♻️ migrate postgresql to truenas jail

auricom · Jan 14, 2024 · cb3b7c0 · cb3b7c0
1 parent badd042
commit cb3b7c0
Show file tree

Hide file tree

Showing 75 changed files with 155 additions and 196 deletions.
diff --git a/kubernetes/apps/default/atuin/app/externalsecret.yaml b/kubernetes/apps/default/atuin/app/externalsecret.yaml
@@ -15,15 +15,15 @@ spec:
       engineVersion: v2
       data:
         # App
-        ATUIN_DB_URI: "postgres://{{ .POSTGRES_USER }}:{{ .POSTGRES_PASS }}@postgres-rw.default.svc.cluster.local/atuin"
+        ATUIN_DB_URI: "postgres://{{ .POSTGRES_USER }}:{{ .POSTGRES_PASS }}@postgres.${SECRET_DOMAIN}/atuin"
         # Postgres Init
         INIT_POSTGRES_DBNAME: atuin
-        INIT_POSTGRES_HOST: postgres-rw.default.svc.cluster.local
+        INIT_POSTGRES_HOST: postgres.${SECRET_DOMAIN}
         INIT_POSTGRES_USER: "{{ .POSTGRES_USER }}"
         INIT_POSTGRES_PASS: "{{ .POSTGRES_PASS }}"
         INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}"
   dataFrom:
     - extract:
         key: atuin
     - extract:
-        key: cloudnative-pg
+        key: generic
diff --git a/kubernetes/apps/default/atuin/app/helmrelease.yaml b/kubernetes/apps/default/atuin/app/helmrelease.yaml
@@ -33,9 +33,8 @@ spec:
         initContainers:
           init-db:
             image:
-              repository: ghcr.io/auricom/postgres-init
-              tag: 15.5@sha256:9b1b80d8101d3f1c73ef13b90dff2ab3bc855bd79ebcd334cba57db391ce6db0
-              pullPolicy: IfNotPresent
+              repository: ghcr.io/onedr0p/postgres-init
+              tag: 16
             envFrom: &envFrom
               - secretRef:
                   name: atuin-secret

diff --git a/kubernetes/apps/default/atuin/ks.yaml b/kubernetes/apps/default/atuin/ks.yaml
@@ -7,7 +7,6 @@ metadata:
   namespace: flux-system
 spec:
   dependsOn:
-    - name: cluster-apps-cloudnative-pg-cluster
     - name: cluster-apps-external-secrets-stores
   path: ./kubernetes/apps/default/atuin/app
   prune: true

diff --git a/kubernetes/apps/default/authelia/app/externalsecret.yaml b/kubernetes/apps/default/authelia/app/externalsecret.yaml
@@ -22,12 +22,13 @@ spec:
         AUTHELIA_SESSION_SECRET: "{{ .AUTHELIA_SESSION_SECRET }}"
         AUTHELIA_STORAGE_ENCRYPTION_KEY: "{{ .AUTHELIA_STORAGE_ENCRYPTION_KEY }}"
         AUTHELIA_STORAGE_POSTGRES_DATABASE: &dbName authelia
-        AUTHELIA_STORAGE_POSTGRES_HOST: &dbHost postgres-rw.default.svc.cluster.local
+        AUTHELIA_STORAGE_POSTGRES_HOST: &dbHost postgres.${SECRET_DOMAIN}
         AUTHELIA_STORAGE_POSTGRES_USERNAME: &dbUser "{{ .AUTHELIA_STORAGE_POSTGRES_USERNAME }}"
         AUTHELIA_STORAGE_POSTGRES_PASSWORD: &dbPass "{{ .AUTHELIA_STORAGE_POSTGRES_PASSWORD }}"
+        AUTHELIA_STORAGE_POSTGRES_TLS_SERVER_NAME: *dbHost
+        AUTHELIA_STORAGE_POSTGRES_TLS_SKIP_VERIFY: "false"
         GRAFANA_OAUTH_CLIENT_SECRET: "{{ .GRAFANA_OAUTH_CLIENT_SECRET }}"
         IMMICH_OAUTH_CLIENT_SECRET: "{{ .IMMICH_OAUTH_CLIENT_SECRET }}"
-        MINIFLUX_OAUTH_CLIENT_SECRET: "{{ .MINIFLUX_OAUTH_CLIENT_SECRET }}"
         WEAVEGITOPS_OAUTH_CLIENT_SECRET: "{{ .WEAVEGITOPS_OAUTH_CLIENT_SECRET }}"
         GITEA_OAUTH_CLIENT_SECRET: "{{ .GITEA_OAUTH_CLIENT_SECRET }}"
         # Postgres Init
@@ -39,7 +40,7 @@ spec:
   dataFrom:
     - extract:
         key: authelia
-    - extract:
-        key: cloudnative-pg
     - extract:
         key: lldap
+    - extract:
+        key: generic
diff --git a/kubernetes/apps/default/authelia/app/helmrelease.yaml b/kubernetes/apps/default/authelia/app/helmrelease.yaml
@@ -51,10 +51,10 @@ spec:
           reloader.stakater.com/auto: "true"
         initContainers:
           init-db:
+            order: 1
             image:
-              repository: ghcr.io/auricom/postgres-init
-              tag: 15.5@sha256:9b1b80d8101d3f1c73ef13b90dff2ab3bc855bd79ebcd334cba57db391ce6db0
-              pullPolicy: IfNotPresent
+              repository: ghcr.io/onedr0p/postgres-init
+              tag: 16
             envFrom: &envFrom
               - secretRef:
                   name: authelia-secret
@@ -94,8 +94,6 @@ spec:
               AUTHELIA_SESSION_NAME: authelia-home-ops
               AUTHELIA_SESSION_REDIS_HOST: authelia-redis.default.svc.cluster.local.
               AUTHELIA_SESSION_REDIS_PORT: 6379
-              AUTHELIA_STORAGE_POSTGRES_DATABASE: authelia
-              AUTHELIA_STORAGE_POSTGRES_HOST: ${POSTGRES_HOST}
               AUTHELIA_TELEMETRY_METRICS_ADDRESS: tcp://0.0.0.0:8080
               AUTHELIA_TELEMETRY_METRICS_ENABLED: "true"
               AUTHELIA_THEME: dark

diff --git a/kubernetes/apps/default/authelia/ks.yaml b/kubernetes/apps/default/authelia/ks.yaml
@@ -8,7 +8,6 @@ metadata:
 spec:
   dependsOn:
     - name: cluster-apps-authelia-redis
-    - name: cluster-apps-cloudnative-pg-cluster
     - name: cluster-apps-external-secrets-stores
   path: ./kubernetes/apps/default/authelia/app
   prune: true

diff --git a/kubernetes/apps/default/babybuddy/app/externalsecret.yaml b/kubernetes/apps/default/babybuddy/app/externalsecret.yaml
@@ -16,7 +16,7 @@ spec:
       data:
         # App
         DB_NAME: &dbName babybuddy
-        DB_HOST: &dbHost postgres-rw.default.svc.cluster.local
+        DB_HOST: &dbHost postgres.${SECRET_DOMAIN}
         DB_USER: &dbUser "{{ .POSTGRES_USER }}"
         DB_PASS: &dbPass "{{ .POSTGRES_PASS }}"
         SECRET_KEY: "{{ .BABYBUDDY_SECRET_KEY }}"
@@ -32,4 +32,4 @@ spec:
     - extract:
         key: babybuddy
     - extract:
-        key: cloudnative-pg
+        key: generic
diff --git a/kubernetes/apps/default/babybuddy/app/helmrelease.yaml b/kubernetes/apps/default/babybuddy/app/helmrelease.yaml
@@ -33,15 +33,16 @@ spec:
           reloader.stakater.com/auto: "true"
         type: statefulset
         initContainers:
-          01-init-db:
+          init-db:
+            order: 1
             image:
-              repository: ghcr.io/auricom/postgres-init
-              tag: 15.5@sha256:9b1b80d8101d3f1c73ef13b90dff2ab3bc855bd79ebcd334cba57db391ce6db0
-              pullPolicy: IfNotPresent
+              repository: ghcr.io/onedr0p/postgres-init
+              tag: 16
             envFrom: &envFrom
               - secretRef:
                   name: babybuddy-secret
-          02-migrations:
+          migrations:
+            order: 2
             image:
               repository: ghcr.io/auricom/babybuddy
               tag: 2.1.2@sha256:c5529ddb13b5e704ba997c3f555f5e4dcf9f83080370bbb00eef22a10b2c2915
@@ -74,14 +75,14 @@ spec:
               requests:
                 cpu: 100m
                 memory: 256Mi
-        statefulset:
-          volumeClaimTemplates:
-            - name: config
-              accessMode: ReadWriteOnce
-              size: 1Gi
-              storageClass: rook-ceph-block
-              globalMounts:
-                - path: /config
+        # statefulset:
+        #   volumeClaimTemplates:
+        #     - name: config
+        #       accessMode: ReadWriteOnce
+        #       size: 1Gi
+        #       storageClass: rook-ceph-block
+        #       globalMounts:
+        #         - path: /config
     service:
       main:
         ports:

diff --git a/kubernetes/apps/default/babybuddy/ks.yaml b/kubernetes/apps/default/babybuddy/ks.yaml
@@ -12,9 +12,8 @@ spec:
     kind: GitRepository
     name: home-ops-kubernetes
   dependsOn:
-    - name: cluster-apps-cloudnative-pg-cluster
     - name: cluster-apps-external-secrets-stores
-    - name: cluster-apps-volsync-app
+    # - name: cluster-apps-volsync-app
   interval: 30m
   retryInterval: 1m
   timeout: 3m
diff --git a/kubernetes/apps/default/bazarr/app/externalsecret.yaml b/kubernetes/apps/default/bazarr/app/externalsecret.yaml
@@ -17,7 +17,7 @@ spec:
         # App
         POSTGRES_ENABLED: "true"
         POSTGRES_DATABASE: &dbName bazarr
-        POSTGRES_HOST: &dbHost postgres-rw.default.svc.cluster.local
+        POSTGRES_HOST: &dbHost postgres.${SECRET_DOMAIN}
         POSTGRES_USERNAME: &dbUser "{{ .POSTGRES_USER }}"
         POSTGRES_PASSWORD: &dbPass "{{ .POSTGRES_PASS }}"
         POSTGRES_PORT: "5432"
@@ -31,4 +31,4 @@ spec:
     - extract:
         key: bazarr
     - extract:
-        key: cloudnative-pg
+        key: generic
diff --git a/kubernetes/apps/default/bazarr/app/helmrelease.yaml b/kubernetes/apps/default/bazarr/app/helmrelease.yaml
@@ -45,10 +45,10 @@ spec:
           reloader.stakater.com/auto: "true"
         initContainers:
           init-db:
+            order: 1
             image:
-              repository: ghcr.io/auricom/postgres-init
-              tag: 15.5@sha256:9b1b80d8101d3f1c73ef13b90dff2ab3bc855bd79ebcd334cba57db391ce6db0
-              pullPolicy: IfNotPresent
+              repository: ghcr.io/onedr0p/postgres-init
+              tag: 16
             envFrom: &envFrom
               - secretRef:
                   name: atuin-secret

diff --git a/kubernetes/apps/default/bazarr/ks.yaml b/kubernetes/apps/default/bazarr/ks.yaml
@@ -7,7 +7,6 @@ metadata:
   namespace: flux-system
 spec:
   dependsOn:
-    - name: cluster-apps-cloudnative-pg-cluster
     - name: cluster-apps-external-secrets-stores
     - name: cluster-apps-volsync-app
   path: ./kubernetes/apps/default/bazarr/app

diff --git a/kubernetes/apps/default/freshrss/app/externalsecret.yaml b/kubernetes/apps/default/freshrss/app/externalsecret.yaml
@@ -16,12 +16,12 @@ spec:
       data:
         # Postgres Init
         INIT_POSTGRES_DBNAME: freshrss
-        INIT_POSTGRES_HOST: postgres-rw.default.svc.cluster.local
+        INIT_POSTGRES_HOST: postgres.${SECRET_DOMAIN}
         INIT_POSTGRES_USER: "{{ .POSTGRES_USER }}"
         INIT_POSTGRES_PASS: "{{ .POSTGRES_PASS }}"
         INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}"
   dataFrom:
     - extract:
-        key: cloudnative-pg
+        key: generic
     - extract:
         key: freshrss
diff --git a/kubernetes/apps/default/freshrss/app/helmrelease.yaml b/kubernetes/apps/default/freshrss/app/helmrelease.yaml
@@ -34,10 +34,10 @@ spec:
           reloader.stakater.com/auto: "true"
         initContainers:
           init-db:
+            order: 1
             image:
-              repository: ghcr.io/auricom/postgres-init
-              tag: 15.5@sha256:9b1b80d8101d3f1c73ef13b90dff2ab3bc855bd79ebcd334cba57db391ce6db0
-              pullPolicy: IfNotPresent
+              repository: ghcr.io/onedr0p/postgres-init
+              tag: 16
             envFrom: &envFrom
               - secretRef:
                   name: freshrss-secret

diff --git a/kubernetes/apps/default/freshrss/ks.yaml b/kubernetes/apps/default/freshrss/ks.yaml
@@ -12,7 +12,6 @@ spec:
     kind: GitRepository
     name: home-ops-kubernetes
   dependsOn:
-    - name: cluster-apps-cloudnative-pg-cluster
     - name: cluster-apps-external-secrets-stores
     - name: cluster-apps-volsync-app
   interval: 30m

diff --git a/kubernetes/apps/default/ghostfolio/app/externalsecret.yaml b/kubernetes/apps/default/ghostfolio/app/externalsecret.yaml
@@ -16,16 +16,16 @@ spec:
       data:
         # App
         ACCESS_TOKEN_SALT: "{{ .GHOSTFOLIO_ACCESS_TOKEN_SALT }}"
-        DATABASE_URL: postgresql://{{ .POSTGRES_USERNAME }}:{{ .POSTGRES_PASSWORD }}@postgres-rw.default.svc.cluster.local:5432/ghostfolio
+        DATABASE_URL: postgresql://{{ .POSTGRES_USERNAME }}:{{ .POSTGRES_PASSWORD }}@postgres.${SECRET_DOMAIN}:5432/ghostfolio
         JWT_SECRET_KEY: "{{ .GHOSTFOLIO_JWT_SECRET_KEY }}"
         # Postgres Init
         INIT_POSTGRES_DBNAME: ghostfolio
-        INIT_POSTGRES_HOST: postgres-rw.default.svc.cluster.local
+        INIT_POSTGRES_HOST: postgres.${SECRET_DOMAIN}
         INIT_POSTGRES_USER: "{{ .POSTGRES_USERNAME }}"
         INIT_POSTGRES_PASS: "{{ .POSTGRES_PASSWORD }}"
         INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}"
   dataFrom:
     - extract:
-        key: cloudnative-pg
+        key: generic
     - extract:
         key: ghostfolio
diff --git a/kubernetes/apps/default/ghostfolio/app/helmrelease.yaml b/kubernetes/apps/default/ghostfolio/app/helmrelease.yaml
@@ -37,9 +37,8 @@ spec:
         initContainers:
           init-db:
             image:
-              repository: ghcr.io/auricom/postgres-init
-              tag: 15.5@sha256:9b1b80d8101d3f1c73ef13b90dff2ab3bc855bd79ebcd334cba57db391ce6db0
-              pullPolicy: IfNotPresent
+              repository: ghcr.io/onedr0p/postgres-init
+              tag: 16
             envFrom: &envFrom
               - secretRef:
                   name: ghostfolio-secret

diff --git a/kubernetes/apps/default/ghostfolio/ks.yaml b/kubernetes/apps/default/ghostfolio/ks.yaml
@@ -12,7 +12,6 @@ spec:
     kind: GitRepository
     name: home-ops-kubernetes
   dependsOn:
-    - name: cluster-apps-cloudnative-pg-cluster
     - name: cluster-apps-external-secrets-stores
     - name: cluster-apps-ghostfolio-redis
   interval: 30m

diff --git a/kubernetes/apps/default/home-assistant/app/externalsecret.yaml b/kubernetes/apps/default/home-assistant/app/externalsecret.yaml
@@ -18,17 +18,17 @@ spec:
         HASS_SECRET_ELEVATION: "{{ .HASS_ELEVATION }}"
         HASS_SECRET_LATITUDE: "{{ .HASS_LATITUDE }}"
         HASS_SECRET_LONGITUDE: "{{ .HASS_LONGITUDE }}"
-        HASS_SECRET_DB_URL: "postgresql://{{ .POSTGRES_USER }}:{{ .POSTGRES_PASS }}@postgres-rw.default.svc.cluster.local/home_assistant"
+        HASS_SECRET_DB_URL: "postgresql://{{ .POSTGRES_USER }}:{{ .POSTGRES_PASS }}@postgres.${SECRET_DOMAIN}/home_assistant"
         HASS_SECRET_URL: "{{ .HASS_URL }}"
         PROMETHEUS_TOKEN: "{{ .PROMETHEUS_TOKEN }}"
         # Postgres Init
         INIT_POSTGRES_DBNAME: home_assistant
-        INIT_POSTGRES_HOST: postgres-rw.default.svc.cluster.local
+        INIT_POSTGRES_HOST: postgres.${SECRET_DOMAIN}
         INIT_POSTGRES_USER: "{{ .POSTGRES_USER }}"
         INIT_POSTGRES_PASS: "{{ .POSTGRES_PASS }}"
         INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}"
   dataFrom:
     - extract:
-        key: cloudnative-pg
+        key: generic
     - extract:
         key: home-assistant
diff --git a/kubernetes/apps/default/home-assistant/app/helmrelease.yaml b/kubernetes/apps/default/home-assistant/app/helmrelease.yaml
@@ -43,9 +43,8 @@ spec:
         initContainers:
           init-db:
             image:
-              repository: ghcr.io/auricom/postgres-init
-              tag: 15.5@sha256:9b1b80d8101d3f1c73ef13b90dff2ab3bc855bd79ebcd334cba57db391ce6db0
-              pullPolicy: IfNotPresent
+              repository: ghcr.io/onedr0p/postgres-init
+              tag: 16
             envFrom: &envFrom
               - secretRef:
                   name: home-assistant-secret

diff --git a/kubernetes/apps/default/home-assistant/ks.yaml b/kubernetes/apps/default/home-assistant/ks.yaml
@@ -7,7 +7,6 @@ metadata:
   namespace: flux-system
 spec:
   dependsOn:
-    - name: cluster-apps-cloudnative-pg-app
     - name: cluster-apps-external-secrets-stores
     - name: cluster-apps-volsync-app
   path: ./kubernetes/apps/default/home-assistant/app

diff --git a/kubernetes/apps/default/immich/app/externalsecret.yaml b/kubernetes/apps/default/immich/app/externalsecret.yaml
@@ -16,7 +16,7 @@ spec:
       data:
         # App
         DB_DATABASE_NAME: &dbName immich
-        DB_HOSTNAME: &dbHost postgres-rw.default.svc.cluster.local
+        DB_HOSTNAME: &dbHost postgres.${SECRET_DOMAIN}
         DB_USERNAME: &dbUser "{{ .POSTGRES_USER }}"
         DB_PASSWORD: &dbPass "{{ .POSTGRES_PASS }}"
         DB_PORT: "5432"
@@ -30,6 +30,6 @@ spec:
         INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}"
   dataFrom:
     - extract:
-        key: cloudnative-pg
+        key: generic
     - extract:
         key: immich
diff --git a/kubernetes/apps/default/immich/app/server/helmrelease.yaml b/kubernetes/apps/default/immich/app/server/helmrelease.yaml
@@ -55,9 +55,8 @@ spec:
         initContainers:
           init-db:
             image:
-              repository: ghcr.io/auricom/postgres-init
-              tag: 15.5@sha256:9b1b80d8101d3f1c73ef13b90dff2ab3bc855bd79ebcd334cba57db391ce6db0
-              pullPolicy: IfNotPresent
+              repository: ghcr.io/onedr0p/postgres-init
+              tag: 16
             envFrom: &envFrom
               - configMapRef:
                   name: *configMap

diff --git a/kubernetes/apps/default/immich/ks.yaml b/kubernetes/apps/default/immich/ks.yaml
@@ -7,7 +7,6 @@ metadata:
   namespace: flux-system
 spec:
   dependsOn:
-    - name: cluster-apps-cloudnative-pg-cluster
     - name: cluster-apps-external-secrets-stores
   path: ./kubernetes/apps/default/immich/app
   prune: true

diff --git a/kubernetes/apps/default/invidious/app/externalsecret.yaml b/kubernetes/apps/default/invidious/app/externalsecret.yaml
@@ -16,20 +16,20 @@ spec:
       data:
         # App
         INVIDIOUS_CONFIG: |
-          database_url: postgres://{{ .POSTGRES_USER }}:{{ .POSTGRES_PASS }}@postgres-rw.default.svc.cluster.local.:5432/invidious
+          database_url: postgres://{{ .POSTGRES_USER }}:{{ .POSTGRES_PASS }}@postgres.${SECRET_DOMAIN}.:5432/invidious
           check_tables: true
           port: 3000
           domain: invidious.${SECRET_CLUSTER_DOMAIN}
           https_only: false
           hmac_key: {{ .HMAC_KEY }}
         # Postgres Init
         INIT_POSTGRES_DBNAME: invidious
-        INIT_POSTGRES_HOST: postgres-rw.default.svc.cluster.local
+        INIT_POSTGRES_HOST: postgres.${SECRET_DOMAIN}
         INIT_POSTGRES_USER: "{{ .POSTGRES_USER }}"
         INIT_POSTGRES_PASS: "{{ .POSTGRES_PASS }}"
         INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}"
   dataFrom:
     - extract:
-        key: cloudnative-pg
+        key: generic
     - extract:
         key: invidious
diff --git a/kubernetes/apps/default/invidious/app/helmrelease.yaml b/kubernetes/apps/default/invidious/app/helmrelease.yaml
@@ -35,9 +35,8 @@ spec:
         initContainers:
           init-db:
             image:
-              repository: ghcr.io/auricom/postgres-init
-              tag: 15.5@sha256:9b1b80d8101d3f1c73ef13b90dff2ab3bc855bd79ebcd334cba57db391ce6db0
-              pullPolicy: IfNotPresent
+              repository: ghcr.io/onedr0p/postgres-init
+              tag: 16
             envFrom: &envFrom
               - secretRef:
                   name: invidious-secret