diff --git a/apps/attachments/base/deployment.yaml b/apps/attachments/base/deployment.yaml index 7e517d4..347d5c7 100644 --- a/apps/attachments/base/deployment.yaml +++ b/apps/attachments/base/deployment.yaml @@ -40,30 +40,18 @@ spec: - name: YANDEX_S3_USE_SSL value: "false" - name: DATABASE_HOST - valueFrom: - secretKeyRef: - name: postgres-secret - key: host + value: "postgresql.attachments" - name: DATABASE_PORT - valueFrom: - secretKeyRef: - name: postgres-secret - key: port + value: "5432" - name: DATABASE_NAME - valueFrom: - secretKeyRef: - name: postgres-secret - key: database + value: attachments_db - name: DATABASE_USER - valueFrom: - secretKeyRef: - name: postgres-secret - key: username + value: attachments - name: DATABASE_PASSWORD valueFrom: secretKeyRef: - name: postgres-secret - key: password + name: postgresql-secret + key: user-password volumeMounts: - mountPath: /etc/sarex/yc-s3-storage name: yc-s3 diff --git a/apps/attachments/yc-k8s-test/kustomization.yaml b/apps/attachments/yc-k8s-test/kustomization.yaml index 4183b17..c643c00 100644 --- a/apps/attachments/yc-k8s-test/kustomization.yaml +++ b/apps/attachments/yc-k8s-test/kustomization.yaml @@ -3,6 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ../base + - postgresql.yaml patches: - path: replicas.yaml target: diff --git a/apps/attachments/yc-k8s-test/postgresql.yaml b/apps/attachments/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..d4819d0 --- /dev/null +++ b/apps/attachments/yc-k8s-test/postgresql.yaml @@ -0,0 +1,110 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: attachments +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements" + databases: + - name: attachments_db + user: attachments + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" \ No newline at end of file