|
| 1 | +kind: volumeset |
| 2 | +name: postgres-stateful-vs |
| 3 | +description: postgres-stateful-vs |
| 4 | +spec: |
| 5 | + autoscaling: |
| 6 | + maxCapacity: 1000 |
| 7 | + minFreePercentage: 1 |
| 8 | + scalingFactor: 1.1 |
| 9 | + fileSystemType: ext4 |
| 10 | + initialCapacity: 10 |
| 11 | + performanceClass: general-purpose-ssd |
| 12 | + snapshots: |
| 13 | + createFinalSnapshot: true |
| 14 | + retentionDuration: 7d |
| 15 | + |
| 16 | +--- |
| 17 | +kind: secret |
| 18 | +name: postgres-stateful-credentials |
| 19 | +description: '' |
| 20 | +type: dictionary |
| 21 | +data: |
| 22 | + password: the_user #Replace this with a real password |
| 23 | + username: the_password #Replace this with a real username |
| 24 | + |
| 25 | +--- |
| 26 | +kind: secret |
| 27 | +name: postgres-stateful-entrypoint-script |
| 28 | +type: opaque |
| 29 | +data: |
| 30 | + encoding: base64 |
| 31 | + payload: >- |
| 32 | + IyEvdXNyL2Jpbi9lbnYgYmFzaAoKc291cmNlIC91c3IvbG9jYWwvYmluL2RvY2tlci1lbnRyeXBvaW50LnNoCgppbnN0YWxsX2RlcHMoKSB7CiAgYXB0LWdldCB1cGRhdGUgLXkgPiAvZGV2L251bGwKICBhcHQtZ2V0IGluc3RhbGwgY3VybCAteSA+IC9kZXYvbnVsbAogIGFwdC1nZXQgaW5zdGFsbCB1bnppcCAteSA+IC9kZXYvbnVsbAogIGN1cmwgImh0dHBzOi8vYXdzY2xpLmFtYXpvbmF3cy5jb20vYXdzY2xpLWV4ZS1saW51eC14ODZfNjQuemlwIiAtbyAiYXdzY2xpdjIuemlwIiA+IC9kZXYvbnVsbAogIHVuemlwIGF3c2NsaXYyLnppcCA+IC9kZXYvbnVsbAogIC4vYXdzL2luc3RhbGwgPiAvZGV2L251bGwKfQoKZGJfaGFzX2JlZW5fcmVzdG9yZWQoKSB7CiAgaWYgWyAhIC1mICIkUEdEQVRBL0NQTE5fUkVTVE9SRUQiIF07IHRoZW4KICAgIHJldHVybiAxCiAgZmkKCiAgaWYgISBncmVwIC1xICJcLT4gJDEkIiAiJFBHREFUQS9DUExOX1JFU1RPUkVEIjsgdGhlbgogICAgcmV0dXJuIDEKICBlbHNlCiAgICByZXR1cm4gMAogIGZpCn0KCnJlc3RvcmVfZGIoKSB7Cgl3aGlsZSBbICEgLVMgL3Zhci9ydW4vcG9zdGdyZXNxbC8ucy5QR1NRTC41NDMyIF0KCWRvCiAgICBlY2hvICJXYWl0aW5nIDVzIGZvciBkYiBzb2NrZXQgdG8gYmUgYXZhaWxhYmxlIgogICAgc2xlZXAgNXMKICBkb25lCgoKCWlmICEgZGJfaGFzX2JlZW5fcmVzdG9yZWQgIiQxIjsgdGhlbgoJICBlY2hvICJJdCBhcHBlYXJzIGRiICckMScgaGFzIG5vdCB5ZXQgYmVlbiByZXN0b3JlZCBmcm9tIFMzLiBBdHRlbXB0aW5nIHRvIHJlc3RvcmUgJDEgZnJvbSAkMiIKCSAgaW5zdGFsbF9kZXBzCgkgIGRvY2tlcl9zZXR1cF9kYiAjRW5zdXJlcyAkUE9TVEdSRVNfREIgZXhpc3RzIChkZWZpbmVkIGluIHRoZSBlbnRyeXBvaW50IHNjcmlwdCBmcm9tIHRoZSBwb3N0Z3JlcyBkb2NrZXIgaW1hZ2UpCgkgIGF3cyBzMyBjcCAiJDIiIC0gfCBwZ19yZXN0b3JlIC0tY2xlYW4gLS1uby1hY2wgLS1uby1vd25lciAtZCAiJDEiIC1VICIkUE9TVEdSRVNfVVNFUiIKCSAgZWNobyAiJChkYXRlKTogJDIgLT4gJDEiIHwgY2F0ID4+ICIkUEdEQVRBL0NQTE5fUkVTVE9SRUQiCgllbHNlCgkgIGVjaG8gIkRiICckMScgYWxyZWFkeSBleGlzdHMuIFJlYWR5ISIKICBmaQp9CgpfbWFpbiAiJEAiICYKYmFja2dyb3VuZFByb2Nlc3M9JCEKCmlmIFsgLW4gIiRQT1NUR1JFU19BUkNISVZFX1VSSSIgXTsgdGhlbgogIHJlc3RvcmVfZGIgIiRQT1NUR1JFU19EQiIgIiRQT1NUR1JFU19BUkNISVZFX1VSSSIKZWxzZQogIGVjaG8gIkRlY2xpbmluZyB0byByZXN0b3JlIHRoZSBkYiBiZWNhdXNlIG5vIGFyY2hpdmUgdXJpIHdhcyBwcm92aWRlZCIKZmkKCndhaXQgJGJhY2tncm91bmRQcm9jZXNzCgoK |
| 33 | + |
| 34 | +#Here is the ASCII-encoded version of the script in the secret above |
| 35 | +#!/usr/bin/env bash |
| 36 | +# |
| 37 | +#source /usr/local/bin/docker-entrypoint.sh |
| 38 | +# |
| 39 | +#install_deps() { |
| 40 | +# apt-get update -y > /dev/null |
| 41 | +# apt-get install curl -y > /dev/null |
| 42 | +# apt-get install unzip -y > /dev/null |
| 43 | +# curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" > /dev/null |
| 44 | +# unzip awscliv2.zip > /dev/null |
| 45 | +# ./aws/install > /dev/null |
| 46 | +#} |
| 47 | +# |
| 48 | +#db_has_been_restored() { |
| 49 | +# if [ ! -f "$PGDATA/CPLN_RESTORED" ]; then |
| 50 | +# return 1 |
| 51 | +# fi |
| 52 | +# |
| 53 | +# if ! grep -q "\-> 1ドル$" "$PGDATA/CPLN_RESTORED"; then |
| 54 | +# return 1 |
| 55 | +# else |
| 56 | +# return 0 |
| 57 | +# fi |
| 58 | +#} |
| 59 | +# |
| 60 | +#restore_db() { |
| 61 | +# while [ ! -S /var/run/postgresql/.s.PGSQL.5432 ] |
| 62 | +# do |
| 63 | +# echo "Waiting 5s for db socket to be available" |
| 64 | +# sleep 5s |
| 65 | +# done |
| 66 | +# |
| 67 | +# |
| 68 | +# if ! db_has_been_restored "1ドル"; then |
| 69 | +# echo "It appears db '1ドル' has not yet been restored from S3. Attempting to restore 1ドル from 2ドル" |
| 70 | +# install_deps |
| 71 | +# docker_setup_db #Ensures $POSTGRES_DB exists (defined in the entrypoint script from the postgres docker image) |
| 72 | +# aws s3 cp "2ドル" - | pg_restore --clean --no-acl --no-owner -d "1ドル" -U "$POSTGRES_USER" |
| 73 | +# echo "$(date): 2ドル -> 1ドル" | cat >> "$PGDATA/CPLN_RESTORED" |
| 74 | +# else |
| 75 | +# echo "Db '1ドル' already exists. Ready!" |
| 76 | +# fi |
| 77 | +#} |
| 78 | +# |
| 79 | +#_main "$@" & |
| 80 | +#backgroundProcess=$! |
| 81 | +# |
| 82 | +#if [ -n "$POSTGRES_ARCHIVE_URI" ]; then |
| 83 | +# restore_db "$POSTGRES_DB" "$POSTGRES_ARCHIVE_URI" |
| 84 | +#else |
| 85 | +# echo "Declining to restore the db because no archive uri was provided" |
| 86 | +#fi |
| 87 | +# |
| 88 | +#wait $backgroundProcess |
| 89 | + |
| 90 | +--- |
| 91 | +kind: identity |
| 92 | +name: postgres-stateful-identity |
| 93 | +description: postgres-stateful-identity |
| 94 | + |
| 95 | +--- |
| 96 | +kind: policy |
| 97 | +name: postgres-stateful-access |
| 98 | +description: postgres-stateful-access |
| 99 | +bindings: |
| 100 | + - permissions: |
| 101 | + - reveal |
| 102 | + - use |
| 103 | + - view |
| 104 | + principalLinks: |
| 105 | + - //gvc/react-webpack-rails-tutorial/identity/postgres-stateful-identity #Replace YOUR_GVC_HERE with the name of your gvc |
| 106 | +targetKind: secret |
| 107 | +targetLinks: |
| 108 | + - //secret/postgres-stateful-credentials |
| 109 | + - //secret/postgres-stateful-entrypoint-script |
| 110 | + |
| 111 | +--- |
| 112 | +kind: workload |
| 113 | +name: postgres-stateful |
| 114 | +description: postgres-stateful |
| 115 | +spec: |
| 116 | + type: stateful |
| 117 | + containers: |
| 118 | + - cpu: 1000m |
| 119 | + memory: 512Mi |
| 120 | + env: |
| 121 | + # - name: POSTGRES_ARCHIVE_URI #Use this var to control the automatic restore behavior. If you leave it out, the db will start empty. |
| 122 | + # value: s3://YOUR_BUCKET/PATH_TO_ARCHIVE_FILE |
| 123 | + - name: PGDATA #The location postgres stores the db. This can be anything other than /var/lib/postgresql/data, but it must be inside the mount point for the volume set |
| 124 | + value: "/var/lib/postgresql/data/pg_data" |
| 125 | + - name: POSTGRES_DB #The name of the initial db |
| 126 | + value: test |
| 127 | + - name: POSTGRES_PASSWORD #The password for the default user |
| 128 | + value: cpln://secret/postgres-stateful-credentials.password |
| 129 | + - name: POSTGRES_USER #The name of the default user |
| 130 | + value: cpln://secret/postgres-stateful-credentials.username |
| 131 | + name: stateful |
| 132 | + image: postgres:15 |
| 133 | + command: /bin/bash |
| 134 | + args: |
| 135 | + - "-c" |
| 136 | + - "cat /usr/local/bin/cpln-entrypoint.sh >> ./cpln-entrypoint.sh && chmod u+x ./cpln-entrypoint.sh && ./cpln-entrypoint.sh postgres" |
| 137 | + #command: "cpln-entrypoint.sh" |
| 138 | + #args: |
| 139 | + # - "postgres" |
| 140 | + ports: |
| 141 | + - number: 5432 |
| 142 | + protocol: tcp |
| 143 | + volumes: |
| 144 | + - uri: cpln://volumeset/postgres-stateful-vs |
| 145 | + path: "/var/lib/postgresql/data" |
| 146 | + - uri: cpln://secret/postgres-stateful-entrypoint-script |
| 147 | + path: "/usr/local/bin/cpln-entrypoint.sh" |
| 148 | + inheritEnv: false |
| 149 | + livenessProbe: |
| 150 | + tcpSocket: |
| 151 | + port: 5432 |
| 152 | + failureThreshold: 1 |
| 153 | + readinessProbe: |
| 154 | + tcpSocket: |
| 155 | + port: 5432 |
| 156 | + failureThreshold: 1 |
| 157 | + identityLink: //identity/postgres-stateful-identity |
| 158 | + defaultOptions: |
| 159 | + capacityAI: false |
| 160 | + autoscaling: |
| 161 | + metric: cpu |
| 162 | + target: 95 |
| 163 | + maxScale: 1 |
| 164 | + firewallConfig: |
| 165 | + external: |
| 166 | + inboundAllowCIDR: [] |
| 167 | + outboundAllowCIDR: |
| 168 | + - 0.0.0.0/0 |
| 169 | + internal: |
| 170 | + inboundAllowType: same-gvc |
0 commit comments