feat: Stackrox DB Move

kubernetes/postgres/applications/kustomization.yaml

@@ -13,7 +13,3 @@ resources:
   - grafana/pv.yaml
   - grafana/postgres.yaml
   - grafana/network-policy.yaml
-  - stackrox/longhorn.yaml
-  - stackrox/pv.yaml
-  - stackrox/postgres.yaml
-  - stackrox/network-policy.yaml

kubernetes/stackrox-central/base/config-map.yaml

@@ -70,7 +70,7 @@ metadata:
 data:
   central-external-db.yaml: |
     centralDB:
-      source: host=stackrox-primary.postgres.svc port=5432 dbname=stackrox user=stackrox statement_timeout=1.2e+06 pool_min_conns=10 pool_max_conns=90
+      source: host=stackrox-primary.stackrox.svc port=5432 dbname=stackrox user=stackrox statement_timeout=1.2e+06 pool_min_conns=10 pool_max_conns=90
 ---
 # Source: stackrox-central-services/templates/01-central-09-endpoints-config.yaml
 apiVersion: v1

kubernetes/stackrox-central/base/kustomization.yaml

@@ -10,3 +10,5 @@ resources:
   - network-policy.yaml
   - secret.yaml
   - certificate.yaml
+  - postgres/postgres.yaml
+  - postgres/network-policy.yaml

kubernetes/postgres/applications/stackrox/network-policy.yaml → kubernetes/stackrox-central/base/postgres/network-policy.yaml

@@ -2,11 +2,11 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   name: stackrox-app
-  namespace: postgres
+  namespace: stackrox
   annotations:
     argocd.argoproj.io/sync-wave: "1"
   labels:
-    app.kubernetes.io/instance: postgres
+    app.kubernetes.io/instance: stackrox-central-services
 spec:
   podSelector:
     matchLabels:
@@ -29,18 +29,17 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   name: stackrox-postgres
-  namespace: postgres
+  namespace: stackrox
   annotations:
     argocd.argoproj.io/sync-wave: "1"
   labels:
-    app.kubernetes.io/instance: postgres
+    app.kubernetes.io/instance: stackrox-central-services
 spec:
   podSelector:
     matchLabels:
       postgres-operator.crunchydata.com/cluster: stackrox
   policyTypes:
     - Ingress
-    - Egress
   ingress:
     - from:
         - namespaceSelector:
@@ -49,11 +48,3 @@ spec:
           podSelector:
             matchLabels:
               postgres-operator.crunchydata.com/cluster: stackrox
-  egress:
-    - to:
-        - namespaceSelector:
-            matchLabels:
-              kubernetes.io/metadata.name: postgres
-          podSelector:
-            matchLabels:
-              postgres-operator.crunchydata.com/cluster: stackrox

kubernetes/postgres/applications/stackrox/postgres.yaml → kubernetes/stackrox-central/base/postgres/postgres.yaml

@@ -1,18 +1,19 @@
 # StackroxDB Tweak
 # alter user stackrox createdb;
+# alter user stackrox superuser
 # PSQL 15 Public Scheme Tweak
 # \c stackrox
 # GRANT CREATE ON SCHEMA public TO stackrox;
 apiVersion: postgres-operator.crunchydata.com/v1beta1
 kind: PostgresCluster
 metadata:
   name: stackrox
-  namespace: postgres
+  namespace: stackrox
   annotations:
     argocd.argoproj.io/sync-wave: "1"
     argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
   labels:
-    app.kubernetes.io/instance: postgres
+    app.kubernetes.io/instance: stackrox-central-services
 spec:
   backups:
     pgbackrest:
@@ -51,15 +52,15 @@ spec:
             differential: "0 7 * * 1-6"
           volume:
             volumeClaimSpec:
-              storageClassName: longhorn-static
+              storageClassName: longhorn
               accessModes:
                 - ReadWriteOnce
               resources:
                 requests:
-                  storage: 15Gi
+                  storage: 25Gi
   instances:
     - dataVolumeClaimSpec:
-        storageClassName: longhorn-static
+        storageClassName: longhorn
         accessModes:
           - ReadWriteOnce
         resources: