode 100644 index 0000000..244a2aa --- /dev/null +++ b/postgresql/argocd/postgresql.yaml @@ -0,0 +1,50 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: postgresql + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + + sources: + # Helm chart from Bitnami repository + - repoURL: https://charts.bitnami.com/bitnami + chart: postgresql + targetRevision: 16.2.1 + helm: + valueFiles: + - $values/postgresql/helm-values/postgresql.yaml + # Values file from Git repository + - repoURL: https://gitea0213.kro.kr/bluemayne/infrastructure.git + targetRevision: main + ref: values + # Vault secrets from Git repository + - repoURL: https://gitea0213.kro.kr/bluemayne/infrastructure.git + targetRevision: main + path: postgresql + + destination: + server: https://kubernetes.default.svc + namespace: postgresql + + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + + syncOptions: + - CreateNamespace=true + - PrunePropagationPolicy=foreground + - PruneLast=true + + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m + + revisionHistoryLimit: 10 diff --git a/postgresql/helm-values/postgres-exporter-read-0.yaml b/postgresql/helm-values/postgres-exporter-read-0.yaml new file mode 100644 index 0000000..8533169 --- /dev/null +++ b/postgresql/helm-values/postgres-exporter-read-0.yaml @@ -0,0 +1,27 @@ +# Prometheus Postgres Exporter Helm Values for postgresql-read-0 +# Chart: https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-postgres-exporter + +fullnameOverride: postgres-exporter-read-0 + +config: + datasource: + host: postgresql-read-0.postgresql-read-hl.postgresql.svc.cluster.local + port: "5432" + user: bluemayne + passwordSecret: + name: postgresql-password + key: password + database: postgres + sslmode: disable + +serviceMonitor: + enabled: true + namespace: monitoring + additionalLabels: + release: prometheus + instance: postgres-exporter-read-0 + +resources: + requests: + memory: 64Mi + cpu: 50m diff --git a/postgresql/helm-values/postgres-exporter-read-1.yaml b/postgresql/helm-values/postgres-exporter-read-1.yaml new file mode 100644 index 0000000..3f822bc --- /dev/null +++ b/postgresql/helm-values/postgres-exporter-read-1.yaml @@ -0,0 +1,27 @@ +# Prometheus Postgres Exporter Helm Values for postgresql-read-1 +# Chart: https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-postgres-exporter + +fullnameOverride: postgres-exporter-read-1 + +config: + datasource: + host: postgresql-read-1.postgresql-read-hl.postgresql.svc.cluster.local + port: "5432" + user: bluemayne + passwordSecret: + name: postgresql-password + key: password + database: postgres + sslmode: disable + +serviceMonitor: + enabled: true + namespace: monitoring + additionalLabels: + release: prometheus + instance: postgres-exporter-read-1 + +resources: + requests: + memory: 64Mi + cpu: 50m diff --git a/postgresql/helm-values/postgres-exporter.yaml b/postgresql/helm-values/postgres-exporter.yaml new file mode 100644 index 0000000..0a55fb4 --- /dev/null +++ b/postgresql/helm-values/postgres-exporter.yaml @@ -0,0 +1,27 @@ +# Prometheus Postgres Exporter Helm Values +# Chart: https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-postgres-exporter +# Note: This exporter monitors postgresql-primary + +fullnameOverride: postgres-exporter + +config: + datasource: + host: postgresql-primary.postgresql.svc.cluster.local + port: "5432" + user: bluemayne + passwordSecret: + name: postgresql-password + key: password + database: postgres + sslmode: disable + +serviceMonitor: + enabled: true + namespace: monitoring + additionalLabels: + release: prometheus + +resources: + requests: + memory: 64Mi + cpu: 50m diff --git a/postgresql/helm-values/postgresql.yaml b/postgresql/helm-values/postgresql.yaml new file mode 100644 index 0000000..1048375 --- /dev/null +++ b/postgresql/helm-values/postgresql.yaml @@ -0,0 +1,95 @@ +# PostgreSQL (Production) Helm Values +# Chart: https://github.com/bitnami/charts/tree/main/bitnami/postgresql +# Architecture: Primary + 2 Read Replicas with streaming replication + +fullnameOverride: postgresql + +# Use latest tag (ARM64 compatible) +image: + tag: latest + +architecture: replication + +auth: + existingSecret: postgresql-password + secretKeys: + adminPasswordKey: postgres-password + userPasswordKey: password + replicationPasswordKey: replication-password + username: bluemayne + database: postgres + +primary: + persistence: + enabled: true + size: 20Gi + storageClass: local-path + + # PostgreSQL configuration + extendedConfiguration: | + max_connections = 200 + shared_buffers = 256MB + effective_cache_size = 1GB + maintenance_work_mem = 64MB + checkpoint_completion_target = 0.9 + wal_buffers = 16MB + default_statistics_target = 100 + random_page_cost = 1.1 + effective_io_concurrency = 200 + work_mem = 1310kB + min_wal_size = 1GB + max_wal_size = 4GB + + resources: + requests: + memory: "512Mi" + cpu: "30m" # Reduced to 30% of original (100m -> 30m) + +readReplicas: + replicaCount: 2 + persistence: + enabled: true + size: 20Gi + storageClass: local-path + + # PostgreSQL configuration (must match primary for replication) + extendedConfiguration: | + max_connections = 200 + shared_buffers = 256MB + effective_cache_size = 1GB + maintenance_work_mem = 64MB + checkpoint_completion_target = 0.9 + wal_buffers = 16MB + default_statistics_target = 100 + random_page_cost = 1.1 + effective_io_concurrency = 200 + work_mem = 1310kB + min_wal_size = 1GB + max_wal_size = 4GB + + # Force read replicas to different nodes for better availability + # Avoid scheduling on the same node as primary or other read replicas + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/component: read + app.kubernetes.io/instance: postgresql + app.kubernetes.io/name: postgresql + topologyKey: kubernetes.io/hostname + - labelSelector: + matchLabels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: postgresql + app.kubernetes.io/name: postgresql + topologyKey: kubernetes.io/hostname + + resources: + requests: + memory: "512Mi" + cpu: "30m" # Reduced to 30% of original (100m -> 30m) + +# Metrics for Prometheus (disabled due to ARM64 compatibility) +metrics: + enabled: false diff --git a/postgresql/kustomization.yaml b/postgresql/kustomization.yaml new file mode 100644 index 0000000..5498880 --- /dev/null +++ b/postgresql/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + # ArgoCD Application 리소스는 infrastructure/kustomization.yaml에서 관리 + # - argocd/postgresql.yaml + # - argocd/postgres-exporter.yaml + # - argocd/postgres-exporter-read-0.yaml + # - argocd/postgres-exporter-read-1.yaml + - vault/postgresql-password.yaml diff --git a/postgresql/vault/postgresql-password.yaml b/postgresql/vault/postgresql-password.yaml new file mode 100644 index 0000000..e08e9c4 --- /dev/null +++ b/postgresql/vault/postgresql-password.yaml @@ -0,0 +1,26 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: postgresql-password + namespace: postgresql +spec: + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: vault-backend + target: + name: postgresql-password + creationPolicy: Owner + data: + - secretKey: password + remoteRef: + key: postgresql/root + property: PASSWORD + - secretKey: postgres-password + remoteRef: + key: postgresql/root + property: POSTGRES_PASSWORD + - secretKey: replication-password + remoteRef: + key: postgresql/root + property: REPLICATION_PASSWORD