feat(platform): T01 — standalone PostgreSQL HA chart scaffold
Lays out the S3 platform layer foundation for RAIL-PL-WP-0001 T01: - .sops.yaml: age encryption policy (shared key, *.sops.yaml pattern) - .gitignore: prevents accidental commit of decrypted values files - Makefile: pg-deploy, pg-status, pg-pgpool-check, valkey-deploy, valkey-status, backup targets with KUBECONFIG/HELM wiring - helm/postgresql-ha-values.yaml.template: annotated values schema with CHANGEME_ placeholders; includes pgpool-password fix from RAIL-BS-WP-0003; notes on single-node vs ThreePhoenix scaling - docs/postgresql-ha.md: connection strings, DB creation, password rotation, pgpool-password critical note, HA failover test ref, ThreePhoenix scaling path To complete T01: fill in CHANGEME_ values, encrypt with sops -e -i, then run make pg-deploy. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
57
Makefile
57
Makefile
@@ -1,5 +1,60 @@
|
||||
SHELL := /usr/bin/env bash
|
||||
.DEFAULT_GOAL := help
|
||||
|
||||
KUBECONFIG ?= $(HOME)/.kube/config-hosteurope
|
||||
KUBECTL := kubectl --kubeconfig=$(KUBECONFIG)
|
||||
HELM := helm --kubeconfig=$(KUBECONFIG)
|
||||
NAMESPACE := platform
|
||||
|
||||
PG_CHART_VERSION ?= 16.2.2
|
||||
VALKEY_CHART_VERSION ?= 2.x
|
||||
|
||||
##@ PostgreSQL HA
|
||||
|
||||
pg-deploy: ## Deploy / upgrade standalone PostgreSQL HA to platform namespace
|
||||
$(KUBECTL) create namespace $(NAMESPACE) --dry-run=client -o yaml | $(KUBECTL) apply -f -
|
||||
$(HELM) repo add bitnami https://charts.bitnami.com/bitnami --force-update
|
||||
$(HELM) upgrade --install postgresql-ha bitnami/postgresql-ha \
|
||||
--version $(PG_CHART_VERSION) \
|
||||
--namespace $(NAMESPACE) \
|
||||
-f <(sops -d helm/postgresql-ha-values.sops.yaml) \
|
||||
--wait --timeout 5m
|
||||
|
||||
pg-status: ## Check PostgreSQL HA pod status
|
||||
$(KUBECTL) get pods -n $(NAMESPACE) -l app.kubernetes.io/name=postgresql-ha
|
||||
|
||||
pg-pgpool-check: ## Verify pgpool-password secret key is present (see RAIL-BS-WP-0003)
|
||||
@SECRET=$$($(KUBECTL) get secret -n $(NAMESPACE) postgresql-ha-postgresql \
|
||||
-o jsonpath='{.data.pgpool-password}' 2>/dev/null); \
|
||||
if [ -z "$$SECRET" ]; then \
|
||||
echo "ERROR: pgpool-password key missing from secret — pgpool will CrashLoop on restart"; \
|
||||
exit 1; \
|
||||
else \
|
||||
echo "OK: pgpool-password key present"; \
|
||||
fi
|
||||
|
||||
##@ Valkey (cache)
|
||||
|
||||
valkey-deploy: ## Deploy / upgrade Valkey (Redis-compatible) to platform namespace
|
||||
$(KUBECTL) create namespace $(NAMESPACE) --dry-run=client -o yaml | $(KUBECTL) apply -f -
|
||||
$(HELM) upgrade --install valkey bitnami/valkey \
|
||||
--namespace $(NAMESPACE) \
|
||||
-f <(sops -d helm/valkey-values.sops.yaml) \
|
||||
--wait --timeout 3m
|
||||
|
||||
valkey-status: ## Check Valkey pod status
|
||||
$(KUBECTL) get pods -n $(NAMESPACE) -l app.kubernetes.io/name=valkey
|
||||
|
||||
##@ Backup
|
||||
|
||||
backup: ## Backup platform services (PostgreSQL logical dump) — age-encrypted to Nextcloud
|
||||
sudo tools/cmd/railiance-backup
|
||||
|
||||
##@ Help
|
||||
|
||||
help: ## Show this help
|
||||
@grep -E '^[a-zA-Z0-9_-]+:.*?## ' $(MAKEFILE_LIST) | sort | sed 's/:.*##/: /'
|
||||
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} \
|
||||
/^[a-zA-Z_-]+:.*?##/ { printf " \033[36m%-22s\033[0m %s\n", $$1, $$2 } \
|
||||
/^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) }' $(MAKEFILE_LIST)
|
||||
|
||||
.PHONY: pg-deploy pg-status pg-pgpool-check valkey-deploy valkey-status backup help
|
||||
|
||||
Reference in New Issue
Block a user