REFACTOR(postgresql): rename pg-cnpg namespace and folder

- Rename to postgresql - Standardize naming convention
2025-12-29 20:51:49 +09:00
parent a586febc4c
commit 75a165b474
7 changed files with 214 additions and 0 deletions
--- a/postgresql/argocd/postgresql-cnpg.yaml
+++ b/postgresql/argocd/postgresql-cnpg.yaml
@@ -0,0 +1,39 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: postgresql
  namespace: argocd
  finalizers:
    - resources-finalizer.argocd.argoproj.io
 spec:
  project: default
  source:
    repoURL: https://github.com/Mayne0213/databases.git
    targetRevision: main
    path: postgresql
  destination:
    server: https://kubernetes.default.svc
    namespace: postgresql
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
      allowEmpty: false
    syncOptions:
      - CreateNamespace=true
      - PrunePropagationPolicy=foreground
      - PruneLast=true
      - ServerSideApply=true
    retry:
      limit: 5
      backoff:
        duration: 5s
        factor: 2
        maxDuration: 3m
  revisionHistoryLimit: 10
--- a/postgresql/kustomization.yaml
+++ b/postgresql/kustomization.yaml
@@ -0,0 +1,20 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: postgresql
 resources:
  # Vault External Secrets
  - vault/app-user-secret.yaml
  - vault/superuser-secret.yaml
  - vault/vault-user-secret.yaml
  # - vault/backup-s3-secret.yaml  # Disabled - using Velero instead
  # CNPG Cluster
  - manifests/cluster.yaml
  - manifests/vault-database.yaml
  # PodMonitor is auto-created by CNPG operator via cluster.spec.monitoring.enablePodMonitor
  # Scheduled Backup - Disabled, using Velero instead
  # - manifests/scheduled-backup.yaml
--- a/postgresql/manifests/cluster.yaml
+++ b/postgresql/manifests/cluster.yaml
@@ -0,0 +1,75 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
  name: postgresql
  namespace: postgresql
 spec:
  # PostgreSQL version
  imageName: ghcr.io/cloudnative-pg/postgresql:16.6
  # Number of instances
  instances: 3  # 1 primary + 2 replicas for HA
  # Storage configuration - using local-path
  storage:
    storageClass: local-path
    size: 10Gi
  # Resource requests and limits
  resources:
    requests:
      memory: "512Mi"
      cpu: "150m"
    limits:
      memory: "2Gi"
      # cpu: no limit to prevent throttling
  # PostgreSQL configuration
  postgresql:
    parameters:
      max_connections: "200"
      shared_buffers: "512MB"
      effective_cache_size: "1536MB"
      maintenance_work_mem: "128MB"
      checkpoint_completion_target: "0.9"
      wal_buffers: "16MB"
      default_statistics_target: "100"
      random_page_cost: "1.1"
      effective_io_concurrency: "200"
      work_mem: "2621kB"
      min_wal_size: "1GB"
      max_wal_size: "4GB"
  # Bootstrap configuration
  bootstrap:
    initdb:
      database: app
      owner: app
      secret:
        name: postgresql-app-user
  # Monitoring
  monitoring:
    enablePodMonitor: true
    customQueriesConfigMap:
      - name: cnpg-default-monitoring
        key: queries
    # Add pod labels to metrics for Grafana dashboard compatibility
    podMonitorRelabelings:
      # Add cluster label from pod label
      - sourceLabels: [__meta_kubernetes_pod_label_cnpg_io_cluster]
        targetLabel: cluster
      # Add instance role label
      - sourceLabels: [__meta_kubernetes_pod_label_cnpg_io_instanceRole]
        targetLabel: role
  # Backup disabled - using Velero for backups instead
  # Affinity to spread replicas across nodes
  affinity:
    podAntiAffinityType: required
  # Enable superuser access
  enableSuperuserAccess: true
  superuserSecret:
    name: postgresql-superuser
--- a/postgresql/manifests/vault-database.yaml
+++ b/postgresql/manifests/vault-database.yaml
@@ -0,0 +1,11 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: Database
 metadata:
  name: vault
  namespace: postgresql
 spec:
  cluster:
    name: postgresql
  name: vault
  owner: vault
  ensure: present
--- a/postgresql/vault/app-user-secret.yaml
+++ b/postgresql/vault/app-user-secret.yaml
@@ -0,0 +1,23 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
  name: postgresql-app-user
  namespace: postgresql
 spec:
  refreshInterval: 1h
  secretStoreRef:
    kind: ClusterSecretStore
    name: vault-backend
  target:
    name: postgresql-app-user
    creationPolicy: Owner
    template:
      type: kubernetes.io/basic-auth
      data:
        username: app
        password: "{{ .password }}"
  data:
    - secretKey: password
      remoteRef:
        key: databases/postgresql
        property: APP_PASSWORD
--- a/postgresql/vault/superuser-secret.yaml
+++ b/postgresql/vault/superuser-secret.yaml
@@ -0,0 +1,23 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
  name: postgresql-superuser
  namespace: postgresql
 spec:
  refreshInterval: 1h
  secretStoreRef:
    kind: ClusterSecretStore
    name: vault-backend
  target:
    name: postgresql-superuser
    creationPolicy: Owner
    template:
      type: kubernetes.io/basic-auth
      data:
        username: postgres
        password: "{{ .password }}"
  data:
    - secretKey: password
      remoteRef:
        key: databases/postgresql
        property: POSTGRES_PASSWORD
--- a/postgresql/vault/vault-user-secret.yaml
+++ b/postgresql/vault/vault-user-secret.yaml
@@ -0,0 +1,23 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
  name: postgresql-vault-user
  namespace: postgresql
 spec:
  refreshInterval: 1h
  secretStoreRef:
    kind: ClusterSecretStore
    name: vault-backend
  target:
    name: postgresql-vault-user
    creationPolicy: Owner
    template:
      type: kubernetes.io/basic-auth
      data:
        username: vault
        password: "{{ .password }}"
  data:
    - secretKey: password
      remoteRef:
        key: databases/postgresql
        property: VAULT_PASSWORD