From 33e0f7aa2983a482167e4d99790910214d0b93b8 Mon Sep 17 00:00:00 2001 From: Vassiliy Yegorov Date: Thu, 1 Aug 2024 15:18:36 +0700 Subject: [PATCH] add 3 --- 3.zalando/README.md | 18 ++++++ 3.zalando/baseCluster.yaml | 59 ++++++++++++++++++- 3.zalando/exampleApp.yaml | 85 ++++++++++++++++++++++++++++ charts/postgres-operator/values.yaml | 13 +++-- 4 files changed, 167 insertions(+), 8 deletions(-) create mode 100644 3.zalando/README.md create mode 100644 3.zalando/exampleApp.yaml diff --git a/3.zalando/README.md b/3.zalando/README.md new file mode 100644 index 0000000..0d95fca --- /dev/null +++ b/3.zalando/README.md @@ -0,0 +1,18 @@ +# Zalando + +1. install operator + +```shell +helm install zalando -n zalando --create-namespace charts/postgres-operator +``` + +2. install cluster + +```shell +kubectl apply -f 3.zalando/baseCluster.yaml +``` + + +## больше + +https://github.com/zalando/postgres-operator/blob/master/docs/administrator.md diff --git a/3.zalando/baseCluster.yaml b/3.zalando/baseCluster.yaml index e653b6e..3288e7f 100644 --- a/3.zalando/baseCluster.yaml +++ b/3.zalando/baseCluster.yaml @@ -1,14 +1,40 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: rm-pgsql +--- + +apiVersion: v1 +kind: Secret +metadata: + name: logical-backup-secrets + namespace: rm-pgsql +stringData: + LOGICAL_BACKUP_PROVIDER: s3 + LOGICAL_BACKUP_S3_ENDPOINT: https://s3-nsk.bildme.ru + LOGICAL_BACKUP_S3_REGION: ru-nsk + LOGICAL_BACKUP_S3_BUCKET: zalando-backups + LOGICAL_BACKUP_S3_BUCKET_PREFIX: '' + LOGICAL_BACKUP_S3_RETENTION_TIME: '2 week' + LOGICAL_BACKUP_S3_SSE: '' + AWS_ACCESS_KEY_ID: zalando-user + AWS_SECRET_ACCESS_KEY: C7oMRPqifdHRgNJMfmPKoNhyw +--- + kind: "postgresql" apiVersion: "acid.zalan.do/v1" metadata: name: "rm-psql" + namespace: rm-pgsql labels: team: rm app: rm-pgsql resource-group: rm-pgsql spec: teamId: "rm" - dockerImage: ghcr.io/zalando/spilo-16:3.2-p2 + # dockerImage: ghcr.io/zalando/spilo-16:3.2-p2 + enableLogicalBackup: true + logicalBackupSchedule: "30 */6 * * *" numberOfInstances: 2 spiloRunAsUser: 101 spiloRunAsGroup: 103 @@ -23,7 +49,7 @@ spec: log_rotation_size: '1024000' log_min_duration_statement: '1000' volume: - size: "5Gi" + size: "6Gi" storageClass: "longhorn" users: rmu: @@ -35,8 +61,10 @@ spec: patroni: pg_hba: - local all all trust + - local replication standby trust - host all all 0.0.0.0/0 md5 - host all all ::1/128 md5 + - host replication standby 0.0.0.0/0 md5 # TODO resources: requests: cpu: "0.4" @@ -44,4 +72,31 @@ spec: limits: cpu: "0.8" memory: "1Gi" + sidecars: + - name: "zalando-exporter" + image: "wrouesnel/postgres_exporter" + ports: + - name: exporter + containerPort: 9187 + protocol: TCP + resources: + limits: + cpu: 100m + memory: 256M + requests: + cpu: 50m + memory: 128M + env: + - name: "DATA_SOURCE_URI" + value: "localhost:5432/rm?sslmode=disable" + - name: "DATA_SOURCE_USER" + valueFrom: + secretKeyRef: + name: rmu.rm-psql + key: username + - name: "DATA_SOURCE_PASS" + valueFrom: + secretKeyRef: + name: rmu.rm-psql + key: password --- diff --git a/3.zalando/exampleApp.yaml b/3.zalando/exampleApp.yaml new file mode 100644 index 0000000..643b94f --- /dev/null +++ b/3.zalando/exampleApp.yaml @@ -0,0 +1,85 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: test-app + namespace: rm-pgsql +spec: + replicas: 1 + selector: + matchLabels: + app: test-app + template: + metadata: + labels: + app: test-app + spec: + containers: + - name: test-app + image: node:18 + command: ["/bin/sh", "-c"] + args: + - | + mkdir -p /tmp/app && \ + cp /app/test_app.js /app/package.json /tmp/app/ && \ + cd /tmp/app && \ + npm install && \ + node test_app.js + env: + - name: DB_HOST + value: rm-psql-pooler-repl + - name: DB_USER + valueFrom: + secretKeyRef: + name: rmu.rm-psql + key: username + - name: DB_PASSWORD + value: "123" + - name: DB_NAME + value: rm + volumeMounts: + - name: app-code + mountPath: /app + volumes: + - name: app-code + configMap: + name: test-app-configmap + items: + - key: test_app.js + path: test_app.js + - key: package.json + path: package.json +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: test-app-configmap + namespace: rm-pgsql +data: + test_app.js: | + const { Client } = require('pg'); + + const client = new Client({ + host: process.env.DB_HOST, + user: process.env.DB_USER, + password: process.env.DB_PASSWORD, + database: process.env.DB_NAME + }); + + client.connect() + .then(() => { + console.log(`Successfully connected to the database ${process.env.DB_NAME} on ${process.env.DB_HOST}`); + return client.end(); + }) + .catch((err) => { + console.error(`Error: ${err}`); + }); + package.json: | + { + "name": "test-app", + "version": "1.0.0", + "main": "test_app.js", + "dependencies": { + "pg": "^8.7.1" + } + } +--- diff --git a/charts/postgres-operator/values.yaml b/charts/postgres-operator/values.yaml index 5700ff7..b8cbd4e 100644 --- a/charts/postgres-operator/values.yaml +++ b/charts/postgres-operator/values.yaml @@ -186,7 +186,7 @@ configKubernetes: # namespaced name of the ConfigMap with environment variables to populate on every pod # pod_environment_configmap: "default/my-custom-config" # name of the Secret (in cluster namespace) with environment variables to populate on every pod - # pod_environment_secret: "my-custom-secret" + pod_environment_secret: "" # TODO # specify the pod management policy of stateful sets of Postgres clusters pod_management_policy: "ordered_ready" @@ -194,17 +194,18 @@ configKubernetes: pod_role_label: spilo-role # service account definition as JSON/YAML string to be used by postgres cluster pods # pod_service_account_definition: "" + # TODO pod_service_account_definition: '{ "apiVersion": "v1", "kind": "ServiceAccount", "metadata": { "name": "postgres-pod" }, "imagePullSecrets": [ { "name": "registry-secret" } ] }' # role binding definition as JSON/YAML string to be used by pod service account # pod_service_account_role_binding_definition: "" # Postgres pods are terminated forcefully after this timeout - pod_terminate_grace_period: 5m + pod_terminate_grace_period: 1m # TODO 5m # template for database user secrets generated by the operator, # here username contains the namespace in the format namespace.username # if the user is in different namespace than cluster and cross namespace secrets # are enabled via `enable_cross_namespace_secret` flag in the configuration. - secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}" + secret_name_template: "{username}.{cluster}" # TODO "{username}.{cluster}.credentials.{tprkind}.{tprgroup}" # sharing unix socket of PostgreSQL (`pg_socket`) with the sidecars share_pgsocket_with_sidecars: false # set user and group for the spilo container (required to run Spilo as non-root process) @@ -258,7 +259,7 @@ configTimeouts: # timeout when waiting for successful response from Patroni API patroni_api_check_timeout: 5s # timeout when waiting for the Postgres pods to be deleted - pod_deletion_wait_timeout: 10m + pod_deletion_wait_timeout: 3m # TODO 10m # timeout when waiting for pod role and cluster labels pod_label_wait_timeout: 10m # interval between consecutive attempts waiting for postgresql CRD to be created @@ -389,7 +390,7 @@ configLogicalBackup: # backup schedule in the cron format logical_backup_schedule: "30 00 * * *" # secret to be used as reference for env variables in cronjob - logical_backup_cronjob_environment_secret: "" + logical_backup_cronjob_environment_secret: "logibackup-secrets" # TODO # automate creation of human users with teams API service configTeamsApi: @@ -478,7 +479,7 @@ priorityClassName: "" # priority class for database pods podPriorityClassName: # If create is false with no name set, no podPriorityClassName is specified. - # Hence, the pod priorityClass is the one with globalDefault set. + # Hence, the pod priorityClass is the one with globalDefault set. # If there is no PriorityClass with globalDefault set, the priority of Pods with no priorityClassName is zero. create: true # If not set a name is generated using the fullname template and "-pod" suffix