diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index ad7cb1e..e6111f2 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -14,6 +14,8 @@ jobs: env: GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }} GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }} + KUBE_CERT_SERVER: ${{ secrets.KUBE_CERT_SERVER }} + KUBE_DOMAIN_EMAIL: ${{ secrets.KUBE_DOMAIN_EMAIL }} steps: - name: Checkout Repository diff --git a/deploy.sh b/deploy.sh index a518e29..76cdc70 100755 --- a/deploy.sh +++ b/deploy.sh @@ -27,6 +27,12 @@ kubectl create namespace cert-manager \ kubectl apply -f manifest/charts/cert-manager +# deploy cloudnative-pg +kubectl create namespace cnpg-system \ + --dry-run=client -o yaml | kubectl apply -f - +kubectl apply -f manifest/charts/cloudnative-pg + + ### set application namespaces and configures docker registry secret ### for NAMESPACE in ${NAMESPACES_LIST//,/ }; do kubectl create namespace $NAMESPACE \ diff --git a/manifest/charts/cert-manager/cert-manager-issuer.yaml b/manifest/charts/cert-manager/cert-manager-issuer.yaml new file mode 100644 index 0000000..62f95cb --- /dev/null +++ b/manifest/charts/cert-manager/cert-manager-issuer.yaml @@ -0,0 +1,14 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: cluster-certificate-issuer +spec: + acme: + server: ${KUBE_CERT_SERVER} + email: ${KUBE_DOMAIN_EMAIL} + privateKeySecretRef: + name: cluster-certificate-issuer + solvers: + - http01: + ingress: + class: nginx \ No newline at end of file diff --git a/manifest/charts/cert-manager/helm-release-cert-manager.yaml b/manifest/charts/cert-manager/helm-release-cert-manager.yaml index 8ec344b..9028dd2 100644 --- a/manifest/charts/cert-manager/helm-release-cert-manager.yaml +++ b/manifest/charts/cert-manager/helm-release-cert-manager.yaml @@ -18,6 +18,7 @@ spec: createNamespace: true crds: CreateReplace values: + installCRDs: true resources: limits: cpu: 50m diff --git a/manifest/charts/cloudnative-pg/helm-release-cloudnative-pg.yaml b/manifest/charts/cloudnative-pg/helm-release-cloudnative-pg.yaml new file mode 100644 index 0000000..7f4421e --- /dev/null +++ b/manifest/charts/cloudnative-pg/helm-release-cloudnative-pg.yaml @@ -0,0 +1,77 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: cnpg + namespace: cnpg-system +spec: + interval: 10m + releaseName: cnpg + chart: + spec: + chart: cloudnative-pg + sourceRef: + kind: HelmRepository + name: cloudnative-pg + namespace: flux-system + install: + createNamespace: true + values: + # CloudNative-PG Operator resource limits + operator: + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 50m + memory: 64Mi + # Security context + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 65534 + capabilities: + drop: + - ALL + # Pod security context + podSecurityContext: + runAsNonRoot: true + runAsUser: 65534 + fsGroup: 65534 + seccompProfile: + type: RuntimeDefault + + # Webhook configuration + webhook: + resources: + limits: + cpu: 50m + memory: 64Mi + requests: + cpu: 25m + memory: 32Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 65534 + capabilities: + drop: + - ALL + + # Monitoring configuration + monitoring: + enabled: true + # Set to true if you have Prometheus + serviceMonitor: + enabled: false + + # Additional configuration + config: + # Default storage class for PostgreSQL clusters + # storageClass: "" + + # Default monitoring configuration + monitoring: + enabled: true \ No newline at end of file diff --git a/manifest/charts/cloudnative-pg/helm-repository-cloudnative-pg.yaml b/manifest/charts/cloudnative-pg/helm-repository-cloudnative-pg.yaml new file mode 100644 index 0000000..7e97036 --- /dev/null +++ b/manifest/charts/cloudnative-pg/helm-repository-cloudnative-pg.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: cloudnative-pg + namespace: flux-system +spec: + interval: 24h + url: https://cloudnative-pg.github.io/charts \ No newline at end of file