From 9ca01b0648f284584d405d8b233b5af6edd08e1a Mon Sep 17 00:00:00 2001 From: builderadmin Date: Wed, 21 May 2025 23:29:04 +0000 Subject: [PATCH] Add bitnamipostgresql.yaml --- bitnamipostgresql.yaml | 326 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 326 insertions(+) create mode 100644 bitnamipostgresql.yaml diff --git a/bitnamipostgresql.yaml b/bitnamipostgresql.yaml new file mode 100644 index 0000000..8be9bd2 --- /dev/null +++ b/bitnamipostgresql.yaml @@ -0,0 +1,326 @@ +--- +# Source: postgresql/templates/primary/networkpolicy.yaml +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: coder-db-postgresql + namespace: "coder" + labels: + app.kubernetes.io/instance: coder-db + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.5.0 + helm.sh/chart: postgresql-16.7.4 + app.kubernetes.io/component: primary +spec: + podSelector: + matchLabels: + app.kubernetes.io/instance: coder-db + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary + policyTypes: + - Ingress + - Egress + egress: + - {} + ingress: + - ports: + - port: 5432 +--- +# Source: postgresql/templates/primary/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: coder-db-postgresql + namespace: "coder" + labels: + app.kubernetes.io/instance: coder-db + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.5.0 + helm.sh/chart: postgresql-16.7.4 + app.kubernetes.io/component: primary +spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/instance: coder-db + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary +--- +# Source: postgresql/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: coder-db-postgresql + namespace: "coder" + labels: + app.kubernetes.io/instance: coder-db + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.5.0 + helm.sh/chart: postgresql-16.7.4 +automountServiceAccountToken: false +--- +# Source: postgresql/templates/secrets.yaml +apiVersion: v1 +kind: Secret +metadata: + name: coder-db-postgresql + namespace: "coder" + labels: + app.kubernetes.io/instance: coder-db + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.5.0 + helm.sh/chart: postgresql-16.7.4 +type: Opaque +data: + postgres-password: "bGpmalNLbjJaQw==" + password: "Y29kZXI=" + # We don't auto-generate LDAP password when it's not provided as we do for other passwords +--- +# Source: postgresql/templates/primary/svc-headless.yaml +apiVersion: v1 +kind: Service +metadata: + name: coder-db-postgresql-hl + namespace: "coder" + labels: + app.kubernetes.io/instance: coder-db + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.5.0 + helm.sh/chart: postgresql-16.7.4 + app.kubernetes.io/component: primary + annotations: +spec: + type: ClusterIP + clusterIP: None + # We want all pods in the StatefulSet to have their addresses published for + # the sake of the other Postgresql pods even before they're ready, since they + # have to be able to talk to each other in order to become ready. + publishNotReadyAddresses: true + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + selector: + app.kubernetes.io/instance: coder-db + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary +--- +# Source: postgresql/templates/primary/svc.yaml +apiVersion: v1 +kind: Service +metadata: + name: coder-db-postgresql + namespace: "coder" + labels: + app.kubernetes.io/instance: coder-db + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.5.0 + helm.sh/chart: postgresql-16.7.4 + app.kubernetes.io/component: primary +spec: + type: ClusterIP + sessionAffinity: None + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + nodePort: null + selector: + app.kubernetes.io/instance: coder-db + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary +--- +# Source: postgresql/templates/primary/statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: coder-db-postgresql + namespace: "coder" + labels: + app.kubernetes.io/instance: coder-db + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.5.0 + helm.sh/chart: postgresql-16.7.4 + app.kubernetes.io/component: primary +spec: + replicas: 1 + serviceName: coder-db-postgresql-hl + updateStrategy: + rollingUpdate: {} + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/instance: coder-db + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary + template: + metadata: + name: coder-db-postgresql + labels: + app.kubernetes.io/instance: coder-db + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.5.0 + helm.sh/chart: postgresql-16.7.4 + app.kubernetes.io/component: primary + spec: + serviceAccountName: coder-db-postgresql + + automountServiceAccountToken: false + affinity: + podAffinity: + + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/instance: coder-db + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + + securityContext: + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + hostNetwork: false + hostIPC: false + containers: + - name: postgresql + image: docker.io/bitnami/postgresql:17.5.0-debian-12-r3 + imagePullPolicy: "IfNotPresent" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + env: + - name: BITNAMI_DEBUG + value: "false" + - name: POSTGRESQL_PORT_NUMBER + value: "5432" + - name: POSTGRESQL_VOLUME_DIR + value: "/bitnami/postgresql" + - name: PGDATA + value: "/bitnami/postgresql/data" + # Authentication + - name: POSTGRES_USER + value: "coder" + - name: POSTGRES_PASSWORD_FILE + value: /opt/bitnami/postgresql/secrets/password + - name: POSTGRES_POSTGRES_PASSWORD_FILE + value: /opt/bitnami/postgresql/secrets/postgres-password + - name: POSTGRES_DATABASE + value: "coder" + # LDAP + - name: POSTGRESQL_ENABLE_LDAP + value: "no" + # TLS + - name: POSTGRESQL_ENABLE_TLS + value: "no" + # Audit + - name: POSTGRESQL_LOG_HOSTNAME + value: "false" + - name: POSTGRESQL_LOG_CONNECTIONS + value: "false" + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: "false" + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: "off" + # Others + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: "error" + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: "pgaudit" + ports: + - name: tcp-postgresql + containerPort: 5432 + livenessProbe: + failureThreshold: 6 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "coder" -d "dbname=coder" -h 127.0.0.1 -p 5432 + readinessProbe: + failureThreshold: 6 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + exec: + command: + - /bin/sh + - -c + - -e + - | + exec pg_isready -U "coder" -d "dbname=coder" -h 127.0.0.1 -p 5432 + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] + resources: + limits: + cpu: 150m + ephemeral-storage: 2Gi + memory: 192Mi + requests: + cpu: 100m + ephemeral-storage: 50Mi + memory: 128Mi + volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: empty-dir + mountPath: /opt/bitnami/postgresql/conf + subPath: app-conf-dir + - name: empty-dir + mountPath: /opt/bitnami/postgresql/tmp + subPath: app-tmp-dir + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + - name: dshm + mountPath: /dev/shm + - name: data + mountPath: /bitnami/postgresql + volumes: + - name: empty-dir + emptyDir: {} + - name: postgresql-password + secret: + secretName: coder-db-postgresql + - name: dshm + emptyDir: + medium: Memory + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: data + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "8Gi" \ No newline at end of file