INIT(postgresql): databases setup

- with pg and pg-dev
2025-12-17 15:09:48 +09:00
commit 27838e5bad
14 changed files with 493 additions and 0 deletions
--- a/postgresql/argocd/postgres-exporter-read-0.yaml
+++ b/postgresql/argocd/postgres-exporter-read-0.yaml
@@ -0,0 +1,41 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: postgres-exporter-read-0
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+
+  sources:
+    - repoURL: https://prometheus-community.github.io/helm-charts
+      chart: prometheus-postgres-exporter
+      targetRevision: 7.3.0
+      helm:
+        valueFiles:
+          - $values/postgresql/helm-values/postgres-exporter-read-0.yaml
+    - repoURL: https://gitea0213.kro.kr/bluemayne/infrastructure.git
+      targetRevision: main
+      ref: values
+
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: monitoring
+
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+
+    syncOptions:
+      - CreateNamespace=true
+
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 3m
+
+  revisionHistoryLimit: 10
--- a/postgresql/argocd/postgres-exporter-read-1.yaml
+++ b/postgresql/argocd/postgres-exporter-read-1.yaml
@@ -0,0 +1,41 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: postgres-exporter-read-1
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+
+  sources:
+    - repoURL: https://prometheus-community.github.io/helm-charts
+      chart: prometheus-postgres-exporter
+      targetRevision: 7.3.0
+      helm:
+        valueFiles:
+          - $values/postgresql/helm-values/postgres-exporter-read-1.yaml
+    - repoURL: https://gitea0213.kro.kr/bluemayne/infrastructure.git
+      targetRevision: main
+      ref: values
+
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: monitoring
+
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+
+    syncOptions:
+      - CreateNamespace=true
+
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 3m
+
+  revisionHistoryLimit: 10
--- a/postgresql/argocd/postgres-exporter.yaml
+++ b/postgresql/argocd/postgres-exporter.yaml
@@ -0,0 +1,41 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: postgres-exporter
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+
+  sources:
+    - repoURL: https://prometheus-community.github.io/helm-charts
+      chart: prometheus-postgres-exporter
+      targetRevision: 7.3.0
+      helm:
+        valueFiles:
+          - $values/postgresql/helm-values/postgres-exporter.yaml
+    - repoURL: https://gitea0213.kro.kr/bluemayne/infrastructure.git
+      targetRevision: main
+      ref: values
+
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: monitoring
+
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+
+    syncOptions:
+      - CreateNamespace=true
+
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 3m
+
+  revisionHistoryLimit: 10
--- a/postgresql/argocd/postgresql.yaml
+++ b/postgresql/argocd/postgresql.yaml
@@ -0,0 +1,50 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: postgresql
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+
+  sources:
+    # Helm chart from Bitnami repository
+    - repoURL: https://charts.bitnami.com/bitnami
+      chart: postgresql
+      targetRevision: 16.2.1
+      helm:
+        valueFiles:
+          - $values/postgresql/helm-values/postgresql.yaml
+    # Values file from Git repository
+    - repoURL: https://gitea0213.kro.kr/bluemayne/infrastructure.git
+      targetRevision: main
+      ref: values
+    # Vault secrets from Git repository
+    - repoURL: https://gitea0213.kro.kr/bluemayne/infrastructure.git
+      targetRevision: main
+      path: postgresql
+
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: postgresql
+
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
+
+    syncOptions:
+      - CreateNamespace=true
+      - PrunePropagationPolicy=foreground
+      - PruneLast=true
+
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 3m
+
+  revisionHistoryLimit: 10
--- a/postgresql/helm-values/postgres-exporter-read-0.yaml
+++ b/postgresql/helm-values/postgres-exporter-read-0.yaml
@@ -0,0 +1,27 @@
+# Prometheus Postgres Exporter Helm Values for postgresql-read-0
+# Chart: https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-postgres-exporter
+
+fullnameOverride: postgres-exporter-read-0
+
+config:
+  datasource:
+    host: postgresql-read-0.postgresql-read-hl.postgresql.svc.cluster.local
+    port: "5432"
+    user: bluemayne
+    passwordSecret:
+      name: postgresql-password
+      key: password
+    database: postgres
+    sslmode: disable
+
+serviceMonitor:
+  enabled: true
+  namespace: monitoring
+  additionalLabels:
+    release: prometheus
+    instance: postgres-exporter-read-0
+
+resources:
+  requests:
+    memory: 64Mi
+    cpu: 50m
--- a/postgresql/helm-values/postgres-exporter-read-1.yaml
+++ b/postgresql/helm-values/postgres-exporter-read-1.yaml
@@ -0,0 +1,27 @@
+# Prometheus Postgres Exporter Helm Values for postgresql-read-1
+# Chart: https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-postgres-exporter
+
+fullnameOverride: postgres-exporter-read-1
+
+config:
+  datasource:
+    host: postgresql-read-1.postgresql-read-hl.postgresql.svc.cluster.local
+    port: "5432"
+    user: bluemayne
+    passwordSecret:
+      name: postgresql-password
+      key: password
+    database: postgres
+    sslmode: disable
+
+serviceMonitor:
+  enabled: true
+  namespace: monitoring
+  additionalLabels:
+    release: prometheus
+    instance: postgres-exporter-read-1
+
+resources:
+  requests:
+    memory: 64Mi
+    cpu: 50m
--- a/postgresql/helm-values/postgres-exporter.yaml
+++ b/postgresql/helm-values/postgres-exporter.yaml
@@ -0,0 +1,27 @@
+# Prometheus Postgres Exporter Helm Values
+# Chart: https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-postgres-exporter
+# Note: This exporter monitors postgresql-primary
+
+fullnameOverride: postgres-exporter
+
+config:
+  datasource:
+    host: postgresql-primary.postgresql.svc.cluster.local
+    port: "5432"
+    user: bluemayne
+    passwordSecret:
+      name: postgresql-password
+      key: password
+    database: postgres
+    sslmode: disable
+
+serviceMonitor:
+  enabled: true
+  namespace: monitoring
+  additionalLabels:
+    release: prometheus
+
+resources:
+  requests:
+    memory: 64Mi
+    cpu: 50m
--- a/postgresql/helm-values/postgresql.yaml
+++ b/postgresql/helm-values/postgresql.yaml
@@ -0,0 +1,95 @@
+# PostgreSQL (Production) Helm Values
+# Chart: https://github.com/bitnami/charts/tree/main/bitnami/postgresql
+# Architecture: Primary + 2 Read Replicas with streaming replication
+
+fullnameOverride: postgresql
+
+# Use latest tag (ARM64 compatible)
+image:
+  tag: latest
+
+architecture: replication
+
+auth:
+  existingSecret: postgresql-password
+  secretKeys:
+    adminPasswordKey: postgres-password
+    userPasswordKey: password
+    replicationPasswordKey: replication-password
+  username: bluemayne
+  database: postgres
+
+primary:
+  persistence:
+    enabled: true
+    size: 20Gi
+    storageClass: local-path
+  
+  # PostgreSQL configuration
+  extendedConfiguration: |
+    max_connections = 200
+    shared_buffers = 256MB
+    effective_cache_size = 1GB
+    maintenance_work_mem = 64MB
+    checkpoint_completion_target = 0.9
+    wal_buffers = 16MB
+    default_statistics_target = 100
+    random_page_cost = 1.1
+    effective_io_concurrency = 200
+    work_mem = 1310kB
+    min_wal_size = 1GB
+    max_wal_size = 4GB
+  
+  resources:
+    requests:
+      memory: "512Mi"
+      cpu: "30m"  # Reduced to 30% of original (100m -> 30m)
+
+readReplicas:
+  replicaCount: 2
+  persistence:
+    enabled: true
+    size: 20Gi
+    storageClass: local-path
+
+  # PostgreSQL configuration (must match primary for replication)
+  extendedConfiguration: |
+    max_connections = 200
+    shared_buffers = 256MB
+    effective_cache_size = 1GB
+    maintenance_work_mem = 64MB
+    checkpoint_completion_target = 0.9
+    wal_buffers = 16MB
+    default_statistics_target = 100
+    random_page_cost = 1.1
+    effective_io_concurrency = 200
+    work_mem = 1310kB
+    min_wal_size = 1GB
+    max_wal_size = 4GB
+
+  # Force read replicas to different nodes for better availability
+  # Avoid scheduling on the same node as primary or other read replicas
+  affinity:
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+      - labelSelector:
+          matchLabels:
+            app.kubernetes.io/component: read
+            app.kubernetes.io/instance: postgresql
+            app.kubernetes.io/name: postgresql
+        topologyKey: kubernetes.io/hostname
+      - labelSelector:
+          matchLabels:
+            app.kubernetes.io/component: primary
+            app.kubernetes.io/instance: postgresql
+            app.kubernetes.io/name: postgresql
+        topologyKey: kubernetes.io/hostname
+
+  resources:
+    requests:
+      memory: "512Mi"
+      cpu: "30m"  # Reduced to 30% of original (100m -> 30m)
+
+# Metrics for Prometheus (disabled due to ARM64 compatibility)
+metrics:
+  enabled: false
--- a/postgresql/kustomization.yaml
+++ b/postgresql/kustomization.yaml
@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  # ArgoCD Application 리소스는 infrastructure/kustomization.yaml에서 관리
+  # - argocd/postgresql.yaml
+  # - argocd/postgres-exporter.yaml
+  # - argocd/postgres-exporter-read-0.yaml
+  # - argocd/postgres-exporter-read-1.yaml
+  - vault/postgresql-password.yaml
--- a/postgresql/vault/postgresql-password.yaml
+++ b/postgresql/vault/postgresql-password.yaml
@@ -0,0 +1,26 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: postgresql-password
+  namespace: postgresql
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-backend
+  target:
+    name: postgresql-password
+    creationPolicy: Owner
+  data:
+    - secretKey: password
+      remoteRef:
+        key: postgresql/root
+        property: PASSWORD
+    - secretKey: postgres-password
+      remoteRef:
+        key: postgresql/root
+        property: POSTGRES_PASSWORD
+    - secretKey: replication-password
+      remoteRef:
+        key: postgresql/root
+        property: REPLICATION_PASSWORD