K3S-HOME/storage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

INIT(postgresql): databases setup

Browse Source 
- with pg and pg-dev
This commit is contained in:
Mayne0213
2025-12-17 15:09:48 +09:00
commit 27838e5bad
14 changed files with 493 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
postgresql-dev/argocd/postgresql-dev.yaml Normal file
View File

@@ -0,0 +1,48 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: postgresql-dev
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
sources:
- repoURL: https://charts.bitnami.com/bitnami
chart: postgresql
targetRevision: 16.2.1
helm:
valueFiles:
- $values/postgresql-dev/helm-values/postgresql-dev.yaml
- repoURL: https://gitea0213.kro.kr/bluemayne/infrastructure.git
targetRevision: main
ref: values
# Vault secrets from Git repository
- repoURL: https://gitea0213.kro.kr/bluemayne/infrastructure.git
targetRevision: main
path: postgresql-dev
destination:
server: https://kubernetes.default.svc
namespace: postgresql-dev
syncPolicy:
automated:
prune: true
selfHeal: true
allowEmpty: false
syncOptions:
- CreateNamespace=true
- PrunePropagationPolicy=foreground
- PruneLast=true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m
revisionHistoryLimit: 10

31
postgresql-dev/helm-values/postgresql-dev.yaml Normal file
View File

@@ -0,0 +1,31 @@
# PostgreSQL (Development) Helm Values
# Chart: https://github.com/bitnami/charts/tree/main/bitnami/postgresql
# Single instance for development
fullnameOverride: postgresql-dev
image:
tag: latest
architecture: standalone
auth:
existingSecret: postgresql-password-dev
secretKeys:
adminPasswordKey: postgres-password
userPasswordKey: password
username: bluemayne
database: postgres
persistence:
enabled: true
size: 10Gi
storageClass: local-path
resources:
requests:
memory: "256Mi"
cpu: "30m" # Reduced to 30% of original (100m -> 30m)
metrics:
enabled: false

7
postgresql-dev/kustomization.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
# ArgoCD Application 리소스는 infrastructure/kustomization.yaml에서 관리
# - argocd/postgresql-dev.yaml
- vault/postgresql-password-dev.yaml

22
postgresql-dev/vault/postgresql-password-dev.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: postgresql-password-dev
namespace: postgresql-dev
spec:
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: vault-backend
target:
name: postgresql-password-dev
creationPolicy: Owner
data:
- secretKey: password
remoteRef:
key: postgresql-dev/root
property: PASSWORD
- secretKey: postgres-password
remoteRef:
key: postgresql-dev/root
property: POSTGRES_PASSWORD

41
postgresql/argocd/postgres-exporter-read-0.yaml Normal file
View File

@@ -0,0 +1,41 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: postgres-exporter-read-0
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
sources:
- repoURL: https://prometheus-community.github.io/helm-charts
chart: prometheus-postgres-exporter
targetRevision: 7.3.0
helm:
valueFiles:
- $values/postgresql/helm-values/postgres-exporter-read-0.yaml
- repoURL: https://gitea0213.kro.kr/bluemayne/infrastructure.git
targetRevision: main
ref: values
destination:
server: https://kubernetes.default.svc
namespace: monitoring
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m
revisionHistoryLimit: 10

41
postgresql/argocd/postgres-exporter-read-1.yaml Normal file
View File

@@ -0,0 +1,41 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: postgres-exporter-read-1
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
sources:
- repoURL: https://prometheus-community.github.io/helm-charts
chart: prometheus-postgres-exporter
targetRevision: 7.3.0
helm:
valueFiles:
- $values/postgresql/helm-values/postgres-exporter-read-1.yaml
- repoURL: https://gitea0213.kro.kr/bluemayne/infrastructure.git
targetRevision: main
ref: values
destination:
server: https://kubernetes.default.svc
namespace: monitoring
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m
revisionHistoryLimit: 10

41
postgresql/argocd/postgres-exporter.yaml Normal file
View File

@@ -0,0 +1,41 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: postgres-exporter
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
sources:
- repoURL: https://prometheus-community.github.io/helm-charts
chart: prometheus-postgres-exporter
targetRevision: 7.3.0
helm:
valueFiles:
- $values/postgresql/helm-values/postgres-exporter.yaml
- repoURL: https://gitea0213.kro.kr/bluemayne/infrastructure.git
targetRevision: main
ref: values
destination:
server: https://kubernetes.default.svc
namespace: monitoring
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m
revisionHistoryLimit: 10

50
postgresql/argocd/postgresql.yaml Normal file
View File

@@ -0,0 +1,50 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: postgresql
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
sources:
# Helm chart from Bitnami repository
- repoURL: https://charts.bitnami.com/bitnami
chart: postgresql
targetRevision: 16.2.1
helm:
valueFiles:
- $values/postgresql/helm-values/postgresql.yaml
# Values file from Git repository
- repoURL: https://gitea0213.kro.kr/bluemayne/infrastructure.git
targetRevision: main
ref: values
# Vault secrets from Git repository
- repoURL: https://gitea0213.kro.kr/bluemayne/infrastructure.git
targetRevision: main
path: postgresql
destination:
server: https://kubernetes.default.svc
namespace: postgresql
syncPolicy:
automated:
prune: true
selfHeal: true
allowEmpty: false
syncOptions:
- CreateNamespace=true
- PrunePropagationPolicy=foreground
- PruneLast=true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m
revisionHistoryLimit: 10

27
postgresql/helm-values/postgres-exporter-read-0.yaml Normal file
View File

@@ -0,0 +1,27 @@
# Prometheus Postgres Exporter Helm Values for postgresql-read-0
# Chart: https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-postgres-exporter
fullnameOverride: postgres-exporter-read-0
config:
datasource:
host: postgresql-read-0.postgresql-read-hl.postgresql.svc.cluster.local
port: "5432"
user: bluemayne
passwordSecret:
name: postgresql-password
key: password
database: postgres
sslmode: disable
serviceMonitor:
enabled: true
namespace: monitoring
additionalLabels:
release: prometheus
instance: postgres-exporter-read-0
resources:
requests:
memory: 64Mi
cpu: 50m

27
postgresql/helm-values/postgres-exporter-read-1.yaml Normal file
View File

@@ -0,0 +1,27 @@
# Prometheus Postgres Exporter Helm Values for postgresql-read-1
# Chart: https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-postgres-exporter
fullnameOverride: postgres-exporter-read-1
config:
datasource:
host: postgresql-read-1.postgresql-read-hl.postgresql.svc.cluster.local
port: "5432"
user: bluemayne
passwordSecret:
name: postgresql-password
key: password
database: postgres
sslmode: disable
serviceMonitor:
enabled: true
namespace: monitoring
additionalLabels:
release: prometheus
instance: postgres-exporter-read-1
resources:
requests:
memory: 64Mi
cpu: 50m

27
postgresql/helm-values/postgres-exporter.yaml Normal file
View File

@@ -0,0 +1,27 @@
# Prometheus Postgres Exporter Helm Values
# Chart: https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-postgres-exporter
# Note: This exporter monitors postgresql-primary
fullnameOverride: postgres-exporter
config:
datasource:
host: postgresql-primary.postgresql.svc.cluster.local
port: "5432"
user: bluemayne
passwordSecret:
name: postgresql-password
key: password
database: postgres
sslmode: disable
serviceMonitor:
enabled: true
namespace: monitoring
additionalLabels:
release: prometheus
resources:
requests:
memory: 64Mi
cpu: 50m

95
postgresql/helm-values/postgresql.yaml Normal file
View File

@@ -0,0 +1,95 @@
# PostgreSQL (Production) Helm Values
# Chart: https://github.com/bitnami/charts/tree/main/bitnami/postgresql
# Architecture: Primary + 2 Read Replicas with streaming replication
fullnameOverride: postgresql
# Use latest tag (ARM64 compatible)
image:
tag: latest
architecture: replication
auth:
existingSecret: postgresql-password
secretKeys:
adminPasswordKey: postgres-password
userPasswordKey: password
replicationPasswordKey: replication-password
username: bluemayne
database: postgres
primary:
persistence:
enabled: true
size: 20Gi
storageClass: local-path
# PostgreSQL configuration
extendedConfiguration: |
max_connections = 200
shared_buffers = 256MB
effective_cache_size = 1GB
maintenance_work_mem = 64MB
checkpoint_completion_target = 0.9
wal_buffers = 16MB
default_statistics_target = 100
random_page_cost = 1.1
effective_io_concurrency = 200
work_mem = 1310kB
min_wal_size = 1GB
max_wal_size = 4GB
resources:
requests:
memory: "512Mi"
cpu: "30m" # Reduced to 30% of original (100m -> 30m)
readReplicas:
replicaCount: 2
persistence:
enabled: true
size: 20Gi
storageClass: local-path
# PostgreSQL configuration (must match primary for replication)
extendedConfiguration: |
max_connections = 200
shared_buffers = 256MB
effective_cache_size = 1GB
maintenance_work_mem = 64MB
checkpoint_completion_target = 0.9
wal_buffers = 16MB
default_statistics_target = 100
random_page_cost = 1.1
effective_io_concurrency = 200
work_mem = 1310kB
min_wal_size = 1GB
max_wal_size = 4GB
# Force read replicas to different nodes for better availability
# Avoid scheduling on the same node as primary or other read replicas
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/component: read
app.kubernetes.io/instance: postgresql
app.kubernetes.io/name: postgresql
topologyKey: kubernetes.io/hostname
- labelSelector:
matchLabels:
app.kubernetes.io/component: primary
app.kubernetes.io/instance: postgresql
app.kubernetes.io/name: postgresql
topologyKey: kubernetes.io/hostname
resources:
requests:
memory: "512Mi"
cpu: "30m" # Reduced to 30% of original (100m -> 30m)
# Metrics for Prometheus (disabled due to ARM64 compatibility)
metrics:
enabled: false

10
postgresql/kustomization.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
# ArgoCD Application 리소스는 infrastructure/kustomization.yaml에서 관리
# - argocd/postgresql.yaml
# - argocd/postgres-exporter.yaml
# - argocd/postgres-exporter-read-0.yaml
# - argocd/postgres-exporter-read-1.yaml
- vault/postgresql-password.yaml

26
postgresql/vault/postgresql-password.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: postgresql-password
namespace: postgresql
spec:
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: vault-backend
target:
name: postgresql-password
creationPolicy: Owner
data:
- secretKey: password
remoteRef:
key: postgresql/root
property: PASSWORD
- secretKey: postgres-password
remoteRef:
key: postgresql/root
property: POSTGRES_PASSWORD
- secretKey: replication-password
remoteRef:
key: postgresql/root
property: REPLICATION_PASSWORD