add 3

2024-08-01 15:18:36 +07:00
parent 3ba1d57a61
commit 33e0f7aa29
4 changed files with 167 additions and 8 deletions
--- a/3.zalando/README.md
+++ b/3.zalando/README.md
@@ -0,0 +1,18 @@
+# Zalando
+
+1. install operator
+
+```shell
+helm install zalando -n zalando --create-namespace charts/postgres-operator
+```
+
+2. install cluster
+
+```shell
+kubectl apply -f 3.zalando/baseCluster.yaml
+```
+
+
+## больше
+
+https://github.com/zalando/postgres-operator/blob/master/docs/administrator.md
--- a/3.zalando/baseCluster.yaml
+++ b/3.zalando/baseCluster.yaml
@@ -1,14 +1,40 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: rm-pgsql
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: logical-backup-secrets
+  namespace: rm-pgsql
+stringData:
+  LOGICAL_BACKUP_PROVIDER: s3
+  LOGICAL_BACKUP_S3_ENDPOINT: https://s3-nsk.bildme.ru
+  LOGICAL_BACKUP_S3_REGION: ru-nsk
+  LOGICAL_BACKUP_S3_BUCKET: zalando-backups
+  LOGICAL_BACKUP_S3_BUCKET_PREFIX: ''
+  LOGICAL_BACKUP_S3_RETENTION_TIME: '2 week'
+  LOGICAL_BACKUP_S3_SSE: ''
+  AWS_ACCESS_KEY_ID: zalando-user
+  AWS_SECRET_ACCESS_KEY: C7oMRPqifdHRgNJMfmPKoNhyw
+---
+
 kind: "postgresql"
 apiVersion: "acid.zalan.do/v1"
 metadata:
  name: "rm-psql"
+  namespace: rm-pgsql
  labels:
    team: rm
    app: rm-pgsql
    resource-group: rm-pgsql
 spec:
  teamId: "rm"
-  dockerImage: ghcr.io/zalando/spilo-16:3.2-p2
+  # dockerImage: ghcr.io/zalando/spilo-16:3.2-p2
+  enableLogicalBackup: true
+  logicalBackupSchedule: "30 */6 * * *"
  numberOfInstances: 2
  spiloRunAsUser: 101
  spiloRunAsGroup: 103
@@ -23,7 +49,7 @@ spec:
        log_rotation_size: '1024000'
        log_min_duration_statement: '1000'
  volume:
-    size: "5Gi"
+    size: "6Gi"
    storageClass: "longhorn"
  users:
    rmu:
@@ -35,8 +61,10 @@ spec:
  patroni:
    pg_hba:
      - local     all  all  trust
+      - local     replication standby trust
      - host      all  all  0.0.0.0/0   md5
      - host      all  all  ::1/128     md5
+      - host      replication standby 0.0.0.0/0 md5 # TODO
  resources:
    requests:
      cpu: "0.4"
@@ -44,4 +72,31 @@ spec:
    limits:
      cpu: "0.8"
      memory: "1Gi"
+  sidecars:
+    - name: "zalando-exporter"
+      image: "wrouesnel/postgres_exporter"
+      ports:
+        - name: exporter
+          containerPort: 9187
+          protocol: TCP
+      resources:
+        limits:
+          cpu: 100m
+          memory: 256M
+        requests:
+          cpu: 50m
+          memory: 128M
+      env:
+        - name: "DATA_SOURCE_URI"
+          value: "localhost:5432/rm?sslmode=disable"
+        - name: "DATA_SOURCE_USER"
+          valueFrom:
+            secretKeyRef:
+              name: rmu.rm-psql
+              key: username
+        - name: "DATA_SOURCE_PASS"
+          valueFrom:
+            secretKeyRef:
+              name: rmu.rm-psql
+              key: password
 ---
--- a/3.zalando/exampleApp.yaml
+++ b/3.zalando/exampleApp.yaml
@@ -0,0 +1,85 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: test-app
+  namespace: rm-pgsql
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: test-app
+  template:
+    metadata:
+      labels:
+        app: test-app
+    spec:
+      containers:
+      - name: test-app
+        image: node:18
+        command: ["/bin/sh", "-c"]
+        args:
+        - |
+          mkdir -p /tmp/app && \
+          cp /app/test_app.js /app/package.json /tmp/app/ && \
+          cd /tmp/app && \
+          npm install && \
+          node test_app.js
+        env:
+        - name: DB_HOST
+          value: rm-psql-pooler-repl
+        - name: DB_USER
+          valueFrom:
+            secretKeyRef:
+              name: rmu.rm-psql
+              key: username
+        - name: DB_PASSWORD
+          value: "123"
+        - name: DB_NAME
+          value: rm
+        volumeMounts:
+        - name: app-code
+          mountPath: /app
+      volumes:
+      - name: app-code
+        configMap:
+          name: test-app-configmap
+          items:
+          - key: test_app.js
+            path: test_app.js
+          - key: package.json
+            path: package.json
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: test-app-configmap
+  namespace: rm-pgsql
+data:
+  test_app.js: |
+    const { Client } = require('pg');
+
+        const client = new Client({
+          host: process.env.DB_HOST,
+          user: process.env.DB_USER,
+          password: process.env.DB_PASSWORD,
+          database: process.env.DB_NAME
+        });
+
+        client.connect()
+          .then(() => {
+            console.log(`Successfully connected to the database ${process.env.DB_NAME} on ${process.env.DB_HOST}`);
+            return client.end();
+          })
+          .catch((err) => {
+            console.error(`Error: ${err}`);
+          });
+  package.json: |
+      {
+        "name": "test-app",
+        "version": "1.0.0",
+        "main": "test_app.js",
+        "dependencies": {
+          "pg": "^8.7.1"
+        }
+      }
+---
--- a/charts/postgres-operator/values.yaml
+++ b/charts/postgres-operator/values.yaml
@@ -186,7 +186,7 @@ configKubernetes:
  # namespaced name of the ConfigMap with environment variables to populate on every pod
  # pod_environment_configmap: "default/my-custom-config"
  # name of the Secret (in cluster namespace) with environment variables to populate on every pod
-  # pod_environment_secret: "my-custom-secret"
+  pod_environment_secret: "" # TODO

  # specify the pod management policy of stateful sets of Postgres clusters
  pod_management_policy: "ordered_ready"
@@ -194,17 +194,18 @@ configKubernetes:
  pod_role_label: spilo-role
  # service account definition as JSON/YAML string to be used by postgres cluster pods
  # pod_service_account_definition: ""
+  # TODO pod_service_account_definition: '{ "apiVersion": "v1", "kind": "ServiceAccount", "metadata": { "name": "postgres-pod" }, "imagePullSecrets": [ { "name": "registry-secret" } ] }'

  # role binding definition as JSON/YAML string to be used by pod service account
  # pod_service_account_role_binding_definition: ""

  # Postgres pods are terminated forcefully after this timeout
-  pod_terminate_grace_period: 5m
+  pod_terminate_grace_period: 1m # TODO 5m
  # template for database user secrets generated by the operator,
  # here username contains the namespace in the format namespace.username
  # if the user is in different namespace than cluster and cross namespace secrets
  # are enabled via `enable_cross_namespace_secret` flag in the configuration.
-  secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}"
+  secret_name_template: "{username}.{cluster}" # TODO "{username}.{cluster}.credentials.{tprkind}.{tprgroup}"
  # sharing unix socket of PostgreSQL (`pg_socket`) with the sidecars
  share_pgsocket_with_sidecars: false
  # set user and group for the spilo container (required to run Spilo as non-root process)
@@ -258,7 +259,7 @@ configTimeouts:
  # timeout when waiting for successful response from Patroni API
  patroni_api_check_timeout: 5s
  # timeout when waiting for the Postgres pods to be deleted
-  pod_deletion_wait_timeout: 10m
+  pod_deletion_wait_timeout: 3m # TODO 10m
  # timeout when waiting for pod role and cluster labels
  pod_label_wait_timeout: 10m
  # interval between consecutive attempts waiting for postgresql CRD to be created
@@ -389,7 +390,7 @@ configLogicalBackup:
  # backup schedule in the cron format
  logical_backup_schedule: "30 00 * * *"
  # secret to be used as reference for env variables in cronjob
-  logical_backup_cronjob_environment_secret: ""
+  logical_backup_cronjob_environment_secret: "logibackup-secrets" # TODO

 # automate creation of human users with teams API service
 configTeamsApi: