From bd3401254cecd17a3b4915aea659429c9eae7562 Mon Sep 17 00:00:00 2001 From: Arthur Vardevanyan Date: Fri, 9 Feb 2024 14:58:09 -0500 Subject: [PATCH] feat: Stackrox DB Move (#44) --- .../postgres/applications/kustomization.yaml | 4 - .../applications/stackrox/longhorn.yaml | 62 -------------- .../postgres/applications/stackrox/pv.yaml | 80 ------------------- .../stackrox-central/base/config-map.yaml | 2 +- .../stackrox-central/base/kustomization.yaml | 2 + .../base/postgres}/network-policy.yaml | 17 +--- .../base/postgres}/postgres.yaml | 11 +-- 7 files changed, 13 insertions(+), 165 deletions(-) delete mode 100644 kubernetes/postgres/applications/stackrox/longhorn.yaml delete mode 100644 kubernetes/postgres/applications/stackrox/pv.yaml rename kubernetes/{postgres/applications/stackrox => stackrox-central/base/postgres}/network-policy.yaml (73%) rename kubernetes/{postgres/applications/stackrox => stackrox-central/base/postgres}/postgres.yaml (94%) diff --git a/kubernetes/postgres/applications/kustomization.yaml b/kubernetes/postgres/applications/kustomization.yaml index 437da4b10..0ff03e855 100644 --- a/kubernetes/postgres/applications/kustomization.yaml +++ b/kubernetes/postgres/applications/kustomization.yaml @@ -13,7 +13,3 @@ resources: - grafana/pv.yaml - grafana/postgres.yaml - grafana/network-policy.yaml - - stackrox/longhorn.yaml - - stackrox/pv.yaml - - stackrox/postgres.yaml - - stackrox/network-policy.yaml diff --git a/kubernetes/postgres/applications/stackrox/longhorn.yaml b/kubernetes/postgres/applications/stackrox/longhorn.yaml deleted file mode 100644 index b0b29bbb3..000000000 --- a/kubernetes/postgres/applications/stackrox/longhorn.yaml +++ /dev/null @@ -1,62 +0,0 @@ -apiVersion: longhorn.io/v1beta2 -kind: Volume -metadata: - annotations: - argocd.argoproj.io/sync-wave: "1" - labels: - longhornvolume: stackrox-00-mtzw-pgdata - recurring-job-group.longhorn.io/backup: enabled - app.kubernetes.io/instance: postgres - name: stackrox-00-mtzw-pgdata - namespace: longhorn-system -spec: - replicaAutoBalance: ignored - dataLocality: disabled - accessMode: rwo - engineImage: longhornio/longhorn-engine:v1.5.3@sha256:3fb3b5d911242514e996941efb411eee3c926ec3b9766b514deddda9e6d18924 - frontend: blockdev - snapshotDataIntegrity: enabled - numberOfReplicas: 2 - size: "5368709120" ---- -apiVersion: longhorn.io/v1beta2 -kind: Volume -metadata: - annotations: - argocd.argoproj.io/sync-wave: "1" - labels: - longhornvolume: stackrox-00-8h5r-pgdata - recurring-job-group.longhorn.io/backup: enabled - app.kubernetes.io/instance: postgres - name: stackrox-00-8h5r-pgdata - namespace: longhorn-system -spec: - replicaAutoBalance: ignored - dataLocality: disabled - accessMode: rwo - engineImage: longhornio/longhorn-engine:v1.5.3@sha256:3fb3b5d911242514e996941efb411eee3c926ec3b9766b514deddda9e6d18924 - frontend: blockdev - snapshotDataIntegrity: enabled - numberOfReplicas: 2 - size: "5368709120" ---- -apiVersion: longhorn.io/v1beta2 -kind: Volume -metadata: - annotations: - argocd.argoproj.io/sync-wave: "1" - labels: - longhornvolume: stackrox-repo1 - recurring-job-group.longhorn.io/backup: enabled - app.kubernetes.io/instance: postgres - name: stackrox-repo1 - namespace: longhorn-system -spec: - replicaAutoBalance: ignored - dataLocality: disabled - accessMode: rwo - engineImage: longhornio/longhorn-engine:v1.5.3@sha256:3fb3b5d911242514e996941efb411eee3c926ec3b9766b514deddda9e6d18924 - frontend: blockdev - snapshotDataIntegrity: enabled - numberOfReplicas: 2 - size: "16106127360" diff --git a/kubernetes/postgres/applications/stackrox/pv.yaml b/kubernetes/postgres/applications/stackrox/pv.yaml deleted file mode 100644 index a6b4db269..000000000 --- a/kubernetes/postgres/applications/stackrox/pv.yaml +++ /dev/null @@ -1,80 +0,0 @@ -kind: PersistentVolume -apiVersion: v1 -metadata: - name: stackrox-00-mtzw-pgdata - annotations: - argocd.argoproj.io/sync-wave: "1" - labels: - app.kubernetes.io/instance: postgres -spec: - capacity: - storage: 5Gi - csi: - driver: driver.longhorn.io - volumeHandle: stackrox-00-mtzw-pgdata - fsType: ext4 - volumeAttributes: - numberOfReplicas: "2" - accessModes: - - ReadWriteOnce - claimRef: - kind: PersistentVolumeClaim - name: stackrox-00-mtzw-pgdata - namespace: postgres - persistentVolumeReclaimPolicy: Retain - storageClassName: longhorn-static - volumeMode: Filesystem ---- -kind: PersistentVolume -apiVersion: v1 -metadata: - name: stackrox-00-8h5r-pgdata - annotations: - argocd.argoproj.io/sync-wave: "1" - labels: - app.kubernetes.io/instance: postgres -spec: - capacity: - storage: 5Gi - csi: - driver: driver.longhorn.io - volumeHandle: stackrox-00-8h5r-pgdata - fsType: ext4 - volumeAttributes: - numberOfReplicas: "2" - accessModes: - - ReadWriteOnce - claimRef: - kind: PersistentVolumeClaim - name: stackrox-00-8h5r-pgdata - namespace: postgres - persistentVolumeReclaimPolicy: Retain - storageClassName: longhorn-static - volumeMode: Filesystem ---- -kind: PersistentVolume -apiVersion: v1 -metadata: - name: stackrox-repo1 - annotations: - argocd.argoproj.io/sync-wave: "1" - labels: - app.kubernetes.io/instance: postgres -spec: - capacity: - storage: 15Gi - csi: - driver: driver.longhorn.io - volumeHandle: stackrox-repo1 - fsType: ext4 - volumeAttributes: - numberOfReplicas: "2" - accessModes: - - ReadWriteOnce - claimRef: - kind: PersistentVolumeClaim - name: stackrox-repo1 - namespace: postgres - persistentVolumeReclaimPolicy: Retain - storageClassName: longhorn-static - volumeMode: Filesystem diff --git a/kubernetes/stackrox-central/base/config-map.yaml b/kubernetes/stackrox-central/base/config-map.yaml index fe77ee095..80b9e3a54 100644 --- a/kubernetes/stackrox-central/base/config-map.yaml +++ b/kubernetes/stackrox-central/base/config-map.yaml @@ -70,7 +70,7 @@ metadata: data: central-external-db.yaml: | centralDB: - source: host=stackrox-primary.postgres.svc port=5432 dbname=stackrox user=stackrox statement_timeout=1.2e+06 pool_min_conns=10 pool_max_conns=90 + source: host=stackrox-primary.stackrox.svc port=5432 dbname=stackrox user=stackrox statement_timeout=1.2e+06 pool_min_conns=10 pool_max_conns=90 --- # Source: stackrox-central-services/templates/01-central-09-endpoints-config.yaml apiVersion: v1 diff --git a/kubernetes/stackrox-central/base/kustomization.yaml b/kubernetes/stackrox-central/base/kustomization.yaml index 8adc53f70..2bd8728c4 100644 --- a/kubernetes/stackrox-central/base/kustomization.yaml +++ b/kubernetes/stackrox-central/base/kustomization.yaml @@ -10,3 +10,5 @@ resources: - network-policy.yaml - secret.yaml - certificate.yaml + - postgres/postgres.yaml + - postgres/network-policy.yaml diff --git a/kubernetes/postgres/applications/stackrox/network-policy.yaml b/kubernetes/stackrox-central/base/postgres/network-policy.yaml similarity index 73% rename from kubernetes/postgres/applications/stackrox/network-policy.yaml rename to kubernetes/stackrox-central/base/postgres/network-policy.yaml index 60f69ba43..f83286319 100644 --- a/kubernetes/postgres/applications/stackrox/network-policy.yaml +++ b/kubernetes/stackrox-central/base/postgres/network-policy.yaml @@ -2,11 +2,11 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: stackrox-app - namespace: postgres + namespace: stackrox annotations: argocd.argoproj.io/sync-wave: "1" labels: - app.kubernetes.io/instance: postgres + app.kubernetes.io/instance: stackrox-central-services spec: podSelector: matchLabels: @@ -29,18 +29,17 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: stackrox-postgres - namespace: postgres + namespace: stackrox annotations: argocd.argoproj.io/sync-wave: "1" labels: - app.kubernetes.io/instance: postgres + app.kubernetes.io/instance: stackrox-central-services spec: podSelector: matchLabels: postgres-operator.crunchydata.com/cluster: stackrox policyTypes: - Ingress - - Egress ingress: - from: - namespaceSelector: @@ -49,11 +48,3 @@ spec: podSelector: matchLabels: postgres-operator.crunchydata.com/cluster: stackrox - egress: - - to: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: postgres - podSelector: - matchLabels: - postgres-operator.crunchydata.com/cluster: stackrox diff --git a/kubernetes/postgres/applications/stackrox/postgres.yaml b/kubernetes/stackrox-central/base/postgres/postgres.yaml similarity index 94% rename from kubernetes/postgres/applications/stackrox/postgres.yaml rename to kubernetes/stackrox-central/base/postgres/postgres.yaml index c747ccb40..8c6b21b29 100644 --- a/kubernetes/postgres/applications/stackrox/postgres.yaml +++ b/kubernetes/stackrox-central/base/postgres/postgres.yaml @@ -1,5 +1,6 @@ # StackroxDB Tweak # alter user stackrox createdb; +# alter user stackrox superuser # PSQL 15 Public Scheme Tweak # \c stackrox # GRANT CREATE ON SCHEMA public TO stackrox; @@ -7,12 +8,12 @@ apiVersion: postgres-operator.crunchydata.com/v1beta1 kind: PostgresCluster metadata: name: stackrox - namespace: postgres + namespace: stackrox annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true labels: - app.kubernetes.io/instance: postgres + app.kubernetes.io/instance: stackrox-central-services spec: backups: pgbackrest: @@ -51,15 +52,15 @@ spec: differential: "0 7 * * 1-6" volume: volumeClaimSpec: - storageClassName: longhorn-static + storageClassName: longhorn accessModes: - ReadWriteOnce resources: requests: - storage: 15Gi + storage: 25Gi instances: - dataVolumeClaimSpec: - storageClassName: longhorn-static + storageClassName: longhorn accessModes: - ReadWriteOnce resources: