Skip to content
This repository was archived by the owner on Mar 10, 2026. It is now read-only.

Commit 342e302

Browse files
jessebotjessebot
authored
use official cnpg postgresql cluster chart (#1771)
1 parent 730c96b commit 342e302

3 files changed

Lines changed: 71 additions & 61 deletions

File tree

forgejo/app_of_apps/forgejo_argocd_appset.yaml

Lines changed: 15 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -267,17 +267,16 @@ spec:
267267
# - name: postgres-ssl-vol
268268
# secret:
269269
# secretName: gitea-postgres-ssl
270-
extraVolumes:
271-
- name: postgres-ca
272-
secret:
273-
secretName: forgejo-postgres-server-ca-key-pair
274-
defaultMode: 438
275-
276-
- name: postgres-client-certs
277-
secret:
278-
secretName: forgejo-postgres-forgejo-cert
279-
defaultMode: 438
280-
270+
# extraVolumes:
271+
# - name: postgres-ca
272+
# secret:
273+
# secretName: forgejo-postgres-server-ca-key-pair
274+
# defaultMode: 438
275+
276+
# - name: postgres-client-certs
277+
# secret:
278+
# secretName: forgejo-postgres-forgejo-cert
279+
# defaultMode: 438
281280
#- name: postgres-certs
282281
# persistentVolumeClaim:
283282
# claimName: postgres-certs
@@ -289,12 +288,12 @@ spec:
289288
# - name: postgres-ssl-vol
290289
# readOnly: true
291290
# mountPath: "/pg-ssl"
292-
extraVolumeMounts:
293-
- name: postgres-ca
294-
mountPath: /etc/secrets/ca
291+
# extraVolumeMounts:
292+
# - name: postgres-ca
293+
# mountPath: /etc/secrets/ca
295294

296-
- name: postgres-client-certs
297-
mountPath: /etc/secrets/app
295+
# - name: postgres-client-certs
296+
# mountPath: /etc/secrets/app
298297

299298
#- name: postgres-certs
300299
# mountPath: /data/git/.postgresql
@@ -452,7 +451,6 @@ spec:
452451
NAME: forgejo
453452
FROM: forgejo
454453

455-
456454
# Settings for what content is indexed and how
457455
indexer: {}
458456

forgejo/app_of_apps/postgres_argocd_appset.yaml

Lines changed: 54 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -40,63 +40,75 @@ spec:
4040
selfHeal: true
4141

4242
source:
43-
repoURL: https://small-hack.github.io/cloudnative-pg-cluster-chart
44-
chart: cnpg-cluster
45-
targetRevision: 0.5.0
43+
# repoURL: https://small-hack.github.io/cloudnative-pg-cluster-chart
44+
# chart: cnpg-cluster
45+
repoURL: https://cloudnative-pg.github.io/charts
46+
chart: cluster
47+
targetRevision: 0.3.1
4648
helm:
4749
releaseName: forgejo-postgres-cluster
50+
# https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/values.yaml
4851
valuesObject:
52+
type: postgresql
53+
4954
name: forgejo-postgres
5055
instances: 2
5156

52-
bootstrap:
57+
cluster:
58+
# annotations for the cluster object
59+
annotations:
60+
cnpg.io/skipEmptyWalArchiveCheck: enabled
61+
62+
# initdb for postgresql in the cluster object
5363
initdb:
5464
database: forgejo
5565
owner: forgejo
5666
secret:
5767
name: forgejo-pgsql-credentials
5868

59-
backup:
60-
# barman is a utility for backing up postgres to s3
61-
barmanObjectStore:
62-
destinationPath: "s3://forgejo-postgres"
63-
endpointURL: "https://{{ .forgejo_s3_endpoint }}"
64-
s3Credentials:
65-
accessKeyId:
66-
name: s3-postgres-credentials
67-
key: "accessKeyId"
68-
secretAccessKey:
69-
name: s3-postgres-credentials
70-
key: "secretAccessKey"
71-
wal:
72-
compression: gzip
73-
maxParallel: 8
74-
encryption: AES256
75-
retentionPolicy: "7d"
76-
77-
certificates:
78-
server:
79-
enabled: true
80-
generate: true
81-
client:
82-
enabled: true
83-
generate: true
84-
user:
69+
# enable monitoring for the cluster
70+
monitoring:
8571
enabled: true
86-
username:
87-
- forgejo
72+
podMonitor:
73+
enabled: true
74+
75+
backups:
76+
# backups are disabled by default. This enables them
77+
enabled: true
78+
# Overrides the provider specific default endpoint. Defaults to:
79+
# S3: https://s3.<region>.amazonaws.com"
80+
endpointURL: "https://{{ .forgejo_s3_endpoint }}"
81+
# Overrides the provider specific default path
82+
destinationPath: "s3://forgejo-postgres"
83+
84+
# -- One of `s3`, `azure` or `google`
85+
provider: s3
86+
87+
s3:
88+
region: auto
89+
bucket: forgejo-postgres
90+
91+
# existing secret for the s3 credentials
92+
secret:
93+
create: false
94+
name: s3-postgres-credentials
95+
96+
# wal backup details
97+
wal:
98+
compression: gzip
99+
maxParallel: 8
100+
encryption: AES256
88101

89-
scheduledBackup:
90-
name: forgejo-pg-backup
91-
spec:
92-
# Midnight daily backups for postgres data
93-
schedule: '{{ .forgejo_postgres_backup_schedule }}'
94-
backupOwnerReference: self
95-
cluster:
96-
name: forgejo-postgres
102+
# -- Retention policy for backups
103+
retentionPolicy: "2d"
97104

98-
monitoring:
99-
enablePodMonitor: true
105+
scheduledBackups:
106+
- name: forgejo-pg-backup
107+
schedule: '{{ .forgejo_postgres_backup_schedule }}'
108+
# Midnight daily backups for postgres data
109+
backupOwnerReference: self
110+
# Backup method: barmanObjectStore or volumeSnapshot
111+
method: barmanObjectStore
100112

101113
postgresql:
102114
pg_hba:

forgejo/external_secrets/templates/bitwarden/s3_postgres_credentials.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,9 +12,9 @@ spec:
1212
template:
1313
type: Opaque
1414
data:
15-
accessKeyId: |-
15+
ACCESS_KEY_ID: |-
1616
{{ `{{ .accessKeyId }}` }}
17-
secretAccessKey: |-
17+
ACCESS_SECRET_KEY: |-
1818
{{ `{{ .secretAccessKey }}` }}
1919
data:
2020
- secretKey: accessKeyId

0 commit comments

Comments
 (0)