[svix] migrate to PGO PostgresCluster chart

jshimko · Sep 26, 2024 · c4bf272 · c4bf272
1 parent 268c6dc
commit c4bf272
Show file tree

Hide file tree

Showing 6 changed files with 159 additions and 50 deletions.
diff --git a/charts/svix/Chart.lock b/charts/svix/Chart.lock
@@ -1,9 +1,9 @@
 dependencies:
-- name: postgresql
-  repository: https://charts.bitnami.com/bitnami
-  version: 15.5.34
+- name: postgrescluster
+  repository: file://../postgrescluster
+  version: 5.6.1
 - name: redis
   repository: https://charts.bitnami.com/bitnami
   version: 20.1.4
-digest: sha256:fba2a042148c14d2a8523320784e2a58492c2f10d952a9f22cc182e3bfd0ebc3
-generated: "2024-09-25T10:53:34.896619-04:00"
+digest: sha256:8acdda65b904c1d7ad7340cb5a19d196a20958b64ba1631c8ec10bf2a6f513f6
+generated: "2024-09-26T08:30:57.025407-04:00"
diff --git a/charts/svix/Chart.yaml b/charts/svix/Chart.yaml
@@ -2,14 +2,15 @@ apiVersion: v2
 name: svix
 description: A Helm chart for running svix on Kubernetes
 type: application
-version: 0.5.0
+version: 0.6.0
 
 dependencies:
-  # https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml
-  - name: postgresql
-    version: 15.5.34
-    repository: https://charts.bitnami.com/bitnami
-    condition: postgresql.enabled
+  # Postgres Operator - PostgresCluster
+  # https://access.crunchydata.com/documentation/postgres-operator/latest/
+  - name: postgrescluster
+    version: 5.6.1
+    repository: file://../postgrescluster
+    condition: postgrescluster.enabled
 
   # https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml
   - name: redis

diff --git a/charts/svix/templates/_helpers.tpl b/charts/svix/templates/_helpers.tpl
@@ -49,3 +49,31 @@ Selector labels
 app.kubernetes.io/name: "svix-server"
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
+
+{{/*
+Common postgres/redis env
+*/}}
+{{- define "svix.dbEnv" -}}
+# postgres
+{{- if or .Values.postgrescluster.enabled .Values.svix.postgresClusterSecret }}
+- name: SVIX_DB_DSN
+  valueFrom:
+    secretKeyRef:
+      {{- if .Values.svix.postgresClusterSecret }}
+      name: "{{ .Values.svix.postgresClusterSecret }}"
+      {{- else }}
+      name: "{{ .Values.postgrescluster.name }}-pguser-svix"
+      {{- end }}
+      key: "pgbouncer-uri"
+{{- end }}
+
+# redis
+{{- if .Values.redis.enabled  }}
+- name: SVIX_REDIS_DSN
+  value: "redis://{{ .Values.redis.fullnameOverride }}-master:6379"
+- name: SVIX_QUEUE_DSN
+  value: "$(SVIX_REDIS_DSN)"
+- name: SVIX_CACHE_DSN
+  value: "$(SVIX_REDIS_DSN)"
+{{- end }}
+{{- end }}
diff --git a/charts/svix/templates/svix/deployment.yaml b/charts/svix/templates/svix/deployment.yaml
@@ -45,19 +45,7 @@ spec:
           {{- end }}
 
           env:
-            {{- if .Values.postgresql.enabled  }}
-            - name: SVIX_DB_DSN
-              value: "postgres://{{ .Values.postgresql.auth.username }}:{{ .Values.postgresql.auth.password }}@svix-postgresql:5432/{{ .Values.postgresql.auth.database }}?{{ .Values.svix.dbUrlOptions }}"
-            {{- end }}
-
-            {{- if .Values.redis.enabled  }}
-            - name: SVIX_REDIS_DSN
-              value: "redis://svix-redis-master:6379"
-            - name: SVIX_QUEUE_DSN
-              value: "$(SVIX_REDIS_DSN)"
-            - name: SVIX_CACHE_DSN
-              value: "$(SVIX_REDIS_DSN)"
-            {{- end }}
+            {{- include "svix.dbEnv" . | nindent 12 }}
 
             {{- range .Values.svix.env }}
             - name: {{ .name }}

diff --git a/charts/svix/templates/svix/jwt-secret-job.yaml b/charts/svix/templates/svix/jwt-secret-job.yaml
@@ -62,19 +62,7 @@ spec:
         - name: svix-jwt-generator
           image: "{{ .Values.svix.image.repository }}:{{ .Values.svix.image.tag | default "latest" }}"
           env:
-            {{- if .Values.postgresql.enabled  }}
-            - name: SVIX_DB_DSN
-              value: "postgresql://{{ .Values.postgresql.auth.username }}:{{ .Values.postgresql.auth.password }}@svix-postgresql:5432/{{ .Values.postgresql.auth.database }}"
-            {{- end }}
-
-            {{- if .Values.redis.enabled  }}
-            - name: SVIX_REDIS_DSN
-              value: "redis://{{ .Release.Name }}-redis-master:6379"
-            - name: SVIX_QUEUE_DSN
-              value: "$(SVIX_REDIS_DSN)"
-            - name: SVIX_CACHE_DSN
-              value: "$(SVIX_REDIS_DSN)"
-            {{- end }}
+            {{- include "svix.dbEnv" . | nindent 12 }}
 
             {{- range .Values.svix.env }}
             - name: {{ .name }}

diff --git a/charts/svix/values.yaml b/charts/svix/values.yaml
@@ -26,9 +26,12 @@ svix:
     # - configMapRef:
     #     name: my-configmap
 
-  # Optional postgres connection string options.
-  # These settings are only used if using the built in postgres chart (enabled below)
-  dbUrlOptions: "" # schema=public,connect_timeout=10,pool_timeout=10
+  # -- optional Postgres Operator cluster secret name. This is useful if you deploy a PostgresCluster instance outside of this chart.
+  postgresClusterSecret: ""
+
+  # Note that the schema option below must match the user name in the PostgresCluster users list or database permissions will be denied until manually granted.
+  # -- PostgresCluster connection string options. e.g. schema=stack,connection_limit=10,connect_timeout=10,pool_timeout=10
+  dbUrlOptions: "schema=svix&sslmode=require&application_name=svix"
 
   # Create a k8s secret with a JWT token that an app can use to authenticate with Svix.
   # Optionally choose a custom name for the secret and the key to store the JWT in.
@@ -139,17 +142,118 @@ svix:
 
   affinity: {}
 
-# Postgres
-# https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml
-postgresql:
-  enabled: true
-  architecture: standalone # "replication" or "standalone"
-  fullnameOverride: svix-postgresql
+# PGO PostgresCluster deployment
+# If enabled below, PostgresOperator must already be installed in the cluster so the PostgresCluster CRD is available.
+# You can install PostgresOperator to your cluster with the following command:
 
-  auth:
-    username: svix
-    password: svix123
-    database: svix
+# helm install pgo -n pgo --create-namespace oci://registry.developers.crunchydata.com/crunchydata/pgo
+#
+# Postgres Operator docs
+# https://access.crunchydata.com/documentation/postgres-operator/latest
+# https://github.com/CrunchyData/postgres-operator
+#
+# PostgresCluster Chart
+# https://github.com/jshimko/helm-charts/tree/main/charts/postgrescluster
+postgrescluster:
+  # -- disabled by default in case PostgresOperator is not installed in the cluster
+  enabled: false
+
+  # -- PostgresCluster name
+  name: postgres-svix
+
+  # -- PostgresCluster annotations
+  annotations: {}
+    # postgres-operator.crunchydata.com/autoCreateUserSchema: "true"
+
+  # -- Postgres users to create and assign access to databases
+  users:
+    # -- db admin
+    - name: postgres
+
+    # -- app user
+    - name: svix
+      databases:
+        - svix
+
+  # -- Postgres instances
+  instances:
+    - name: svix
+      replicas: 1
+
+      # -- Postgres instance resources
+      resources: {}
+        # requests:
+        #   cpu: 500m
+        #   memory: 1Gi
+        # limits:
+        #   cpu: 1000m
+        #   memory: 2Gi
+
+      dataVolumeClaimSpec:
+        accessModes:
+          - "ReadWriteOnce"
+        resources:
+          requests:
+            storage: 2Gi
+
+  pgBouncerReplicas: 1
+
+  # pgBackRest Backups
+  # https://pgbackrest.org/user-guide.html
+  # -- https://access.crunchydata.com/documentation/postgres-operator/latest/tutorials/backups-disaster-recovery/backups
+  pgBackRestConfig:
+    # which repo to use when triggering a manual backup
+    manual:
+      repoName: repo1 # in-cluster persistent volume
+      options:
+        - --type=full
+
+    # # S3 auth
+    # # https://access.crunchydata.com/documentation/postgres-operator/latest/tutorials/backups-disaster-recovery/backups#using-s3
+    # configuration:
+    #   - secret:
+    #       name: pgbackrest-backup-secret
+
+    global:
+      # set retention of full backups to 7 days
+      # https://pgbackrest.org/user-guide.html#retention
+
+      # in-cluster persistent volume
+      repo1-retention-full: "7"
+      repo1-retention-full-type: time
+
+      # # S3 bucket
+      # repo2-path: /pgbackrest/production
+      # repo2-retention-full: "7"
+      # repo2-retention-full-type: time
+
+    repos:
+      # in-cluster persistent volume
+      - name: repo1
+        volume:
+          volumeClaimSpec:
+            accessModes:
+              - "ReadWriteOnce"
+            resources:
+              requests:
+                storage: 10Gi
+        schedules:
+          # full backup weekly at 12:00a UTC Sunday
+          full: "0 12 * * 0"
+          # differential backup at 12:00 UTC Monday-Saturday
+          differential: "0 12 * * 1-6"
+
+      # # S3 bucket
+      # - name: repo2
+      #   s3:
+      #     bucket: example-pgbackrest-bucket
+      #     endpoint: s3.amazonaws.com
+      #     region: us-east-1
+      #   schedules:
+      #     # full backup weekly at 1:00a UTC Sunday
+      #     full: "0 1 * * 0"
+      #     # differential backup at 1:00 UTC Monday-Saturday
+      #     differential: "0 1 * * 1-6"
 
 # Redis
 # https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml