Initial render: k3s-dev environment

2026-03-07 15:00:05 +00:00
commit a787720f2a
306 changed files with 75879 additions and 0 deletions
--- a/rendered/manifests/k3s-dev/abinitio-db/metadatahub-db/external-secrets.io_v1beta1_externalsecret_mhub-appserver.yaml
+++ b/rendered/manifests/k3s-dev/abinitio-db/metadatahub-db/external-secrets.io_v1beta1_externalsecret_mhub-appserver.yaml
@@ -0,0 +1,32 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: mhub-appserver
+  namespace: abinitio-db
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/mhub-appserver
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/mhub-appserver
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    name: mhub-appserver
+    template:
+      data:
+        jdbc-uri: jdbc:postgresql://metadatahub-db-rw.abinitio-db:5432/metadatahub?password={{
+          .password }}&user={{ .username }}
+        password: '{{ .password }}'
+        pgpass: metadatahub-db-rw:5432:metadatahub:{{ .username }}:{{ .password }}
+        uri: postgresql://{{ .username }}:{{ .password }}@metadatahub-db-rw.abinitio-db:5432/metadatahub
+        username: '{{ .username }}'
+      metadata:
+        labels:
+          cnpg.io/reload: "true"
--- a/rendered/manifests/k3s-dev/abinitio-db/metadatahub-db/external-secrets.io_v1beta1_externalsecret_mhub-db-importer.yaml
+++ b/rendered/manifests/k3s-dev/abinitio-db/metadatahub-db/external-secrets.io_v1beta1_externalsecret_mhub-db-importer.yaml
@@ -0,0 +1,32 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: mhub-db-importer
+  namespace: abinitio-db
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/mhub-db-importer
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/mhub-db-importer
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    name: mhub-db-importer
+    template:
+      data:
+        jdbc-uri: jdbc:postgresql://metadatahub-db-rw.abinitio-db:5432/metadatahub?password={{
+          .password }}&user={{ .username }}
+        password: '{{ .password }}'
+        pgpass: metadatahub-db-rw:5432:metadatahub:{{ .username }}:{{ .password }}
+        uri: postgresql://{{ .username }}:{{ .password }}@metadatahub-db-rw.abinitio-db:5432/metadatahub
+        username: '{{ .username }}'
+      metadata:
+        labels:
+          cnpg.io/reload: "true"
--- a/rendered/manifests/k3s-dev/abinitio-db/metadatahub-db/external-secrets.io_v1beta1_externalsecret_mhub-report.yaml
+++ b/rendered/manifests/k3s-dev/abinitio-db/metadatahub-db/external-secrets.io_v1beta1_externalsecret_mhub-report.yaml
@@ -0,0 +1,32 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: mhub-report
+  namespace: abinitio-db
+spec:
+  data:
+  - remoteRef:
+      key: secret/abinitio/mhub-report
+      property: username
+    secretKey: username
+  - remoteRef:
+      key: secret/abinitio/mhub-report
+      property: password
+    secretKey: password
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-store
+  target:
+    name: mhub-report
+    template:
+      data:
+        jdbc-uri: jdbc:postgresql://metadatahub-db-rw.abinitio-db:5432/metadatahub?password={{
+          .password }}&user={{ .username }}
+        password: '{{ .password }}'
+        pgpass: metadatahub-db-rw:5432:metadatahub:{{ .username }}:{{ .password }}
+        uri: postgresql://{{ .username }}:{{ .password }}@metadatahub-db-rw.abinitio-db:5432/metadatahub
+        username: '{{ .username }}'
+      metadata:
+        labels:
+          cnpg.io/reload: "true"
--- a/rendered/manifests/k3s-dev/abinitio-db/metadatahub-db/postgresql.cnpg.io_v1_cluster_metadatahub.yaml
+++ b/rendered/manifests/k3s-dev/abinitio-db/metadatahub-db/postgresql.cnpg.io_v1_cluster_metadatahub.yaml
@@ -0,0 +1,45 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: metadatahub
+  namespace: abinitio-db
+spec:
+  bootstrap:
+    initdb:
+      database: metadatahub
+      owner: mhub_appserver
+      postInitApplicationSQLRefs:
+        configMapRefs:
+        - key: metadatahub.sql
+          name: metadatahub-sql
+      secret:
+        name: mhub-appserver
+  imageName: ghcr.io/cloudnative-pg/postgresql:16
+  instances: 2
+  managed:
+    roles:
+    - login: true
+      name: mhub_appserver
+      passwordSecret:
+        name: mhub-appserver
+    - login: true
+      name: mhub_importer
+      passwordSecret:
+        name: mhub-db-importer
+    - login: true
+      name: mhub_report
+      passwordSecret:
+        name: mhub-report
+  postgresql:
+    parameters:
+      effective_cache_size: 12GB
+      shared_buffers: 6GB
+  resources:
+    limits:
+      cpu: 6
+      memory: 24Gi
+    requests:
+      cpu: 3
+      memory: 12Gi
+  storage:
+    size: 60Gi
--- a/rendered/manifests/k3s-dev/abinitio-db/metadatahub-db/v1_configmap_metadatahub-sql.yaml
+++ b/rendered/manifests/k3s-dev/abinitio-db/metadatahub-db/v1_configmap_metadatahub-sql.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+data:
+  metadatahub.sql: |
+    CREATE ROLE mhub_importer;
+    CREATE ROLE mhub_report;
+    CREATE SCHEMA mhub_meta AUTHORIZATION mhub_appserver;
+    CREATE SCHEMA mhub_main AUTHORIZATION mhub_appserver;
+    GRANT USAGE ON SCHEMA mhub_meta TO mhub_importer;
+    GRANT USAGE ON SCHEMA mhub_main TO mhub_importer;
+    GRANT USAGE ON SCHEMA mhub_meta TO mhub_report;
+    GRANT USAGE ON SCHEMA mhub_main TO mhub_report;
+kind: ConfigMap
+metadata:
+  name: metadatahub-sql
+  namespace: abinitio-db