Initial render: k3s-dev environment

2026-03-07 15:00:05 +00:00
commit a787720f2a
306 changed files with 75879 additions and 0 deletions
--- a/rendered/manifests/k3s-dev/abinitio-db/authgateway-db/external-secrets.io_v1beta1_externalsecret_ag-appserver.yaml
+++ b/rendered/manifests/k3s-dev/abinitio-db/authgateway-db/external-secrets.io_v1beta1_externalsecret_ag-appserver.yaml
@@ -0,0 +1,32 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ag-appserver
+  namespace: abinitio-db
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/ag-appserver
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/ag-appserver
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    name: ag-appserver
+    template:
+      data:
+        jdbc-uri: jdbc:postgresql://authgateway-db-rw.abinitio-db:5432/authgateway?password={{
+          .password }}&user={{ .username }}
+        password: '{{ .password }}'
+        pgpass: authgateway-db-rw:5432:authgateway:{{ .username }}:{{ .password }}
+        uri: postgresql://{{ .username }}:{{ .password }}@authgateway-db-rw.abinitio-db:5432/authgateway
+        username: '{{ .username }}'
+      metadata:
+        labels:
+          cnpg.io/reload: "true"
--- a/rendered/manifests/k3s-dev/abinitio-db/authgateway-db/external-secrets.io_v1beta1_externalsecret_ag-db-importer.yaml
+++ b/rendered/manifests/k3s-dev/abinitio-db/authgateway-db/external-secrets.io_v1beta1_externalsecret_ag-db-importer.yaml
@@ -0,0 +1,32 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ag-db-importer
+  namespace: abinitio-db
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/ag-db-importer
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/ag-db-importer
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    name: ag-db-importer
+    template:
+      data:
+        jdbc-uri: jdbc:postgresql://authgateway-db-rw.abinitio-db:5432/authgateway?password={{
+          .password }}&user={{ .username }}
+        password: '{{ .password }}'
+        pgpass: authgateway-db-rw:5432:authgateway:{{ .username }}:{{ .password }}
+        uri: postgresql://{{ .username }}:{{ .password }}@authgateway-db-rw.abinitio-db:5432/authgateway
+        username: '{{ .username }}'
+      metadata:
+        labels:
+          cnpg.io/reload: "true"
--- a/rendered/manifests/k3s-dev/abinitio-db/authgateway-db/external-secrets.io_v1beta1_externalsecret_ag-report.yaml
+++ b/rendered/manifests/k3s-dev/abinitio-db/authgateway-db/external-secrets.io_v1beta1_externalsecret_ag-report.yaml
@@ -0,0 +1,32 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ag-report
+  namespace: abinitio-db
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/ag-report
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/ag-report
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    name: ag-report
+    template:
+      data:
+        jdbc-uri: jdbc:postgresql://authgateway-db-rw.abinitio-db:5432/authgateway?password={{
+          .password }}&user={{ .username }}
+        password: '{{ .password }}'
+        pgpass: authgateway-db-rw:5432:authgateway:{{ .username }}:{{ .password }}
+        uri: postgresql://{{ .username }}:{{ .password }}@authgateway-db-rw.abinitio-db:5432/authgateway
+        username: '{{ .username }}'
+      metadata:
+        labels:
+          cnpg.io/reload: "true"
--- a/rendered/manifests/k3s-dev/abinitio-db/authgateway-db/postgresql.cnpg.io_v1_cluster_authgateway.yaml
+++ b/rendered/manifests/k3s-dev/abinitio-db/authgateway-db/postgresql.cnpg.io_v1_cluster_authgateway.yaml
@@ -0,0 +1,45 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: authgateway
+  namespace: abinitio-db
+spec:
+  bootstrap:
+    initdb:
+      database: authgateway
+      owner: ag_appserver
+      postInitApplicationSQLRefs:
+        configMapRefs:
+        - key: authgateway.sql
+          name: authgateway-sql
+      secret:
+        name: ag-appserver
+  imageName: ghcr.io/cloudnative-pg/postgresql:16
+  instances: 2
+  managed:
+    roles:
+    - login: true
+      name: ag_appserver
+      passwordSecret:
+        name: ag-appserver
+    - login: true
+      name: ag_importer
+      passwordSecret:
+        name: ag-db-importer
+    - login: true
+      name: ag_report
+      passwordSecret:
+        name: ag-report
+  postgresql:
+    parameters:
+      effective_cache_size: 6GB
+      shared_buffers: 3GB
+  resources:
+    limits:
+      cpu: 3
+      memory: 12Gi
+    requests:
+      cpu: 1
+      memory: 4Gi
+  storage:
+    size: 30Gi
--- a/rendered/manifests/k3s-dev/abinitio-db/authgateway-db/v1_configmap_authgateway-sql.yaml
+++ b/rendered/manifests/k3s-dev/abinitio-db/authgateway-db/v1_configmap_authgateway-sql.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+data:
+  authgateway.sql: |
+    CREATE ROLE ag_importer;
+    CREATE ROLE ag_report;
+    CREATE SCHEMA ag_meta AUTHORIZATION ag_appserver;
+    CREATE SCHEMA ag_main AUTHORIZATION ag_appserver;
+    GRANT USAGE ON SCHEMA ag_meta TO ag_importer;
+    GRANT USAGE ON SCHEMA ag_main TO ag_importer;
+    GRANT USAGE ON SCHEMA ag_meta TO ag_report;
+    GRANT USAGE ON SCHEMA ag_main TO ag_report;
+kind: ConfigMap
+metadata:
+  name: authgateway-sql
+  namespace: abinitio-db