diff --git a/clusters/cl01tl/storage/pgadmin/Chart.yaml b/clusters/cl01tl/storage/pgadmin/Chart.yaml new file mode 100644 index 000000000..391163d31 --- /dev/null +++ b/clusters/cl01tl/storage/pgadmin/Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v2 +name: pgadmin4 +version: 1.0.0 +description: pgAdmin +keywords: + - pgadmin4 + - postgresql + - database +home: https://wiki.alexlebens.dev/doc/pgadmin-9OkcLS3mOt +sources: + - https://github.com/pgadmin-org/pgadmin4 + - https://hub.docker.com/r/dpage/pgadmin4/ + - https://github.com/bjw-s/helm-charts/blob/main/charts/other/app-template/values.yaml +maintainers: + - name: alexlebens +dependencies: + - name: app-template + alias: pgadmin4 + repository: https://bjw-s.github.io/helm-charts/ + version: 3.7.1 +icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/pgadmin.png +appVersion: v8.14 diff --git a/clusters/cl01tl/storage/pgadmin/templates/external-secret.yaml b/clusters/cl01tl/storage/pgadmin/templates/external-secret.yaml new file mode 100644 index 000000000..8410211b8 --- /dev/null +++ b/clusters/cl01tl/storage/pgadmin/templates/external-secret.yaml @@ -0,0 +1,121 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: pgadmin-password-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: pgadmin-password-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: pgadmin-password + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/pgadmin/auth + metadataPolicy: None + property: pgadmin-password + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: pgadmin-env-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: pgadmin-env-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: PGADMIN_CONFIG_AUTHENTICATION_SOURCES + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/pgadmin/env + metadataPolicy: None + property: PGADMIN_CONFIG_AUTHENTICATION_SOURCES + - secretKey: PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/pgadmin/env + metadataPolicy: None + property: PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER + - secretKey: PGADMIN_CONFIG_OAUTH2_CONFIG + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/pgadmin/env + metadataPolicy: None + property: PGADMIN_CONFIG_OAUTH2_CONFIG + +# --- +# apiVersion: external-secrets.io/v1beta1 +# kind: ExternalSecret +# metadata: +# name: pgadmin-data-backup-secret +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: pgadmin-data-backup-secret +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/version: {{ .Chart.AppVersion }} +# app.kubernetes.io/component: backup +# app.kubernetes.io/part-of: {{ .Release.Name }} +# spec: +# secretStoreRef: +# kind: ClusterSecretStore +# name: vault +# target: +# template: +# mergePolicy: Merge +# engineVersion: v2 +# data: +# RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/pgadmin/pgadmin-data" +# data: +# - secretKey: BUCKET_ENDPOINT +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/volsync/restic/config +# metadataPolicy: None +# property: S3_BUCKET_ENDPOINT +# - secretKey: RESTIC_PASSWORD +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/volsync/restic/config +# metadataPolicy: None +# property: RESTIC_PASSWORD +# - secretKey: AWS_DEFAULT_REGION +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/volsync/restic/config +# metadataPolicy: None +# property: AWS_DEFAULT_REGION +# - secretKey: AWS_ACCESS_KEY_ID +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /digital-ocean/home-infra/volsync-backups +# metadataPolicy: None +# property: access_key +# - secretKey: AWS_SECRET_ACCESS_KEY +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /digital-ocean/home-infra/volsync-backups +# metadataPolicy: None +# property: secret_key diff --git a/clusters/cl01tl/storage/pgadmin/templates/http-route.yaml b/clusters/cl01tl/storage/pgadmin/templates/http-route.yaml new file mode 100644 index 000000000..68a6a52a8 --- /dev/null +++ b/clusters/cl01tl/storage/pgadmin/templates/http-route.yaml @@ -0,0 +1,30 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: http-route-pgadmin + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: http-route-pgadmin + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - pgadmin.alexlebens.net + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - group: '' + kind: Service + name: pgadmin + port: 80 + weight: 100 diff --git a/clusters/cl01tl/storage/pgadmin/templates/replication-source.yaml b/clusters/cl01tl/storage/pgadmin/templates/replication-source.yaml new file mode 100644 index 000000000..2df835b78 --- /dev/null +++ b/clusters/cl01tl/storage/pgadmin/templates/replication-source.yaml @@ -0,0 +1,30 @@ +# apiVersion: volsync.backube/v1alpha1 +# kind: ReplicationSource +# metadata: +# name: pgadmin-data-backup-source +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: pgadmin-data-backup-source +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/version: {{ .Chart.AppVersion }} +# app.kubernetes.io/component: backup +# app.kubernetes.io/part-of: {{ .Release.Name }} +# spec: +# sourcePVC: pgadmin-data +# trigger: +# schedule: 0 0 */3 * * +# restic: +# pruneIntervalDays: 14 +# repository: pgadmin-data-backup-secret +# retain: +# hourly: 1 +# daily: 1 +# weekly: 1 +# monthly: 2 +# yearly: 4 +# moverSecurityContext: +# runAsUser: 5050 +# runAsGroup: 5050 +# copyMethod: Snapshot +# storageClassName: ceph-block +# volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/storage/pgadmin/values.yaml b/clusters/cl01tl/storage/pgadmin/values.yaml new file mode 100644 index 000000000..174833bbc --- /dev/null +++ b/clusters/cl01tl/storage/pgadmin/values.yaml @@ -0,0 +1,73 @@ +pgadmin4: + controllers: + main: + type: deployment + replicas: 1 + strategy: Recreate + initContainers: + init-chmod-data: + securityContext: + runAsUser: 0 + image: + repository: busybox + tag: 1.37.0 + pullPolicy: IfNotPresent + command: + - /bin/sh + - -ec + - | + /bin/chown -R 5050:5050 /var/lib/pgadmin + resources: + requests: + cpu: 100m + memory: 128Mi + containers: + main: + securityContext: + runAsUser: 5050 + runAsGroup: 5050 + image: + repository: dpage/pgadmin4 + tag: "9.1" + pullPolicy: IfNotPresent + env: + - name: PGADMIN_CONFIG_ENHANCED_COOKIE_PROTECTION + value: "False" + - name: PGADMIN_DEFAULT_EMAIL + value: alexanderlebens@gmail.com + - name: PGADMIN_DEFAULT_PASSWORD + valueFrom: + secretKeyRef: + name: pgadmin-password-secret + key: pgadmin-password + envFrom: + - secretRef: + name: pgadmin-env-secret + resources: + requests: + cpu: 10m + memory: 256Mi + serviceAccount: + create: true + service: + main: + controller: main + ports: + http: + port: 80 + targetPort: 80 + protocol: TCP + persistence: + data: + storageClass: ceph-block + accessMode: ReadWriteOnce + size: 5Gi + retain: true + advancedMounts: + main: + init-chmod-data: + - path: /var/lib/pgadmin + readOnly: false + main: + - path: /var/lib/pgadmin + readOnly: false