-
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathpostgres_argocd_appset.yaml
96 lines (96 loc) · 3.1 KB
/
postgres_argocd_appset.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
---
# webapp is deployed 2nd because we need secrets and persistent volumes up 1st
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: gotosocial-postgres-app-set
namespace: argocd
annotations:
argocd.argoproj.io/sync-wave: "3"
spec:
goTemplate: true
# generator allows us to source specific values from an external k8s secret
generators:
- plugin:
configMapRef:
name: secret-var-plugin-generator
input:
parameters:
secret_vars:
- gotosocial_s3_endpoint
- gotosocial_postgres_backup_schedule
template:
metadata:
name: gotosocial-postgres-cluster
namespace: gotosocial
annotations:
argocd.argoproj.io/sync-wave: "3"
spec:
project: gotosocial
destination:
server: "https://kubernetes.default.svc"
namespace: gotosocial
syncPolicy:
syncOptions:
- ApplyOutOfSyncOnly=true
automated:
prune: true
selfHeal: true
source:
repoURL: https://small-hack.github.io/cloudnative-pg-cluster-chart
chart: cnpg-cluster
targetRevision: 0.4.0
helm:
releaseName: gotosocial-postgres-cluster
valuesObject:
name: gotosocial-postgres
instances: 1
bootstrap:
initdb:
database: gotosocial
owner: gotosocial
secret:
name: gotosocial-pgsql-credentials
backup:
# barman is a utility for backing up postgres to s3
barmanObjectStore:
destinationPath: "s3://gotosocial-postgres"
endpointURL: "https://{{ .gotosocial_s3_endpoint }}"
s3Credentials:
accessKeyId:
name: s3-postgres-credentials
key: "accessKeyId"
secretAccessKey:
name: s3-postgres-credentials
key: "secretAccessKey"
retentionPolicy: "30d"
certificates:
server:
enabled: true
generate: true
client:
enabled: true
generate: true
user:
enabled: true
username:
- gotosocial
scheduledBackup:
name: gotosocial-pg-backup
spec:
# hourly backups for postgres data
schedule: '{{ .gotosocial_postgres_backup_schedule }}'
backupOwnerReference: self
cluster:
name: gotosocial-postgres
monitoring:
enablePodMonitor: false
postgresql:
parameters:
max_wal_size: "1GB"
wal_keep_size: "10GB"
max_slot_wal_keep_size: "10GB"
pg_hba:
- host all all 0.0.0.0/0 md5
# uncomment when pgsql cert connections are working to gotosocial
# - hostssl all all 0.0.0.0/0 cert clientcert=verify-full