infrastructure/databases/postgres.yaml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: postgres-pvc
  namespace: databases
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: longhorn
  resources:
    requests:
      storage: 50Gi
    limits:
      storage: 50Gi
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: postgres
  namespace: databases
spec:
  serviceName: "postgres"
  replicas: 1
  selector:
    matchLabels:
      name: postgres
  template:
    metadata:
      labels:
        name: postgres
    spec:
      terminationGracePeriodSeconds: 120
      containers:
        - name: postgres
          image: postgres:16.1
          args:
            [
              "-c",
              "max_connections=1000",
              "-c",
              "listen_addresses=*",
              "-c",
              "shared_preload_libraries=pg_stat_statements,pg_buffercache,auto_explain",
            ]
          ports:
            - containerPort: 5432
          volumeMounts:
            - name: data
              mountPath: /var/lib/postgresql/data
              subPath: postgres
          env:
            - name: PGDATA
              value: /var/lib/postgresql/data/pgdata
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: secrets
                  key: POSTGRES_PASSWORD
      volumes:
        - name: data
          capacity:
            storage: 50Gi
          persistentVolumeClaim:
            claimName: postgres-pvc
---
apiVersion: v1
kind: Service
metadata:
  name: postgres
  namespace: databases
spec:
  type: NodePort
  selector:
    name: postgres
  ports:
    - port: 5432
      targetPort: 5432
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: postgres-exporter
  namespace: databases
spec:
  replicas: 1
  selector:
    matchLabels:
      name: postgres-exporter
  template:
    metadata:
      labels:
        name: postgres-exporter
      annotations:
        prometheus.io/scrape: "true"
        prometheus.io/port: "9187"
    spec:
      containers:
        - name: postgres-exporter
          image: quay.io/prometheuscommunity/postgres-exporter
          ports:
            - containerPort: 9187
          env:
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: secrets
                  key: POSTGRES_PASSWORD
            - name: DATA_SOURCE_NAME
              value: postgresql://postgres:$(POSTGRES_PASSWORD)@postgres.databases:5432/postgres?sslmode=disable
---
apiVersion: batch/v1
kind: CronJob
metadata:
  name: postgres-backup
  namespace: databases
spec:
  schedule: "0 12 * * *"
  concurrencyPolicy: Forbid
  successfulJobsHistoryLimit: 1
  failedJobsHistoryLimit: 1
  jobTemplate:
    spec:
      backoffLimit: 0
      ttlSecondsAfterFinished: 60
      template:
        spec:
          restartPolicy: Never
          containers:
            - name: postgres-backup
              image: container-registry.nocodelytics.com/postgres-s3
              command:
                - /bin/sh
                - -c
                - >
                  pg_dump -U postgres -h postgres.databases nocodelytics_production | gzip > /backup/nocodelytics_production_$(date +'%Y-%m-%d').sql.gzip &&
                  rclone copy /backup/nocodelytics_production_$(date '+%Y-%m-%d').sql.gzip contabo:postgres &&
                  rm /backup/nocodelytics_production_$(date '+%Y-%m-%d').sql.gzip &&
                  pg_dump -U postgres -h postgres.databases grafana | gzip > /backup/grafana_$(date +'%Y-%m-%d').sql.gzip &&
                  rclone copy /backup/grafana_$(date '+%Y-%m-%d').sql.gzip contabo:postgres &&
                  rm /backup/grafana_$(date '+%Y-%m-%d').sql.gzip &&
                  pg_dump -U postgres -h postgres.databases gitea | gzip > /backup/gitea_$(date +'%Y-%m-%d').sql.gzip &&
                  rclone copy /backup/gitea_$(date '+%Y-%m-%d').sql.gzip contabo:postgres &&
                  rm /backup/gitea_$(date '+%Y-%m-%d').sql.gzip &&
                  pg_dump -U postgres -h postgres.databases drone | gzip > /backup/drone_$(date +'%Y-%m-%d').sql.gzip &&
                  rclone copy /backup/drone_$(date '+%Y-%m-%d').sql.gzip contabo:postgres &&
                  rm /backup/drone_$(date '+%Y-%m-%d').sql.gzip
              env:
                - name: PGPASSWORD
                  valueFrom:
                    secretKeyRef:
                      name: secrets
                      key: POSTGRES_PASSWORD
                - name: RCLONE_CONFIG_CONTABO_TYPE
                  value: "s3"
                - name: RCLONE_CONFIG_CONTABO_PROVIDER
                  value: "Other"
                - name: RCLONE_CONFIG_CONTABO_ENV_AUTH
                  value: "false"
                - name: RCLONE_CONFIG_CONTABO_ENDPOINT
                  value: "https://eu2.contabostorage.com"
                - name: RCLONE_CONFIG_CONTABO_ACCESS_KEY_ID
                  valueFrom:
                    secretKeyRef:
                      name: secrets
                      key: AWS_ACCESS_KEY_ID
                - name: RCLONE_CONFIG_CONTABO_SECRET_ACCESS_KEY
                  valueFrom:
                    secretKeyRef:
                      name: secrets
                      key: AWS_SECRET_ACCESS_KEY
              volumeMounts:
                - mountPath: /backup
                  name: backup-volume
          volumes:
            - name: backup-volume
              emptyDir: {}
wip 2023-12-01 18:14:07 +01:00			`apiVersion: v1`
			`kind: PersistentVolumeClaim`
			`metadata:`
			`name: postgres-pvc`
			`namespace: databases`
			`spec:`
			`accessModes:`
			`- ReadWriteOnce`
			`storageClassName: longhorn`
			`resources:`
			`requests:`
increase postgres storage to 50gb 2024-04-11 18:49:12 +02:00			`storage: 50Gi`
wip 2023-12-01 18:14:07 +01:00			`limits:`
increase pg volume size the cache table can get big, we don't want an outage 2025-03-11 20:47:12 +01:00			`storage: 50Gi`
wip 2023-12-01 18:14:07 +01:00			`---`
			`apiVersion: apps/v1`
working system 2023-12-11 17:14:11 +01:00			`kind: StatefulSet`
wip 2023-12-01 18:14:07 +01:00			`metadata:`
			`name: postgres`
			`namespace: databases`
			`spec:`
working system 2023-12-11 17:14:11 +01:00			`serviceName: "postgres"`
wip 2023-12-01 18:14:07 +01:00			`replicas: 1`
			`selector:`
			`matchLabels:`
checkpoint 2023-12-08 18:12:01 +01:00			`name: postgres`
wip 2023-12-01 18:14:07 +01:00			`template:`
			`metadata:`
			`labels:`
checkpoint 2023-12-08 18:12:01 +01:00			`name: postgres`
wip 2023-12-01 18:14:07 +01:00			`spec:`
			`terminationGracePeriodSeconds: 120`
			`containers:`
			`- name: postgres`
			`image: postgres:16.1`
			`args:`
			`[`
			`"-c",`
postgres max connections 1000 2024-01-25 19:33:15 +01:00			`"max_connections=1000",`
wip 2023-12-01 18:14:07 +01:00			`"-c",`
			`"listen_addresses=*",`
			`"-c",`
			`"shared_preload_libraries=pg_stat_statements,pg_buffercache,auto_explain",`
			`]`
			`ports:`
			`- containerPort: 5432`
			`volumeMounts:`
			`- name: data`
			`mountPath: /var/lib/postgresql/data`
			`subPath: postgres`
			`env:`
			`- name: PGDATA`
			`value: /var/lib/postgresql/data/pgdata`
			`- name: POSTGRES_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
			`name: secrets`
			`key: POSTGRES_PASSWORD`
			`volumes:`
			`- name: data`
increase pg volume size the cache table can get big, we don't want an outage 2025-03-11 20:47:12 +01:00			`capacity:`
			`storage: 50Gi`
wip 2023-12-01 18:14:07 +01:00			`persistentVolumeClaim:`
			`claimName: postgres-pvc`
			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`name: postgres`
			`namespace: databases`
			`spec:`
			`type: NodePort`
			`selector:`
checkpoint 2023-12-08 18:12:01 +01:00			`name: postgres`
wip 2023-12-01 18:14:07 +01:00			`ports:`
			`- port: 5432`
			`targetPort: 5432`
			`---`
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: postgres-exporter`
			`namespace: databases`
			`spec:`
			`replicas: 1`
			`selector:`
			`matchLabels:`
checkpoint 2023-12-08 18:12:01 +01:00			`name: postgres-exporter`
wip 2023-12-01 18:14:07 +01:00			`template:`
			`metadata:`
			`labels:`
checkpoint 2023-12-08 18:12:01 +01:00			`name: postgres-exporter`
working system 2023-12-11 17:14:11 +01:00			`annotations:`
			`prometheus.io/scrape: "true"`
			`prometheus.io/port: "9187"`
wip 2023-12-01 18:14:07 +01:00			`spec:`
			`containers:`
			`- name: postgres-exporter`
			`image: quay.io/prometheuscommunity/postgres-exporter`
			`ports:`
			`- containerPort: 9187`
			`env:`
			`- name: POSTGRES_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
			`name: secrets`
			`key: POSTGRES_PASSWORD`
			`- name: DATA_SOURCE_NAME`
			`value: postgresql://postgres:$(POSTGRES_PASSWORD)@postgres.databases:5432/postgres?sslmode=disable`
			`---`
			`apiVersion: batch/v1`
			`kind: CronJob`
			`metadata:`
			`name: postgres-backup`
			`namespace: databases`
			`spec:`
schedule postgres at 12 instead of midnight 2024-07-12 13:05:47 +02:00			`schedule: "0 12 * * *"`
wip 2023-12-01 18:14:07 +01:00			`concurrencyPolicy: Forbid`
			`successfulJobsHistoryLimit: 1`
			`failedJobsHistoryLimit: 1`
			`jobTemplate:`
			`spec:`
			`backoffLimit: 0`
			`ttlSecondsAfterFinished: 60`
			`template:`
			`spec:`
			`restartPolicy: Never`
			`containers:`
working system 2023-12-11 17:14:11 +01:00			`- name: postgres-backup`
start deploying nocodelytics 2023-12-19 18:49:30 +01:00			`image: container-registry.nocodelytics.com/postgres-s3`
wip 2023-12-01 18:14:07 +01:00			`command:`
			`- /bin/sh`
			`- -c`
			`- >`
			`pg_dump -U postgres -h postgres.databases nocodelytics_production \| gzip > /backup/nocodelytics_production_$(date +'%Y-%m-%d').sql.gzip &&`
working system 2023-12-11 17:14:11 +01:00			`rclone copy /backup/nocodelytics_production_$(date '+%Y-%m-%d').sql.gzip contabo:postgres &&`
			`rm /backup/nocodelytics_production_$(date '+%Y-%m-%d').sql.gzip &&`
			`pg_dump -U postgres -h postgres.databases grafana \| gzip > /backup/grafana_$(date +'%Y-%m-%d').sql.gzip &&`
			`rclone copy /backup/grafana_$(date '+%Y-%m-%d').sql.gzip contabo:postgres &&`
add gitea and drone to pg backup 2023-12-16 15:05:51 +01:00			`rm /backup/grafana_$(date '+%Y-%m-%d').sql.gzip &&`
			`pg_dump -U postgres -h postgres.databases gitea \| gzip > /backup/gitea_$(date +'%Y-%m-%d').sql.gzip &&`
			`rclone copy /backup/gitea_$(date '+%Y-%m-%d').sql.gzip contabo:postgres &&`
			`rm /backup/gitea_$(date '+%Y-%m-%d').sql.gzip &&`
			`pg_dump -U postgres -h postgres.databases drone \| gzip > /backup/drone_$(date +'%Y-%m-%d').sql.gzip &&`
			`rclone copy /backup/drone_$(date '+%Y-%m-%d').sql.gzip contabo:postgres &&`
			`rm /backup/drone_$(date '+%Y-%m-%d').sql.gzip`
wip 2023-12-01 18:14:07 +01:00			`env:`
			`- name: PGPASSWORD`
			`valueFrom:`
			`secretKeyRef:`
			`name: secrets`
			`key: POSTGRES_PASSWORD`
			`- name: RCLONE_CONFIG_CONTABO_TYPE`
			`value: "s3"`
			`- name: RCLONE_CONFIG_CONTABO_PROVIDER`
			`value: "Other"`
			`- name: RCLONE_CONFIG_CONTABO_ENV_AUTH`
			`value: "false"`
			`- name: RCLONE_CONFIG_CONTABO_ENDPOINT`
			`value: "https://eu2.contabostorage.com"`
			`- name: RCLONE_CONFIG_CONTABO_ACCESS_KEY_ID`
			`valueFrom:`
			`secretKeyRef:`
			`name: secrets`
			`key: AWS_ACCESS_KEY_ID`
			`- name: RCLONE_CONFIG_CONTABO_SECRET_ACCESS_KEY`
			`valueFrom:`
			`secretKeyRef:`
			`name: secrets`
			`key: AWS_SECRET_ACCESS_KEY`
			`volumeMounts:`
			`- mountPath: /backup`
			`name: backup-volume`
			`volumes:`
			`- name: backup-volume`
			`emptyDir: {}`