Forte/launchpad
6
0
Fork 0
Code Issues Pull Requests Actions Packages Wiki Activity

ppusher

Browse Source
This commit is contained in:
Danijel Simeunovic
2026-05-20 12:43:03 +02:00
parent c49d03d7f7
commit 82a081d6a3
9 changed files with 263 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
infra/overlays/upc-dev/kustomization.yaml
View File

@@ -4,6 +4,8 @@ resources:
- ../../base
- vaultwarden-postgresql
- vaultwarden
- passwordpusher-postgresql
- passwordpusher
# No patches needed — base already has "upc-dev" paths
# upc-dev is the default/base cluster

4
infra/overlays/upc-dev/passwordpusher-postgresql/kustomization.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- passwordpusher-postgresql.yaml

46
infra/overlays/upc-dev/passwordpusher-postgresql/passwordpusher-postgresql.yaml Normal file
View File

@@ -0,0 +1,46 @@
apiVersion: v1
kind: Namespace
metadata:
name: passwordpusher
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: passwordpusher-postgresql
namespace: argocd
annotations:
argocd.argoproj.io/sync-wave: "0"
labels:
app.kubernetes.io/name: passwordpusher-postgresql
app.kubernetes.io/part-of: security
app.kubernetes.io/managed-by: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
targetRevision: HEAD
path: infra/overlays/upc-dev/passwordpusher-postgresql/resources
destination:
server: https://kubernetes.default.svc
namespace: passwordpusher
syncPolicy:
automated:
prune: true
selfHeal: true
allowEmpty: false
syncOptions:
- CreateNamespace=true
- Validate=true
- ServerSideApply=true
ignoreDifferences:
- group: apps
kind: StatefulSet
jsonPointers:
- /spec/volumeClaimTemplates

9
infra/overlays/upc-dev/passwordpusher-postgresql/resources/kustomization.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- postgresql.yaml
# passwordpusher-db-secret-sealed.yaml must be created separately:
# 1. Create a Secret with keys: DATABASE_URL, pgusername, pgpassword
# (DATABASE_URL must be: postgresql://<pgusername>:<pgpassword>@passwordpusher-postgresql:5432/passwordpusher)
# 2. Seal it with kubeseal targeting the passwordpusher namespace
# 3. Add the resulting file here as a resource

98
infra/overlays/upc-dev/passwordpusher-postgresql/resources/postgresql.yaml Normal file
View File

@@ -0,0 +1,98 @@
apiVersion: v1
kind: Service
metadata:
name: passwordpusher-postgresql
namespace: passwordpusher
labels:
app.kubernetes.io/name: postgresql
app.kubernetes.io/instance: passwordpusher
app.kubernetes.io/component: database
spec:
type: ClusterIP
ports:
- name: tcp-postgresql
port: 5432
targetPort: tcp-postgresql
selector:
app.kubernetes.io/name: postgresql
app.kubernetes.io/instance: passwordpusher
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: passwordpusher-postgresql
namespace: passwordpusher
labels:
app.kubernetes.io/name: postgresql
app.kubernetes.io/instance: passwordpusher
app.kubernetes.io/component: database
spec:
serviceName: passwordpusher-postgresql
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: postgresql
app.kubernetes.io/instance: passwordpusher
template:
metadata:
labels:
app.kubernetes.io/name: postgresql
app.kubernetes.io/instance: passwordpusher
app.kubernetes.io/component: database
spec:
containers:
- name: postgresql
image: postgres:16-alpine
ports:
- name: tcp-postgresql
containerPort: 5432
env:
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: passwordpusher-db-creds
key: pgusername
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: passwordpusher-db-creds
key: pgpassword
- name: POSTGRES_DB
value: passwordpusher
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
volumeMounts:
- name: data
mountPath: /var/lib/postgresql/data
livenessProbe:
exec:
command:
- sh
- -c
- pg_isready -U "$POSTGRES_USER" -d passwordpusher
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
exec:
command:
- sh
- -c
- pg_isready -U "$POSTGRES_USER" -d passwordpusher
initialDelaySeconds: 5
periodSeconds: 5
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 500m
memory: 512Mi
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

4
infra/overlays/upc-dev/passwordpusher/kustomization.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- passwordpusher.yaml

43
infra/overlays/upc-dev/passwordpusher/passwordpusher.yaml Normal file
View File

@@ -0,0 +1,43 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: passwordpusher
namespace: argocd
annotations:
argocd.argoproj.io/sync-wave: "1"
labels:
app.kubernetes.io/name: passwordpusher
app.kubernetes.io/part-of: security
app.kubernetes.io/managed-by: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
sources:
- repoURL: https://pglombardo.github.io/passwordpusher-charts
chart: password-pusher
targetRevision: "1.4.4"
helm:
releaseName: passwordpusher
valueFiles:
- $values/infra/values/base/passwordpusher-values.yaml
- $values/infra/values/upc-dev/passwordpusher-values.yaml
- repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
targetRevision: HEAD
ref: values
destination:
server: https://kubernetes.default.svc
namespace: passwordpusher
syncPolicy:
automated:
prune: true
selfHeal: true
allowEmpty: false
syncOptions:
- CreateNamespace=true
- Validate=true
- ServerSideApply=true