diff --git a/clusters/cl01tl/helm/stalwart/Chart.lock b/clusters/cl01tl/helm/stalwart/Chart.lock index 63cf3d14f..ac1ce2d5a 100644 --- a/clusters/cl01tl/helm/stalwart/Chart.lock +++ b/clusters/cl01tl/helm/stalwart/Chart.lock @@ -5,5 +5,8 @@ dependencies: - name: postgres-cluster repository: oci://harbor.alexlebens.net/helm-charts version: 6.16.1 -digest: sha256:7cda11ff153b65d502fdbe14d45fdc18ca8a100f8a54ac162103e163481df0b8 -generated: "2025-12-05T17:13:49.138435908Z" +- name: postgres-cluster + repository: oci://harbor.alexlebens.net/helm-charts + version: 6.16.1 +digest: sha256:c412384487bc67562abb304902d561c8a7fb457f3f805cc81c87a4b836df859e +generated: "2025-12-14T17:52:30.921214-06:00" diff --git a/clusters/cl01tl/helm/stalwart/Chart.yaml b/clusters/cl01tl/helm/stalwart/Chart.yaml index 1f5707991..34b5fdda5 100644 --- a/clusters/cl01tl/helm/stalwart/Chart.yaml +++ b/clusters/cl01tl/helm/stalwart/Chart.yaml @@ -25,5 +25,9 @@ dependencies: alias: postgres-17-cluster version: 6.16.1 repository: oci://harbor.alexlebens.net/helm-charts + - name: postgres-cluster + alias: postgres-18-cluster + version: 6.16.1 + repository: oci://harbor.alexlebens.net/helm-charts icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/stalwart.png -appVersion: v0.11.8 +appVersion: v0.14.1 diff --git a/clusters/cl01tl/helm/stalwart/templates/elasticsearch.yaml b/clusters/cl01tl/helm/stalwart/templates/elasticsearch.yaml index 4281c751d..afaa7ea1b 100644 --- a/clusters/cl01tl/helm/stalwart/templates/elasticsearch.yaml +++ b/clusters/cl01tl/helm/stalwart/templates/elasticsearch.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} spec: - version: 8.18.0 + version: 8.19.8 auth: fileRealm: - secretName: stalwart-elasticsearch-secret diff --git a/clusters/cl01tl/helm/stalwart/templates/external-secret.yaml b/clusters/cl01tl/helm/stalwart/templates/external-secret.yaml index 04bda8915..22d84d4f1 100644 --- a/clusters/cl01tl/helm/stalwart/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/stalwart/templates/external-secret.yaml @@ -161,3 +161,72 @@ spec: key: /garage/home-infra/postgres-backups metadataPolicy: None property: ACCESS_REGION + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: stalwart-postgresql-18-cluster-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: stalwart-postgresql-18-cluster-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: database + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/postgres-backups + metadataPolicy: None + property: access + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/postgres-backups + metadataPolicy: None + property: secret + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: stalwart-postgresql-18-cluster-backup-secret-garage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: stalwart-postgresql-18-cluster-backup-secret-garage + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY + - secretKey: ACCESS_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/postgres-backups + metadataPolicy: None + property: ACCESS_REGION diff --git a/clusters/cl01tl/helm/stalwart/templates/redis-replication.yaml b/clusters/cl01tl/helm/stalwart/templates/redis-replication.yaml index f79732a14..a2f25d919 100644 --- a/clusters/cl01tl/helm/stalwart/templates/redis-replication.yaml +++ b/clusters/cl01tl/helm/stalwart/templates/redis-replication.yaml @@ -13,7 +13,7 @@ spec: runAsUser: 1000 fsGroup: 1000 kubernetesConfig: - image: quay.io/opstree/redis:v8.0.3 + image: quay.io/opstree/redis:v8.4.0 imagePullPolicy: IfNotPresent resources: requests: @@ -29,4 +29,4 @@ spec: storage: 1Gi redisExporter: enabled: true - image: quay.io/opstree/redis-exporter:v1.48.0 + image: quay.io/opstree/redis-exporter:v1.80.1 diff --git a/clusters/cl01tl/helm/stalwart/templates/redis-sentinel.yaml b/clusters/cl01tl/helm/stalwart/templates/redis-sentinel.yaml new file mode 100644 index 000000000..2ca70456a --- /dev/null +++ b/clusters/cl01tl/helm/stalwart/templates/redis-sentinel.yaml @@ -0,0 +1,23 @@ +apiVersion: redis.redis.opstreelabs.in/v1beta2 +kind: RedisSentinel +metadata: + name: redis-sentinel-gitea + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: redis-sentinel-gitea + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + clusterSize: 3 + podSecurityContext: + runAsUser: 1000 + fsGroup: 1000 + redisSentinelConfig: + redisReplicationName: redis-replication-gitea + kubernetesConfig: + image: quay.io/opstree/redis-sentinel:v8.4.0 + imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 10m + memory: 128Mi diff --git a/clusters/cl01tl/helm/stalwart/values.yaml b/clusters/cl01tl/helm/stalwart/values.yaml index e71ab4730..b4888ca60 100644 --- a/clusters/cl01tl/helm/stalwart/values.yaml +++ b/clusters/cl01tl/helm/stalwart/values.yaml @@ -110,3 +110,80 @@ postgres-17-cluster: # suspend: false # schedule: "0 0 4 * * SAT" # backupName: garage-remote +postgres-18-cluster: + mode: recovery + cluster: + image: + repository: ghcr.io/cloudnative-pg/postgresql + tag: 18.1-standard-trixie + storage: + storageClass: local-path + walStorage: + storageClass: local-path + monitoring: + enabled: true + prometheusRule: + enabled: true + resources: + requests: + cpu: 200m + recovery: + method: objectStore + objectStore: + destinationPath: s3://postgres-backups/cl01tl/stalwart/stalwart-postgresql-18-cluster + endpointURL: http://garage-main.garage:3900 + index: 1 + endpointCredentials: stalwart-postgresql-18-cluster-backup-secret-garage + import: + type: "microservice" + databases: + - app + source: + host: "stalwart-postgresql-17-cluster-rw" + port: 5432 + username: app + database: app + sslMode: "disable" + passwordSecret: + name: "stalwart-postgresql-17-cluster-app" + key: "password" + backup: + objectStore: + - name: external + destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/stalwart/stalwart-postgresql-18-cluster + index: 1 + retentionPolicy: "30d" + isWALArchiver: false + - name: garage-local + destinationPath: s3://postgres-backups/cl01tl/stalwart/stalwart-postgresql-18-cluster + index: 1 + endpointURL: http://garage-main.garage:3900 + endpointCredentials: stalwart-postgresql-18-cluster-backup-secret-garage + endpointCredentialsIncludeRegion: true + retentionPolicy: "3d" + isWALArchiver: true + # - name: garage-remote + # destinationPath: s3://postgres-backups/cl01tl/stalwart/stalwart-postgresql-18-cluster + # index: 1 + # endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900 + # endpointCredentials: stalwart-postgresql-18-cluster-backup-secret-garage + # retentionPolicy: "30d" + # data: + # compression: bzip2 + # jobs: 2 + scheduledBackups: + - name: daily-backup + suspend: false + immediate: true + schedule: "0 0 0 * * *" + backupName: external + - name: live-backup + suspend: false + immediate: true + schedule: "0 0 0 * * *" + backupName: garage-local + # - name: weekly-backup + # suspend: false + # immediate: true + # schedule: "0 0 4 * * SAT" + # backupName: garage-remote