sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add vault support

Browse Source
This commit is contained in:
Kochetkov S 2026-04-16 12:15:38 +03:00
parent 79a4ff4c9b
commit db2293b30b
2 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
clusters/yc-k8s-test/infrastructure/patches/postgresql.yaml
View File

@ -36,13 +36,14 @@ spec:
image:
registry: cr.yandex/crp3ccidau046kdj8g9q
repository: contour/postgresql
tag: 17.0.2
tag: 17.0.3
pullPolicy: Always
metrics:
enabled: false
prometheusRule:
enabled: false
primary:
automountServiceAccountToken: true
containerSecurityContext:
readOnlyRootFilesystem: false
persistence:
@ -53,7 +54,7 @@ spec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
- exec pg_isready -U "postgres" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
@ -64,7 +65,7 @@ spec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
- exec pg_isready -U "postgres" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
@ -75,7 +76,7 @@ spec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
- exec pg_isready -U "postgres" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
@ -90,8 +91,13 @@ spec:
effect: NoSchedule
contour:
enabled: true
adminUser: ""
adminPasswordSecretKey: ""
adminUser: "postgres"
vault:
enabled: true
role: postgresql
authPath: auth/kubernetes
secretPath: secrets/data/postgresql/admin
secretKey: postgres-password
sharedPreloadLibraries: "timescaledb,pg_stat_statements"
databases:
- name: attachments_db

2
infrastructure/postgresql/base/helmrelease.yaml
View File

@ -8,7 +8,7 @@ spec:
chart:
spec:
chart: postgresql-contour
version: "17.0.2"
version: "17.0.3"
sourceRef:
kind: HelmRepository
name: yc-oci-charts