pg.yml

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: zalando-postgres
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: zalando-postgres
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: zalando-postgres
subjects:
- kind: ServiceAccount
  name: zalando-postgres
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: postgres-pod-config
data:
  AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID}
  AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}
  AWS_S3_FORCE_PATH_STYLE: "true"
  WAL_S3_BUCKET: ${NS}-dumps
  AWS_ENDPOINT: ${S3_ENDPOINT_COLD}
  WAL_S3_ENDPOINT: ${S3_ENDPOINT_COLD}
  AWS_REGION: default
  USE_WALE: "true"
  USE_WALG_BACKUP: "true"
  WALG_DISABLE_S3_SSE: "true"
  BACKUP_SCHEDULE: "5 0 * * *"
---
apiVersion: "acid.zalan.do/v1"
kind: postgresql
metadata:
  name: pg-${PG_DOMAIN}
spec:
  resources:
    limits:
      cpu: "2"
      memory: 1000Mi
    requests:
      cpu: 100m
      memory: 500Mi
  teamId: "pg"
  volume:
    size: 4975Mi
    storageClass: small
  numberOfInstances: 2
  users:
    hedgedoc:  # database owner
    - superuser
    - createdb
    discourse:  # database owner
    - superuser
    - createdb
    nextcloud:  # database owner
    - superuser
    - createdb
  databases:
    nextcloud: nextcloud # dbname: owner
    hedgedoc: hedgedoc # dbname: owner
    discourse: discourse # dbname: owner
  postgresql:
    version: "12"
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
  labels:
    application: spilo
    cluster-name: pg-${PG_DOMAIN} 
    team: pg
  name: ${PG_DOMAIN}-dump
spec:
  concurrencyPolicy: Forbid
  failedJobsHistoryLimit: 1
  jobTemplate:
    spec:
      template:
        metadata:
          labels:
            application: spilo-logical-backup
            version: pg-${PG_DOMAIN}
        spec:
          affinity:
            podAffinity:
              preferredDuringSchedulingIgnoredDuringExecution:
              - podAffinityTerm:
                  labelSelector:
                    matchLabels:
                      application: spilo-logical-backup
                      version: pg-${PG_DOMAIN}
                  topologyKey: kubernetes.io/hostname
                weight: 1
          containers:
          - env:
            - name: SCOPE
              value: pg-${PG_DOMAIN}
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: metadata.namespace
            - name: LOGICAL_BACKUP_PROVIDER
              value: minio
            - name: CLUSTER_NAME_LABEL
              value: cluster-name
            - name: LOGICAL_BACKUP_S3_BUCKET
              value: ${NS}-dumps
            - name: LOGICAL_BACKUP_S3_ENDPOINT
              value: ${S3_ENDPOINT_COLD}
            - name: LOGICAL_BACKUP_S3_BUCKET_SCOPE_SUFFIX
              value: "/nextcloud"
            - name: LOGICAL_BACKUP_S3_REGION
              value: default
            - name: LOGICAL_BACKUP_S3_SSE
              value: ""
            - name: PG_VERSION
              value: "12"
            - name: PGPORT
              value: "5432"
            - name: PGUSER
              value: postgres
            - name: PGSSLMODE
              value: require
            - name: PGPASSWORD
              valueFrom:
                secretKeyRef:
                  key: password
                  name: postgres.pg-${PG_DOMAIN}.credentials
            - name: AWS_S3_FORCE_PATH_STYLE
              value: "true"
            envFrom:
            - secretRef:
                name: ${NS}-dumps
            image: registry.opensource.zalan.do/acid/logical-backup:v1.6.2
            imagePullPolicy: IfNotPresent
            name: logical-backup
            ports:
            - containerPort: 8008
              protocol: TCP
            - containerPort: 5432
              protocol: TCP
            - containerPort: 8080
              protocol: TCP
            resources:
              limits:
                cpu: "3"
                memory: 1Gi
              requests:
                cpu: 100m
                memory: 100Mi
            securityContext:
              privileged: false
              readOnlyRootFilesystem: false
          restartPolicy: Never
          schedulerName: default-scheduler
          serviceAccount: zalando-postgres
          serviceAccountName: zalando-postgres
  schedule: '15 2 * * *'