add pgadmin

clusters/cl01tl/storage/pgadmin/Chart.yaml

@@ -0,0 +1,22 @@
+apiVersion: v2
+name: pgadmin4
+version: 1.0.0
+description: pgAdmin
+keywords:
+  - pgadmin4
+  - postgresql
+  - database
+home: https://wiki.alexlebens.dev/doc/pgadmin-9OkcLS3mOt
+sources:
+  - https://github.com/pgadmin-org/pgadmin4
+  - https://hub.docker.com/r/dpage/pgadmin4/
+  - https://github.com/bjw-s/helm-charts/blob/main/charts/other/app-template/values.yaml
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: app-template
+    alias: pgadmin4
+    repository: https://bjw-s.github.io/helm-charts/
+    version: 3.6.1
+icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/pgadmin.png
+appVersion: v8.14

clusters/cl01tl/storage/pgadmin/templates/external-secret.yaml

@@ -0,0 +1,121 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: pgadmin-password-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: pgadmin-password-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: pgadmin-password
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/pgadmin/auth
+        metadataPolicy: None
+        property: pgadmin-password
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: pgadmin-env-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: pgadmin-env-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: PGADMIN_CONFIG_AUTHENTICATION_SOURCES
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/pgadmin/env
+        metadataPolicy: None
+        property: PGADMIN_CONFIG_AUTHENTICATION_SOURCES
+    - secretKey: PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/pgadmin/env
+        metadataPolicy: None
+        property: PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER
+    - secretKey: PGADMIN_CONFIG_OAUTH2_CONFIG
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/pgadmin/env
+        metadataPolicy: None
+        property: PGADMIN_CONFIG_OAUTH2_CONFIG
+
+# ---
+# apiVersion: external-secrets.io/v1beta1
+# kind: ExternalSecret
+# metadata:
+#   name: pgadmin-data-backup-secret
+#   namespace: {{ .Release.Namespace }}
+#   labels:
+#     app.kubernetes.io/name: pgadmin-data-backup-secret
+#     app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
+#     app.kubernetes.io/component: backup
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
+# spec:
+#   secretStoreRef:
+#     kind: ClusterSecretStore
+#     name: vault
+#   target:
+#     template:
+#       mergePolicy: Merge
+#       engineVersion: v2
+#       data:
+#         RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/pgadmin/pgadmin-data"
+#   data:
+#     - secretKey: BUCKET_ENDPOINT
+#       remoteRef:
+#         conversionStrategy: Default
+#         decodingStrategy: None
+#         key: /cl01tl/volsync/restic/config
+#         metadataPolicy: None
+#         property: S3_BUCKET_ENDPOINT
+#     - secretKey: RESTIC_PASSWORD
+#       remoteRef:
+#         conversionStrategy: Default
+#         decodingStrategy: None
+#         key: /cl01tl/volsync/restic/config
+#         metadataPolicy: None
+#         property: RESTIC_PASSWORD
+#     - secretKey: AWS_DEFAULT_REGION
+#       remoteRef:
+#         conversionStrategy: Default
+#         decodingStrategy: None
+#         key: /cl01tl/volsync/restic/config
+#         metadataPolicy: None
+#         property: AWS_DEFAULT_REGION
+#     - secretKey: AWS_ACCESS_KEY_ID
+#       remoteRef:
+#         conversionStrategy: Default
+#         decodingStrategy: None
+#         key: /digital-ocean/home-infra/volsync-backups
+#         metadataPolicy: None
+#         property: access_key
+#     - secretKey: AWS_SECRET_ACCESS_KEY
+#       remoteRef:
+#         conversionStrategy: Default
+#         decodingStrategy: None
+#         key: /digital-ocean/home-infra/volsync-backups
+#         metadataPolicy: None
+#         property: secret_key

clusters/cl01tl/storage/pgadmin/templates/replication-source.yaml

@@ -0,0 +1,30 @@
+# apiVersion: volsync.backube/v1alpha1
+# kind: ReplicationSource
+# metadata:
+#   name: pgadmin-data-backup-source
+#   namespace: {{ .Release.Namespace }}
+#   labels:
+#     app.kubernetes.io/name: pgadmin-data-backup-source
+#     app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
+#     app.kubernetes.io/component: backup
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
+# spec:
+#   sourcePVC: pgadmin-data
+#   trigger:
+#     schedule: 0 0 */3 * *
+#   restic:
+#     pruneIntervalDays: 14
+#     repository: pgadmin-data-backup-secret
+#     retain:
+#       hourly: 1
+#       daily: 1
+#       weekly: 1
+#       monthly: 2
+#       yearly: 4
+#     moverSecurityContext:
+#       runAsUser: 5050
+#       runAsGroup: 5050
+#     copyMethod: Snapshot
+#     storageClassName: ceph-block
+#     volumeSnapshotClassName: ceph-blockpool-snapshot

clusters/cl01tl/storage/pgadmin/values.yaml

@@ -0,0 +1,89 @@
+pgadmin4:
+  controllers:
+    main:
+      type: deployment
+      replicas: 1
+      strategy: Recreate
+      initContainers:
+        init-chmod-data:
+          securityContext:
+            runAsUser: 0
+          image:
+            repository: busybox
+            tag: 1.37.0
+            pullPolicy: IfNotPresent
+          command:
+            - /bin/sh
+            - -ec
+            - |
+              /bin/chown -R 5050:5050 /var/lib/pgadmin
+          resources:
+            requests:
+              cpu: 100m
+              memory: 128Mi
+      containers:
+        main:
+          securityContext:
+            runAsUser: 5050
+            runAsGroup: 5050
+          image:
+            repository: dpage/pgadmin4
+            tag: "8.14"
+            pullPolicy: IfNotPresent
+          env:
+            - name: PGADMIN_CONFIG_ENHANCED_COOKIE_PROTECTION
+              value: "False"
+            - name: PGADMIN_DEFAULT_EMAIL
+              value: alexanderlebens@gmail.com
+            - name: PGADMIN_DEFAULT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: pgadmin-password-secret
+                  key: pgadmin-password
+          envFrom:
+            - secretRef:
+                name: pgadmin-env-secret
+          resources:
+            requests:
+              cpu: 10m
+              memory: 256Mi
+  serviceAccount:
+    create: true
+  service:
+    main:
+      controller: main
+      ports:
+        http:
+          port: 80
+          targetPort: 80
+          protocol: TCP
+  ingress:
+    main:
+      enabled: true
+      className: tailscale
+      hosts:
+        - host: pgadmin-cl01tl
+          paths:
+            - path: /
+              pathType: Prefix
+              service:
+                name: pgadmin
+                port: 80
+      tls:
+        - secretName: pgadmin-cl01tl
+          hosts:
+            - pgadmin-cl01tl
+  persistence:
+    data:
+      storageClass: ceph-block
+      accessMode: ReadWriteOnce
+      size: 5Gi
+      retain: true
+      advancedMounts:
+        main:
+          init-chmod-data:
+            - path: /var/lib/pgadmin
+              readOnly: false
+          main:
+            - path: /var/lib/pgadmin
+              readOnly: false