tegwick
2a4312643d
- helm/gitea-db-cluster.yaml: cnpg Cluster for Gitea (1 instance, 10Gi, pg16) bootstraps gitea DB from gitea-db-credentials secret in databases namespace - helm/gitea-db-secret.sops.yaml.template: credential secret template (encrypt before use) - Makefile: add db-deploy, db-status, db-shell, db-logs targets; mark pg-deploy legacy - .gitignore: allow *-cluster.yaml (k8s manifests with no secrets) Cluster applied to live cluster. RAIL-HO-WP-0004-T03. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
45 lines
1.3 KiB
YAML
45 lines
1.3 KiB
YAML
---
|
|
# cnpg Cluster for Gitea database
|
|
# Managed by railiance-platform (S3). Operator lives in cnpg-system namespace.
|
|
#
|
|
# Apply: kubectl apply -f helm/gitea-db-cluster.yaml
|
|
# Status: kubectl cnpg status gitea-db -n databases
|
|
#
|
|
# Pre-condition: gitea-db-credentials Secret must exist in databases namespace.
|
|
# Create it (one-time, do NOT commit plaintext):
|
|
# kubectl create secret generic gitea-db-credentials \
|
|
# --namespace databases \
|
|
# --from-literal=username=gitea \
|
|
# --from-literal=password=<password>
|
|
# Then encrypt with SOPS and commit helm/gitea-db-secret.sops.yaml.
|
|
apiVersion: postgresql.cnpg.io/v1
|
|
kind: Cluster
|
|
metadata:
|
|
name: gitea-db
|
|
namespace: databases
|
|
labels:
|
|
app.kubernetes.io/name: gitea-db
|
|
app.kubernetes.io/component: database
|
|
app.kubernetes.io/managed-by: manual
|
|
railiance.io/layer: s3-platform
|
|
spec:
|
|
instances: 1 # bump to 3 when node RAM > 8GB
|
|
postgresql:
|
|
version: "16"
|
|
storage:
|
|
size: 10Gi
|
|
bootstrap:
|
|
initdb:
|
|
database: gitea
|
|
owner: gitea
|
|
secret:
|
|
name: gitea-db-credentials
|
|
# Connection pooler can be added later:
|
|
# managed:
|
|
# services:
|
|
# additional:
|
|
# - selectorType: rw
|
|
# serviceTemplate:
|
|
# metadata:
|
|
# name: gitea-db-pooler-rw
|