add 3

3.zalando/README.md

@@ -0,0 +1,18 @@
+# Zalando
+
+1. install operator
+
+```shell
+helm install zalando -n zalando --create-namespace charts/postgres-operator
+```
+
+2. install cluster
+
+```shell
+kubectl apply -f 3.zalando/baseCluster.yaml
+```
+
+
+## больше
+
+https://github.com/zalando/postgres-operator/blob/master/docs/administrator.md

3.zalando/baseCluster.yaml

@@ -1,14 +1,40 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: rm-pgsql
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: logical-backup-secrets
+  namespace: rm-pgsql
+stringData:
+  LOGICAL_BACKUP_PROVIDER: s3
+  LOGICAL_BACKUP_S3_ENDPOINT: https://s3-nsk.bildme.ru
+  LOGICAL_BACKUP_S3_REGION: ru-nsk
+  LOGICAL_BACKUP_S3_BUCKET: zalando-backups
+  LOGICAL_BACKUP_S3_BUCKET_PREFIX: ''
+  LOGICAL_BACKUP_S3_RETENTION_TIME: '2 week'
+  LOGICAL_BACKUP_S3_SSE: ''
+  AWS_ACCESS_KEY_ID: zalando-user
+  AWS_SECRET_ACCESS_KEY: C7oMRPqifdHRgNJMfmPKoNhyw
+---
+
 kind: "postgresql"
 apiVersion: "acid.zalan.do/v1"
 metadata:
   name: "rm-psql"
+  namespace: rm-pgsql
   labels:
     team: rm
     app: rm-pgsql
     resource-group: rm-pgsql
 spec:
   teamId: "rm"
-  dockerImage: ghcr.io/zalando/spilo-16:3.2-p2
+  # dockerImage: ghcr.io/zalando/spilo-16:3.2-p2
+  enableLogicalBackup: true
+  logicalBackupSchedule: "30 */6 * * *"
   numberOfInstances: 2
   spiloRunAsUser: 101
   spiloRunAsGroup: 103
@@ -23,7 +49,7 @@ spec:
         log_rotation_size: '1024000'
         log_min_duration_statement: '1000'
   volume:
-    size: "5Gi"
+    size: "6Gi"
     storageClass: "longhorn"
   users:
     rmu:
@@ -35,8 +61,10 @@ spec:
   patroni:
     pg_hba:
       - local     all  all  trust
+      - local     replication standby trust
       - host      all  all  0.0.0.0/0   md5
       - host      all  all  ::1/128     md5
+      - host      replication standby 0.0.0.0/0 md5 # TODO
   resources:
     requests:
       cpu: "0.4"
@@ -44,4 +72,31 @@ spec:
     limits:
       cpu: "0.8"
       memory: "1Gi"
+  sidecars:
+    - name: "zalando-exporter"
+      image: "wrouesnel/postgres_exporter"
+      ports:
+        - name: exporter
+          containerPort: 9187
+          protocol: TCP
+      resources:
+        limits:
+          cpu: 100m
+          memory: 256M
+        requests:
+          cpu: 50m
+          memory: 128M
+      env:
+        - name: "DATA_SOURCE_URI"
+          value: "localhost:5432/rm?sslmode=disable"
+        - name: "DATA_SOURCE_USER"
+          valueFrom:
+            secretKeyRef:
+              name: rmu.rm-psql
+              key: username
+        - name: "DATA_SOURCE_PASS"
+          valueFrom:
+            secretKeyRef:
+              name: rmu.rm-psql
+              key: password
 ---

3.zalando/exampleApp.yaml

@@ -0,0 +1,85 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: test-app
+  namespace: rm-pgsql
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: test-app
+  template:
+    metadata:
+      labels:
+        app: test-app
+    spec:
+      containers:
+      - name: test-app
+        image: node:18
+        command: ["/bin/sh", "-c"]
+        args:
+        - |
+          mkdir -p /tmp/app && \
+          cp /app/test_app.js /app/package.json /tmp/app/ && \
+          cd /tmp/app && \
+          npm install && \
+          node test_app.js
+        env:
+        - name: DB_HOST
+          value: rm-psql-pooler-repl
+        - name: DB_USER
+          valueFrom:
+            secretKeyRef:
+              name: rmu.rm-psql
+              key: username
+        - name: DB_PASSWORD
+          value: "123"
+        - name: DB_NAME
+          value: rm
+        volumeMounts:
+        - name: app-code
+          mountPath: /app
+      volumes:
+      - name: app-code
+        configMap:
+          name: test-app-configmap
+          items:
+          - key: test_app.js
+            path: test_app.js
+          - key: package.json
+            path: package.json
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: test-app-configmap
+  namespace: rm-pgsql
+data:
+  test_app.js: |
+    const { Client } = require('pg');
+
+        const client = new Client({
+          host: process.env.DB_HOST,
+          user: process.env.DB_USER,
+          password: process.env.DB_PASSWORD,
+          database: process.env.DB_NAME
+        });
+
+        client.connect()
+          .then(() => {
+            console.log(`Successfully connected to the database ${process.env.DB_NAME} on ${process.env.DB_HOST}`);
+            return client.end();
+          })
+          .catch((err) => {
+            console.error(`Error: ${err}`);
+          });
+  package.json: |
+      {
+        "name": "test-app",
+        "version": "1.0.0",
+        "main": "test_app.js",
+        "dependencies": {
+          "pg": "^8.7.1"
+        }
+      }
+---

charts/postgres-operator/values.yaml

@@ -186,7 +186,7 @@ configKubernetes:
   # namespaced name of the ConfigMap with environment variables to populate on every pod
   # pod_environment_configmap: "default/my-custom-config"
   # name of the Secret (in cluster namespace) with environment variables to populate on every pod
-  # pod_environment_secret: "my-custom-secret"
+  pod_environment_secret: "" # TODO
 
   # specify the pod management policy of stateful sets of Postgres clusters
   pod_management_policy: "ordered_ready"
@@ -194,17 +194,18 @@ configKubernetes:
   pod_role_label: spilo-role
   # service account definition as JSON/YAML string to be used by postgres cluster pods
   # pod_service_account_definition: ""
+  # TODO pod_service_account_definition: '{ "apiVersion": "v1", "kind": "ServiceAccount", "metadata": { "name": "postgres-pod" }, "imagePullSecrets": [ { "name": "registry-secret" } ] }'
 
   # role binding definition as JSON/YAML string to be used by pod service account
   # pod_service_account_role_binding_definition: ""
 
   # Postgres pods are terminated forcefully after this timeout
-  pod_terminate_grace_period: 5m
+  pod_terminate_grace_period: 1m # TODO 5m
   # template for database user secrets generated by the operator,
   # here username contains the namespace in the format namespace.username
   # if the user is in different namespace than cluster and cross namespace secrets
   # are enabled via `enable_cross_namespace_secret` flag in the configuration.
-  secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}"
+  secret_name_template: "{username}.{cluster}" # TODO "{username}.{cluster}.credentials.{tprkind}.{tprgroup}"
   # sharing unix socket of PostgreSQL (`pg_socket`) with the sidecars
   share_pgsocket_with_sidecars: false
   # set user and group for the spilo container (required to run Spilo as non-root process)
@@ -258,7 +259,7 @@ configTimeouts:
   # timeout when waiting for successful response from Patroni API
   patroni_api_check_timeout: 5s
   # timeout when waiting for the Postgres pods to be deleted
-  pod_deletion_wait_timeout: 10m
+  pod_deletion_wait_timeout: 3m # TODO 10m
   # timeout when waiting for pod role and cluster labels
   pod_label_wait_timeout: 10m
   # interval between consecutive attempts waiting for postgresql CRD to be created
@@ -389,7 +390,7 @@ configLogicalBackup:
   # backup schedule in the cron format
   logical_backup_schedule: "30 00 * * *"
   # secret to be used as reference for env variables in cronjob
-  logical_backup_cronjob_environment_secret: ""
+  logical_backup_cronjob_environment_secret: "logibackup-secrets" # TODO
 
 # automate creation of human users with teams API service
 configTeamsApi:
@@ -478,7 +479,7 @@ priorityClassName: ""
 # priority class for database pods
 podPriorityClassName:
   # If create is false with no name set, no podPriorityClassName is specified.
-  # Hence, the pod priorityClass is the one with globalDefault set. 
+  # Hence, the pod priorityClass is the one with globalDefault set.
   # If there is no PriorityClass with globalDefault set, the priority of Pods with no priorityClassName is zero.
   create: true
   # If not set a name is generated using the fullname template and "-pod" suffix