source other infra for pydotorg

Author: JacobCoffee

infra/k8s/cnpg-cluster-pythondotorg.yaml

@@ -0,0 +1,93 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: psf-pythondotorg-pythondotorg
+  namespace: postgres
+spec:
+  instances: 2
+  imageName: ghcr.io/cloudnative-pg/postgresql:15.8-bookworm
+
+  bootstrap:
+    initdb:
+      database: app
+      encoding: UTF8
+      localeCType: C
+      localeCollate: C
+      owner: app
+
+  certificates:
+    serverCASecret: operators-ca-crt
+    serverTLSSecret: psf-pythondotorg-pythondotorg-tls
+
+  storage:
+    resizeInUseVolumes: true
+    size: 32Gi
+
+  postgresql:
+    parameters:
+      archive_mode: "on"
+      archive_timeout: 5min
+      dynamic_shared_memory_type: posix
+      full_page_writes: "on"
+      log_destination: csvlog
+      log_directory: /controller/log
+      log_filename: postgres
+      log_rotation_age: "0"
+      log_rotation_size: "0"
+      log_truncate_on_rotation: "false"
+      logging_collector: "on"
+      max_connections: "500"
+      max_parallel_workers: "32"
+      max_replication_slots: "32"
+      max_worker_processes: "32"
+      shared_buffers: 512MB
+      shared_memory_type: mmap
+      shared_preload_libraries: ""
+      ssl_max_protocol_version: TLSv1.3
+      ssl_min_protocol_version: TLSv1.3
+      wal_keep_size: 512MB
+      wal_level: logical
+      wal_log_hints: "on"
+      wal_receiver_timeout: 5s
+      wal_sender_timeout: 5s
+    syncReplicaElectionConstraint:
+      enabled: false
+
+  backup:
+    target: primary
+    retentionPolicy: 31d
+    barmanObjectStore:
+      destinationPath: s3://cnpg-backup/postgres/psf-pythondotorg-pythondotorg
+      endpointURL: https://minio-api.us-east-2.psfhosted.computer
+      s3Credentials:
+        accessKeyId:
+          key: ACCESS_KEY_ID
+          name: minio-creds
+        secretAccessKey:
+          key: ACCESS_SECRET_KEY
+          name: minio-creds
+      wal:
+        compression: gzip
+
+  replicationSlots:
+    highAvailability:
+      enabled: true
+      slotPrefix: _cnpg_
+    synchronizeReplicas:
+      enabled: true
+    updateInterval: 30
+
+  primaryUpdateMethod: switchover
+  primaryUpdateStrategy: unsupervised
+  enablePDB: true
+  enableSuperuserAccess: true
+
+  affinity:
+    podAntiAffinityType: preferred
+
+  monitoring:
+    customQueriesConfigMap:
+      - key: queries
+        name: cnpg-default-monitoring
+    disableDefaultQueries: false
+    enablePodMonitor: false

infra/k8s/elasticsearch-pythondotorg.yaml

@@ -0,0 +1,32 @@
+apiVersion: elasticsearch.k8s.elastic.co/v1
+kind: Elasticsearch
+metadata:
+  name: psf-pythondotorg-pythondotorg
+  namespace: elasticsearch
+spec:
+  version: 8.15.1
+
+  http:
+    tls:
+      certificate:
+        secretName: psf-pythondotorg-pythondotorg-tls
+
+  transport:
+    tls:
+      certificateAuthorities:
+        configMapName: operators-ca-crt
+
+  nodeSets:
+    - name: default
+      count: 1
+      config:
+        node.store.allow_mmap: false
+      volumeClaimTemplates:
+        - metadata:
+            name: elasticsearch-data
+          spec:
+            accessModes:
+              - ReadWriteOnce
+            resources:
+              requests:
+                storage: 2Gi

infra/k8s/redis-pythondotorg.yaml

@@ -0,0 +1,49 @@
+apiVersion: redis.redis.opstreelabs.in/v1beta2
+kind: Redis
+metadata:
+  name: psf-pythondotorg-pythondotorg
+  namespace: redis
+spec:
+  kubernetesConfig:
+    image: quay.io/opstree/redis:v7.0.15
+    imagePullPolicy: IfNotPresent
+    redisSecret:
+      key: password
+      name: psf-pythondotorg-pythondotorg-password
+    resources:
+      limits:
+        cpu: 100m
+        memory: 128Mi
+      requests:
+        cpu: 100m
+        memory: 128Mi
+
+  TLS:
+    secret:
+      optional: false
+      secretName: psf-pythondotorg-pythondotorg-tls
+
+  storage:
+    volumeClaimTemplate:
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 1Gi
+
+  securityContext:
+    runAsUser: 1000
+
+  redisExporter:
+    enabled: false
+    image: quay.io/opstree/redis-exporter:v1.44.0
+    imagePullPolicy: Always
+    port: 9121
+    resources:
+      limits:
+        cpu: 100m
+        memory: 256Mi
+      requests:
+        cpu: 100m
+        memory: 256Mi