From 75c26738225ab54096374298afb304af6bd9d15b Mon Sep 17 00:00:00 2001 From: Jeremy Shimko Date: Wed, 25 Sep 2024 17:10:27 -0400 Subject: [PATCH] [stack-auth] migrate to PGO cluster for postgres --- charts/stack-auth/Chart.lock | 14 +- charts/stack-auth/Chart.yaml | 19 +-- .../templates/backend/deployment.yaml | 30 ++++- charts/stack-auth/values.yaml | 126 ++++++++++++++++-- 4 files changed, 160 insertions(+), 29 deletions(-) diff --git a/charts/stack-auth/Chart.lock b/charts/stack-auth/Chart.lock index 5042dd4..063a948 100644 --- a/charts/stack-auth/Chart.lock +++ b/charts/stack-auth/Chart.lock @@ -1,9 +1,9 @@ dependencies: -- name: postgresql - repository: https://charts.bitnami.com/bitnami - version: 15.5.34 +- name: postgres + repository: file://../postgrescluster + version: 5.6.0 - name: svix - repository: https://jshimko.github.io/helm-charts - version: 0.4.1 -digest: sha256:39f631fa1b7ab5a1d9f04691176c07ce41ed30ef04fdfb17b144bd4c21408bfc -generated: "2024-09-25T11:18:49.012602-04:00" + repository: file://../svix + version: 0.5.0 +digest: sha256:3652d7a29d9fa6ab23738bb23afe0c4e9733959198334b558ca864df43e9bce8 +generated: "2024-09-25T17:11:15.288899-04:00" diff --git a/charts/stack-auth/Chart.yaml b/charts/stack-auth/Chart.yaml index ccd5aa9..30b0267 100644 --- a/charts/stack-auth/Chart.yaml +++ b/charts/stack-auth/Chart.yaml @@ -2,16 +2,19 @@ apiVersion: v2 name: stack-auth description: A Helm chart to deploy the Stack Auth platform. https://stack-auth.com type: application -version: 0.6.1 +version: 0.7.0 dependencies: - # https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml - - name: postgresql - version: 15.5.34 - repository: https://charts.bitnami.com/bitnami - condition: postgresql.enabled + # Postgres Operator - PostgresCluster + # https://access.crunchydata.com/documentation/postgres-operator/v5/ + - name: postgres + version: 5.6.0 + repository: file://../postgrescluster + condition: postgres.enabled + # Svix webhooks + # https://github.com/jshimko/helm-charts/tree/main/charts/svix - name: svix - version: 0.4.1 - repository: https://jshimko.github.io/helm-charts + version: 0.5.0 + repository: file://../svix condition: svix.enabled diff --git a/charts/stack-auth/templates/backend/deployment.yaml b/charts/stack-auth/templates/backend/deployment.yaml index cb3eead..22b2aee 100644 --- a/charts/stack-auth/templates/backend/deployment.yaml +++ b/charts/stack-auth/templates/backend/deployment.yaml @@ -49,11 +49,35 @@ spec: {{- end }} env: - {{- if .Values.postgresql.enabled }} + {{- if or .Values.postgres.enabled .Values.backend.postgresSecret }} + - name: PGO_PGBOUNCER_URI + valueFrom: + secretKeyRef: + {{- if .Values.backend.postgresSecret }} + name: "{{ .Values.backend.postgresSecret }}" + {{- else }} + name: "{{ .Values.postgres.name }}-pguser-stack" + {{- end }} + key: "pgbouncer-uri" + + # If we are connecting through pgbouncer we need to provide a direction connection url + # as well because prisma migrations do not support connection pooling + # https://www.prisma.io/docs/guides/performance-and-optimization/connection-management/configure-pg-bouncer#prisma-migrate-and-pgbouncer-workaround + - name: POSTGRES_DIRECT_URI + valueFrom: + secretKeyRef: + {{- if .Values.backend.postgresSecret }} + name: "{{ .Values.backend.postgresSecret }}" + {{- else }} + name: "{{ .Values.postgres.name }}-pguser-stack" + {{- end }} + key: "uri" + + # map above to the correct Stack env variables - name: STACK_DATABASE_CONNECTION_STRING - value: "postgres://{{ .Values.postgresql.auth.username }}:{{ .Values.postgresql.auth.password }}@stack-postgresql:5432/{{ .Values.postgresql.auth.database }}?{{ .Values.backend.dbUrlOptions }}" + value: "$(PGO_PGBOUNCER_URI)?{{ .Values.backend.dbUrlOptions }}&pgbouncer=true" - name: STACK_DIRECT_DATABASE_CONNECTION_STRING - value: "$(STACK_DATABASE_CONNECTION_STRING)" + value: "$(POSTGRES_DIRECT_URI)?{{ .Values.backend.dbUrlOptions }}" {{- end }} {{- range .Values.backend.env }} diff --git a/charts/stack-auth/values.yaml b/charts/stack-auth/values.yaml index cb2a139..3a6e6df 100644 --- a/charts/stack-auth/values.yaml +++ b/charts/stack-auth/values.yaml @@ -146,7 +146,12 @@ backend: imagePullSecrets: [] - dbUrlOptions: "" # schema=public,connect_timeout=10,pool_timeout=10 + # -- optional Postgres Operator cluster secret name + postgresSecret: "" + + # -- PostgresCluster connection string options. e.g. schema=stack,connection_limit=10,connect_timeout=10,pool_timeout=10 + # Note that the schema option must match the user name in the PostgresCluster users list below or permissions will be denied. + dbUrlOptions: "schema=stack&sslmode=require&application_name=stack-auth" # -- Backend environment variables - see available [.env](https://github.com/stack-auth/stack/blob/dev/apps/backend/.env) options env: @@ -263,16 +268,6 @@ backend: affinity: {} -# Postgres deployment for Stack Auth -# https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml -postgresql: - enabled: true - fullnameOverride: stack-postgresql - auth: - username: stack - password: stack123 - database: stack - # -- Any misc extra K8s manifests you'd like to create extraTemplates: [] @@ -285,6 +280,115 @@ extraTemplates: # data: # key: value +# PGO PostgresCluster deployment +# If enabled below, PostgresOperator must already be installed in the cluster so the PostgresCluster CRD is available. +# You can install PostgresOperator to your cluster with the following command: + +# helm install pgo -n pgo --create-namespace oci://registry.developers.crunchydata.com/crunchydata/pgo +# +# Postgres Operator docs +# https://access.crunchydata.com/documentation/postgres-operator/latest +# https://github.com/CrunchyData/postgres-operator +# +# PostgresCluster Chart +# https://github.com/jshimko/helm-charts/tree/main/charts/postgres +postgres: + # -- disabled by default in case PostgresOperator is not installed in the cluster + enabled: false + + # -- PostgresCluster name + name: postgres-stack + + # -- Postgres users to create and assign access to databases + users: + # -- db admin + - name: postgres + + # -- app user + - name: stack + databases: + - stack + + # -- Postgres instances + instances: + - name: stack # + replicas: 2 + + # -- Postgres instance resources + resources: {} + # requests: + # cpu: 500m + # memory: 1Gi + # limits: + # cpu: 1000m + # memory: 2Gi + + dataVolumeClaimSpec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: 10Gi + + pgBouncerReplicas: 1 + + # pgBackRest Backups + # https://pgbackrest.org/user-guide.html + # -- https://access.crunchydata.com/documentation/postgres-operator/latest/tutorials/backups-disaster-recovery/backups + pgBackRestConfig: + # which repo to use when triggering a manual backup + manual: + repoName: repo1 # in-cluster persistent volume + options: + - --type=full + + # # S3 auth + # # https://access.crunchydata.com/documentation/postgres-operator/latest/tutorials/backups-disaster-recovery/backups#using-s3 + # configuration: + # - secret: + # name: pgbackrest-backup-secret + + global: + # set retention of full backups to 7 days + # https://pgbackrest.org/user-guide.html#retention + + # in-cluster persistent volume + repo1-retention-full: "7" + repo1-retention-full-type: time + + # # S3 bucket + # repo2-path: /pgbackrest/production + # repo2-retention-full: "7" + # repo2-retention-full-type: time + + repos: + # in-cluster persistent volume + - name: repo1 + volume: + volumeClaimSpec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: 10Gi + schedules: + # full backup weekly at 12:00a UTC Sunday + full: "0 12 * * 0" + # differential backup at 12:00 UTC Monday-Saturday + differential: "0 12 * * 1-6" + + # # S3 bucket + # - name: repo2 + # s3: + # bucket: example-pgbackrest-bucket + # endpoint: s3.amazonaws.com + # region: us-east-1 + # schedules: + # # full backup weekly at 1:00a UTC Sunday + # full: "0 1 * * 0" + # # differential backup at 1:00 UTC Monday-Saturday + # differential: "0 1 * * 1-6" + # svix chart # Optional Svix webhooks chart deployment. See docs https://github.com/jshimko/helm-charts/tree/main/charts/svix svix: