---
apiVersion: v1
kind: ServiceAccount
metadata:
name: zalando-postgres
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: zalando-postgres
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: zalando-postgres
subjects:
- kind: ServiceAccount
name: zalando-postgres
---
apiVersion: v1
kind: ConfigMap
metadata:
name: postgres-pod-config
data:
AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID}
AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}
AWS_S3_FORCE_PATH_STYLE: "true"
WAL_S3_BUCKET: ${NS}-dumps
AWS_ENDPOINT: ${S3_ENDPOINT_COLD}
WAL_S3_ENDPOINT: ${S3_ENDPOINT_COLD}
AWS_REGION: default
USE_WALE: "true"
USE_WALG_BACKUP: "true"
WALG_DISABLE_S3_SSE: "true"
BACKUP_SCHEDULE: "5 0 * * *"
---
apiVersion: "acid.zalan.do/v1"
kind: postgresql
metadata:
name: pg-${PG_DOMAIN}
spec:
resources:
limits:
cpu: "2"
memory: 1000Mi
requests:
cpu: 100m
memory: 500Mi
teamId: "pg"
volume:
size: 4975Mi
storageClass: small
numberOfInstances: 2
users:
hedgedoc: # database owner
- superuser
- createdb
discourse: # database owner
- superuser
- createdb
nextcloud: # database owner
- superuser
- createdb
databases:
nextcloud: nextcloud # dbname: owner
hedgedoc: hedgedoc # dbname: owner
discourse: discourse # dbname: owner
postgresql:
version: "12"
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
labels:
application: spilo
cluster-name: pg-${PG_DOMAIN}
team: pg
name: ${PG_DOMAIN}-dump
spec:
concurrencyPolicy: Forbid
failedJobsHistoryLimit: 1
jobTemplate:
spec:
template:
metadata:
labels:
application: spilo-logical-backup
version: pg-${PG_DOMAIN}
spec:
affinity:
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
application: spilo-logical-backup
version: pg-${PG_DOMAIN}
topologyKey: kubernetes.io/hostname
weight: 1
containers:
- env:
- name: SCOPE
value: pg-${PG_DOMAIN}
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: LOGICAL_BACKUP_PROVIDER
value: minio
- name: CLUSTER_NAME_LABEL
value: cluster-name
- name: LOGICAL_BACKUP_S3_BUCKET
value: ${NS}-dumps
- name: LOGICAL_BACKUP_S3_ENDPOINT
value: ${S3_ENDPOINT_COLD}
- name: LOGICAL_BACKUP_S3_BUCKET_SCOPE_SUFFIX
value: "/nextcloud"
- name: LOGICAL_BACKUP_S3_REGION
value: default
- name: LOGICAL_BACKUP_S3_SSE
value: ""
- name: PG_VERSION
value: "12"
- name: PGPORT
value: "5432"
- name: PGUSER
value: postgres
- name: PGSSLMODE
value: require
- name: PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: postgres.pg-${PG_DOMAIN}.credentials
- name: AWS_S3_FORCE_PATH_STYLE
value: "true"
envFrom:
- secretRef:
name: ${NS}-dumps
image: registry.opensource.zalan.do/acid/logical-backup:v1.6.2
imagePullPolicy: IfNotPresent
name: logical-backup
ports:
- containerPort: 8008
protocol: TCP
- containerPort: 5432
protocol: TCP
- containerPort: 8080
protocol: TCP
resources:
limits:
cpu: "3"
memory: 1Gi
requests:
cpu: 100m
memory: 100Mi
securityContext:
privileged: false
readOnlyRootFilesystem: false
restartPolicy: Never
schedulerName: default-scheduler
serviceAccount: zalando-postgres
serviceAccountName: zalando-postgres
schedule: '15 2 * * *'