init

manifests/cert-manager/cluster-issuers.yaml

@@ -0,0 +1,29 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-production
+spec:
+  acme:
+    email: i_am@rogov.al
+    privateKeySecretRef:
+      name: letsencrypt-production-account-key
+    server: https://acme-v02.api.letsencrypt.org/directory
+    solvers:
+      - http01:
+          ingress:
+            class: traefik
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    email: i_am@rogov.al
+    privateKeySecretRef:
+      name: letsencrypt-staging-account-key
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    solvers:
+      - http01:
+          ingress:
+            class: traefik

manifests/cnpg/cluster.yaml

@@ -0,0 +1,30 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: shared-pg
+  namespace: cnpg
+spec:
+  instances: 3
+  imageName: ghcr.io/cloudnative-pg/postgresql:16
+
+  storage:
+    size: 20Gi
+    storageClass: yc-network-ssd
+
+  affinity:
+    podAntiAffinityType: required
+
+  bootstrap:
+    initdb:
+      database: postgres
+      owner: postgres
+
+  postgresql:
+    parameters:
+      shared_buffers: "256MB"
+      effective_cache_size: "768MB"
+      maintenance_work_mem: "64MB"
+      max_connections: "200"
+
+  monitoring:
+    enablePodMonitor: true

manifests/cnpg/databases.yaml

@@ -0,0 +1,87 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Database
+metadata:
+  name: synapse-mrt0rtikize
+  namespace: cnpg
+spec:
+  name: synapse_mrt0rtikize
+  owner: synapse_mrt0rtikize
+  clusterRef:
+    name: shared-pg
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Database
+metadata:
+  name: mas-mrt0rtikize
+  namespace: cnpg
+spec:
+  name: mas_mrt0rtikize
+  owner: mas_mrt0rtikize
+  clusterRef:
+    name: shared-pg
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Database
+metadata:
+  name: synapse-t0rt1k
+  namespace: cnpg
+spec:
+  name: synapse_t0rt1k
+  owner: synapse_t0rt1k
+  clusterRef:
+    name: shared-pg
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Database
+metadata:
+  name: mas-t0rt1k
+  namespace: cnpg
+spec:
+  name: mas_t0rt1k
+  owner: mas_t0rt1k
+  clusterRef:
+    name: shared-pg
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Database
+metadata:
+  name: synapse-roglog
+  namespace: cnpg
+spec:
+  name: synapse_roglog
+  owner: synapse_roglog
+  clusterRef:
+    name: shared-pg
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Database
+metadata:
+  name: mas-roglog
+  namespace: cnpg
+spec:
+  name: mas_roglog
+  owner: mas_roglog
+  clusterRef:
+    name: shared-pg
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Database
+metadata:
+  name: synapse-uretra
+  namespace: cnpg
+spec:
+  name: synapse_uretra
+  owner: synapse_uretra
+  clusterRef:
+    name: shared-pg
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Database
+metadata:
+  name: mas-uretra
+  namespace: cnpg
+spec:
+  name: mas_uretra
+  owner: mas_uretra
+  clusterRef:
+    name: shared-pg

manifests/cnpg/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cnpg

manifests/cnpg/secrets.yaml

@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mrt0rtikize-pg-creds
+  namespace: cnpg
+  labels:
+    cnpg.io/reload: ""
+type: kubernetes.io/basic-auth
+stringData:
+  synapse: |
+    username: synapse_mrt0rtikize
+    password: change-me-synapse
+  mas: |
+    username: mas_mrt0rtikize
+    password: change-me-mas
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: t0rt1k-pg-creds
+  namespace: cnpg
+  labels:
+    cnpg.io/reload: ""
+type: kubernetes.io/basic-auth
+stringData:
+  synapse: |
+    username: synapse_t0rt1k
+    password: change-me-synapse
+  mas: |
+    username: mas_t0rt1k
+    password: change-me-mas
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: roglog-pg-creds
+  namespace: cnpg
+  labels:
+    cnpg.io/reload: ""
+type: kubernetes.io/basic-auth
+stringData:
+  synapse: |
+    username: synapse_roglog
+    password: change-me-synapse
+  mas: |
+    username: mas_roglog
+    password: change-me-mas
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: uretra-pg-creds
+  namespace: cnpg
+  labels:
+    cnpg.io/reload: ""
+type: kubernetes.io/basic-auth
+stringData:
+  synapse: |
+    username: synapse_uretra
+    password: change-me-synapse
+  mas: |
+    username: mas_uretra
+    password: change-me-mas

manifests/metrics/grafana/ingress.yaml

@@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: grafana
+  namespace: metrics
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+spec:
+  ingressClassName: traefik
+  tls:
+    - hosts:
+        - grafana.prod.t01tt.tech
+      secretName: grafana-tls
+  rules:
+    - host: grafana.prod.t01tt.tech
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: vm-k8s-stack-grafana
+                port:
+                  number: 80

manifests/metrics/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: metrics