Merge pull request #1083 from lsst-it/IT-6436_nexus_pg

(fleet/nexus-pg) add nexus pg instance cp

Author: dtapiacl

fleet/lib/nexus-pg/external-secret-nexuspg.yaml

@@ -0,0 +1,21 @@
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: nexus-pg
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword
+  target:
+    template:
+      type: kubernetes.io/basic-auth
+  data:
+    - secretKey: username
+      remoteRef:
+        key: &item nexus-pg
+        property: username
+    - secretKey: password
+      remoteRef:
+        key: *item
+        property: password

fleet/lib/nexus-pg/fleet.yaml

@@ -0,0 +1,29 @@
+---
+defaultNamespace: &name nexus-pg
+namespaceLabels:
+  lsst.io/discover: "true"
+labels:
+  bundle: *name
+helm:
+  releaseName: *name
+  timeoutSeconds: 300
+  waitForJobs: true
+dependsOn:
+  - selector:
+      matchLabels:
+        bundle: cnpg-system
+  - selector:
+      matchLabels:
+        bundle: nexus
+targetCustomizations:
+  - name: yepun
+    clusterSelector:
+      matchExpressions:
+        - key: management.cattle.io/cluster-display-name
+          operator: In
+          values:
+            - yepun
+    yaml:
+      overlays:
+        - generic
+        - yepun

fleet/lib/nexus-pg/overlays/generic/external-secret-nexus-pg-superuser.yaml

@@ -0,0 +1,21 @@
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: nexus-pg-superuser
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword
+  target:
+    template:
+      type: kubernetes.io/basic-auth
+  data:
+    - secretKey: username
+      remoteRef:
+        key: nexus-pg-superuser
+        property: username
+    - secretKey: password
+      remoteRef:
+        key: nexus-pg-superuser
+        property: password

fleet/lib/nexus-pg/overlays/nexus-pg-cluster.yaml

@@ -0,0 +1,40 @@
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: nexus-pg
+spec:
+  imageName: ghcr.io/cloudnative-pg/postgresql:15
+
+  instances: 1
+
+  postgresql:
+    parameters:
+      max_connections: "50"
+      shared_buffers: 256MB
+      idle_session_timeout: 4h
+    pg_hba:
+      - host all all 139.229.134.0/23 md5
+      - host all all 139.229.136.0/21 md5
+      - host all all 139.229.144.0/20 md5
+      - host all all 139.229.160.0/19 md5
+      - host all all 139.229.192.0/18 md5
+      - host all all 140.252.146.0/23 md5
+
+  enableSuperuserAccess: true
+  superuserSecret:
+    name: nexus-pg-superuser
+
+  storage:
+    size: 10Gi
+
+  monitoring:
+    enablePodMonitor: true
+
+  resources:
+    limits:
+      cpu: "1"
+      memory: 1Gi
+    requests:
+      cpu: 500m
+      memory: 1Gi

fleet/lib/nexus-pg/overlays/yepun/nexus-pg-service.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nexus-pg
+  labels:
+    cnpg.io/cluster: nexus-pg
+  annotations:
+    metallb.universe.tf/loadBalancerIPs: 139.229.160.133
+spec:
+  ports:
+    - name: postgres
+      port: 5432
+      protocol: TCP
+  selector:
+    cnpg.io/cluster: nexus-pg
+    role: primary
+  type: LoadBalancer

fleet/s/cp/c/yepun/nexus-pg

@@ -0,0 +1 @@
+../../../../lib/nexus-pg