--- # Source: pgadmin4/charts/pgadmin4/templates/common.yaml --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: pgadmin4-data labels: app.kubernetes.io/instance: pgadmin app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: pgadmin helm.sh/chart: pgadmin4-4.4.0 annotations: helm.sh/resource-policy: keep namespace: pgadmin spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "5Gi" storageClassName: "ceph-block" --- # Source: pgadmin4/charts/pgadmin4/templates/common.yaml apiVersion: v1 kind: Service metadata: name: pgadmin labels: app.kubernetes.io/instance: pgadmin app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: pgadmin app.kubernetes.io/service: pgadmin helm.sh/chart: pgadmin4-4.4.0 namespace: pgadmin spec: type: ClusterIP ports: - port: 80 targetPort: 80 protocol: TCP name: http selector: app.kubernetes.io/controller: main app.kubernetes.io/instance: pgadmin app.kubernetes.io/name: pgadmin --- # Source: pgadmin4/charts/pgadmin4/templates/common.yaml apiVersion: apps/v1 kind: Deployment metadata: name: pgadmin labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: pgadmin app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: pgadmin helm.sh/chart: pgadmin4-4.4.0 namespace: pgadmin spec: revisionHistoryLimit: 3 replicas: 1 strategy: type: Recreate selector: matchLabels: app.kubernetes.io/controller: main app.kubernetes.io/name: pgadmin app.kubernetes.io/instance: pgadmin template: metadata: labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: pgadmin app.kubernetes.io/name: pgadmin spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false dnsPolicy: ClusterFirst initContainers: - command: - /bin/sh - -ec - | /bin/chown -R 5050:5050 /var/lib/pgadmin image: busybox:1.37.0 imagePullPolicy: IfNotPresent name: init-chmod-data resources: requests: cpu: 10m memory: 128Mi securityContext: runAsUser: 0 volumeMounts: - mountPath: /var/lib/pgadmin name: data containers: - env: - name: PGADMIN_CONFIG_ENHANCED_COOKIE_PROTECTION value: "False" - name: PGADMIN_DEFAULT_EMAIL value: alexanderlebens@gmail.com - name: PGADMIN_DEFAULT_PASSWORD valueFrom: secretKeyRef: key: pgadmin-password name: pgadmin-password-secret envFrom: - secretRef: name: pgadmin-env-secret image: dpage/pgadmin4:9.10 imagePullPolicy: IfNotPresent name: main resources: requests: cpu: 10m memory: 256Mi securityContext: runAsGroup: 5050 runAsUser: 5050 volumeMounts: - mountPath: /var/lib/pgadmin name: data volumes: - name: data persistentVolumeClaim: claimName: pgadmin4-data --- # Source: pgadmin4/templates/external-secret.yaml apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: pgadmin-password-secret namespace: pgadmin labels: app.kubernetes.io/name: pgadmin-password-secret app.kubernetes.io/instance: pgadmin app.kubernetes.io/part-of: pgadmin spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: pgadmin-password remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/pgadmin/auth metadataPolicy: None property: pgadmin-password --- # Source: pgadmin4/templates/external-secret.yaml apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: pgadmin-env-secret namespace: pgadmin labels: app.kubernetes.io/name: pgadmin-env-secret app.kubernetes.io/instance: pgadmin app.kubernetes.io/part-of: pgadmin spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: PGADMIN_CONFIG_AUTHENTICATION_SOURCES remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/pgadmin/env metadataPolicy: None property: PGADMIN_CONFIG_AUTHENTICATION_SOURCES - secretKey: PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/pgadmin/env metadataPolicy: None property: PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER - secretKey: PGADMIN_CONFIG_OAUTH2_CONFIG remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/pgadmin/env metadataPolicy: None property: PGADMIN_CONFIG_OAUTH2_CONFIG --- # Source: pgadmin4/templates/external-secret.yaml apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: pgadmin-data-backup-secret namespace: pgadmin labels: app.kubernetes.io/name: pgadmin-data-backup-secret app.kubernetes.io/instance: pgadmin app.kubernetes.io/part-of: pgadmin spec: secretStoreRef: kind: ClusterSecretStore name: vault target: template: mergePolicy: Merge engineVersion: v2 data: RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/pgadmin/pgadmin-data" data: - secretKey: BUCKET_ENDPOINT remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/volsync/restic/config metadataPolicy: None property: S3_BUCKET_ENDPOINT - secretKey: RESTIC_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/volsync/restic/config metadataPolicy: None property: RESTIC_PASSWORD - secretKey: AWS_DEFAULT_REGION remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/volsync/restic/config metadataPolicy: None property: AWS_DEFAULT_REGION - secretKey: AWS_ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: access_key - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: conversionStrategy: Default decodingStrategy: None key: /digital-ocean/home-infra/volsync-backups metadataPolicy: None property: secret_key --- # Source: pgadmin4/templates/http-route.yaml apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: http-route-pgadmin namespace: pgadmin labels: app.kubernetes.io/name: http-route-pgadmin app.kubernetes.io/instance: pgadmin app.kubernetes.io/part-of: pgadmin spec: parentRefs: - group: gateway.networking.k8s.io kind: Gateway name: traefik-gateway namespace: traefik hostnames: - pgadmin.alexlebens.net rules: - matches: - path: type: PathPrefix value: / backendRefs: - group: '' kind: Service name: pgadmin port: 80 weight: 100 --- # Source: pgadmin4/templates/replication-source.yaml apiVersion: volsync.backube/v1alpha1 kind: ReplicationSource metadata: name: pgadmin-data-backup-source namespace: pgadmin labels: app.kubernetes.io/name: pgadmin-data-backup-source app.kubernetes.io/instance: pgadmin app.kubernetes.io/part-of: pgadmin spec: sourcePVC: pgadmin-data trigger: schedule: 0 4 * * * restic: pruneIntervalDays: 7 repository: pgadmin-data-backup-secret retain: hourly: 1 daily: 3 weekly: 2 monthly: 2 yearly: 4 moverSecurityContext: runAsUser: 5050 runAsGroup: 5050 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot