From 6abf3529f5eede4463972b78bb864be3e1ec4d55 Mon Sep 17 00:00:00 2001 From: emelinda Date: Mon, 13 Apr 2026 17:41:46 +0300 Subject: [PATCH 1/4] Add PostgreSQL HelmRelease to yc-k8s-test overlay in attachments app --- .../yc-k8s-test/kustomization.yaml | 1 + apps/attachments/yc-k8s-test/postgresql.yaml | 102 ++++++++++++++++++ 2 files changed, 103 insertions(+) create mode 100644 apps/attachments/yc-k8s-test/postgresql.yaml diff --git a/apps/attachments/yc-k8s-test/kustomization.yaml b/apps/attachments/yc-k8s-test/kustomization.yaml index 4183b17..c643c00 100644 --- a/apps/attachments/yc-k8s-test/kustomization.yaml +++ b/apps/attachments/yc-k8s-test/kustomization.yaml @@ -3,6 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ../base + - postgresql.yaml patches: - path: replicas.yaml target: diff --git a/apps/attachments/yc-k8s-test/postgresql.yaml b/apps/attachments/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..9fef38e --- /dev/null +++ b/apps/attachments/yc-k8s-test/postgresql.yaml @@ -0,0 +1,102 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: attachments +spec: + interval: 5m + timeout: 2h + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements" + databases: + - name: keycloak + user: keycloak + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" \ No newline at end of file From 068e01159fd983ff4105192c6d67c46b69f14a34 Mon Sep 17 00:00:00 2001 From: emelinda Date: Mon, 13 Apr 2026 17:52:32 +0300 Subject: [PATCH 2/4] Update PostgreSQL HelmRelease with postgresql-contour chart in yc-k8s-test overlay --- apps/attachments/yc-k8s-test/postgresql.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/apps/attachments/yc-k8s-test/postgresql.yaml b/apps/attachments/yc-k8s-test/postgresql.yaml index 9fef38e..9d71640 100644 --- a/apps/attachments/yc-k8s-test/postgresql.yaml +++ b/apps/attachments/yc-k8s-test/postgresql.yaml @@ -6,6 +6,14 @@ metadata: spec: interval: 5m timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system install: timeout: 2h From 6e43128c6aba1bff6a569b404b00bec0cdd7150f Mon Sep 17 00:00:00 2001 From: emelinda Date: Mon, 13 Apr 2026 17:54:07 +0300 Subject: [PATCH 3/4] Update PostgreSQL database and user in yc-k8s-test overlay for attachments app --- apps/attachments/yc-k8s-test/postgresql.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/attachments/yc-k8s-test/postgresql.yaml b/apps/attachments/yc-k8s-test/postgresql.yaml index 9d71640..d4819d0 100644 --- a/apps/attachments/yc-k8s-test/postgresql.yaml +++ b/apps/attachments/yc-k8s-test/postgresql.yaml @@ -102,8 +102,8 @@ spec: adminPasswordSecretKey: "" sharedPreloadLibraries: "pg_stat_statements" databases: - - name: keycloak - user: keycloak + - name: attachments_db + user: attachments extensions: [] restoreFromDump: false s3-proxy: From 077df03c8b2dda53bb9762efd142edb17d00e138 Mon Sep 17 00:00:00 2001 From: emelinda Date: Tue, 14 Apr 2026 11:13:01 +0300 Subject: [PATCH 4/4] Update database environment variables in attachments app deployment configuration --- apps/attachments/base/deployment.yaml | 24 ++++++------------------ 1 file changed, 6 insertions(+), 18 deletions(-) diff --git a/apps/attachments/base/deployment.yaml b/apps/attachments/base/deployment.yaml index 7e517d4..347d5c7 100644 --- a/apps/attachments/base/deployment.yaml +++ b/apps/attachments/base/deployment.yaml @@ -40,30 +40,18 @@ spec: - name: YANDEX_S3_USE_SSL value: "false" - name: DATABASE_HOST - valueFrom: - secretKeyRef: - name: postgres-secret - key: host + value: "postgresql.attachments" - name: DATABASE_PORT - valueFrom: - secretKeyRef: - name: postgres-secret - key: port + value: "5432" - name: DATABASE_NAME - valueFrom: - secretKeyRef: - name: postgres-secret - key: database + value: attachments_db - name: DATABASE_USER - valueFrom: - secretKeyRef: - name: postgres-secret - key: username + value: attachments - name: DATABASE_PASSWORD valueFrom: secretKeyRef: - name: postgres-secret - key: password + name: postgresql-secret + key: user-password volumeMounts: - mountPath: /etc/sarex/yc-s3-storage name: yc-s3