old-portfolio/infra-hideyoshi.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: adds cert issuer and cloudnative-pg

Browse Source
This commit is contained in:
Vitor Hideyoshi
2025-11-09 17:25:41 -03:00
parent ac979abea1
commit 46621cf3dc
6 changed files with 108 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/deploy.yml vendored
View File

@@ -14,6 +14,8 @@ jobs:
env: env:
GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }} GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }} GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}
KUBE_CERT_SERVER: ${{ secrets.KUBE_CERT_SERVER }}
KUBE_DOMAIN_EMAIL: ${{ secrets.KUBE_DOMAIN_EMAIL }}
steps: steps:
- name: Checkout Repository - name: Checkout Repository

6
deploy.sh
View File

@@ -27,6 +27,12 @@ kubectl create namespace cert-manager \
kubectl apply -f manifest/charts/cert-manager kubectl apply -f manifest/charts/cert-manager
# deploy cloudnative-pg
kubectl create namespace cnpg-system \
--dry-run=client -o yaml | kubectl apply -f -
kubectl apply -f manifest/charts/cloudnative-pg
### set application namespaces and configures docker registry secret ### ### set application namespaces and configures docker registry secret ###
for NAMESPACE in ${NAMESPACES_LIST//,/ }; do for NAMESPACE in ${NAMESPACES_LIST//,/ }; do
kubectl create namespace $NAMESPACE \ kubectl create namespace $NAMESPACE \

14
manifest/charts/cert-manager/cert-manager-issuer.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: cluster-certificate-issuer
spec:
acme:
server: ${KUBE_CERT_SERVER}
email: ${KUBE_DOMAIN_EMAIL}
privateKeySecretRef:
name: cluster-certificate-issuer
solvers:
- http01:
ingress:
class: nginx

1
manifest/charts/cert-manager/helm-release-cert-manager.yaml
View File

@@ -18,6 +18,7 @@ spec:
createNamespace: true createNamespace: true
crds: CreateReplace crds: CreateReplace
values: values:
installCRDs: true
resources: resources:
limits: limits:
cpu: 50m cpu: 50m

77
manifest/charts/cloudnative-pg/helm-release-cloudnative-pg.yaml Normal file
View File

@@ -0,0 +1,77 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: cnpg
namespace: cnpg-system
spec:
interval: 10m
releaseName: cnpg
chart:
spec:
chart: cloudnative-pg
sourceRef:
kind: HelmRepository
name: cloudnative-pg
namespace: flux-system
install:
createNamespace: true
values:
# CloudNative-PG Operator resource limits
operator:
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 50m
memory: 64Mi
# Security context
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65534
capabilities:
drop:
- ALL
# Pod security context
podSecurityContext:
runAsNonRoot: true
runAsUser: 65534
fsGroup: 65534
seccompProfile:
type: RuntimeDefault
# Webhook configuration
webhook:
resources:
limits:
cpu: 50m
memory: 64Mi
requests:
cpu: 25m
memory: 32Mi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65534
capabilities:
drop:
- ALL
# Monitoring configuration
monitoring:
enabled: true
# Set to true if you have Prometheus
serviceMonitor:
enabled: false
# Additional configuration
config:
# Default storage class for PostgreSQL clusters
# storageClass: ""
# Default monitoring configuration
monitoring:
enabled: true

8
manifest/charts/cloudnative-pg/helm-repository-cloudnative-pg.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: cloudnative-pg
namespace: flux-system
spec:
interval: 24h
url: https://cloudnative-pg.github.io/charts