infrastructure/databases/postgres.yaml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: postgres-pvc
  namespace: databases
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: longhorn
  resources:
    requests:
      storage: 10Gi
    limits:
      storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: postgres
  namespace: databases
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      name: postgres
  template:
    metadata:
      labels:
        name: postgres
    spec:
      terminationGracePeriodSeconds: 120
      containers:
        - name: postgres
          image: postgres:16.1
          args:
            [
              "-c",
              "max_connections=200",
              "-c",
              "listen_addresses=*",
              "-c",
              "shared_preload_libraries=pg_stat_statements,pg_buffercache,auto_explain",
            ]
          ports:
            - containerPort: 5432
          volumeMounts:
            - name: data
              mountPath: /var/lib/postgresql/data
              subPath: postgres
          env:
            - name: PGDATA
              value: /var/lib/postgresql/data/pgdata
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: secrets
                  key: POSTGRES_PASSWORD
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: postgres-pvc
---
apiVersion: v1
kind: Service
metadata:
  name: postgres
  namespace: databases
spec:
  type: NodePort
  selector:
    name: postgres
  ports:
    - port: 5432
      targetPort: 5432
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: postgres-exporter
  namespace: databases
spec:
  replicas: 1
  selector:
    matchLabels:
      name: postgres-exporter
  template:
    metadata:
      labels:
        name: postgres-exporter
    spec:
      containers:
        - name: postgres-exporter
          image: quay.io/prometheuscommunity/postgres-exporter
          ports:
            - containerPort: 9187
          env:
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: secrets
                  key: POSTGRES_PASSWORD
            - name: DATA_SOURCE_NAME
              value: postgresql://postgres:$(POSTGRES_PASSWORD)@postgres.databases:5432/postgres?sslmode=disable
---
apiVersion: v1
kind: Service
metadata:
  name: postgres-exporter
  namespace: databases
spec:
  type: NodePort
  selector:
    name: postgres-exporter
  ports:
    - port: 9187
      targetPort: 9187
---
apiVersion: batch/v1
kind: CronJob
metadata:
  name: postgres-backup
  namespace: databases
spec:
  schedule: "0 0 * * *"
  concurrencyPolicy: Forbid
  successfulJobsHistoryLimit: 1
  failedJobsHistoryLimit: 1
  jobTemplate:
    spec:
      backoffLimit: 0
      ttlSecondsAfterFinished: 60
      template:
        spec:
          restartPolicy: Never
          containers:
            - name: test-container
              image: container-registry.nocodelytics.com/postgres-s3
              command:
                - /bin/sh
                - -c
                - >
                  pg_dump -U postgres -h postgres.databases nocodelytics_production | gzip > /backup/nocodelytics_production_$(date +'%Y-%m-%d').sql.gzip &&
                  rclone copy /backup/nocodelytics_production_$(date '+%Y-%m-%d').sql.gzip contabo:postgres                  
              env:
                - name: PGPASSWORD
                  valueFrom:
                    secretKeyRef:
                      name: secrets
                      key: POSTGRES_PASSWORD
                - name: RCLONE_CONFIG_CONTABO_TYPE
                  value: "s3"
                - name: RCLONE_CONFIG_CONTABO_PROVIDER
                  value: "Other"
                - name: RCLONE_CONFIG_CONTABO_ENV_AUTH
                  value: "false"
                - name: RCLONE_CONFIG_CONTABO_ENDPOINT
                  value: "https://eu2.contabostorage.com"
                - name: RCLONE_CONFIG_CONTABO_ACCESS_KEY_ID
                  valueFrom:
                    secretKeyRef:
                      name: secrets
                      key: AWS_ACCESS_KEY_ID
                - name: RCLONE_CONFIG_CONTABO_SECRET_ACCESS_KEY
                  valueFrom:
                    secretKeyRef:
                      name: secrets
                      key: AWS_SECRET_ACCESS_KEY
              volumeMounts:
                - mountPath: /backup
                  name: backup-volume
          volumes:
            - name: backup-volume
              emptyDir: {}
---
apiVersion: v1
kind: Pod
metadata:
  name: test-pod
  namespace: databases
spec:
  containers:
    - name: test-container
      image: container-registry.nocodelytics.com/postgres-s3
      command: ["sh", "-c", "echo Image pulled successfully && sleep 3600"]
      env:
        - name: PGPASSWORD
          valueFrom:
            secretKeyRef:
              name: secrets
              key: POSTGRES_PASSWORD
        - name: RCLONE_CONFIG_CONTABO_TYPE
          value: "s3"
        - name: RCLONE_CONFIG_CONTABO_PROVIDER
          value: "Other"
        - name: RCLONE_CONFIG_CONTABO_ENV_AUTH
          value: "false"
        - name: RCLONE_CONFIG_CONTABO_ENDPOINT
          value: "https://eu2.contabostorage.com"
        - name: RCLONE_CONFIG_CONTABO_ACCESS_KEY_ID
          valueFrom:
            secretKeyRef:
              name: secrets
              key: AWS_ACCESS_KEY_ID
        - name: RCLONE_CONFIG_CONTABO_SECRET_ACCESS_KEY
          valueFrom:
            secretKeyRef:
              name: secrets
              key: AWS_SECRET_ACCESS_KEY
      volumeMounts:
        - mountPath: /backup
          name: backup-volume
  volumes:
    - name: backup-volume
      emptyDir: {}