setting up pgadmin

apps/kimai/values.yaml

@@ -18,9 +18,6 @@ persistence:
   size: 4Gi
   storageClass: ceph-rbd
 
-#database:
-#  type: mariadb
-
 existingSecret: kimai-secrets
 
 externalDatabase:

infrastructure/kustomization.yaml

@@ -5,6 +5,7 @@ resources:
 - sources
 - eso
 - certmanager
+- pgadmin
 - velero
 - databases
 - csi-driver-smb

infrastructure/pgadmin/certificate.yaml

@@ -0,0 +1,13 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: wildcard-jpcit-coza
+  namespace: pgadmin
+spec:
+  secretName: wildcard-jpcit-coza-tls
+  issuerRef:
+    name: letsencrypt-dns
+    kind: ClusterIssuer
+  commonName: "*.jpcit.co.za"
+  dnsNames:
+    - "*.jpcit.co.za"

infrastructure/pgadmin/credentials.yaml

@@ -0,0 +1,23 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: pgadmin-credentials
+  namespace: pgadmin
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: bitwarden
+    kind: ClusterSecretStore
+  target:
+    name: pgadmin-credentials
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      mergePolicy: Merge
+      data:
+        password: '{{ .password }}'
+  data:
+    - secretKey: password
+      remoteRef:
+        key: pg-cluster-root-password
+        property: password

infrastructure/pgadmin/helmrelease.yaml

@@ -11,7 +11,55 @@ spec:
       version: "*"
       sourceRef:
         kind: HelmRepository
-        name: external-secrets
+        name: pgadmin4
         namespace: flux-system
   install:
     createNamespace: true
+  values:
+    existingSecret: pgadmin-credentials
+    secretKeys:
+      pgadminPasswordKey: password
+    env:
+      email: admin@jpcit.co.za
+    extraSecretMounts:
+      - name: pgadmin-credentials
+        secret: pgadmin-credentials
+        subPath: password
+        mountPath: /var/lib/pgadmin/storage/pgadmin/pg-cluster-password
+        readOnly: true
+    extraInitContainers: |
+      - name: add-folder-for-pgpass
+        image: "dpage/pgadmin4:9.13"
+        command: ["/bin/mkdir", "-p", "/var/lib/pgadmin/storage/pgadmin"]
+        volumeMounts:
+          - name: pgadmin-data
+            mountPath: /var/lib/pgadmin
+        securityContext:
+          runAsUser: 5050
+    serverDefinitions:
+      enabled: true
+      resourceType: ConfigMap
+      servers:
+        1:
+          Name: pg-cluster
+          Group: PostgreSQL
+          Host: pg-cluster-rw.pg-databases.svc.cluster.local
+          Port: 5432
+          Username: postgres
+          MaintenanceDB: postgres
+          PasswordExecCommand: cat /var/lib/pgadmin/storage/pgadmin/pg-cluster-password
+          ConnectionParameters:
+            sslmode: prefer
+            connect_timeout: 10
+    ingress:
+      enabled: true
+      ingressClassName: traefik
+      hosts:
+        - host: pgadmin.jpcit.co.za
+          paths:
+            - path: /
+              pathType: Prefix
+      tls:
+        - secretName: wildcard-jpcit-coza-tls
+          hosts:
+            - pgadmin.jpcit.co.za

infrastructure/pgadmin/kustomization.yaml

@@ -1,4 +1,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
+- namespace.yaml
 - helmrelease.yaml
+- credentials.yaml
+- certificate.yaml

infrastructure/pgadmin/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: pgadmin