diff --git a/apps/kimai/values.yaml b/apps/kimai/values.yaml index 7280943..f2767b6 100644 --- a/apps/kimai/values.yaml +++ b/apps/kimai/values.yaml @@ -18,9 +18,6 @@ persistence: size: 4Gi storageClass: ceph-rbd -#database: -# type: mariadb - existingSecret: kimai-secrets externalDatabase: diff --git a/infrastructure/kustomization.yaml b/infrastructure/kustomization.yaml index 963b291..88b33f5 100644 --- a/infrastructure/kustomization.yaml +++ b/infrastructure/kustomization.yaml @@ -5,6 +5,7 @@ resources: - sources - eso - certmanager +- pgadmin - velero - databases - csi-driver-smb diff --git a/infrastructure/pgadmin/certificate.yaml b/infrastructure/pgadmin/certificate.yaml new file mode 100644 index 0000000..5966c9f --- /dev/null +++ b/infrastructure/pgadmin/certificate.yaml @@ -0,0 +1,13 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: wildcard-jpcit-coza + namespace: pgadmin +spec: + secretName: wildcard-jpcit-coza-tls + issuerRef: + name: letsencrypt-dns + kind: ClusterIssuer + commonName: "*.jpcit.co.za" + dnsNames: + - "*.jpcit.co.za" \ No newline at end of file diff --git a/infrastructure/pgadmin/credentials.yaml b/infrastructure/pgadmin/credentials.yaml new file mode 100644 index 0000000..43795c6 --- /dev/null +++ b/infrastructure/pgadmin/credentials.yaml @@ -0,0 +1,23 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: pgadmin-credentials + namespace: pgadmin +spec: + refreshInterval: 1h + secretStoreRef: + name: bitwarden + kind: ClusterSecretStore + target: + name: pgadmin-credentials + creationPolicy: Owner + template: + engineVersion: v2 + mergePolicy: Merge + data: + password: '{{ .password }}' + data: + - secretKey: password + remoteRef: + key: pg-cluster-root-password + property: password \ No newline at end of file diff --git a/infrastructure/pgadmin/helmrelease.yaml b/infrastructure/pgadmin/helmrelease.yaml index 105f17a..eda4244 100644 --- a/infrastructure/pgadmin/helmrelease.yaml +++ b/infrastructure/pgadmin/helmrelease.yaml @@ -11,7 +11,55 @@ spec: version: "*" sourceRef: kind: HelmRepository - name: external-secrets + name: pgadmin4 namespace: flux-system install: createNamespace: true + values: + existingSecret: pgadmin-credentials + secretKeys: + pgadminPasswordKey: password + env: + email: admin@jpcit.co.za + extraSecretMounts: + - name: pgadmin-credentials + secret: pgadmin-credentials + subPath: password + mountPath: /var/lib/pgadmin/storage/pgadmin/pg-cluster-password + readOnly: true + extraInitContainers: | + - name: add-folder-for-pgpass + image: "dpage/pgadmin4:9.13" + command: ["/bin/mkdir", "-p", "/var/lib/pgadmin/storage/pgadmin"] + volumeMounts: + - name: pgadmin-data + mountPath: /var/lib/pgadmin + securityContext: + runAsUser: 5050 + serverDefinitions: + enabled: true + resourceType: ConfigMap + servers: + 1: + Name: pg-cluster + Group: PostgreSQL + Host: pg-cluster-rw.pg-databases.svc.cluster.local + Port: 5432 + Username: postgres + MaintenanceDB: postgres + PasswordExecCommand: cat /var/lib/pgadmin/storage/pgadmin/pg-cluster-password + ConnectionParameters: + sslmode: prefer + connect_timeout: 10 + ingress: + enabled: true + ingressClassName: traefik + hosts: + - host: pgadmin.jpcit.co.za + paths: + - path: / + pathType: Prefix + tls: + - secretName: wildcard-jpcit-coza-tls + hosts: + - pgadmin.jpcit.co.za diff --git a/infrastructure/pgadmin/kustomization.yaml b/infrastructure/pgadmin/kustomization.yaml index e0425d9..2d5ef9c 100644 --- a/infrastructure/pgadmin/kustomization.yaml +++ b/infrastructure/pgadmin/kustomization.yaml @@ -1,4 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: +- namespace.yaml - helmrelease.yaml +- credentials.yaml +- certificate.yaml diff --git a/infrastructure/pgadmin/namespace.yaml b/infrastructure/pgadmin/namespace.yaml new file mode 100644 index 0000000..627e0eb --- /dev/null +++ b/infrastructure/pgadmin/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: pgadmin \ No newline at end of file