diff --git a/clusters/cl01tl/manifests/eraser/ConfigMap-eraser-config.yaml b/clusters/cl01tl/manifests/eraser/ConfigMap-eraser-config.yaml index 704abbe9e..97259863e 100644 --- a/clusters/cl01tl/manifests/eraser/ConfigMap-eraser-config.yaml +++ b/clusters/cl01tl/manifests/eraser/ConfigMap-eraser-config.yaml @@ -30,5 +30,4 @@ data: receivers: - otlp exporters: - - logging - prometheus diff --git a/clusters/cl01tl/manifests/eraser/Deployment-eraser-metrics.yaml b/clusters/cl01tl/manifests/eraser/Deployment-eraser-metrics.yaml index af001dd18..969790876 100644 --- a/clusters/cl01tl/manifests/eraser/Deployment-eraser-metrics.yaml +++ b/clusters/cl01tl/manifests/eraser/Deployment-eraser-metrics.yaml @@ -22,7 +22,7 @@ spec: template: metadata: annotations: - checksum/configMaps: ba367c633e7734b2121f3816f56ef10fbc03f4c05156628569806eada797994d + checksum/configMaps: 99c74a4734ce3f4e4e91c516068ad606c1095d48c5049b2f51f1231db31e0122 labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: eraser diff --git a/clusters/cl01tl/manifests/kyoo/Cluster-kyoo-postgresql-18-cluster.yaml b/clusters/cl01tl/manifests/kyoo/Cluster-kyoo-postgresql-18-cluster.yaml deleted file mode 100644 index 7f7012e0c..000000000 --- a/clusters/cl01tl/manifests/kyoo/Cluster-kyoo-postgresql-18-cluster.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: postgresql.cnpg.io/v1 -kind: Cluster -metadata: - name: kyoo-postgresql-18-cluster - namespace: kyoo - labels: - app.kubernetes.io/name: kyoo-postgresql-18-cluster - helm.sh/chart: postgres-18-cluster-7.11.2 - app.kubernetes.io/instance: kyoo - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "7.11.2" - app.kubernetes.io/managed-by: Helm -spec: - instances: 3 - imageName: "ghcr.io/cloudnative-pg/postgresql:18.3-standard-trixie" - imagePullPolicy: IfNotPresent - postgresUID: 26 - postgresGID: 26 - storage: - size: 10Gi - storageClass: local-path - walStorage: - size: 2Gi - storageClass: local-path - resources: - limits: - hugepages-2Mi: 256Mi - requests: - cpu: 20m - memory: 80Mi - affinity: - enablePodAntiAffinity: true - topologyKey: kubernetes.io/hostname - primaryUpdateMethod: switchover - primaryUpdateStrategy: unsupervised - logLevel: info - enableSuperuserAccess: true - enablePDB: true - postgresql: - parameters: - hot_standby_feedback: "on" - max_slot_wal_keep_size: 2000MB - shared_buffers: 128MB - monitoring: - enablePodMonitor: true - disableDefaultQueries: false - plugins: - - name: barman-cloud.cloudnative-pg.io - enabled: true - isWALArchiver: true - parameters: - barmanObjectName: "kyoo-postgresql-18-backup-garage-local" - serverName: "kyoo-postgresql-18-backup-1" - bootstrap: - recovery: - database: app - source: kyoo-postgresql-18-backup-1 - externalClusters: - - name: kyoo-postgresql-18-backup-1 - plugin: - name: barman-cloud.cloudnative-pg.io - enabled: true - isWALArchiver: false - parameters: - barmanObjectName: "kyoo-postgresql-18-recovery" - serverName: kyoo-postgresql-18-backup-1 diff --git a/clusters/cl01tl/manifests/kyoo/ConfigMap-kyoo-postgres-init-scripts.yaml b/clusters/cl01tl/manifests/kyoo/ConfigMap-kyoo-postgres-init-scripts.yaml new file mode 100644 index 000000000..bd7d64e44 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/ConfigMap-kyoo-postgres-init-scripts.yaml @@ -0,0 +1,45 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: kyoo-postgres-init-scripts + namespace: kyoo + labels: + helm.sh/chart: postgres-0.12.4 + app.kubernetes.io/name: postgres + app.kubernetes.io/instance: kyoo + app.kubernetes.io/version: "18.1.0" + app.kubernetes.io/managed-by: Helm +data: + kyoo_api.sql: | + CREATE DATABASE kyoo_api WITH OWNER kyoo_all; + \connect kyoo_api; + REVOKE ALL ON SCHEMA public FROM PUBLIC; + CREATE SCHEMA IF NOT EXISTS kyoo AUTHORIZATION kyoo_all; + + CREATE EXTENSION IF NOT EXISTS pg_trgm SCHEMA kyoo; + SET pg_trgm.word_similarity_threshold = 0.4; + ALTER DATABASE kyoo_api SET pg_trgm.word_similarity_threshold = 0.4; + kyoo_auth.sql: | + CREATE DATABASE kyoo_auth WITH OWNER kyoo_all; + \connect kyoo_auth; + REVOKE ALL ON SCHEMA public FROM PUBLIC; + CREATE SCHEMA IF NOT EXISTS keibi AUTHORIZATION kyoo_all; + kyoo_scanner.sql: | + CREATE DATABASE kyoo_scanner WITH OWNER kyoo_all; + \connect kyoo_scanner; + REVOKE ALL ON SCHEMA public FROM PUBLIC; + CREATE SCHEMA IF NOT EXISTS scanner AUTHORIZATION kyoo_all; + kyoo_transcoder.sql: | + CREATE DATABASE kyoo_transcoder WITH OWNER kyoo_all; + \connect kyoo_transcoder; + REVOKE ALL ON SCHEMA public FROM PUBLIC; + CREATE SCHEMA IF NOT EXISTS gocoder AUTHORIZATION kyoo_all; + user.sql: | + ALTER ROLE kyoo_all + IN DATABASE kyoo_api SET search_path TO "$user", kyoo; + ALTER ROLE kyoo_all + IN DATABASE kyoo_auth SET search_path TO "$user", keibi; + ALTER ROLE kyoo_all + IN DATABASE kyoo_scanner SET search_path TO "$user", scanner; + ALTER ROLE kyoo_all + IN DATABASE kyoo_transcoder SET search_path TO "$user", gocoder; diff --git a/clusters/cl01tl/manifests/kyoo/ConfigMap-kyoo-postgres.yaml b/clusters/cl01tl/manifests/kyoo/ConfigMap-kyoo-postgres.yaml new file mode 100644 index 000000000..f82fa49d5 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/ConfigMap-kyoo-postgres.yaml @@ -0,0 +1,75 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: kyoo-postgres + namespace: kyoo + labels: + helm.sh/chart: postgres-0.12.4 + app.kubernetes.io/name: postgres + app.kubernetes.io/instance: kyoo + app.kubernetes.io/version: "18.1.0" + app.kubernetes.io/managed-by: Helm +data: + pg_hba.conf: | + # Default pg_hba.conf configuration + # TYPE DATABASE USER ADDRESS METHOD + + # "local" is for Unix domain socket connections only + local all all trust + # IPv4 local connections: + host all all 127.0.0.1/32 trust + # IPv6 local connections: + host all all ::1/128 trust + # Allow replication connections from localhost, by a user with the + # replication privilege. + local replication all trust + host replication all 127.0.0.1/32 trust + host replication all ::1/128 trust + + # Allow connections from any host with password authentication + host all all all md5 + postgresql.conf: | + # PostgreSQL configuration file + + # Connection Settings + listen_addresses = '*' + max_connections = 100 + + # Memory Settings + shared_buffers = 128MB + effective_cache_size = 4GB + work_mem = 4MB + maintenance_work_mem = 64MB + + # WAL Settings + wal_buffers = 16MB + + # Checkpoint Settings + checkpoint_completion_target = 0.7 + + # Query Planner Settings + random_page_cost = 1.1 + + # Logging Settings + log_destination = 'stderr' + logging_collector = off + log_min_messages = warning + log_min_error_statement = error + log_statement = 'none' + log_min_duration_statement = -1 + + # Shared Libraries + + # Locale and Formatting + datestyle = 'iso, mdy' + timezone = 'UTC' + lc_messages = 'en_US.utf8' + lc_monetary = 'en_US.utf8' + lc_numeric = 'en_US.utf8' + lc_time = 'en_US.utf8' + default_text_search_config = 'pg_catalog.english' + + # Set pg_hba.conf file to use + hba_file = '/etc/postgresql/pg_hba.conf' + + # Additional Configuration diff --git a/clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-api.yaml b/clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-api.yaml deleted file mode 100644 index 0bae7edc0..000000000 --- a/clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-api.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: postgresql.cnpg.io/v1 -kind: Database -metadata: - name: kyoo-postgresql-18-database-kyoo-api - namespace: kyoo - labels: - app.kubernetes.io/name: kyoo-postgresql-18-database-kyoo-api - helm.sh/chart: postgres-18-cluster-7.11.2 - app.kubernetes.io/instance: kyoo - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "7.11.2" - app.kubernetes.io/managed-by: Helm -spec: - name: kyoo_api - cluster: - name: kyoo-postgresql-18-cluster - ensure: present - owner: app - template: template1 - encoding: UTF8 - databaseReclaimPolicy: retain diff --git a/clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-auth.yaml b/clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-auth.yaml deleted file mode 100644 index 18f558010..000000000 --- a/clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-auth.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: postgresql.cnpg.io/v1 -kind: Database -metadata: - name: kyoo-postgresql-18-database-kyoo-auth - namespace: kyoo - labels: - app.kubernetes.io/name: kyoo-postgresql-18-database-kyoo-auth - helm.sh/chart: postgres-18-cluster-7.11.2 - app.kubernetes.io/instance: kyoo - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "7.11.2" - app.kubernetes.io/managed-by: Helm -spec: - name: kyoo_auth - cluster: - name: kyoo-postgresql-18-cluster - ensure: present - owner: app - template: template1 - encoding: UTF8 - databaseReclaimPolicy: retain diff --git a/clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-scanner.yaml b/clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-scanner.yaml deleted file mode 100644 index 49b0cb50a..000000000 --- a/clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-scanner.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: postgresql.cnpg.io/v1 -kind: Database -metadata: - name: kyoo-postgresql-18-database-kyoo-scanner - namespace: kyoo - labels: - app.kubernetes.io/name: kyoo-postgresql-18-database-kyoo-scanner - helm.sh/chart: postgres-18-cluster-7.11.2 - app.kubernetes.io/instance: kyoo - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "7.11.2" - app.kubernetes.io/managed-by: Helm -spec: - name: kyoo_scanner - cluster: - name: kyoo-postgresql-18-cluster - ensure: present - owner: app - template: template1 - encoding: UTF8 - databaseReclaimPolicy: retain diff --git a/clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-transcoder.yaml b/clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-transcoder.yaml deleted file mode 100644 index ff1d8ade9..000000000 --- a/clusters/cl01tl/manifests/kyoo/Database-kyoo-postgresql-18-database-kyoo-transcoder.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: postgresql.cnpg.io/v1 -kind: Database -metadata: - name: kyoo-postgresql-18-database-kyoo-transcoder - namespace: kyoo - labels: - app.kubernetes.io/name: kyoo-postgresql-18-database-kyoo-transcoder - helm.sh/chart: postgres-18-cluster-7.11.2 - app.kubernetes.io/instance: kyoo - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "7.11.2" - app.kubernetes.io/managed-by: Helm -spec: - name: kyoo_transcoder - cluster: - name: kyoo-postgresql-18-cluster - ensure: present - owner: app - template: template1 - encoding: UTF8 - databaseReclaimPolicy: retain diff --git a/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-api.yaml b/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-api.yaml index 15ccdd1ab..e70fa0e87 100644 --- a/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-api.yaml +++ b/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-api.yaml @@ -52,17 +52,17 @@ spec: - name: PGUSER valueFrom: secretKeyRef: - key: user - name: kyoo-postgresql-18-cluster-superuser + key: postgres_user + name: kyoo-db-secret - name: PGPASSWORD valueFrom: secretKeyRef: - key: password - name: kyoo-postgresql-18-cluster-superuser + key: postgres_password + name: kyoo-db-secret - name: PGDATABASE value: "kyoo_api" - name: PGHOST - value: "kyoo-postgresql-18-cluster-rw" + value: "kyoo-postgres" - name: PGPORT value: "5432" - name: PGSSLMODE diff --git a/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-auth.yaml b/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-auth.yaml index 89bf82e07..fbf84b300 100644 --- a/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-auth.yaml +++ b/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-auth.yaml @@ -58,21 +58,21 @@ spec: - name: PGUSER valueFrom: secretKeyRef: - key: user - name: kyoo-postgresql-18-cluster-app + key: postgres_user + name: kyoo-db-secret - name: PGPASSWORD valueFrom: secretKeyRef: - key: password - name: kyoo-postgresql-18-cluster-app + key: postgres_password + name: kyoo-db-secret - name: PGDATABASE value: "kyoo_auth" - name: PGHOST - value: "kyoo-postgresql-18-cluster-rw" + value: "kyoo-postgres" - name: PGPORT value: "5432" - name: PGSSLMODE - value: "disable" + value: "prefer" - name: RSA_PRIVATE_KEY_PATH value: /mnt/private_key/private_key.pem - name: OIDC_AUTHENTIK_NAME diff --git a/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-scanner.yaml b/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-scanner.yaml index 2c9667f25..e4e14f2ab 100644 --- a/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-scanner.yaml +++ b/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-scanner.yaml @@ -62,21 +62,21 @@ spec: - name: PGUSER valueFrom: secretKeyRef: - key: user - name: kyoo-postgresql-18-cluster-app + key: postgres_user + name: kyoo-db-secret - name: PGPASSWORD valueFrom: secretKeyRef: - key: password - name: kyoo-postgresql-18-cluster-app + key: postgres_password + name: kyoo-db-secret - name: PGDATABASE value: "kyoo_scanner" - name: PGHOST - value: "kyoo-postgresql-18-cluster-rw" + value: "kyoo-postgres" - name: PGPORT value: "5432" - name: PGSSLMODE - value: "disable" + value: "prefer" ports: - name: main containerPort: 4389 diff --git a/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-transcoder.yaml b/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-transcoder.yaml index 168df6e32..f69fea6e5 100644 --- a/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-transcoder.yaml +++ b/clusters/cl01tl/manifests/kyoo/Deployment-kyoo-transcoder.yaml @@ -59,21 +59,21 @@ spec: - name: PGUSER valueFrom: secretKeyRef: - key: user - name: kyoo-postgresql-18-cluster-app + key: postgres_user + name: kyoo-db-secret - name: PGPASSWORD valueFrom: secretKeyRef: - key: password - name: kyoo-postgresql-18-cluster-app + key: postgres_password + name: kyoo-db-secret - name: PGDATABASE value: "kyoo_transcoder" - name: PGHOST - value: "kyoo-postgresql-18-cluster-rw" + value: "kyoo-postgres" - name: PGPORT value: "5432" - name: PGSSLMODE - value: "disable" + value: "prefer" ports: - name: main containerPort: 7666 diff --git a/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-db-secret.yaml b/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-db-secret.yaml new file mode 100644 index 000000000..a30a9acab --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-db-secret.yaml @@ -0,0 +1,22 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: kyoo-db-secret + namespace: kyoo + labels: + app.kubernetes.io/name: kyoo-db-secret + app.kubernetes.io/instance: kyoo + app.kubernetes.io/part-of: kyoo +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: postgres_user + remoteRef: + key: /cl01tl/kyoo/db + property: user + - secretKey: postgres_password + remoteRef: + key: /cl01tl/kyoo/db + property: password diff --git a/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-postgresql-18-backup-garage-local-secret.yaml b/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-postgresql-18-backup-garage-local-secret.yaml deleted file mode 100644 index 006a6079b..000000000 --- a/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-postgresql-18-backup-garage-local-secret.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: kyoo-postgresql-18-backup-garage-local-secret - namespace: kyoo - labels: - app.kubernetes.io/name: kyoo-postgresql-18-backup-garage-local-secret - helm.sh/chart: postgres-18-cluster-7.11.2 - app.kubernetes.io/instance: kyoo - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "7.11.2" - app.kubernetes.io/managed-by: Helm -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-postgresql-18-recovery-secret.yaml b/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-postgresql-18-recovery-secret.yaml deleted file mode 100644 index 921a5fa59..000000000 --- a/clusters/cl01tl/manifests/kyoo/ExternalSecret-kyoo-postgresql-18-recovery-secret.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: kyoo-postgresql-18-recovery-secret - namespace: kyoo - labels: - helm.sh/chart: postgres-18-cluster-7.11.2 - app.kubernetes.io/instance: kyoo - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "7.11.2" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kyoo-postgresql-18-recovery-secret -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_REGION - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /garage/home-infra/postgres-backups - metadataPolicy: None - property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/kyoo/ObjectStore-kyoo-postgresql-18-backup-garage-local.yaml b/clusters/cl01tl/manifests/kyoo/ObjectStore-kyoo-postgresql-18-backup-garage-local.yaml deleted file mode 100644 index 2c6340568..000000000 --- a/clusters/cl01tl/manifests/kyoo/ObjectStore-kyoo-postgresql-18-backup-garage-local.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: barmancloud.cnpg.io/v1 -kind: ObjectStore -metadata: - name: kyoo-postgresql-18-backup-garage-local - namespace: kyoo - labels: - app.kubernetes.io/name: kyoo-postgresql-18-backup-garage-local - helm.sh/chart: postgres-18-cluster-7.11.2 - app.kubernetes.io/instance: kyoo - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "7.11.2" - app.kubernetes.io/managed-by: Helm -spec: - retentionPolicy: 7d - instanceSidecarConfiguration: - env: - - name: AWS_REQUEST_CHECKSUM_CALCULATION - value: when_required - - name: AWS_RESPONSE_CHECKSUM_VALIDATION - value: when_required - configuration: - destinationPath: s3://postgres-backups/cl01tl/kyoo/kyoo-postgresql-18-cluster - endpointURL: http://garage-main.garage:3900 - s3Credentials: - accessKeyId: - name: kyoo-postgresql-18-backup-garage-local-secret - key: ACCESS_KEY_ID - secretAccessKey: - name: kyoo-postgresql-18-backup-garage-local-secret - key: ACCESS_SECRET_KEY - region: - name: kyoo-postgresql-18-backup-garage-local-secret - key: ACCESS_REGION diff --git a/clusters/cl01tl/manifests/kyoo/ObjectStore-kyoo-postgresql-18-recovery.yaml b/clusters/cl01tl/manifests/kyoo/ObjectStore-kyoo-postgresql-18-recovery.yaml deleted file mode 100644 index e170c7117..000000000 --- a/clusters/cl01tl/manifests/kyoo/ObjectStore-kyoo-postgresql-18-recovery.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: barmancloud.cnpg.io/v1 -kind: ObjectStore -metadata: - name: "kyoo-postgresql-18-recovery" - namespace: kyoo - labels: - helm.sh/chart: postgres-18-cluster-7.11.2 - app.kubernetes.io/instance: kyoo - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "7.11.2" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: "kyoo-postgresql-18-recovery" -spec: - configuration: - destinationPath: s3://postgres-backups/cl01tl/kyoo/kyoo-postgresql-18-cluster - endpointURL: http://garage-main.garage:3900 - wal: - compression: snappy - maxParallel: 1 - data: - compression: snappy - jobs: 1 - s3Credentials: - accessKeyId: - name: kyoo-postgresql-18-recovery-secret - key: ACCESS_KEY_ID - secretAccessKey: - name: kyoo-postgresql-18-recovery-secret - key: ACCESS_SECRET_KEY - region: - name: kyoo-postgresql-18-recovery-secret - key: ACCESS_REGION diff --git a/clusters/cl01tl/manifests/kyoo/PrometheusRule-kyoo-postgresql-18-alert-rules.yaml b/clusters/cl01tl/manifests/kyoo/PrometheusRule-kyoo-postgresql-18-alert-rules.yaml deleted file mode 100644 index e52e0eebc..000000000 --- a/clusters/cl01tl/manifests/kyoo/PrometheusRule-kyoo-postgresql-18-alert-rules.yaml +++ /dev/null @@ -1,270 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: kyoo-postgresql-18-alert-rules - namespace: kyoo - labels: - app.kubernetes.io/name: kyoo-postgresql-18-alert-rules - helm.sh/chart: postgres-18-cluster-7.11.2 - app.kubernetes.io/instance: kyoo - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "7.11.2" - app.kubernetes.io/managed-by: Helm -spec: - groups: - - name: cloudnative-pg/kyoo-postgresql-18 - rules: - - alert: CNPGClusterBackendsWaitingWarning - annotations: - summary: CNPG Cluster a backend is waiting for longer than 5 minutes. - description: |- - Pod {{ $labels.pod }} - has been waiting for longer than 5 minutes - expr: | - cnpg_backends_waiting_total{namespace="kyoo"} > 300 - for: 1m - labels: - severity: warning - namespace: kyoo - cnpg_cluster: kyoo-postgresql-18-cluster - - alert: CNPGClusterDatabaseDeadlockConflictsWarning - annotations: - summary: CNPG Cluster has over 10 deadlock conflicts. - description: |- - There are over 10 deadlock conflicts in - {{ $labels.pod }} - expr: | - cnpg_pg_stat_database_deadlocks{namespace="kyoo"} > 10 - for: 1m - labels: - severity: warning - namespace: kyoo - cnpg_cluster: kyoo-postgresql-18-cluster - - alert: CNPGClusterHACritical - annotations: - summary: CNPG Cluster has no standby replicas! - description: |- - CloudNativePG Cluster "{{`{{`}} $labels.job {{`}}`}}" has no ready standby replicas. Your cluster at a severe - risk of data loss and downtime if the primary instance fails. - - The primary instance is still online and able to serve queries, although connections to the `-ro` endpoint - will fail. The `-r` endpoint os operating at reduced capacity and all traffic is being served by the main. - - This can happen during a normal fail-over or automated minor version upgrades in a cluster with 2 or less - instances. The replaced instance may need some time to catch-up with the cluster primary instance. - - This alarm will be always trigger if your cluster is configured to run with only 1 instance. In this - case you may want to silence it. - runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHACritical.md - expr: | - max by (job) (cnpg_pg_replication_streaming_replicas{namespace="kyoo"} - cnpg_pg_replication_is_wal_receiver_up{namespace="kyoo"}) < 1 - for: 5m - labels: - severity: critical - namespace: kyoo - cnpg_cluster: kyoo-postgresql-18-cluster - - alert: CNPGClusterHAWarning - annotations: - summary: CNPG Cluster less than 2 standby replicas. - description: |- - CloudNativePG Cluster "{{`{{`}} $labels.job {{`}}`}}" has only {{`{{`}} $value {{`}}`}} standby replicas, putting - your cluster at risk if another instance fails. The cluster is still able to operate normally, although - the `-ro` and `-r` endpoints operate at reduced capacity. - - This can happen during a normal fail-over or automated minor version upgrades. The replaced instance may - need some time to catch-up with the cluster primary instance. - - This alarm will be constantly triggered if your cluster is configured to run with less than 3 instances. - In this case you may want to silence it. - runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHAWarning.md - expr: | - max by (job) (cnpg_pg_replication_streaming_replicas{namespace="kyoo"} - cnpg_pg_replication_is_wal_receiver_up{namespace="kyoo"}) < 2 - for: 5m - labels: - severity: warning - namespace: kyoo - cnpg_cluster: kyoo-postgresql-18-cluster - - alert: CNPGClusterHighConnectionsCritical - annotations: - summary: CNPG Instance maximum number of connections critical! - description: |- - CloudNativePG Cluster "kyoo/kyoo-postgresql-18-cluster" instance {{`{{`}} $labels.pod {{`}}`}} is using {{`{{`}} $value {{`}}`}}% of - the maximum number of connections. - runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighConnectionsCritical.md - expr: | - sum by (pod) (cnpg_backends_total{namespace="kyoo", pod=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="kyoo", pod=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"}) * 100 > 95 - for: 5m - labels: - severity: critical - namespace: kyoo - cnpg_cluster: kyoo-postgresql-18-cluster - - alert: CNPGClusterHighConnectionsWarning - annotations: - summary: CNPG Instance is approaching the maximum number of connections. - description: |- - CloudNativePG Cluster "kyoo/kyoo-postgresql-18-cluster" instance {{`{{`}} $labels.pod {{`}}`}} is using {{`{{`}} $value {{`}}`}}% of - the maximum number of connections. - runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighConnectionsWarning.md - expr: | - sum by (pod) (cnpg_backends_total{namespace="kyoo", pod=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="kyoo", pod=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"}) * 100 > 80 - for: 5m - labels: - severity: warning - namespace: kyoo - cnpg_cluster: kyoo-postgresql-18-cluster - - alert: CNPGClusterHighReplicationLag - annotations: - summary: CNPG Cluster high replication lag - description: |- - CloudNativePG Cluster "kyoo/kyoo-postgresql-18-cluster" is experiencing a high replication lag of - {{`{{`}} $value {{`}}`}}ms. - - High replication lag indicates network issues, busy instances, slow queries or suboptimal configuration. - runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighReplicationLag.md - expr: | - max(cnpg_pg_replication_lag{namespace="kyoo",pod=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"}) * 1000 > 1000 - for: 5m - labels: - severity: warning - namespace: kyoo - cnpg_cluster: kyoo-postgresql-18-cluster - - alert: CNPGClusterInstancesOnSameNode - annotations: - summary: CNPG Cluster instances are located on the same node. - description: |- - CloudNativePG Cluster "kyoo/kyoo-postgresql-18-cluster" has {{`{{`}} $value {{`}}`}} - instances on the same node {{`{{`}} $labels.node {{`}}`}}. - - A failure or scheduled downtime of a single node will lead to a potential service disruption and/or data loss. - runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterInstancesOnSameNode.md - expr: | - count by (node) (kube_pod_info{namespace="kyoo", pod=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"}) > 1 - for: 5m - labels: - severity: warning - namespace: kyoo - cnpg_cluster: kyoo-postgresql-18-cluster - - alert: CNPGClusterLongRunningTransactionWarning - annotations: - summary: CNPG Cluster query is taking longer than 5 minutes. - description: |- - CloudNativePG Cluster Pod {{ $labels.pod }} - is taking more than 5 minutes (300 seconds) for a query. - expr: |- - cnpg_backends_max_tx_duration_seconds{namespace="kyoo"} > 300 - for: 1m - labels: - severity: warning - namespace: kyoo - cnpg_cluster: kyoo-postgresql-18-cluster - - alert: CNPGClusterLowDiskSpaceCritical - annotations: - summary: CNPG Instance is running out of disk space! - description: |- - CloudNativePG Cluster "kyoo/kyoo-postgresql-18-cluster" is running extremely low on disk space. Check attached PVCs! - runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterLowDiskSpaceCritical.md - expr: | - max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="kyoo", persistentvolumeclaim=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"} / kubelet_volume_stats_capacity_bytes{namespace="kyoo", persistentvolumeclaim=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"})) > 0.9 OR - max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="kyoo", persistentvolumeclaim=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$-wal"} / kubelet_volume_stats_capacity_bytes{namespace="kyoo", persistentvolumeclaim=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$-wal"})) > 0.9 OR - max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="kyoo", persistentvolumeclaim=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"}) - / - sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="kyoo", persistentvolumeclaim=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"}) - * - on(namespace, persistentvolumeclaim) group_left(volume) - kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"} - ) > 0.9 - for: 5m - labels: - severity: critical - namespace: kyoo - cnpg_cluster: kyoo-postgresql-18-cluster - - alert: CNPGClusterLowDiskSpaceWarning - annotations: - summary: CNPG Instance is running out of disk space. - description: |- - CloudNativePG Cluster "kyoo/kyoo-postgresql-18-cluster" is running low on disk space. Check attached PVCs. - runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterLowDiskSpaceWarning.md - expr: | - max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="kyoo", persistentvolumeclaim=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"} / kubelet_volume_stats_capacity_bytes{namespace="kyoo", persistentvolumeclaim=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"})) > 0.7 OR - max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="kyoo", persistentvolumeclaim=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$-wal"} / kubelet_volume_stats_capacity_bytes{namespace="kyoo", persistentvolumeclaim=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$-wal"})) > 0.7 OR - max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="kyoo", persistentvolumeclaim=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"}) - / - sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="kyoo", persistentvolumeclaim=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"}) - * - on(namespace, persistentvolumeclaim) group_left(volume) - kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"} - ) > 0.7 - for: 5m - labels: - severity: warning - namespace: kyoo - cnpg_cluster: kyoo-postgresql-18-cluster - - alert: CNPGClusterOffline - annotations: - summary: CNPG Cluster has no running instances! - description: |- - CloudNativePG Cluster "kyoo/kyoo-postgresql-18-cluster" has no ready instances. - - Having an offline cluster means your applications will not be able to access the database, leading to - potential service disruption and/or data loss. - runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterOffline.md - expr: | - (count(cnpg_collector_up{namespace="kyoo",pod=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"}) OR on() vector(0)) == 0 - for: 5m - labels: - severity: critical - namespace: kyoo - cnpg_cluster: kyoo-postgresql-18-cluster - - alert: CNPGClusterPGDatabaseXidAgeWarning - annotations: - summary: CNPG Cluster has a number of transactions from the frozen XID to the current one. - description: |- - Over 300,000,000 transactions from frozen xid - on pod {{ $labels.pod }} - expr: | - cnpg_pg_database_xid_age{namespace="kyoo"} > 300000000 - for: 1m - labels: - severity: warning - namespace: kyoo - cnpg_cluster: kyoo-postgresql-18-cluster - - alert: CNPGClusterPGReplicationWarning - annotations: - summary: CNPG Cluster standby is lagging behind the primary. - description: |- - Standby is lagging behind by over 300 seconds (5 minutes) - expr: | - cnpg_pg_replication_lag{namespace="kyoo"} > 300 - for: 1m - labels: - severity: warning - namespace: kyoo - cnpg_cluster: kyoo-postgresql-18-cluster - - alert: CNPGClusterReplicaFailingReplicationWarning - annotations: - summary: CNPG Cluster has a replica is failing to replicate. - description: |- - Replica {{ $labels.pod }} - is failing to replicate - expr: | - cnpg_pg_replication_in_recovery{namespace="kyoo"} > cnpg_pg_replication_is_wal_receiver_up{namespace="kyoo"} - for: 1m - labels: - severity: warning - namespace: kyoo - cnpg_cluster: kyoo-postgresql-18-cluster - - alert: CNPGClusterZoneSpreadWarning - annotations: - summary: CNPG Cluster instances in the same zone. - description: |- - CloudNativePG Cluster "kyoo/kyoo-postgresql-18-cluster" has instances in the same availability zone. - - A disaster in one availability zone will lead to a potential service disruption and/or data loss. - runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterZoneSpreadWarning.md - expr: | - 3 > count(count by (label_topology_kubernetes_io_zone) (kube_pod_info{namespace="kyoo", pod=~"kyoo-postgresql-18-cluster-([1-9][0-9]*)$"} * on(node,instance) group_left(label_topology_kubernetes_io_zone) kube_node_labels)) < 3 - for: 5m - labels: - severity: warning - namespace: kyoo - cnpg_cluster: kyoo-postgresql-18-cluster diff --git a/clusters/cl01tl/manifests/kyoo/ScheduledBackup-kyoo-postgresql-18-scheduled-backup-live-backup.yaml b/clusters/cl01tl/manifests/kyoo/ScheduledBackup-kyoo-postgresql-18-scheduled-backup-live-backup.yaml deleted file mode 100644 index ef8532d75..000000000 --- a/clusters/cl01tl/manifests/kyoo/ScheduledBackup-kyoo-postgresql-18-scheduled-backup-live-backup.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: postgresql.cnpg.io/v1 -kind: ScheduledBackup -metadata: - name: "kyoo-postgresql-18-scheduled-backup-live-backup" - namespace: kyoo - labels: - app.kubernetes.io/name: "kyoo-postgresql-18-scheduled-backup-live-backup" - helm.sh/chart: postgres-18-cluster-7.11.2 - app.kubernetes.io/instance: kyoo - app.kubernetes.io/part-of: kyoo - app.kubernetes.io/version: "7.11.2" - app.kubernetes.io/managed-by: Helm -spec: - immediate: true - suspend: false - schedule: "0 5 14 * * *" - backupOwnerReference: self - cluster: - name: kyoo-postgresql-18-cluster - method: plugin - pluginConfiguration: - name: barman-cloud.cloudnative-pg.io - parameters: - barmanObjectName: "kyoo-postgresql-18-backup-garage-local" diff --git a/clusters/cl01tl/manifests/kyoo/Service-kyoo-postgres-headless.yaml b/clusters/cl01tl/manifests/kyoo/Service-kyoo-postgres-headless.yaml new file mode 100644 index 000000000..aa8b8e930 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/Service-kyoo-postgres-headless.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + name: kyoo-postgres-headless + namespace: "kyoo" + labels: + helm.sh/chart: postgres-0.12.4 + app.kubernetes.io/name: postgres + app.kubernetes.io/instance: kyoo + app.kubernetes.io/version: "18.1.0" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + clusterIP: None + ports: + - port: 5432 + targetPort: 5432 + protocol: TCP + name: postgresql + selector: + app.kubernetes.io/name: postgres + app.kubernetes.io/instance: kyoo diff --git a/clusters/cl01tl/manifests/kyoo/Service-kyoo-postgres.yaml b/clusters/cl01tl/manifests/kyoo/Service-kyoo-postgres.yaml new file mode 100644 index 000000000..46d8c0920 --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/Service-kyoo-postgres.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: kyoo-postgres + namespace: kyoo + labels: + helm.sh/chart: postgres-0.12.4 + app.kubernetes.io/name: postgres + app.kubernetes.io/instance: kyoo + app.kubernetes.io/version: "18.1.0" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - port: 5432 + targetPort: 5432 + protocol: TCP + name: postgresql + selector: + app.kubernetes.io/name: postgres + app.kubernetes.io/instance: kyoo diff --git a/clusters/cl01tl/manifests/kyoo/StatefulSet-kyoo-postgres.yaml b/clusters/cl01tl/manifests/kyoo/StatefulSet-kyoo-postgres.yaml new file mode 100644 index 000000000..f5b4d0efa --- /dev/null +++ b/clusters/cl01tl/manifests/kyoo/StatefulSet-kyoo-postgres.yaml @@ -0,0 +1,141 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: kyoo-postgres + namespace: kyoo + labels: + helm.sh/chart: postgres-0.12.4 + app.kubernetes.io/name: postgres + app.kubernetes.io/instance: kyoo + app.kubernetes.io/version: "18.1.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + serviceName: kyoo-postgres-headless + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/name: postgres + app.kubernetes.io/instance: kyoo + template: + metadata: + labels: + helm.sh/chart: postgres-0.12.4 + app.kubernetes.io/name: postgres + app.kubernetes.io/instance: kyoo + app.kubernetes.io/version: "18.1.0" + app.kubernetes.io/managed-by: Helm + spec: + serviceAccountName: default + automountServiceAccountToken: false + securityContext: + fsGroup: 999 + containers: + - name: postgres + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: false + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 999 + image: docker.io/postgres:18.1@sha256:5ec39c188013123927f30a006987c6b0e20f3ef2b54b140dfa96dac6844d883f + imagePullPolicy: Always + args: + - -c + - 'config_file=/etc/postgresql/postgresql.conf' + env: + - name: PGDATA + value: /var/lib/postgresql/18/docker + - name: POSTGRES_USER + value: kyoo_all + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: kyoo-db-secret + key: password + - name: POSTGRES_MAX_CONNECTIONS + value: "100" + ports: + - name: postgresql + containerPort: 5432 + protocol: TCP + livenessProbe: + exec: + command: + - /bin/bash + - -c + - | + pg_isready -U kyoo_all -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + exec: + command: + - /bin/bash + - -c + - | + pg_isready -U kyoo_all -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + startupProbe: + exec: + command: + - /bin/bash + - -c + - | + pg_isready -U kyoo_all -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 30 + resources: {} + volumeMounts: + - name: data + mountPath: /var/lib/postgresql + - name: config + mountPath: /etc/postgresql + - name: run + mountPath: /var/run/postgresql + - name: tmp + mountPath: /tmp + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d/ + volumes: + - name: config + configMap: + name: kyoo-postgres + optional: true + - name: run + emptyDir: {} + - name: tmp + emptyDir: {} + - name: custom-init-scripts + configMap: + name: kyoo-postgres-init-scripts + defaultMode: 0755 + volumeClaimTemplates: + - metadata: + name: data + labels: + helm.sh/chart: postgres-0.12.4 + app.kubernetes.io/name: postgres + app.kubernetes.io/instance: kyoo + app.kubernetes.io/version: "18.1.0" + app.kubernetes.io/managed-by: Helm + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "5Gi"