Upgrade to PostgreSQL 16 and move to databases namespace

6 files changed, 132 insertions, 0 deletions

diff --git a/kubernetes/namespaces/databases/postgresql/README.md b/kubernetes/namespaces/databases/postgresql/README.md
new file mode 100644
index 0000000..07eed4f
--- /dev/null
+++ b/kubernetes/namespaces/databases/postgresql/README.md
@@ -0,0 +1,16 @@
+# Postgres
+This folder contains the manifests for Postgres, our primary database.
+
+You can alter the configuration file inside the `configmap.yaml` file which will be injected into the database container upon boot. Certain parameters (marked in the file) will require a server restart whereas others can be reloaded by using `SELECT pg_reload_conf();` inside Postgres.
+
+Note that there may be up to a minute before your changes to the ConfigMap are reflected inside the container, if things do not change after that you will have to restart the server for the configuration to apply.
+
+## Secrets
+
+postgres requires a `postgres-env` secret with the following entries:
+
+| Environment       | Description                       |
+|-------------------|-----------------------------------|
+| PGDATA            | The path to the pg_data directory |
+| POSTGRES_PASSWORD | The default password to use       |
+| POSTGRES_USER     | The default user to use           |
diff --git a/kubernetes/namespaces/databases/postgresql/configmap.yaml b/kubernetes/namespaces/databases/postgresql/configmap.yaml
new file mode 100644
index 0000000..12ad19b
--- /dev/null
+++ b/kubernetes/namespaces/databases/postgresql/configmap.yaml
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: postgres-config
+  namespace: databases
+data:
+  postgresql.conf: |
+    # From pgtune
+    max_connections = 110
+    shared_buffers = 1536MB
+    effective_cache_size = 4608MB
+    maintenance_work_mem = 384MB
+    checkpoint_completion_target = 0.9
+    wal_buffers = 16MB
+    default_statistics_target = 100
+    random_page_cost = 1.1
+    effective_io_concurrency = 200
+    work_mem = 3574kB
+    min_wal_size = 1GB
+    max_wal_size = 4GB
+    max_worker_processes = 4
+    max_parallel_workers_per_gather = 2
+    max_parallel_workers = 4
+    max_parallel_maintenance_workers = 2
+
+    # Custom conf
+    listen_addresses = '*'
+    password_encryption = md5
+    shared_preload_libraries = 'pg_stat_statements'	# (change requires restart)
diff --git a/kubernetes/namespaces/databases/postgresql/deployment.yaml b/kubernetes/namespaces/databases/postgresql/deployment.yaml
new file mode 100644
index 0000000..bf1f246
--- /dev/null
+++ b/kubernetes/namespaces/databases/postgresql/deployment.yaml
@@ -0,0 +1,47 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: postgres
+  namespace: databases
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: postgres
+  template:
+    metadata:
+      labels:
+        app: postgres
+    spec:
+      containers:
+        - name: postgres
+          image: ghcr.io/owl-corp/psql_extended:16
+          imagePullPolicy: "Always"
+          ports:
+            - name: postgres
+              containerPort: 5432
+          envFrom:
+            - secretRef:
+                name: postgres-env
+          args: ["-c", "config_file=/etc/postgresql/postgresql.conf"]
+          volumeMounts:
+            - name: postgres-data
+              mountPath: /var/lib/postgresql/data
+              subPath: pgdata
+            - name: postgres-config
+              mountPath: /etc/postgresql
+            - name: dshm
+              mountPath: /dev/shm
+      volumes:
+        - name: postgres-data
+          persistentVolumeClaim:
+            claimName: postgres-storage
+        - name: postgres-config
+          configMap:
+            name: postgres-config
+        - name: dshm
+          emptyDir:
+            medium: Memory
+            sizeLimit: 2Gi
diff --git a/kubernetes/namespaces/databases/postgresql/secrets.yaml b/kubernetes/namespaces/databases/postgresql/secrets.yaml
new file mode 100644
index 0000000..68c225e
--- /dev/null
+++ b/kubernetes/namespaces/databases/postgresql/secrets.yaml
diff --git a/kubernetes/namespaces/databases/postgresql/service.yaml b/kubernetes/namespaces/databases/postgresql/service.yaml
new file mode 100644
index 0000000..6a2b520
--- /dev/null
+++ b/kubernetes/namespaces/databases/postgresql/service.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: postgres
+  name: postgres
+  namespace: databases
+spec:
+  ports:
+    - port: 5432
+  selector:
+    app: postgres
+---
+# Fallback service for items relying on svc/postgres in the default namespace
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres
+  namespace: default
+spec:
+  type: ExternalName
+  externalName: postgres.databases.svc.cluster.local
+  ports:
+    - port: 5432
+  selector:
+    app: postgres
diff --git a/kubernetes/namespaces/databases/postgresql/volume.yaml b/kubernetes/namespaces/databases/postgresql/volume.yaml
new file mode 100644
index 0000000..ed1d2d6
--- /dev/null
+++ b/kubernetes/namespaces/databases/postgresql/volume.yaml
@@ -0,0 +1,14 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: postgres-storage
+  labels:
+    app: postgres
+  namespace: databases
+spec:
+  storageClassName: linode-block-storage-retain
+  accessModes:
+    - ReadWriteOncePod
+  resources:
+    requests:
+      storage: 25Gi