From 2b85fa6a809b6b2d0c11d95496ab8df2052a9be6 Mon Sep 17 00:00:00 2001 From: j37hr0 Date: Sun, 3 May 2026 11:44:06 +1200 Subject: [PATCH] setting up pgadmin --- apps/kimai/values.yaml | 3 -- infrastructure/kustomization.yaml | 1 + infrastructure/pgadmin/certificate.yaml | 13 ++++++ infrastructure/pgadmin/credentials.yaml | 23 +++++++++++ infrastructure/pgadmin/helmrelease.yaml | 50 ++++++++++++++++++++++- infrastructure/pgadmin/kustomization.yaml | 3 ++ infrastructure/pgadmin/namespace.yaml | 4 ++ 7 files changed, 93 insertions(+), 4 deletions(-) create mode 100644 infrastructure/pgadmin/certificate.yaml create mode 100644 infrastructure/pgadmin/credentials.yaml create mode 100644 infrastructure/pgadmin/namespace.yaml diff --git a/apps/kimai/values.yaml b/apps/kimai/values.yaml index 7280943..f2767b6 100644 --- a/apps/kimai/values.yaml +++ b/apps/kimai/values.yaml @@ -18,9 +18,6 @@ persistence: size: 4Gi storageClass: ceph-rbd -#database: -# type: mariadb - existingSecret: kimai-secrets externalDatabase: diff --git a/infrastructure/kustomization.yaml b/infrastructure/kustomization.yaml index 963b291..88b33f5 100644 --- a/infrastructure/kustomization.yaml +++ b/infrastructure/kustomization.yaml @@ -5,6 +5,7 @@ resources: - sources - eso - certmanager +- pgadmin - velero - databases - csi-driver-smb diff --git a/infrastructure/pgadmin/certificate.yaml b/infrastructure/pgadmin/certificate.yaml new file mode 100644 index 0000000..5966c9f --- /dev/null +++ b/infrastructure/pgadmin/certificate.yaml @@ -0,0 +1,13 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: wildcard-jpcit-coza + namespace: pgadmin +spec: + secretName: wildcard-jpcit-coza-tls + issuerRef: + name: letsencrypt-dns + kind: ClusterIssuer + commonName: "*.jpcit.co.za" + dnsNames: + - "*.jpcit.co.za" \ No newline at end of file diff --git a/infrastructure/pgadmin/credentials.yaml b/infrastructure/pgadmin/credentials.yaml new file mode 100644 index 0000000..43795c6 --- /dev/null +++ b/infrastructure/pgadmin/credentials.yaml @@ -0,0 +1,23 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: pgadmin-credentials + namespace: pgadmin +spec: + refreshInterval: 1h + secretStoreRef: + name: bitwarden + kind: ClusterSecretStore + target: + name: pgadmin-credentials + creationPolicy: Owner + template: + engineVersion: v2 + mergePolicy: Merge + data: + password: '{{ .password }}' + data: + - secretKey: password + remoteRef: + key: pg-cluster-root-password + property: password \ No newline at end of file diff --git a/infrastructure/pgadmin/helmrelease.yaml b/infrastructure/pgadmin/helmrelease.yaml index 105f17a..eda4244 100644 --- a/infrastructure/pgadmin/helmrelease.yaml +++ b/infrastructure/pgadmin/helmrelease.yaml @@ -11,7 +11,55 @@ spec: version: "*" sourceRef: kind: HelmRepository - name: external-secrets + name: pgadmin4 namespace: flux-system install: createNamespace: true + values: + existingSecret: pgadmin-credentials + secretKeys: + pgadminPasswordKey: password + env: + email: admin@jpcit.co.za + extraSecretMounts: + - name: pgadmin-credentials + secret: pgadmin-credentials + subPath: password + mountPath: /var/lib/pgadmin/storage/pgadmin/pg-cluster-password + readOnly: true + extraInitContainers: | + - name: add-folder-for-pgpass + image: "dpage/pgadmin4:9.13" + command: ["/bin/mkdir", "-p", "/var/lib/pgadmin/storage/pgadmin"] + volumeMounts: + - name: pgadmin-data + mountPath: /var/lib/pgadmin + securityContext: + runAsUser: 5050 + serverDefinitions: + enabled: true + resourceType: ConfigMap + servers: + 1: + Name: pg-cluster + Group: PostgreSQL + Host: pg-cluster-rw.pg-databases.svc.cluster.local + Port: 5432 + Username: postgres + MaintenanceDB: postgres + PasswordExecCommand: cat /var/lib/pgadmin/storage/pgadmin/pg-cluster-password + ConnectionParameters: + sslmode: prefer + connect_timeout: 10 + ingress: + enabled: true + ingressClassName: traefik + hosts: + - host: pgadmin.jpcit.co.za + paths: + - path: / + pathType: Prefix + tls: + - secretName: wildcard-jpcit-coza-tls + hosts: + - pgadmin.jpcit.co.za diff --git a/infrastructure/pgadmin/kustomization.yaml b/infrastructure/pgadmin/kustomization.yaml index e0425d9..2d5ef9c 100644 --- a/infrastructure/pgadmin/kustomization.yaml +++ b/infrastructure/pgadmin/kustomization.yaml @@ -1,4 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: +- namespace.yaml - helmrelease.yaml +- credentials.yaml +- certificate.yaml diff --git a/infrastructure/pgadmin/namespace.yaml b/infrastructure/pgadmin/namespace.yaml new file mode 100644 index 0000000..627e0eb --- /dev/null +++ b/infrastructure/pgadmin/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: pgadmin \ No newline at end of file