veda/applications/templates/cloudnativepg.yaml

apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
  name: homelab-critical
value: 500000000
globalDefault: false
description: "Priority class for critical Homelab pods"
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: cloudnativepg
  namespace: argocd
spec:
  destination:
    namespace: cnpg-system
    server: {{ .Values.spec.destination.server }}
  project: default
  syncPolicy:
    automated:
      selfHeal: true
    syncOptions:
      - CreateNamespace=true
      - ServerSideApply=true
  source:
    chart: cloudnative-pg
    repoURL: https://cloudnative-pg.github.io/charts
    targetRevision: 0.23.2
    helm:
      valuesObject:
        monitoring:
          podMonitorEnabled: true
          grafanaDashboard:
            create: true
        priorityClassName: homelab-critical
        resources:
          requests:
            cpu: 50m
            memory: 100Mi
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
  name: pg-cluster
  namespace: cnpg-system
spec:
  envFrom:
    - configMapRef:
        name: postgres-backup-bucket
  instances: 2
  priorityClassName: homelab-critical
  resources:
    requests:
      memory: 128Mi
      cpu: 100m
    limits:
      memory: 1Gi
      cpu: '1'
  postgresql:
    parameters:
      max_connections: "200"
      shared_buffers: "64MB"
      effective_cache_size: "96MB"
      maintenance_work_mem: "8MB"
      wal_buffers: "2MB"
      random_page_cost: "1.1"
      effective_io_concurrency: "300"
      work_mem: "1MB"
  monitoring:
    enablePodMonitor: true
  storage:
    size: 50Gi
    storageClass: local-path
  backup:
    barmanObjectStore:
      endpointURL: http://rook-ceph-rgw-rgw-bulk.ceph.svc:80
      destinationPath: s3://postgres-backup/
      s3Credentials:
        accessKeyId:
          name: postgres-backup-bucket
          key: AWS_ACCESS_KEY_ID
        secretAccessKey:
          name: postgres-backup-bucket
          key: AWS_SECRET_ACCESS_KEY
      data:
        compression: bzip2
      wal:
        compression: bzip2
    retentionPolicy: "60d"
  managed:
    roles:
      - name: marco
        connectionLimit: -1
        inherit: true
        ensure: present
        login: true
        superuser: true
        passwordSecret:
          name: postgres-marco
      - name: authentik
        connectionLimit: -1
        inherit: true
        ensure: present
        login: true
        createdb: true
        passwordSecret:
          name: postgres-authentik
---
apiVersion: objectbucket.io/v1alpha1
kind: ObjectBucketClaim
metadata:
  name: postgres-backup-bucket
  namespace: cnpg-system
spec:
  bucketName: postgres-backup
  storageClassName: rgw-bulk
  additionalConfig:
    maxSize: "400G"