-
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathpostgres_argocd_appset.yaml
107 lines (100 loc) · 3.15 KB
/
postgres_argocd_appset.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
---
# webapp is deployed 2nd because we need secrets and persistent volumes up 1st
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: zitadel-postgres-app-set
namespace: argocd
annotations:
argocd.argoproj.io/sync-wave: "3"
spec:
goTemplate: true
# generator allows us to source specific values from an external k8s secret
generators:
- plugin:
configMapRef:
name: secret-var-plugin-generator
input:
parameters:
secret_vars:
- zitadel_s3_endpoint
- zitadel_postgres_backup_schedule
template:
metadata:
name: zitadel-postgres-cluster
namespace: zitadel
annotations:
argocd.argoproj.io/sync-wave: "3"
spec:
project: zitadel
destination:
server: "https://kubernetes.default.svc"
namespace: zitadel
syncPolicy:
syncOptions:
- ApplyOutOfSyncOnly=true
automated:
prune: true
selfHeal: true
source:
repoURL: https://small-hack.github.io/cloudnative-pg-cluster-chart
chart: cnpg-cluster
targetRevision: 0.4.0
helm:
releaseName: zitadel-postgres-cluster
valuesObject:
name: zitadel-postgres
instances: 1
bootstrap:
initdb:
database: zitadel
owner: zitadel
secret:
name: zitadel-pgsql-credentials
# postInitApplicationSQLRefs:
# secretRefs:
# - name: zitadel-postgres-init-script
# key: init.sql
enableSuperuserAccess: true
backup:
# barman is a utility for backing up postgres to s3
barmanObjectStore:
destinationPath: "s3://zitadel-postgres"
endpointURL: "https://{{ .zitadel_s3_endpoint }}"
s3Credentials:
accessKeyId:
name: s3-postgres-credentials
key: "accessKeyId"
secretAccessKey:
name: s3-postgres-credentials
key: "secretAccessKey"
wal:
compression: gzip
maxParallel: 8
retentionPolicy: "3d"
certificates:
server:
enabled: true
generate: true
client:
enabled: true
generate: true
user:
enabled: true
username:
- zitadel
- postgres
scheduledBackup:
name: zitadel-pg-backup
spec:
# hourly full data backups
schedule: '{{ .zitadel_postgres_backup_schedule }}'
backupOwnerReference: self
cluster:
name: zitadel-postgres
monitoring:
enablePodMonitor: false
postgresql:
pg_hba:
- hostnossl all all 0.0.0.0/0 reject
- hostssl all all 0.0.0.0/0 cert clientcert=verify-full