home-ops
home-ops copied to clipboard
Published
20 hours ago •
axeII
axeII
feat(kubernetes/apps/database/pgadmin): add pgadmin deployment
Description of the change
Adds pgadmin for database management.
This is part 2 of 2 in a stack made with GitButler:
- 2 #1717 👈
- 1 #1716
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/pgadmin
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/pgadmin
@@ -0,0 +1,41 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster-apps
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: pgadmin
+ namespace: flux-system
+spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: pgadmin
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
+ interval: 1h
+ path: ./kubernetes/apps/database/pgadmin/app
+ postBuild:
+ substituteFrom:
+ - kind: ConfigMap
+ name: cluster-settings
+ - kind: Secret
+ name: cluster-secrets
+ - kind: ConfigMap
+ name: cluster-user-settings
+ optional: true
+ - kind: Secret
+ name: cluster-user-secrets
+ optional: true
+ prune: true
+ retryInterval: 2m
+ sourceRef:
+ kind: GitRepository
+ name: home-kubernetes
+ namespace: flux-system
+ targetNamespace: database
+ timeout: 5m
+ wait: false
+
--- kubernetes/apps/database/pgadmin/app Kustomization: flux-system/pgadmin ExternalSecret: database/pgadmin-secret
+++ kubernetes/apps/database/pgadmin/app Kustomization: flux-system/pgadmin ExternalSecret: database/pgadmin-secret
@@ -0,0 +1,26 @@
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+ labels:
+ app.kubernetes.io/name: pgadmin
+ kustomize.toolkit.fluxcd.io/name: pgadmin
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: pgadmin-secret
+ namespace: database
+spec:
+ dataFrom:
+ - extract:
+ key: cloudnative-pg
+ secretStoreRef:
+ kind: ClusterSecretStore
+ name: onepassword-connect
+ target:
+ creationPolicy: Owner
+ deletionPolicy: Delete
+ name: pgadmin-secret
+ template:
+ data:
+ PGADMIN_DEFAULT_EMAIL: '{{ .ADMIN_EMAIL }}'
+ PGADMIN_DEFAULT_PASSWORD: '{{ .POSTGRES_SUPER_PASS }}'
+
--- kubernetes/apps/database/pgadmin/app Kustomization: flux-system/pgadmin HelmRelease: database/pgadmin
+++ kubernetes/apps/database/pgadmin/app Kustomization: flux-system/pgadmin HelmRelease: database/pgadmin
@@ -0,0 +1,84 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ labels:
+ app.kubernetes.io/name: pgadmin
+ kustomize.toolkit.fluxcd.io/name: pgadmin
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: pgadmin
+ namespace: database
+spec:
+ chartRef:
+ kind: OCIRepository
+ name: app-template
+ namespace: flux-system
+ install:
+ createNamespace: true
+ remediation:
+ retries: 3
+ interval: 1h
+ maxHistory: 3
+ uninstall:
+ keepHistory: false
+ upgrade:
+ cleanupOnFail: true
+ remediation:
+ retries: 3
+ values:
+ controllers:
+ pgadmin:
+ annotations:
+ reloader.stakater.com/auto: 'true'
+ containers:
+ app:
+ envFrom:
+ - secretRef:
+ name: pgadmin-secret
+ image:
+ repository: docker.io/dpage/pgadmin4
+ tag: 9.2@sha256:52cb72a9e3da275324ca0b9bb3891021366d501aad375db34584a7bca8ce02ff
+ resources:
+ limits:
+ memory: 512M
+ requests:
+ cpu: 15m
+ memory: 256M
+ pod:
+ securityContext:
+ fsGroup: 5050
+ fsGroupChangePolicy: OnRootMismatch
+ runAsGroup: 5050
+ runAsUser: 5050
+ ingress:
+ app:
+ className: internal
+ hosts:
+ - host: '{{ .Release.Name }}.juno.moe'
+ paths:
+ - path: /
+ service:
+ identifier: app
+ port: http
+ persistence:
+ config:
+ accessMode: ReadWriteOnce
+ enabled: true
+ globalMounts:
+ - path: /var/lib/pgadmin
+ size: 1Gi
+ storageClass: ceph-block
+ server-json:
+ enabled: true
+ globalMounts:
+ - path: /pgadmin4/servers.json
+ subPath: servers.json
+ name: servers-json
+ type: configMap
+ service:
+ app:
+ controller: pgadmin
+ ports:
+ http:
+ port: 80
+
--- kubernetes/apps/database/pgadmin/app Kustomization: flux-system/pgadmin ConfigMap: database/servers-json
+++ kubernetes/apps/database/pgadmin/app Kustomization: flux-system/pgadmin ConfigMap: database/servers-json
@@ -0,0 +1,35 @@
+---
+apiVersion: v1
+data:
+ servers.json: |
+ {
+ "Servers": {
+ "1": {
+ "Name": "postgres",
+ "Group": "Servers",
+ "Host": "postgres",
+ "Port": 5432,
+ "MaintenanceDB": "postgres",
+ "Username": "postgres",
+ "SSLMode": "prefer",
+ "SSLCert": "<STORAGE_DIR>/.postgresql/postgresql.crt",
+ "SSLKey": "<STORAGE_DIR>/.postgresql/postgresql.key",
+ "SSLCompression": 0,
+ "Timeout": 10,
+ "UseSSHTunnel": 0,
+ "TunnelPort": "22",
+ "TunnelAuthentication": 0
+ }
+ }
+ }
+kind: ConfigMap
+metadata:
+ annotations:
+ kustomize.toolkit.fluxcd.io/substitute: disabled
+ labels:
+ app.kubernetes.io/name: pgadmin
+ kustomize.toolkit.fluxcd.io/name: pgadmin
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: servers-json
+ namespace: database
+
![bot-akira[bot] avatar](https://avatars.githubusercontent.com/in/825512?v=4 "Published by a pub.dev verified publisher"){kind=small}
--- HelmRelease: database/pgadmin PersistentVolumeClaim: database/pgadmin-config
+++ HelmRelease: database/pgadmin PersistentVolumeClaim: database/pgadmin-config
@@ -0,0 +1,18 @@
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: pgadmin-config
+ labels:
+ app.kubernetes.io/instance: pgadmin
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: pgadmin
+ namespace: database
+spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 1Gi
+ storageClassName: ceph-block
+
--- HelmRelease: database/pgadmin Service: database/pgadmin
+++ HelmRelease: database/pgadmin Service: database/pgadmin
@@ -0,0 +1,23 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: pgadmin
+ labels:
+ app.kubernetes.io/instance: pgadmin
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: pgadmin
+ app.kubernetes.io/service: pgadmin
+ namespace: database
+spec:
+ type: ClusterIP
+ ports:
+ - port: 80
+ targetPort: 80
+ protocol: TCP
+ name: http
+ selector:
+ app.kubernetes.io/component: pgadmin
+ app.kubernetes.io/instance: pgadmin
+ app.kubernetes.io/name: pgadmin
+
--- HelmRelease: database/pgadmin Deployment: database/pgadmin
+++ HelmRelease: database/pgadmin Deployment: database/pgadmin
@@ -0,0 +1,68 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: pgadmin
+ labels:
+ app.kubernetes.io/component: pgadmin
+ app.kubernetes.io/instance: pgadmin
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: pgadmin
+ annotations:
+ reloader.stakater.com/auto: 'true'
+ namespace: database
+spec:
+ revisionHistoryLimit: 3
+ replicas: 1
+ strategy:
+ type: Recreate
+ selector:
+ matchLabels:
+ app.kubernetes.io/component: pgadmin
+ app.kubernetes.io/name: pgadmin
+ app.kubernetes.io/instance: pgadmin
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/component: pgadmin
+ app.kubernetes.io/instance: pgadmin
+ app.kubernetes.io/name: pgadmin
+ spec:
+ enableServiceLinks: false
+ serviceAccountName: default
+ automountServiceAccountToken: true
+ securityContext:
+ fsGroup: 5050
+ fsGroupChangePolicy: OnRootMismatch
+ runAsGroup: 5050
+ runAsUser: 5050
+ hostIPC: false
+ hostNetwork: false
+ hostPID: false
+ dnsPolicy: ClusterFirst
+ containers:
+ - envFrom:
+ - secretRef:
+ name: pgadmin-secret
+ image: docker.io/dpage/pgadmin4:9.2@sha256:52cb72a9e3da275324ca0b9bb3891021366d501aad375db34584a7bca8ce02ff
+ name: app
+ resources:
+ limits:
+ memory: 512M
+ requests:
+ cpu: 15m
+ memory: 256M
+ volumeMounts:
+ - mountPath: /var/lib/pgadmin
+ name: config
+ - mountPath: /pgadmin4/servers.json
+ name: server-json
+ subPath: servers.json
+ volumes:
+ - name: config
+ persistentVolumeClaim:
+ claimName: pgadmin-config
+ - configMap:
+ name: servers-json
+ name: server-json
+
--- HelmRelease: database/pgadmin Ingress: database/pgadmin
+++ HelmRelease: database/pgadmin Ingress: database/pgadmin
@@ -0,0 +1,24 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: pgadmin
+ labels:
+ app.kubernetes.io/instance: pgadmin
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: pgadmin
+ namespace: database
+spec:
+ ingressClassName: internal
+ rules:
+ - host: pgadmin.juno.moe
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: pgadmin
+ port:
+ number: 80
+