Skip to content

Commit

Permalink
feat(cloudnative-pg): upgrade cluster to postgres 17
Browse files Browse the repository at this point in the history
  • Loading branch information
@prehor
prehor committed Dec 28, 2024
1 parent 111370c commit f2eb029
Show file tree
Hide file tree
Showing 3 changed files with 106 additions and 4 deletions.
1 change: 1 addition & 0 deletions kubernetes/main/apps/database/cloudnative-pg/cluster/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./cluster16.yaml
- ./postgres17.yaml
- ./imagecatalog.yaml
- ./prometheusrule.yaml
- ./secret.sops.yaml
Expand Down
101 changes: 101 additions & 0 deletions kubernetes/main/apps/database/cloudnative-pg/cluster/postgres17.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/cluster_v1.json
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: postgres17
spec:
instances: 3
imageName: ghcr.io/cloudnative-pg/postgresql:17.2-26
primaryUpdateMethod: switchover
primaryUpdateStrategy: unsupervised
storage:
size: 15Gi
storageClass: local-database
superuserSecret:
name: postgres-cluster-secret
enableSuperuserAccess: true
postgresql:
parameters:
max_wal_size: "4096" # See walSegmentSize: 1024 in bootstrap.initdb
shared_buffers: "256MB"
# ZFS tuning
# https://openzfs.github.io/openzfs-docs/Performance%20and%20Tuning/Workload%20Tuning.html#postgresql
# https://vadosware.io/post/everything-ive-seen-on-optimizing-postgres-on-zfs-on-linux/
# https://kubeblocks.io/blog/A-testing-report-for-optimizing-PG-performance-on-Kubernetes
full_page_writes: "off"
recovery_prefetch: "try"
wal_init_zero: "off"
wal_recycle: "off"
nodeMaintenanceWindow:
inProgress: false
reusePVC: true
resources:
requests:
cpu: 20m
limits:
memory: 4Gi
monitoring:
enablePodMonitor: true
# https://github.com/cloudnative-pg/cloudnative-pg/issues/2501
podMonitorMetricRelabelings:
- { sourceLabels: ["cluster"], targetLabel: cnpg_cluster, action: replace }
- { regex: cluster, action: labeldrop }
backup:
retentionPolicy: 30d
barmanObjectStore: &barmanObjectStore
data:
compression: bzip2
encryption: AES256
wal:
compression: bzip2
encryption: AES256
destinationPath: s3://home-ops-postgresql
endpointURL: https://s3.${STORAGE_DOMAIN}
# Note: serverName version needs to be incremented
# when recovering from an existing cnpg cluster
serverName: &currentCluster postgres17-v0
s3Credentials:
accessKeyId:
name: postgres-cluster-secret
key: MINIO_ACCESS_KEY
secretAccessKey:
name: postgres-cluster-secret
key: MINIO_SECRET_KEY
bootstrap:
initdb:
# The postgres-db-manager user will be used to create databases using onedr0p/postgres-init
database: postgres-db-manager
owner: postgres-db-manager
secret:
name: postgres-secret
postInitApplicationSQL:
- ALTER USER "postgres-db-manager" WITH SUPERUSER;
# Import databases from previous major version cluster
import:
type: monolith
databases:
- '*'
roles:
- '*'
source:
externalCluster: &previousCluster postgres16
# ZFS tuning
walSegmentSize: 1024
# # Recover from previous cluster barman backup
# recovery:
# source: &previousCluster postgres16
externalClusters:
- name: *previousCluster
connectionParameters:
host: postgres16-rw.database.svc.cluster.local
user: postgres
dbname: postgres
password:
name: postgres-cluster-secret
key: password
# # Note: serverName version needs to be set to the version of the
# # previous cluster when recovering from an existing cnpg cluster
# barmanObjectStore:
# <<: *barmanObjectStore
# serverName: postgres16-v0
8 changes: 4 additions & 4 deletions kubernetes/main/apps/database/cloudnative-pg/secret-store/secret.sops.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ type: kubernetes.io/basic-auth
stringData:
username: ENC[AES256_GCM,data:NdHF9Qwkz2IchN7ZNAkOc8T79g==,iv:poEpMBBUdLZ74/tXT7Pl0YEpA77ipzXQbCuCv2BxQfc=,tag:M7GGoQ9plf7pB9M+CJoWAQ==,type:str]
password: ENC[AES256_GCM,data:NelCvK8JWiVYs/SKznJdL22BxeqOJigxfTH5/dOD0Ygp1DXdVn7Dng==,iv:XcgLYqPq0bczrBtJ0bRyzm8die/AnHPJda4UI0bWpYw=,tag:V9wSU1SgCeJGK/QBCQrWWQ==,type:str]
host: ENC[AES256_GCM,data:cq8dCqQym8NXWBfKNYAzuRgMB1vprzOKO4kaui1fxXMKgXSmufhzlA==,iv:fxRuRBC5IIo/l4jdngmt3iJAeZwYt+miRyx9g9c1pAw=,tag:FIGID2Z8ipULIONgG9Wz2g==,type:str]
host: ENC[AES256_GCM,data:pEoSsfmguoxU8+5UdJ0zpW3qwI7kfQGfCMLJYUmr/TqpqfKmjMs6Qw==,iv:fZQxWS0tHCj7Tv4zBAO484/ArrlavPMD+DMfHY7Zrbk=,tag:Tcn+sWX7u09RAoMyN09sUw==,type:str]
port: ENC[AES256_GCM,data:0lFLtQ==,iv:FEISHo/SmZFewMPgf1tYTVVv9Mx+rBogi/z3bzhHu5M=,tag:8eiii2SP4l7D3cqvA+CvNg==,type:str]
sops:
kms: []
Expand All @@ -23,8 +23,8 @@ sops:
TFVsdVdLWTNvV3BVaGN0b0lFeFBCcVkKHk5dzlxehWoltG2KKfggnoISjpLi1UY9
KOWf7mbkJihA3Et9aP5MJqxs+hDqBG6awMdrrso/YxFrrYygAHpQbA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-19T14:38:59Z"
mac: ENC[AES256_GCM,data:OUEJoYTHxECyQyXCDYJ6XWEm9mJaZjREu5/eyr2zVPOOhshqGw8LXXekGZzExVA3FEQl7yS56cWoyM58UWRXzfKu3HCvYS3Az8XIqeC215Q+156BwPQ/fQUeDoGNxrdylk9dq9w1F1UYnKEWg8HV7/CYgG0rf3o5bmCEZpp0MaM=,iv:99oMxlKrla3sC57WcK1RoRLxHAo7ahxsk+7b54C/6Do=,tag:rf6xRBcrkekkREVottcqwA==,type:str]
lastmodified: "2024-12-28T21:46:00Z"
mac: ENC[AES256_GCM,data:dfxOb4Yy/z0vrwidknhympJL2MwWN92TBUAke2aWjrwKyRUnsI7Hp9S2Isf+vwaWCTIZeEA5ziN3Giaes8vnn7U7WjQGcno7ZLwSZtDnz48E6TYn/9wrAPUYyPmcsgpmQn9CKXF4irpipbsszWsWFawG8BIPyfajpLNqfVNz+lA=,iv:mcCuERx9mYGLN0C5UkpBxx8IRy8QqYY89+/acVUSeEE=,tag:ezCVaqjiPV++/q4c7wQZxg==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.8.1
version: 3.9.0

0 comments on commit f2eb029

Please sign in to comment.