From f109ccbceeba15dd6e023a6c1b7c634ee07ba3a6 Mon Sep 17 00:00:00 2001 From: geekifier Date: Sat, 22 Nov 2025 06:28:33 +0000 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=84=20synced=20file(s)=20with=20geekif?= =?UTF-8?q?ier/xenu-ng?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .mise.toml | 12 +-- .../cloudnative-pg/cluster/pg16-monolith.yaml | 31 +------ .../cloudnative-pg/cluster/pg17-monolith.yaml | 91 +++++++++++++++++++ .../apps/db/cloudnative-pg/db/teslamate.yaml | 2 + .../operator/kustomization.yaml | 1 + .../app/helmrelease.yaml | 2 +- .../default/miniflux/app/secret.sops.yaml | 8 +- .../default/spoolman/app/secret.sops.yaml | 8 +- .../install/resources/storageclasses.yaml | 15 +++ .../observability/gatus/app/helmrelease.yaml | 4 +- 10 files changed, 130 insertions(+), 44 deletions(-) create mode 100644 kubernetes/apps/db/cloudnative-pg/cluster/pg17-monolith.yaml diff --git a/.mise.toml b/.mise.toml index 37fe5fa..4ef16b5 100644 --- a/.mise.toml +++ b/.mise.toml @@ -18,19 +18,19 @@ uv = "latest" k9s = "latest" helm-diff = "latest" "aqua:cilium/cilium-cli" = "0.18.8" -"aqua:cli/cli" = "2.83.0" +"aqua:cli/cli" = "2.83.1" "aqua:cloudflare/cloudflared" = "2025.11.1" -"aqua:cue-lang/cue" = "0.15.0" +"aqua:cue-lang/cue" = "0.15.1" "aqua:FiloSottile/age" = "1.2.1" "aqua:fluxcd/flux2" = "2.7.3" "aqua:getsops/sops" = "3.11.0" -"aqua:go-task/task" = "3.45.4" -"aqua:helm/helm" = "3.19.0" -"aqua:helmfile/helmfile" = "1.1.9" +"aqua:go-task/task" = "3.45.5" +"aqua:helm/helm" = "3.19.2" +"aqua:helmfile/helmfile" = "1.2.0" "aqua:jqlang/jq" = "1.8.1" "aqua:kubernetes-sigs/kustomize" = "5.7.1" "aqua:kubernetes/kubectl" = "1.34.0" -"aqua:mikefarah/yq" = "4.48.1" +"aqua:mikefarah/yq" = "4.49.1" "aqua:siderolabs/talos" = "1.11.5" "aqua:yannh/kubeconform" = "0.7.0" "go:github.com/VictoriaMetrics-Community/mcp-victoriametrics/cmd/mcp-victoriametrics" = { version = "latest" } diff --git a/kubernetes/apps/db/cloudnative-pg/cluster/pg16-monolith.yaml b/kubernetes/apps/db/cloudnative-pg/cluster/pg16-monolith.yaml index 52c2665..4c8bf15 100644 --- a/kubernetes/apps/db/cloudnative-pg/cluster/pg16-monolith.yaml +++ b/kubernetes/apps/db/cloudnative-pg/cluster/pg16-monolith.yaml @@ -5,13 +5,14 @@ kind: Cluster metadata: name: &clusterName postgres16 spec: - instances: 2 - imageName: ghcr.io/cloudnative-pg/postgresql:16.8 + instances: 1 + imageName: ghcr.io/cloudnative-pg/postgresql:17.6 primaryUpdateStrategy: unsupervised primaryUpdateMethod: switchover storage: size: 20Gi - storageClass: longhorn-cluster + storageClass: longhorn-cluster-best-effort + resizeInUseVolumes: false enableSuperuserAccess: true postgresql: parameters: @@ -55,30 +56,6 @@ spec: secretAccessKey: name: cloudnative-pg-garage-secret key: CNPG_S3_SECRET_ACCESS_KEY - - # Note: previousCluster needs to be set to the name of the previous - # cluster when recovering from an existing cnpg cluster - bootstrap: - initdb: - import: - schemaOnly: true - type: monolith - databases: ["*"] - roles: ["*"] - source: - externalCluster: &sourceCluster vacuum2 - # Note: externalClusters is needed when recovering from an existing cnpg cluster - externalClusters: - - name: *sourceCluster - connectionParameters: - host: vacuum2.${SECRET_DOMAIN_INT} - user: postgres - dbname: postgres - port: "5432" - sslmode: prefer - password: - key: password - name: pgsql-vacuum-postgres --- # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/scheduledbackup_v1.json apiVersion: postgresql.cnpg.io/v1 diff --git a/kubernetes/apps/db/cloudnative-pg/cluster/pg17-monolith.yaml b/kubernetes/apps/db/cloudnative-pg/cluster/pg17-monolith.yaml new file mode 100644 index 0000000..da92a84 --- /dev/null +++ b/kubernetes/apps/db/cloudnative-pg/cluster/pg17-monolith.yaml @@ -0,0 +1,91 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/cluster_v1.json +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: &clusterName postgres17 +spec: + instances: 2 + imageName: ghcr.io/cloudnative-pg/postgresql:17.6 + primaryUpdateStrategy: unsupervised + primaryUpdateMethod: switchover + storage: + size: 20Gi + storageClass: longhorn-cluster-best-effort + resizeInUseVolumes: false + enableSuperuserAccess: true + postgresql: + parameters: + max_connections: "300" + shared_buffers: "128MB" + pg_stat_statements.max: "10000" + pg_stat_statements.track: all + nodeMaintenanceWindow: + inProgress: false + # prevent node drain issues with Longhorn strict-local volumes + reusePVC: false + resources: + requests: + cpu: 250m + memory: 512Mi + limits: + memory: 2Gi + monitoring: + enablePodMonitor: true + + backup: + retentionPolicy: 30d + barmanObjectStore: &barmanObjectStore + data: + compression: bzip2 + wal: + compression: bzip2 + maxParallel: 1 + destinationPath: s3://cloudnative-pg/ + endpointURL: "http://blackhole2.${SECRET_DOMAIN_INT}:3900" + # Note: serverName version needs to be incremented + # when recovering from an existing cnpg cluster + serverName: postgres17-02 + s3Credentials: + region: + name: cloudnative-pg-garage-secret + key: CNPG_S3_REGION + accessKeyId: + name: cloudnative-pg-garage-secret + key: CNPG_S3_ACCESS_KEY_ID + secretAccessKey: + name: cloudnative-pg-garage-secret + key: CNPG_S3_SECRET_ACCESS_KEY + + bootstrap: + initdb: + import: + type: monolith + databases: ["*"] + roles: ["*"] + source: + externalCluster: postgres16-source + + externalClusters: + - name: postgres16-source + connectionParameters: + host: postgres16-rw.db.svc.cluster.local + user: postgres + dbname: postgres + port: "5432" + password: + name: postgres16-superuser + key: password +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/scheduledbackup_v1.json +apiVersion: postgresql.cnpg.io/v1 +kind: ScheduledBackup +metadata: + name: postgres17-daily + namespace: db +spec: + schedule: "@daily" + immediate: true + backupOwnerReference: self + cluster: + name: postgres17 diff --git a/kubernetes/apps/db/cloudnative-pg/db/teslamate.yaml b/kubernetes/apps/db/cloudnative-pg/db/teslamate.yaml index f561e36..1e7e07f 100644 --- a/kubernetes/apps/db/cloudnative-pg/db/teslamate.yaml +++ b/kubernetes/apps/db/cloudnative-pg/db/teslamate.yaml @@ -34,6 +34,8 @@ spec: DATABASE_USER: "{{.Role}}" DATABASE_PASS: "{{.Password}}" DATABASE_NAME: "{{.Database}}" + # We need to set this manually because the value forced by the operator overwrited Teslamate's app port + PORT: "4000" --- apiVersion: db.movetokube.com/v1alpha1 kind: PostgresUser diff --git a/kubernetes/apps/db/cloudnative-pg/operator/kustomization.yaml b/kubernetes/apps/db/cloudnative-pg/operator/kustomization.yaml index 9d8bbb5..5b82aec 100644 --- a/kubernetes/apps/db/cloudnative-pg/operator/kustomization.yaml +++ b/kubernetes/apps/db/cloudnative-pg/operator/kustomization.yaml @@ -5,6 +5,7 @@ resources: - ./helmrelease.yaml - ./garage.secret.sops.yaml - ../cluster/pg16-monolith.yaml + - ../cluster/pg17-monolith.yaml # configMapGenerator: # - name: vm-kube-state-metrics-cm # files: diff --git a/kubernetes/apps/db/ext-postgres-operator/app/helmrelease.yaml b/kubernetes/apps/db/ext-postgres-operator/app/helmrelease.yaml index e85c21c..98c8aef 100644 --- a/kubernetes/apps/db/ext-postgres-operator/app/helmrelease.yaml +++ b/kubernetes/apps/db/ext-postgres-operator/app/helmrelease.yaml @@ -26,7 +26,7 @@ spec: keepHistory: false valuesFrom: - kind: Secret - name: &pgSecretName postgres16-superuser + name: &pgSecretName postgres17-superuser valuesKey: username targetPath: postgres.user - kind: Secret diff --git a/kubernetes/apps/default/miniflux/app/secret.sops.yaml b/kubernetes/apps/default/miniflux/app/secret.sops.yaml index 762a939..d1260a5 100644 --- a/kubernetes/apps/default/miniflux/app/secret.sops.yaml +++ b/kubernetes/apps/default/miniflux/app/secret.sops.yaml @@ -3,7 +3,7 @@ kind: Secret metadata: name: miniflux-secret stringData: - DATABASE_URL: ENC[AES256_GCM,data:FvEGzbTVNqeuGg/LyeBtDP1fQ91Xlx5duUxHZIeFIZ6gV3zf0Jwcq6rEh4Rah/GvceGvQ83GHeXUTPAVy7aSmCnH+0boOmWnhMum583jMkd1DCsT70c5rXr+JtV3eRr3vOBO5l51095eIn3XXcRwtJ34bIse6hHbWWwgUi/DZRiegACkNURNGMk=,iv:sZjoRVvffSkdNGAgfzr8VZuizOW0gj7qNUbMf5aa+ZM=,tag:ODDYOyggcbTSadlIRLgoEg==,type:str] + DATABASE_URL: ENC[AES256_GCM,data:94GVTlNHEUYkCJEIjUWVlg4dKK01xwuRnIYTKcAtWn/wvtRqSa1x0rUbRI8l30HdECLRbpkwqNnIJY5Qs5hLMsGP5weB8HnWfElxOK4YGZzhwuecmkJ5bN8cNvfve5fRLtWZtGcfXXuz30qQxYruk5i8zw/P8WP6mWB0K7+jX+Q9usDkOLdTJYg=,iv:YVnzbG+tx7Mr9Mi2GdT09T4jEC5TU2VjhDBGwFaKV2s=,tag:F4+pChoUdTdQ23j+/PqLfA==,type:str] ADMIN_USERNAME: ENC[AES256_GCM,data:GscFoe0=,iv:JWQvtp6mP3EOlrlERdsiMrLDNGo63f06yD83iv6nqNs=,tag:AtH3d7okwe7IbSPu7QsoYQ==,type:str] ADMIN_PASSWORD: ENC[AES256_GCM,data:6bwjatwbw246QNiaLCLMP/ERutih2c6KWuci0S/LNic=,iv:xrJx/81fC8Op8wob0pER2BAStGXI2qanKaf9Sh4GdCQ=,tag:JMiGUryozxCcn3eEz6NrYw==,type:str] sops: @@ -17,8 +17,8 @@ sops: RDd2U0drbEdBSlUzM2tqNllwdFV1bUUKpHodzy+B3c17l6MXv4yCxMwVyOeZS0qU UFNWn45CooTgqw8LQWrntXaGLfupe2caifsRa4py0JyTufgYZHZGig== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-18T12:52:23Z" - mac: ENC[AES256_GCM,data:CqHQBm6Zm0ievdzhen59Z6JvV8OrfiQD9Cq0muBVp81SGpgRxpPHLlVMlnLGLeNttDIUf+MCakMrutsvB9d6K3Fu5PKd1/A+JMaCaHaTmA8HQkPh9hp68i31wOd2RA9DDgz1XM50lHv7mr06jYhvzh65o0lPnV6g68jJPp2+NtQ=,iv:RHyTUSZAhCiFzRuEkZioYJmUE+9fs/Dq70CPqGEjpxQ=,tag:xz5Qf9ppU2rlFfWcPEREzQ==,type:str] + lastmodified: "2025-11-11T20:34:35Z" + mac: ENC[AES256_GCM,data:rLwLvvMYwJoQggpz+6ZmdDeW+4dBvs2C80GGYKQoxDtb8Smn0RmoNesG8PIMV94NbYbjPGBvG/Yayh1sf+2GaT7lMdFZWl5+VqRDCDj7/T4uauHPtn9R5yF/2uOb46xeVjW5eko5m6+r6UklXecWRPHU5zzvSOnq+EAN2v6Rj1Q=,iv:xPKMH/9eYpx3x43J9/t1EPQaGbTyJfetpIAYXOP1/Kg=,tag:4Q/oFECH4EvVv/V39tr9PQ==,type:str] encrypted_regex: ^(data|stringData)$ mac_only_encrypted: true - version: 3.10.1 + version: 3.11.0 diff --git a/kubernetes/apps/default/spoolman/app/secret.sops.yaml b/kubernetes/apps/default/spoolman/app/secret.sops.yaml index 9867512..4c63221 100644 --- a/kubernetes/apps/default/spoolman/app/secret.sops.yaml +++ b/kubernetes/apps/default/spoolman/app/secret.sops.yaml @@ -3,7 +3,7 @@ kind: Secret metadata: name: spoolman-secret stringData: - SPOOLMAN_DB_HOST: ENC[AES256_GCM,data:cTDkHd4cbKZTHZgElwUdQIQeWe2Sl3q/RGJkhX8G2DZ5GA==,iv:Sna0inSs426J3kIarBlxSJrYUMCd05jeNNU4A9h0ZvA=,tag:cU9Q7F301ztr04BiZ7eoEg==,type:str] + SPOOLMAN_DB_HOST: ENC[AES256_GCM,data:ibyuoZbnYbCLVWSXKWMrEdpuIVbn32D770/5wJsjMxF4Ew==,iv:33+79KOw9Wq36UVdDM4EACWI7TtW9tnr373Bc8K7dSQ=,tag:O5IeA8ybG9l86OVxrcB7Og==,type:str] SPOOLMAN_DB_PORT: ENC[AES256_GCM,data:Ag5Lyw==,iv:5j72OaI6BghJxbYJmllDhufP2rKnWFN2e175yNB7FIE=,tag:C4RnHF5w3PGRk/ql5Znnhg==,type:str] SPOOLMAN_DB_TYPE: ENC[AES256_GCM,data:kJD0hPuJqA0=,iv:WalatG+dvBPD929Ja1svvCYxygNxOLzsztziynCjDag=,tag:1+dMJWlC9MaC2s2qoM6yjA==,type:str] SPOOLMAN_DB_NAME: ENC[AES256_GCM,data:B7hisDGmca8=,iv:zo4cOylF7RLg54ktYUUoFqCWS4VzKoDXUOL+AracKyM=,tag:u4xjoPzoFS/a0l8KKUglIw==,type:str] @@ -21,8 +21,8 @@ sops: eDRSUm9XRkRJMkZ6T2llS3dYY3Jid2cKIfzmEgv02gSnJerAx0iB4+i0s4Hb5sfX NDngSVouDeaxEltj0jtnEIpIgdkqTw0dnkHUR/yf/LtfWMn8x9F1FA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-19T00:04:58Z" - mac: ENC[AES256_GCM,data:X5cK7EB/IIUf5AtWGEF5c3JxIMXBM6lrR0hrK1v/gLFHWzyq7J+a+Ty2+0mbSmJb8nvUthJT25Jn7B3hqVj1CvwrxnfSthET8FW/ka6nihANdPfJufDH644lF8oLjHoZUvlttxuyZRB8/5jCb75LbBHVgd1becQjIdwhwj94DGQ=,iv:KpLwdiTz298LhiQ2dERYhGPNzBpmRT4RnX5qZcm4Sxk=,tag:7Lm6U4/XP17q9x2YNEuqqA==,type:str] + lastmodified: "2025-11-11T20:31:46Z" + mac: ENC[AES256_GCM,data:rsEEBnH8/txYR3+wjj4cKYooBfpdwO79pt2upFwirjjnsa+qYEar1ROfhzyDfqSOFWFsrUTvt/DW8P1GuNvyRt2gySdQSuxfGEvImZaHkhcmxBn5eNoA7pDL2NMB4ZpZ/SRzyT+1OaMldqSgmUIfgeJMTG+qZXnNqsXpqUQvt/M=,iv:e/1zIGFDepy/vWhhfo5RwSBSRIbz8mAXFleaNgJBMvE=,tag:48gvhjE3b0gbj/EquKFCNw==,type:str] encrypted_regex: ^(data|stringData)$ mac_only_encrypted: true - version: 3.10.1 + version: 3.11.0 diff --git a/kubernetes/apps/longhorn-system/install/resources/storageclasses.yaml b/kubernetes/apps/longhorn-system/install/resources/storageclasses.yaml index d0a3f94..12374c1 100644 --- a/kubernetes/apps/longhorn-system/install/resources/storageclasses.yaml +++ b/kubernetes/apps/longhorn-system/install/resources/storageclasses.yaml @@ -48,6 +48,21 @@ parameters: --- kind: StorageClass apiVersion: storage.k8s.io/v1 +metadata: + name: longhorn-cluster-best-effort +provisioner: driver.longhorn.io +allowVolumeExpansion: true +reclaimPolicy: Delete +volumeBindingMode: WaitForFirstConsumer +parameters: + numberOfReplicas: "1" + fromBackup: "" + fsType: "ext4" + dataLocality: "best-effort" + dataEngine: "v1" +--- +kind: StorageClass +apiVersion: storage.k8s.io/v1 metadata: name: longhorn-yolo provisioner: driver.longhorn.io diff --git a/kubernetes/apps/observability/gatus/app/helmrelease.yaml b/kubernetes/apps/observability/gatus/app/helmrelease.yaml index cd3f31e..3c117fa 100644 --- a/kubernetes/apps/observability/gatus/app/helmrelease.yaml +++ b/kubernetes/apps/observability/gatus/app/helmrelease.yaml @@ -28,7 +28,7 @@ spec: init-config: image: repository: ghcr.io/home-operations/k8s-sidecar - tag: 1.30.11@sha256:d8a53f834b0fe70030df75f3f956d1c5e56fbb067b09803708b2bc26e26cfc12 + tag: 2.1.2@sha256:d9e169add4e71fd5931a24e11696853f3d804ebc2022cd81f038e7ef22f4d626 env: FOLDER: &GATUS_CONFIG /config LABEL: gatus.io/enabled @@ -41,7 +41,7 @@ spec: requests: cpu: 10m limits: - memory: 128Mi + memory: 256Mi containers: # app: # image: