fix: fix volumes and secrets for atlantis
This commit is contained in:
@@ -8,7 +8,8 @@ metadata:
|
|||||||
labels:
|
labels:
|
||||||
{{- include "Atlantis.labels" . | nindent 4 }}
|
{{- include "Atlantis.labels" . | nindent 4 }}
|
||||||
spec:
|
spec:
|
||||||
instances: {{ .Values.cluster.instances | default "2" }}
|
instances: {{ .Values.cluster.instances | default "1" }}
|
||||||
|
imageName: ghcr.io/cloudnative-pg/postgis:15-3.3
|
||||||
# Example of rolling update strategy:
|
# Example of rolling update strategy:
|
||||||
# - unsupervised: automated update of the primary once all
|
# - unsupervised: automated update of the primary once all
|
||||||
# replicas have been upgraded (default)
|
# replicas have been upgraded (default)
|
||||||
@@ -19,16 +20,8 @@ spec:
|
|||||||
retentionPolicy: {{ .Values.cluster.backupRetention | default "60d" }}
|
retentionPolicy: {{ .Values.cluster.backupRetention | default "60d" }}
|
||||||
storage:
|
storage:
|
||||||
size: {{ .Values.cluster.size | default "5Gi" }}
|
size: {{ .Values.cluster.size | default "5Gi" }}
|
||||||
imageName: ghcr.io/cloudnative-pg/postgis:15-3.3
|
|
||||||
bootstrap:
|
|
||||||
initdb:
|
|
||||||
postInitTemplateSQL:
|
|
||||||
- CREATE EXTENSION postgis;
|
|
||||||
- CREATE EXTENSION postgis_topology;
|
|
||||||
- CREATE EXTENSION fuzzystrmatch;
|
|
||||||
- CREATE EXTENSION postgis_tiger_geocoder;
|
|
||||||
- ALTER USER app WITH SUPERUSER;
|
|
||||||
{{- with .Values.cluster.bootstrap }}
|
{{- with .Values.cluster.bootstrap }}
|
||||||
|
bootstrap:
|
||||||
{{- if .enabled }}
|
{{- if .enabled }}
|
||||||
pg_basebackup:
|
pg_basebackup:
|
||||||
source: archmaester
|
source: archmaester
|
||||||
@@ -47,6 +40,14 @@ spec:
|
|||||||
sslRootCert:
|
sslRootCert:
|
||||||
name: {{ .source.db }}-ca
|
name: {{ .source.db }}-ca
|
||||||
key: ca.crt
|
key: ca.crt
|
||||||
|
{{- else }}
|
||||||
|
initdb:
|
||||||
|
postInitTemplateSQL:
|
||||||
|
- CREATE EXTENSION postgis;
|
||||||
|
- CREATE EXTENSION postgis_topology;
|
||||||
|
- CREATE EXTENSION fuzzystrmatch;
|
||||||
|
- CREATE EXTENSION postgis_tiger_geocoder;
|
||||||
|
- ALTER USER app WITH SUPERUSER;
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|||||||
@@ -29,4 +29,26 @@ type: kubernetes.io/basic-auth
|
|||||||
data:
|
data:
|
||||||
username:
|
username:
|
||||||
password:
|
password:
|
||||||
|
{{- else }}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
kyverno/clone: "true"
|
||||||
|
name: {{ .Values.cluster.bootstrap.source.db }}-replication
|
||||||
|
type: kubernetes.io/tls
|
||||||
|
data:
|
||||||
|
tls.crt: ""
|
||||||
|
tls.key: ""
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
type: Opaque
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
kyverno/clone: "true"
|
||||||
|
name: {{ .Values.cluster.bootstrap.source.db }}-ca
|
||||||
|
data:
|
||||||
|
ca.crt: ""
|
||||||
|
ca.key: ""
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|||||||
@@ -59,7 +59,7 @@ persistence:
|
|||||||
storageClass: ""
|
storageClass: ""
|
||||||
accessMode: ReadWriteOnce
|
accessMode: ReadWriteOnce
|
||||||
cluster:
|
cluster:
|
||||||
enabled: false
|
enabled: true
|
||||||
instances: 1
|
instances: 1
|
||||||
backupEnabled: true
|
backupEnabled: true
|
||||||
backupRetention: 60d
|
backupRetention: 60d
|
||||||
@@ -70,13 +70,13 @@ cluster:
|
|||||||
db: prod-archmeister
|
db: prod-archmeister
|
||||||
namespace: atlantis
|
namespace: atlantis
|
||||||
redis:
|
redis:
|
||||||
enabled: false
|
enabled: true
|
||||||
name: redis-stack
|
name: redis-stack
|
||||||
redis_stack_server:
|
redis_stack_server:
|
||||||
image: "redis/redis-stack-server"
|
image: "redis/redis-stack-server"
|
||||||
tag: "7.4.0-v1"
|
tag: "7.4.0-v1"
|
||||||
replicas: 1
|
replicas: 1
|
||||||
storage_class: ceph-rdb
|
storage_class: ceph-rbd
|
||||||
storage: 1Gi
|
storage: 1Gi
|
||||||
resources: {}
|
resources: {}
|
||||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||||
|
|||||||
@@ -52,8 +52,8 @@ spec:
|
|||||||
namespace: '{{ request.object.metadata.namespace }}'
|
namespace: '{{ request.object.metadata.namespace }}'
|
||||||
synchronize: true
|
synchronize: true
|
||||||
clone:
|
clone:
|
||||||
name: staging-archmeister-superuser
|
name: prod-archmeister-superuser
|
||||||
namespace: staging-vcluster
|
namespace: atlantis
|
||||||
match:
|
match:
|
||||||
any:
|
any:
|
||||||
- resources:
|
- resources:
|
||||||
@@ -63,6 +63,44 @@ spec:
|
|||||||
- "*-db-superuser"
|
- "*-db-superuser"
|
||||||
annotations:
|
annotations:
|
||||||
kyverno/clone: "true"
|
kyverno/clone: "true"
|
||||||
|
- name: sync-archmaester-replication-secret
|
||||||
|
generate:
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
name: '{{ request.object.metadata.name }}'
|
||||||
|
namespace: '{{ request.object.metadata.namespace }}'
|
||||||
|
synchronize: true
|
||||||
|
clone:
|
||||||
|
name: prod-archmeister-replication
|
||||||
|
namespace: atlantis
|
||||||
|
match:
|
||||||
|
any:
|
||||||
|
- resources:
|
||||||
|
kinds:
|
||||||
|
- Secret
|
||||||
|
names:
|
||||||
|
- prod-archmeister-replication
|
||||||
|
annotations:
|
||||||
|
kyverno/clone: "true"
|
||||||
|
- name: sync-archmaester-ca
|
||||||
|
generate:
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
name: '{{ request.object.metadata.name }}'
|
||||||
|
namespace: '{{ request.object.metadata.namespace }}'
|
||||||
|
synchronize: true
|
||||||
|
clone:
|
||||||
|
name: prod-archmeister-ca
|
||||||
|
namespace: atlantis
|
||||||
|
match:
|
||||||
|
any:
|
||||||
|
- resources:
|
||||||
|
kinds:
|
||||||
|
- Secret
|
||||||
|
names:
|
||||||
|
- prod-archmeister-ca
|
||||||
|
annotations:
|
||||||
|
kyverno/clone: "true"
|
||||||
# exclude:
|
# exclude:
|
||||||
# any:
|
# any:
|
||||||
# - resources:
|
# - resources:
|
||||||
|
|||||||
Reference in New Issue
Block a user