diff --git a/kubernetes/main/apps/database/cloudnative-pg/cluster/kustomization.yaml b/kubernetes/main/apps/database/cloudnative-pg/cluster/kustomization.yaml index cc941efc..3795e6a0 100644 --- a/kubernetes/main/apps/database/cloudnative-pg/cluster/kustomization.yaml +++ b/kubernetes/main/apps/database/cloudnative-pg/cluster/kustomization.yaml @@ -4,6 +4,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./cluster16.yaml + - ./postgres17.yaml - ./imagecatalog.yaml - ./prometheusrule.yaml - ./secret.sops.yaml diff --git a/kubernetes/main/apps/database/cloudnative-pg/cluster/postgres17.yaml b/kubernetes/main/apps/database/cloudnative-pg/cluster/postgres17.yaml new file mode 100644 index 00000000..aec777a9 --- /dev/null +++ b/kubernetes/main/apps/database/cloudnative-pg/cluster/postgres17.yaml @@ -0,0 +1,101 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/cluster_v1.json +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: postgres17 +spec: + instances: 3 + imageName: ghcr.io/cloudnative-pg/postgresql:17.2-26 + primaryUpdateMethod: switchover + primaryUpdateStrategy: unsupervised + storage: + size: 15Gi + storageClass: local-database + superuserSecret: + name: postgres-cluster-secret + enableSuperuserAccess: true + postgresql: + parameters: + max_wal_size: "4096" # See walSegmentSize: 1024 in bootstrap.initdb + shared_buffers: "256MB" + # ZFS tuning + # https://openzfs.github.io/openzfs-docs/Performance%20and%20Tuning/Workload%20Tuning.html#postgresql + # https://vadosware.io/post/everything-ive-seen-on-optimizing-postgres-on-zfs-on-linux/ + # https://kubeblocks.io/blog/A-testing-report-for-optimizing-PG-performance-on-Kubernetes + full_page_writes: "off" + recovery_prefetch: "try" + wal_init_zero: "off" + wal_recycle: "off" + nodeMaintenanceWindow: + inProgress: false + reusePVC: true + resources: + requests: + cpu: 20m + limits: + memory: 4Gi + monitoring: + enablePodMonitor: true + # https://github.com/cloudnative-pg/cloudnative-pg/issues/2501 + podMonitorMetricRelabelings: + - { sourceLabels: ["cluster"], targetLabel: cnpg_cluster, action: replace } + - { regex: cluster, action: labeldrop } + backup: + retentionPolicy: 30d + barmanObjectStore: &barmanObjectStore + data: + compression: bzip2 + encryption: AES256 + wal: + compression: bzip2 + encryption: AES256 + destinationPath: s3://home-ops-postgresql + endpointURL: https://s3.${STORAGE_DOMAIN} + # Note: serverName version needs to be incremented + # when recovering from an existing cnpg cluster + serverName: ¤tCluster postgres17-v0 + s3Credentials: + accessKeyId: + name: postgres-cluster-secret + key: MINIO_ACCESS_KEY + secretAccessKey: + name: postgres-cluster-secret + key: MINIO_SECRET_KEY + bootstrap: + initdb: + # The postgres-db-manager user will be used to create databases using onedr0p/postgres-init + database: postgres-db-manager + owner: postgres-db-manager + secret: + name: postgres-secret + postInitApplicationSQL: + - ALTER USER "postgres-db-manager" WITH SUPERUSER; + # Import databases from previous major version cluster + import: + type: monolith + databases: + - '*' + roles: + - '*' + source: + externalCluster: &previousCluster postgres16 + # ZFS tuning + walSegmentSize: 1024 + # # Recover from previous cluster barman backup + # recovery: + # source: &previousCluster postgres16 + externalClusters: + - name: *previousCluster + connectionParameters: + host: postgres16-rw.database.svc.cluster.local + user: postgres + dbname: postgres + password: + name: postgres-cluster-secret + key: password + # # Note: serverName version needs to be set to the version of the + # # previous cluster when recovering from an existing cnpg cluster + # barmanObjectStore: + # <<: *barmanObjectStore + # serverName: postgres16-v0 diff --git a/kubernetes/main/apps/database/cloudnative-pg/secret-store/secret.sops.yaml b/kubernetes/main/apps/database/cloudnative-pg/secret-store/secret.sops.yaml index 3058da9f..140ff742 100644 --- a/kubernetes/main/apps/database/cloudnative-pg/secret-store/secret.sops.yaml +++ b/kubernetes/main/apps/database/cloudnative-pg/secret-store/secret.sops.yaml @@ -6,7 +6,7 @@ type: kubernetes.io/basic-auth stringData: username: ENC[AES256_GCM,data:NdHF9Qwkz2IchN7ZNAkOc8T79g==,iv:poEpMBBUdLZ74/tXT7Pl0YEpA77ipzXQbCuCv2BxQfc=,tag:M7GGoQ9plf7pB9M+CJoWAQ==,type:str] password: ENC[AES256_GCM,data:NelCvK8JWiVYs/SKznJdL22BxeqOJigxfTH5/dOD0Ygp1DXdVn7Dng==,iv:XcgLYqPq0bczrBtJ0bRyzm8die/AnHPJda4UI0bWpYw=,tag:V9wSU1SgCeJGK/QBCQrWWQ==,type:str] - host: ENC[AES256_GCM,data:cq8dCqQym8NXWBfKNYAzuRgMB1vprzOKO4kaui1fxXMKgXSmufhzlA==,iv:fxRuRBC5IIo/l4jdngmt3iJAeZwYt+miRyx9g9c1pAw=,tag:FIGID2Z8ipULIONgG9Wz2g==,type:str] + host: ENC[AES256_GCM,data:pEoSsfmguoxU8+5UdJ0zpW3qwI7kfQGfCMLJYUmr/TqpqfKmjMs6Qw==,iv:fZQxWS0tHCj7Tv4zBAO484/ArrlavPMD+DMfHY7Zrbk=,tag:Tcn+sWX7u09RAoMyN09sUw==,type:str] port: ENC[AES256_GCM,data:0lFLtQ==,iv:FEISHo/SmZFewMPgf1tYTVVv9Mx+rBogi/z3bzhHu5M=,tag:8eiii2SP4l7D3cqvA+CvNg==,type:str] sops: kms: [] @@ -23,8 +23,8 @@ sops: TFVsdVdLWTNvV3BVaGN0b0lFeFBCcVkKHk5dzlxehWoltG2KKfggnoISjpLi1UY9 KOWf7mbkJihA3Et9aP5MJqxs+hDqBG6awMdrrso/YxFrrYygAHpQbA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-19T14:38:59Z" - mac: ENC[AES256_GCM,data:OUEJoYTHxECyQyXCDYJ6XWEm9mJaZjREu5/eyr2zVPOOhshqGw8LXXekGZzExVA3FEQl7yS56cWoyM58UWRXzfKu3HCvYS3Az8XIqeC215Q+156BwPQ/fQUeDoGNxrdylk9dq9w1F1UYnKEWg8HV7/CYgG0rf3o5bmCEZpp0MaM=,iv:99oMxlKrla3sC57WcK1RoRLxHAo7ahxsk+7b54C/6Do=,tag:rf6xRBcrkekkREVottcqwA==,type:str] + lastmodified: "2024-12-28T21:46:00Z" + mac: ENC[AES256_GCM,data:dfxOb4Yy/z0vrwidknhympJL2MwWN92TBUAke2aWjrwKyRUnsI7Hp9S2Isf+vwaWCTIZeEA5ziN3Giaes8vnn7U7WjQGcno7ZLwSZtDnz48E6TYn/9wrAPUYyPmcsgpmQn9CKXF4irpipbsszWsWFawG8BIPyfajpLNqfVNz+lA=,iv:mcCuERx9mYGLN0C5UkpBxx8IRy8QqYY89+/acVUSeEE=,tag:ezCVaqjiPV++/q4c7wQZxg==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ - version: 3.8.1 + version: 3.9.0