Skip to content

Commit 18731c0

Browse files
committed
cleanup
cleanup pg
1 parent efe7c8f commit 18731c0

10 files changed

Lines changed: 171 additions & 13 deletions

File tree

infrastructure/controllers/1passwordconnect/test-item.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,4 +3,4 @@ kind: OnePasswordItem
33
metadata:
44
name: secret-name-test-name
55
spec:
6-
itemPath: "vaults/homelabproxmox/items/SECRET_NAME_TEST"
6+
itemPath: "vaults/homelab-prod/items/SECRET_NAME_TEST"

infrastructure/controllers/external-secrets/cluster-secret-store.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ spec:
1010
onepassword:
1111
connectHost: http://onepassword-connect.1passwordconnect.svc.cluster.local:8080
1212
vaults:
13-
homelabproxmox: 1
13+
homelab-prod: 1
1414
auth:
1515
secretRef:
1616
connectTokenSecretRef:
Lines changed: 83 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,83 @@
1+
apiVersion: postgresql.cnpg.io/v1
2+
kind: Cluster
3+
metadata:
4+
name: gitea-database
5+
namespace: cloudnative-pg
6+
labels:
7+
app: gitea
8+
spec:
9+
instances: 1
10+
imageName: ghcr.io/cloudnative-pg/postgresql:16.2
11+
resources:
12+
requests:
13+
memory: 512Mi
14+
cpu: 250m
15+
limits:
16+
memory: 1Gi
17+
postgresql:
18+
parameters:
19+
shared_buffers: "128MB"
20+
max_wal_size: "512MB"
21+
wal_compression: "on"
22+
pg_hba:
23+
- host all all 0.0.0.0/0 md5
24+
# === NORMAL OPERATION: initdb (comment out for DR recovery) ===
25+
bootstrap:
26+
initdb:
27+
database: gitea
28+
owner: gitea
29+
secret:
30+
name: gitea-app-secret
31+
# === DISASTER RECOVERY ===
32+
# 1. Comment out the initdb bootstrap above
33+
# 2. Uncomment the recovery bootstrap + externalClusters below
34+
# 3. Update serverName in externalClusters to match CURRENT backup.serverName (gitea-database)
35+
# 4. Bump backup.serverName to next version (e.g. gitea-database-v2)
36+
# 5. Apply directly with: kubectl kustomize ... | kubectl create -f -
37+
# (ArgoCD SSA + CNPG webhook = initdb always wins, must bypass ArgoCD)
38+
# 6. After recovery completes, revert to initdb and push
39+
#
40+
# bootstrap:
41+
# recovery:
42+
# source: gitea-backup
43+
# externalClusters:
44+
# - name: gitea-backup
45+
# barmanObjectStore:
46+
# serverName: gitea-database
47+
# destinationPath: s3://postgres-backups/cnpg/gitea
48+
# endpointURL: http://192.168.10.133:30293
49+
# s3Credentials:
50+
# accessKeyId:
51+
# name: cnpg-s3-credentials
52+
# key: AWS_ACCESS_KEY_ID
53+
# secretAccessKey:
54+
# name: cnpg-s3-credentials
55+
# key: AWS_SECRET_ACCESS_KEY
56+
# wal:
57+
# compression: gzip
58+
storage:
59+
size: 5Gi
60+
storageClass: longhorn
61+
walStorage:
62+
size: 2Gi
63+
storageClass: longhorn
64+
enableSuperuserAccess: true
65+
monitoring:
66+
enablePodMonitor: true
67+
backup:
68+
barmanObjectStore:
69+
serverName: gitea-database
70+
destinationPath: s3://postgres-backups/cnpg/gitea
71+
endpointURL: http://192.168.10.133:30293
72+
s3Credentials:
73+
accessKeyId:
74+
name: cnpg-s3-credentials
75+
key: AWS_ACCESS_KEY_ID
76+
secretAccessKey:
77+
name: cnpg-s3-credentials
78+
key: AWS_SECRET_ACCESS_KEY
79+
wal:
80+
compression: gzip
81+
data:
82+
compression: gzip
83+
retentionPolicy: "14d"
Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
apiVersion: external-secrets.io/v1
2+
kind: ExternalSecret
3+
metadata:
4+
name: gitea-app-secret
5+
namespace: cloudnative-pg
6+
spec:
7+
refreshInterval: "1h"
8+
secretStoreRef:
9+
kind: ClusterSecretStore
10+
name: 1password
11+
target:
12+
name: gitea-app-secret
13+
creationPolicy: Owner
14+
data:
15+
- secretKey: username
16+
remoteRef:
17+
key: postgres-secrets
18+
property: gitea_db_username
19+
- secretKey: password
20+
remoteRef:
21+
key: postgres-secrets
22+
property: gitea_db_password
Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
apiVersion: kustomize.config.k8s.io/v1beta1
2+
kind: Kustomization
3+
namespace: cloudnative-pg
4+
commonLabels:
5+
app.kubernetes.io/name: gitea-db
6+
app.kubernetes.io/managed-by: argocd
7+
commonAnnotations:
8+
argocd.argoproj.io/sync-wave: "-5"
9+
resources:
10+
- cluster.yaml
11+
- externalsecret.yaml
12+
- scheduled-backup.yaml
Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
apiVersion: postgresql.cnpg.io/v1
2+
kind: ScheduledBackup
3+
metadata:
4+
name: gitea-daily-backup
5+
namespace: cloudnative-pg
6+
spec:
7+
schedule: "0 3 * * *"
8+
backupOwnerReference: self
9+
cluster:
10+
name: gitea-database
11+
immediate: true

infrastructure/database/cloudnative-pg/paperless/cluster.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ spec:
2020
max_wal_size: "1GB"
2121
wal_compression: "on"
2222
logging_collector: "on"
23-
log_statement: "all"
23+
log_statement: "ddl"
2424
pg_hba:
2525
- host all all 0.0.0.0/0 md5
2626
# === NORMAL OPERATION: initdb (comment out for DR recovery) ===
@@ -66,7 +66,7 @@ spec:
6666
size: 20Gi
6767
storageClass: longhorn
6868
walStorage:
69-
size: 4Gi
69+
size: 8Gi
7070
storageClass: longhorn
7171
managed:
7272
services:
Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
apiVersion: external-secrets.io/v1
2+
kind: ExternalSecret
3+
metadata:
4+
name: gitea-db-secret
5+
namespace: gitea
6+
spec:
7+
refreshInterval: "1h"
8+
secretStoreRef:
9+
kind: ClusterSecretStore
10+
name: 1password
11+
target:
12+
name: gitea-db-secret
13+
creationPolicy: Owner
14+
data:
15+
- secretKey: password
16+
remoteRef:
17+
key: postgres-secrets
18+
property: gitea_db_password

my-apps/development/gitea/kustomization.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ namespace: gitea
44
resources:
55
- namespace.yaml
66
- httproute.yaml
7+
- externalsecret.yaml
78
helmCharts:
89
- name: gitea
910
repo: https://dl.gitea.com/charts/

my-apps/development/gitea/values.yaml

Lines changed: 20 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -11,16 +11,27 @@ service:
1111
ssh:
1212
type: ClusterIP
1313

14-
# Reduce HA overhead for homelab
14+
gitea:
15+
config:
16+
database:
17+
DB_TYPE: postgres
18+
HOST: gitea-database-rw.cloudnative-pg.svc.cluster.local:5432
19+
NAME: gitea
20+
USER: gitea
21+
SCHEMA: public
22+
additionalConfigFromEnvs:
23+
- name: GITEA__database__PASSWD
24+
valueFrom:
25+
secretKeyRef:
26+
name: gitea-db-secret
27+
key: password
28+
29+
# Disable bundled databases - using external CNPG
1530
postgresql-ha:
16-
enabled: true
17-
postgresql:
18-
replicaCount: 1 # Reduced from 3
19-
persistence:
20-
size: 5Gi
21-
storageClass: longhorn
22-
pgpool:
23-
replicaCount: 1 # Reduced from default
31+
enabled: false
32+
33+
postgresql:
34+
enabled: false
2435

2536
# Use single valkey instead of cluster
2637
valkey-cluster:

0 commit comments

Comments
 (0)