diff --git a/operator/src/network/ceramic.rs b/operator/src/network/ceramic.rs index 32a9b62f..06664d42 100644 --- a/operator/src/network/ceramic.rs +++ b/operator/src/network/ceramic.rs @@ -6,8 +6,9 @@ use k8s_openapi::{ core::v1::{ ConfigMapVolumeSource, Container, ContainerPort, EmptyDirVolumeSource, EnvVar, EnvVarSource, HTTPGetAction, PersistentVolumeClaim, PersistentVolumeClaimSpec, - PersistentVolumeClaimVolumeSource, PodSpec, PodTemplateSpec, Probe, - ResourceRequirements, SecretKeySelector, ServicePort, ServiceSpec, Volume, VolumeMount, + PersistentVolumeClaimVolumeSource, PodSecurityContext, PodSpec, PodTemplateSpec, Probe, + ResourceRequirements, SecretKeySelector, SecurityContext, ServicePort, ServiceSpec, + Volume, VolumeMount, }, }, apimachinery::pkg::{ @@ -89,7 +90,7 @@ r#"{ "local-directory": "${CERAMIC_STATE_STORE_PATH}" }, "indexing": { - "db": "sqlite://${CERAMIC_SQLITE_PATH}", + "db": "postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@localhost/${POSTGRES_DB}", "allow-queries-before-historical-sync": true, "disable-composedb": false, "enable-historical-sync": false @@ -137,6 +138,7 @@ pub struct CeramicConfig { pub image_pull_policy: String, pub ipfs: IpfsConfig, pub resource_limits: ResourceLimitsConfig, + pub postgres_resource_limits: ResourceLimitsConfig, pub env: Option>, } @@ -256,6 +258,11 @@ impl Default for CeramicConfig { memory: Some(Quantity("1Gi".to_owned())), storage: Quantity("1Gi".to_owned()), }, + postgres_resource_limits: ResourceLimitsConfig { + cpu: Some(Quantity("250m".to_owned())), + memory: Some(Quantity("1Gi".to_owned())), + storage: Quantity("1Gi".to_owned()), + }, env: None, } } @@ -290,6 +297,10 @@ impl From for CeramicConfig { value.resource_limits, default.resource_limits, ), + postgres_resource_limits: ResourceLimitsConfig::from_spec( + value.postgres_resource_limits, + default.postgres_resource_limits, + ), env: value.env, } } @@ -337,6 +348,35 @@ pub fn stateful_set_spec(ns: &str, bundle: &CeramicBundle<'_>) -> StatefulSetSpe value: Some("2".to_owned()), ..Default::default() }, + EnvVar { + name: "POSTGRES_DB".to_owned(), + value: Some("ceramic".to_owned()), + ..Default::default() + }, + EnvVar { + name: "POSTGRES_USER".to_owned(), + value_from: Some(EnvVarSource { + secret_key_ref: Some(SecretKeySelector { + key: "username".to_owned(), + name: Some("postgres-auth".to_owned()), + ..Default::default() + }), + ..Default::default() + }), + ..Default::default() + }, + EnvVar { + name: "POSTGRES_PASSWORD".to_owned(), + value_from: Some(EnvVarSource { + secret_key_ref: Some(SecretKeySelector { + key: "password".to_owned(), + name: Some("postgres-auth".to_owned()), + ..Default::default() + }), + ..Default::default() + }), + ..Default::default() + }, ]; // js-ceramic does not allow specifying the pubsub topic for any network types except "inmemory" or "local" @@ -414,6 +454,14 @@ pub fn stateful_set_spec(ns: &str, bundle: &CeramicBundle<'_>) -> StatefulSetSpe }), ..Default::default() }, + Volume { + name: "postgres-data".to_owned(), + persistent_volume_claim: Some(PersistentVolumeClaimVolumeSource { + claim_name: "postgres-data".to_owned(), + ..Default::default() + }), + ..Default::default() + }, ]; volumes.append(&mut bundle.config.ipfs.volumes(&bundle.info)); @@ -519,6 +567,66 @@ pub fn stateful_set_spec(ns: &str, bundle: &CeramicBundle<'_>) -> StatefulSetSpe ]), ..Default::default() }, + Container { + image: Some("postgres:15-alpine".to_owned()), + image_pull_policy: Some("IfNotPresent".to_owned()), + name: "postgres".to_owned(), + env: Some(vec![ + EnvVar { + name: "POSTGRES_DB".to_owned(), + value: Some("ceramic".to_owned()), + ..Default::default() + }, + EnvVar { + name: "POSTGRES_PASSWORD".to_owned(), + value_from: Some(EnvVarSource { + secret_key_ref: Some(SecretKeySelector { + key: "password".to_owned(), + name: Some("postgres-auth".to_owned()), + ..Default::default() + }), + ..Default::default() + }), + ..Default::default() + }, + EnvVar { + name: "POSTGRES_USER".to_owned(), + value_from: Some(EnvVarSource { + secret_key_ref: Some(SecretKeySelector { + key: "username".to_owned(), + name: Some("postgres-auth".to_owned()), + ..Default::default() + }), + ..Default::default() + }), + ..Default::default() + }, + ]), + ports: Some(vec![ContainerPort { + container_port: 5432, + name: Some("postgres".to_owned()), + ..Default::default() + }]), + resources: Some(ResourceRequirements { + limits: Some(bundle.config.postgres_resource_limits.clone().into()), + requests: Some( + bundle.config.postgres_resource_limits.clone().into(), + ), + ..Default::default() + }), + volume_mounts: Some(vec![VolumeMount { + mount_path: "/var/lib/postgresql".to_owned(), + name: "postgres-data".to_owned(), + sub_path: Some("ceramic_data".to_owned()), + ..Default::default() + }]), + security_context: Some(SecurityContext { + run_as_group: Some(70), + run_as_user: Some(70), + ..Default::default() + }), + ..Default::default() + }, bundle .config .ipfs @@ -554,6 +662,10 @@ pub fn stateful_set_spec(ns: &str, bundle: &CeramicBundle<'_>) -> StatefulSetSpe ..Default::default() }]), volumes: Some(volumes), + security_context: Some(PodSecurityContext { + fs_group: Some(70), + ..Default::default() + }), ..Default::default() }), }), @@ -602,6 +714,24 @@ pub fn stateful_set_spec(ns: &str, bundle: &CeramicBundle<'_>) -> StatefulSetSpe }), ..Default::default() }, + PersistentVolumeClaim { + metadata: ObjectMeta { + name: Some("postgres-data".to_owned()), + ..Default::default() + }, + spec: Some(PersistentVolumeClaimSpec { + access_modes: Some(vec!["ReadWriteOnce".to_owned()]), + resources: Some(ResourceRequirements { + requests: Some(BTreeMap::from_iter(vec![( + "storage".to_owned(), + Quantity("10Gi".to_owned()), + )])), + ..Default::default() + }), + ..Default::default() + }), + ..Default::default() + }, ]), ..Default::default() } diff --git a/operator/src/network/controller.rs b/operator/src/network/controller.rs index c5e1ee81..a160231c 100644 --- a/operator/src/network/controller.rs +++ b/operator/src/network/controller.rs @@ -2126,7 +2126,7 @@ mod tests { stub.ceramics[0].stateful_set.patch(expect![[r#" --- original +++ modified - @@ -138,46 +138,8 @@ + @@ -218,46 +218,8 @@ ] }, { @@ -2175,7 +2175,7 @@ mod tests { "name": "ipfs", "ports": [ { - @@ -212,6 +174,11 @@ + @@ -292,6 +254,11 @@ { "mountPath": "/data/ipfs", "name": "ipfs-data" @@ -2187,9 +2187,9 @@ mod tests { } ] } - @@ -320,6 +287,13 @@ + @@ -431,6 +398,13 @@ "persistentVolumeClaim": { - "claimName": "ipfs-data" + "claimName": "postgres-data" } + }, + { @@ -2255,7 +2255,7 @@ mod tests { stub.ceramics[0].stateful_set.patch(expect![[r#" --- original +++ modified - @@ -138,46 +138,8 @@ + @@ -218,46 +218,8 @@ ] }, { @@ -2304,7 +2304,7 @@ mod tests { "name": "ipfs", "ports": [ { - @@ -198,14 +160,14 @@ + @@ -278,14 +240,14 @@ ], "resources": { "limits": { @@ -2325,7 +2325,7 @@ mod tests { } }, "volumeMounts": [ - @@ -212,6 +174,11 @@ + @@ -292,6 +254,11 @@ { "mountPath": "/data/ipfs", "name": "ipfs-data" @@ -2337,9 +2337,9 @@ mod tests { } ] } - @@ -320,6 +287,13 @@ + @@ -431,6 +398,13 @@ "persistentVolumeClaim": { - "claimName": "ipfs-data" + "claimName": "postgres-data" } + }, + { @@ -2403,7 +2403,7 @@ mod tests { stub.ceramics[0].stateful_set.patch(expect![[r#" --- original +++ modified - @@ -138,46 +138,8 @@ + @@ -218,46 +218,8 @@ ] }, { @@ -2452,7 +2452,7 @@ mod tests { "name": "ipfs", "ports": [ { - @@ -212,6 +174,16 @@ + @@ -292,6 +254,16 @@ { "mountPath": "/data/ipfs", "name": "ipfs-data" @@ -2469,9 +2469,9 @@ mod tests { } ] } - @@ -320,6 +292,13 @@ + @@ -431,6 +403,13 @@ "persistentVolumeClaim": { - "claimName": "ipfs-data" + "claimName": "postgres-data" } + }, + { @@ -2540,7 +2540,7 @@ mod tests { stub.ceramics[0].stateful_set.patch(expect![[r#" --- original +++ modified - @@ -156,6 +156,10 @@ + @@ -236,6 +236,10 @@ "value": "0" }, { @@ -2551,7 +2551,7 @@ mod tests { "name": "CERAMIC_ONE_METRICS_BIND_ADDRESS", "value": "0.0.0.0:9465" }, - @@ -172,11 +176,19 @@ + @@ -252,11 +256,19 @@ "value": "/ip4/0.0.0.0/tcp/4001" }, { @@ -2572,7 +2572,7 @@ mod tests { "imagePullPolicy": "Always", "name": "ipfs", "ports": [ - @@ -198,14 +210,14 @@ + @@ -278,14 +290,14 @@ ], "resources": { "limits": { @@ -2902,7 +2902,7 @@ mod tests { stub.ceramics[0].stateful_set.patch(expect![[r#" --- original +++ modified - @@ -116,14 +116,14 @@ + @@ -138,14 +138,14 @@ }, "resources": { "limits": { @@ -2923,7 +2923,7 @@ mod tests { } }, "volumeMounts": [ - @@ -275,14 +275,14 @@ + @@ -377,14 +377,14 @@ "name": "init-ceramic-config", "resources": { "limits": { @@ -3115,10 +3115,10 @@ mod tests { }, { "name": "CERAMIC_SQLITE_PATH", - @@ -76,10 +76,6 @@ - { - "name": "CERAMIC_LOG_LEVEL", - "value": "2" + @@ -98,10 +98,6 @@ + "name": "postgres-auth" + } + } - }, - { - "name": "CERAMIC_NETWORK_TOPIC", @@ -3126,7 +3126,7 @@ mod tests { } ], "image": "ceramicnetwork/composedb:latest", - @@ -161,7 +157,7 @@ + @@ -241,7 +237,7 @@ }, { "name": "CERAMIC_ONE_NETWORK", @@ -3135,7 +3135,7 @@ mod tests { }, { "name": "CERAMIC_ONE_STORE_DIR", - @@ -235,15 +231,15 @@ + @@ -315,15 +311,15 @@ }, { "name": "CERAMIC_NETWORK", @@ -3154,10 +3154,10 @@ mod tests { }, { "name": "CERAMIC_SQLITE_PATH", - @@ -264,10 +260,6 @@ - { - "name": "CERAMIC_LOG_LEVEL", - "value": "2" + @@ -366,10 +362,6 @@ + "name": "postgres-auth" + } + } - }, - { - "name": "CERAMIC_NETWORK_TOPIC", @@ -3190,7 +3190,7 @@ mod tests { stub.ceramics[0].stateful_set.patch(expect![[r#" --- original +++ modified - @@ -82,8 +82,8 @@ + @@ -104,8 +104,8 @@ "value": "/ceramic/local-0" } ], @@ -3201,7 +3201,7 @@ mod tests { "livenessProbe": { "httpGet": { "path": "/api/v0/node/healthcheck", - @@ -270,8 +270,8 @@ + @@ -372,8 +372,8 @@ "value": "/ceramic/local-0" } ], @@ -3255,7 +3255,7 @@ mod tests { } }, "spec": { - @@ -80,6 +85,22 @@ + @@ -102,6 +107,22 @@ { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -3607,7 +3607,7 @@ mod tests { stub.ceramics[0].stateful_set.patch(expect![[r#" --- original +++ modified - @@ -80,6 +80,10 @@ + @@ -102,6 +102,10 @@ { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -3618,7 +3618,7 @@ mod tests { } ], "image": "ceramicnetwork/composedb:latest", - @@ -268,6 +272,10 @@ + @@ -370,6 +374,10 @@ { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -3687,7 +3687,7 @@ mod tests { stub.ceramics[0].stateful_set.patch(expect![[r#" --- original +++ modified - @@ -361,7 +361,8 @@ + @@ -472,7 +472,8 @@ "requests": { "storage": "10Gi" } @@ -3695,8 +3695,8 @@ mod tests { + }, + "storageClassName": "fastDisk" } - } - ] + }, + { "#]]); let (testctx, api_handle) = Context::test(mock_rpc_client); let fakeserver = ApiServerVerifier::new(api_handle); @@ -3727,7 +3727,7 @@ mod tests { stub.ceramics[0].stateful_set.patch(expect![[r#" --- original +++ modified - @@ -138,46 +138,8 @@ + @@ -218,46 +218,8 @@ ] }, { @@ -3776,7 +3776,7 @@ mod tests { "name": "ipfs", "ports": [ { - @@ -212,6 +174,11 @@ + @@ -292,6 +254,11 @@ { "mountPath": "/data/ipfs", "name": "ipfs-data" @@ -3788,9 +3788,9 @@ mod tests { } ] } - @@ -320,6 +287,13 @@ + @@ -431,6 +398,13 @@ "persistentVolumeClaim": { - "claimName": "ipfs-data" + "claimName": "postgres-data" } + }, + { @@ -3802,7 +3802,7 @@ mod tests { } ] } - @@ -361,7 +335,8 @@ + @@ -472,7 +446,8 @@ "requests": { "storage": "10Gi" } @@ -3810,8 +3810,8 @@ mod tests { + }, + "storageClassName": "fastDisk" } - } - ] + }, + { "#]]); let (testctx, api_handle) = Context::test(mock_rpc_client); let fakeserver = ApiServerVerifier::new(api_handle); diff --git a/operator/src/network/spec.rs b/operator/src/network/spec.rs index 41d8e685..13706375 100644 --- a/operator/src/network/spec.rs +++ b/operator/src/network/spec.rs @@ -154,6 +154,8 @@ pub struct CeramicSpec { pub ipfs: Option, /// Resource limits for ceramic nodes, applies to both requests and limits. pub resource_limits: Option, + /// Resource limits for postgres container in ceramic nodes, applies to both requests and limits. + pub postgres_resource_limits: Option, /// Extra env values to pass to the image. /// CAUTION: Any env vars specified in this set will override any predefined values. pub env: Option>, diff --git a/operator/src/network/testdata/ceramic_go_ss_1 b/operator/src/network/testdata/ceramic_go_ss_1 index d12bd9f2..9e20a1a9 100644 --- a/operator/src/network/testdata/ceramic_go_ss_1 +++ b/operator/src/network/testdata/ceramic_go_ss_1 @@ -77,6 +77,28 @@ Request { "name": "CERAMIC_LOG_LEVEL", "value": "2" }, + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -137,6 +159,64 @@ Request { } ] }, + { + "env": [ + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + } + ], + "image": "postgres:15-alpine", + "imagePullPolicy": "IfNotPresent", + "name": "postgres", + "ports": [ + { + "containerPort": 5432, + "name": "postgres" + } + ], + "resources": { + "limits": { + "cpu": "250m", + "ephemeral-storage": "1Gi", + "memory": "1Gi" + }, + "requests": { + "cpu": "250m", + "ephemeral-storage": "1Gi", + "memory": "1Gi" + } + }, + "securityContext": { + "runAsGroup": 70, + "runAsUser": 70 + }, + "volumeMounts": [ + { + "mountPath": "/var/lib/postgresql", + "name": "postgres-data", + "subPath": "ceramic_data" + } + ] + }, { "image": "ipfs/kubo:v0.19.1@sha256:c4527752a2130f55090be89ade8dde8f8a5328ec72570676b90f66e2cabf827d", "imagePullPolicy": "IfNotPresent", @@ -232,6 +312,28 @@ Request { "name": "CERAMIC_LOG_LEVEL", "value": "2" }, + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -264,6 +366,9 @@ Request { ] } ], + "securityContext": { + "fsGroup": 70 + }, "volumes": [ { "emptyDir": {}, @@ -288,6 +393,12 @@ Request { "claimName": "ipfs-data" } }, + { + "name": "postgres-data", + "persistentVolumeClaim": { + "claimName": "postgres-data" + } + }, { "configMap": { "defaultMode": 493, @@ -337,6 +448,23 @@ Request { } } } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "postgres-data" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "10Gi" + } + } + } } ] } diff --git a/operator/src/network/testdata/ceramic_ss_1 b/operator/src/network/testdata/ceramic_ss_1 index c2610469..c2710fea 100644 --- a/operator/src/network/testdata/ceramic_ss_1 +++ b/operator/src/network/testdata/ceramic_ss_1 @@ -77,6 +77,28 @@ Request { "name": "CERAMIC_LOG_LEVEL", "value": "2" }, + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -137,6 +159,64 @@ Request { } ] }, + { + "env": [ + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + } + ], + "image": "postgres:15-alpine", + "imagePullPolicy": "IfNotPresent", + "name": "postgres", + "ports": [ + { + "containerPort": 5432, + "name": "postgres" + } + ], + "resources": { + "limits": { + "cpu": "250m", + "ephemeral-storage": "1Gi", + "memory": "1Gi" + }, + "requests": { + "cpu": "250m", + "ephemeral-storage": "1Gi", + "memory": "1Gi" + } + }, + "securityContext": { + "runAsGroup": 70, + "runAsUser": 70 + }, + "volumeMounts": [ + { + "mountPath": "/var/lib/postgresql", + "name": "postgres-data", + "subPath": "ceramic_data" + } + ] + }, { "env": [ { @@ -265,6 +345,28 @@ Request { "name": "CERAMIC_LOG_LEVEL", "value": "2" }, + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -297,6 +399,9 @@ Request { ] } ], + "securityContext": { + "fsGroup": 70 + }, "volumes": [ { "emptyDir": {}, @@ -320,6 +425,12 @@ Request { "persistentVolumeClaim": { "claimName": "ipfs-data" } + }, + { + "name": "postgres-data", + "persistentVolumeClaim": { + "claimName": "postgres-data" + } } ] } @@ -363,6 +474,23 @@ Request { } } } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "postgres-data" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "10Gi" + } + } + } } ] } diff --git a/operator/src/network/testdata/ceramic_ss_weighted_0 b/operator/src/network/testdata/ceramic_ss_weighted_0 index e92c41c4..83e88531 100644 --- a/operator/src/network/testdata/ceramic_ss_weighted_0 +++ b/operator/src/network/testdata/ceramic_ss_weighted_0 @@ -77,6 +77,28 @@ Request { "name": "CERAMIC_LOG_LEVEL", "value": "2" }, + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -137,6 +159,64 @@ Request { } ] }, + { + "env": [ + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + } + ], + "image": "postgres:15-alpine", + "imagePullPolicy": "IfNotPresent", + "name": "postgres", + "ports": [ + { + "containerPort": 5432, + "name": "postgres" + } + ], + "resources": { + "limits": { + "cpu": "250m", + "ephemeral-storage": "1Gi", + "memory": "1Gi" + }, + "requests": { + "cpu": "250m", + "ephemeral-storage": "1Gi", + "memory": "1Gi" + } + }, + "securityContext": { + "runAsGroup": 70, + "runAsUser": 70 + }, + "volumeMounts": [ + { + "mountPath": "/var/lib/postgresql", + "name": "postgres-data", + "subPath": "ceramic_data" + } + ] + }, { "env": [ { @@ -265,6 +345,28 @@ Request { "name": "CERAMIC_LOG_LEVEL", "value": "2" }, + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -297,6 +399,9 @@ Request { ] } ], + "securityContext": { + "fsGroup": 70 + }, "volumes": [ { "emptyDir": {}, @@ -320,6 +425,12 @@ Request { "persistentVolumeClaim": { "claimName": "ipfs-data" } + }, + { + "name": "postgres-data", + "persistentVolumeClaim": { + "claimName": "postgres-data" + } } ] } @@ -363,6 +474,23 @@ Request { } } } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "postgres-data" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "10Gi" + } + } + } } ] } diff --git a/operator/src/network/testdata/ceramic_ss_weighted_1 b/operator/src/network/testdata/ceramic_ss_weighted_1 index a9584f65..48a7dd22 100644 --- a/operator/src/network/testdata/ceramic_ss_weighted_1 +++ b/operator/src/network/testdata/ceramic_ss_weighted_1 @@ -77,6 +77,28 @@ Request { "name": "CERAMIC_LOG_LEVEL", "value": "2" }, + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -137,6 +159,64 @@ Request { } ] }, + { + "env": [ + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + } + ], + "image": "postgres:15-alpine", + "imagePullPolicy": "IfNotPresent", + "name": "postgres", + "ports": [ + { + "containerPort": 5432, + "name": "postgres" + } + ], + "resources": { + "limits": { + "cpu": "250m", + "ephemeral-storage": "1Gi", + "memory": "1Gi" + }, + "requests": { + "cpu": "250m", + "ephemeral-storage": "1Gi", + "memory": "1Gi" + } + }, + "securityContext": { + "runAsGroup": 70, + "runAsUser": 70 + }, + "volumeMounts": [ + { + "mountPath": "/var/lib/postgresql", + "name": "postgres-data", + "subPath": "ceramic_data" + } + ] + }, { "env": [ { @@ -265,6 +345,28 @@ Request { "name": "CERAMIC_LOG_LEVEL", "value": "2" }, + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -297,6 +399,9 @@ Request { ] } ], + "securityContext": { + "fsGroup": 70 + }, "volumes": [ { "emptyDir": {}, @@ -320,6 +425,12 @@ Request { "persistentVolumeClaim": { "claimName": "ipfs-data" } + }, + { + "name": "postgres-data", + "persistentVolumeClaim": { + "claimName": "postgres-data" + } } ] } @@ -363,6 +474,23 @@ Request { } } } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "postgres-data" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "10Gi" + } + } + } } ] } diff --git a/operator/src/network/testdata/ceramic_ss_weighted_2 b/operator/src/network/testdata/ceramic_ss_weighted_2 index 24598ce6..cd9caec0 100644 --- a/operator/src/network/testdata/ceramic_ss_weighted_2 +++ b/operator/src/network/testdata/ceramic_ss_weighted_2 @@ -77,6 +77,28 @@ Request { "name": "CERAMIC_LOG_LEVEL", "value": "2" }, + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -137,6 +159,64 @@ Request { } ] }, + { + "env": [ + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + } + ], + "image": "postgres:15-alpine", + "imagePullPolicy": "IfNotPresent", + "name": "postgres", + "ports": [ + { + "containerPort": 5432, + "name": "postgres" + } + ], + "resources": { + "limits": { + "cpu": "250m", + "ephemeral-storage": "1Gi", + "memory": "1Gi" + }, + "requests": { + "cpu": "250m", + "ephemeral-storage": "1Gi", + "memory": "1Gi" + } + }, + "securityContext": { + "runAsGroup": 70, + "runAsUser": 70 + }, + "volumeMounts": [ + { + "mountPath": "/var/lib/postgresql", + "name": "postgres-data", + "subPath": "ceramic_data" + } + ] + }, { "env": [ { @@ -265,6 +345,28 @@ Request { "name": "CERAMIC_LOG_LEVEL", "value": "2" }, + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -297,6 +399,9 @@ Request { ] } ], + "securityContext": { + "fsGroup": 70 + }, "volumes": [ { "emptyDir": {}, @@ -320,6 +425,12 @@ Request { "persistentVolumeClaim": { "claimName": "ipfs-data" } + }, + { + "name": "postgres-data", + "persistentVolumeClaim": { + "claimName": "postgres-data" + } } ] } @@ -363,6 +474,23 @@ Request { } } } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "postgres-data" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "10Gi" + } + } + } } ] } diff --git a/operator/src/network/testdata/ceramic_ss_weighted_3 b/operator/src/network/testdata/ceramic_ss_weighted_3 index aa9aa0cd..62462df5 100644 --- a/operator/src/network/testdata/ceramic_ss_weighted_3 +++ b/operator/src/network/testdata/ceramic_ss_weighted_3 @@ -77,6 +77,28 @@ Request { "name": "CERAMIC_LOG_LEVEL", "value": "2" }, + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -137,6 +159,64 @@ Request { } ] }, + { + "env": [ + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + } + ], + "image": "postgres:15-alpine", + "imagePullPolicy": "IfNotPresent", + "name": "postgres", + "ports": [ + { + "containerPort": 5432, + "name": "postgres" + } + ], + "resources": { + "limits": { + "cpu": "250m", + "ephemeral-storage": "1Gi", + "memory": "1Gi" + }, + "requests": { + "cpu": "250m", + "ephemeral-storage": "1Gi", + "memory": "1Gi" + } + }, + "securityContext": { + "runAsGroup": 70, + "runAsUser": 70 + }, + "volumeMounts": [ + { + "mountPath": "/var/lib/postgresql", + "name": "postgres-data", + "subPath": "ceramic_data" + } + ] + }, { "env": [ { @@ -265,6 +345,28 @@ Request { "name": "CERAMIC_LOG_LEVEL", "value": "2" }, + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -297,6 +399,9 @@ Request { ] } ], + "securityContext": { + "fsGroup": 70 + }, "volumes": [ { "emptyDir": {}, @@ -320,6 +425,12 @@ Request { "persistentVolumeClaim": { "claimName": "ipfs-data" } + }, + { + "name": "postgres-data", + "persistentVolumeClaim": { + "claimName": "postgres-data" + } } ] } @@ -363,6 +474,23 @@ Request { } } } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "postgres-data" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "10Gi" + } + } + } } ] } diff --git a/operator/src/network/testdata/ceramic_ss_weighted_4 b/operator/src/network/testdata/ceramic_ss_weighted_4 index 0efc162a..7b640da2 100644 --- a/operator/src/network/testdata/ceramic_ss_weighted_4 +++ b/operator/src/network/testdata/ceramic_ss_weighted_4 @@ -77,6 +77,28 @@ Request { "name": "CERAMIC_LOG_LEVEL", "value": "2" }, + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -137,6 +159,64 @@ Request { } ] }, + { + "env": [ + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + } + ], + "image": "postgres:15-alpine", + "imagePullPolicy": "IfNotPresent", + "name": "postgres", + "ports": [ + { + "containerPort": 5432, + "name": "postgres" + } + ], + "resources": { + "limits": { + "cpu": "250m", + "ephemeral-storage": "1Gi", + "memory": "1Gi" + }, + "requests": { + "cpu": "250m", + "ephemeral-storage": "1Gi", + "memory": "1Gi" + } + }, + "securityContext": { + "runAsGroup": 70, + "runAsUser": 70 + }, + "volumeMounts": [ + { + "mountPath": "/var/lib/postgresql", + "name": "postgres-data", + "subPath": "ceramic_data" + } + ] + }, { "env": [ { @@ -265,6 +345,28 @@ Request { "name": "CERAMIC_LOG_LEVEL", "value": "2" }, + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -297,6 +399,9 @@ Request { ] } ], + "securityContext": { + "fsGroup": 70 + }, "volumes": [ { "emptyDir": {}, @@ -320,6 +425,12 @@ Request { "persistentVolumeClaim": { "claimName": "ipfs-data" } + }, + { + "name": "postgres-data", + "persistentVolumeClaim": { + "claimName": "postgres-data" + } } ] } @@ -363,6 +474,23 @@ Request { } } } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "postgres-data" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "10Gi" + } + } + } } ] } diff --git a/operator/src/network/testdata/ceramic_ss_weighted_5 b/operator/src/network/testdata/ceramic_ss_weighted_5 index 5dc4b6a5..7cc36dd6 100644 --- a/operator/src/network/testdata/ceramic_ss_weighted_5 +++ b/operator/src/network/testdata/ceramic_ss_weighted_5 @@ -77,6 +77,28 @@ Request { "name": "CERAMIC_LOG_LEVEL", "value": "2" }, + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -137,6 +159,64 @@ Request { } ] }, + { + "env": [ + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + } + ], + "image": "postgres:15-alpine", + "imagePullPolicy": "IfNotPresent", + "name": "postgres", + "ports": [ + { + "containerPort": 5432, + "name": "postgres" + } + ], + "resources": { + "limits": { + "cpu": "250m", + "ephemeral-storage": "1Gi", + "memory": "1Gi" + }, + "requests": { + "cpu": "250m", + "ephemeral-storage": "1Gi", + "memory": "1Gi" + } + }, + "securityContext": { + "runAsGroup": 70, + "runAsUser": 70 + }, + "volumeMounts": [ + { + "mountPath": "/var/lib/postgresql", + "name": "postgres-data", + "subPath": "ceramic_data" + } + ] + }, { "env": [ { @@ -265,6 +345,28 @@ Request { "name": "CERAMIC_LOG_LEVEL", "value": "2" }, + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -297,6 +399,9 @@ Request { ] } ], + "securityContext": { + "fsGroup": 70 + }, "volumes": [ { "emptyDir": {}, @@ -320,6 +425,12 @@ Request { "persistentVolumeClaim": { "claimName": "ipfs-data" } + }, + { + "name": "postgres-data", + "persistentVolumeClaim": { + "claimName": "postgres-data" + } } ] } @@ -363,6 +474,23 @@ Request { } } } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "postgres-data" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "10Gi" + } + } + } } ] } diff --git a/operator/src/network/testdata/ceramic_ss_weighted_6 b/operator/src/network/testdata/ceramic_ss_weighted_6 index 2ebd2bbb..92112eb4 100644 --- a/operator/src/network/testdata/ceramic_ss_weighted_6 +++ b/operator/src/network/testdata/ceramic_ss_weighted_6 @@ -77,6 +77,28 @@ Request { "name": "CERAMIC_LOG_LEVEL", "value": "2" }, + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -137,6 +159,64 @@ Request { } ] }, + { + "env": [ + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + } + ], + "image": "postgres:15-alpine", + "imagePullPolicy": "IfNotPresent", + "name": "postgres", + "ports": [ + { + "containerPort": 5432, + "name": "postgres" + } + ], + "resources": { + "limits": { + "cpu": "250m", + "ephemeral-storage": "1Gi", + "memory": "1Gi" + }, + "requests": { + "cpu": "250m", + "ephemeral-storage": "1Gi", + "memory": "1Gi" + } + }, + "securityContext": { + "runAsGroup": 70, + "runAsUser": 70 + }, + "volumeMounts": [ + { + "mountPath": "/var/lib/postgresql", + "name": "postgres-data", + "subPath": "ceramic_data" + } + ] + }, { "env": [ { @@ -265,6 +345,28 @@ Request { "name": "CERAMIC_LOG_LEVEL", "value": "2" }, + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -297,6 +399,9 @@ Request { ] } ], + "securityContext": { + "fsGroup": 70 + }, "volumes": [ { "emptyDir": {}, @@ -320,6 +425,12 @@ Request { "persistentVolumeClaim": { "claimName": "ipfs-data" } + }, + { + "name": "postgres-data", + "persistentVolumeClaim": { + "claimName": "postgres-data" + } } ] } @@ -363,6 +474,23 @@ Request { } } } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "postgres-data" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "10Gi" + } + } + } } ] } diff --git a/operator/src/network/testdata/ceramic_ss_weighted_7 b/operator/src/network/testdata/ceramic_ss_weighted_7 index 164fd14f..ea832ca7 100644 --- a/operator/src/network/testdata/ceramic_ss_weighted_7 +++ b/operator/src/network/testdata/ceramic_ss_weighted_7 @@ -77,6 +77,28 @@ Request { "name": "CERAMIC_LOG_LEVEL", "value": "2" }, + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -137,6 +159,64 @@ Request { } ] }, + { + "env": [ + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + } + ], + "image": "postgres:15-alpine", + "imagePullPolicy": "IfNotPresent", + "name": "postgres", + "ports": [ + { + "containerPort": 5432, + "name": "postgres" + } + ], + "resources": { + "limits": { + "cpu": "250m", + "ephemeral-storage": "1Gi", + "memory": "1Gi" + }, + "requests": { + "cpu": "250m", + "ephemeral-storage": "1Gi", + "memory": "1Gi" + } + }, + "securityContext": { + "runAsGroup": 70, + "runAsUser": 70 + }, + "volumeMounts": [ + { + "mountPath": "/var/lib/postgresql", + "name": "postgres-data", + "subPath": "ceramic_data" + } + ] + }, { "env": [ { @@ -265,6 +345,28 @@ Request { "name": "CERAMIC_LOG_LEVEL", "value": "2" }, + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -297,6 +399,9 @@ Request { ] } ], + "securityContext": { + "fsGroup": 70 + }, "volumes": [ { "emptyDir": {}, @@ -320,6 +425,12 @@ Request { "persistentVolumeClaim": { "claimName": "ipfs-data" } + }, + { + "name": "postgres-data", + "persistentVolumeClaim": { + "claimName": "postgres-data" + } } ] } @@ -363,6 +474,23 @@ Request { } } } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "postgres-data" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "10Gi" + } + } + } } ] } diff --git a/operator/src/network/testdata/ceramic_ss_weighted_8 b/operator/src/network/testdata/ceramic_ss_weighted_8 index c920f73c..1a8de854 100644 --- a/operator/src/network/testdata/ceramic_ss_weighted_8 +++ b/operator/src/network/testdata/ceramic_ss_weighted_8 @@ -77,6 +77,28 @@ Request { "name": "CERAMIC_LOG_LEVEL", "value": "2" }, + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -137,6 +159,64 @@ Request { } ] }, + { + "env": [ + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + } + ], + "image": "postgres:15-alpine", + "imagePullPolicy": "IfNotPresent", + "name": "postgres", + "ports": [ + { + "containerPort": 5432, + "name": "postgres" + } + ], + "resources": { + "limits": { + "cpu": "250m", + "ephemeral-storage": "1Gi", + "memory": "1Gi" + }, + "requests": { + "cpu": "250m", + "ephemeral-storage": "1Gi", + "memory": "1Gi" + } + }, + "securityContext": { + "runAsGroup": 70, + "runAsUser": 70 + }, + "volumeMounts": [ + { + "mountPath": "/var/lib/postgresql", + "name": "postgres-data", + "subPath": "ceramic_data" + } + ] + }, { "env": [ { @@ -265,6 +345,28 @@ Request { "name": "CERAMIC_LOG_LEVEL", "value": "2" }, + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -297,6 +399,9 @@ Request { ] } ], + "securityContext": { + "fsGroup": 70 + }, "volumes": [ { "emptyDir": {}, @@ -320,6 +425,12 @@ Request { "persistentVolumeClaim": { "claimName": "ipfs-data" } + }, + { + "name": "postgres-data", + "persistentVolumeClaim": { + "claimName": "postgres-data" + } } ] } @@ -363,6 +474,23 @@ Request { } } } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "postgres-data" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "10Gi" + } + } + } } ] } diff --git a/operator/src/network/testdata/ceramic_ss_weighted_9 b/operator/src/network/testdata/ceramic_ss_weighted_9 index c1641228..5d5eebdf 100644 --- a/operator/src/network/testdata/ceramic_ss_weighted_9 +++ b/operator/src/network/testdata/ceramic_ss_weighted_9 @@ -77,6 +77,28 @@ Request { "name": "CERAMIC_LOG_LEVEL", "value": "2" }, + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -137,6 +159,64 @@ Request { } ] }, + { + "env": [ + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + } + ], + "image": "postgres:15-alpine", + "imagePullPolicy": "IfNotPresent", + "name": "postgres", + "ports": [ + { + "containerPort": 5432, + "name": "postgres" + } + ], + "resources": { + "limits": { + "cpu": "250m", + "ephemeral-storage": "1Gi", + "memory": "1Gi" + }, + "requests": { + "cpu": "250m", + "ephemeral-storage": "1Gi", + "memory": "1Gi" + } + }, + "securityContext": { + "runAsGroup": 70, + "runAsUser": 70 + }, + "volumeMounts": [ + { + "mountPath": "/var/lib/postgresql", + "name": "postgres-data", + "subPath": "ceramic_data" + } + ] + }, { "env": [ { @@ -265,6 +345,28 @@ Request { "name": "CERAMIC_LOG_LEVEL", "value": "2" }, + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -297,6 +399,9 @@ Request { ] } ], + "securityContext": { + "fsGroup": 70 + }, "volumes": [ { "emptyDir": {}, @@ -320,6 +425,12 @@ Request { "persistentVolumeClaim": { "claimName": "ipfs-data" } + }, + { + "name": "postgres-data", + "persistentVolumeClaim": { + "claimName": "postgres-data" + } } ] } @@ -363,6 +474,23 @@ Request { } } } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "postgres-data" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "10Gi" + } + } + } } ] } diff --git a/operator/src/network/testdata/default_stubs/ceramic_init_configmap b/operator/src/network/testdata/default_stubs/ceramic_init_configmap index e95c5b2d..a4017138 100644 --- a/operator/src/network/testdata/default_stubs/ceramic_init_configmap +++ b/operator/src/network/testdata/default_stubs/ceramic_init_configmap @@ -9,7 +9,7 @@ Request { "apiVersion": "v1", "data": { "ceramic-init.sh": "#!/bin/bash\n\nset -eo pipefail\n\nexport CERAMIC_ADMIN_DID=$(composedb did:from-private-key ${CERAMIC_ADMIN_PRIVATE_KEY})\n\nCERAMIC_ADMIN_DID=$CERAMIC_ADMIN_DID envsubst < /ceramic-init/daemon-config.json > /config/daemon-config.json\n", - "daemon-config.json": "{\n \"anchor\": {\n \"auth-method\": \"did\",\n \"anchor-service-url\": \"${CAS_API_URL}\",\n \"ethereum-rpc-url\": \"${ETH_RPC_URL}\"\n },\n \"http-api\": {\n \"cors-allowed-origins\": [\n \"${CERAMIC_CORS_ALLOWED_ORIGINS}\"\n ],\n \"admin-dids\": [\n \"${CERAMIC_ADMIN_DID}\"\n ]\n },\n \"ipfs\": {\n \"mode\": \"remote\",\n \"host\": \"${CERAMIC_IPFS_HOST}\"\n },\n \"logger\": {\n \"log-level\": ${CERAMIC_LOG_LEVEL},\n \"log-to-files\": false\n },\n \"metrics\": {\n \"metrics-exporter-enabled\": false,\n \"prometheus-exporter-enabled\": true,\n \"prometheus-exporter-port\": 9464\n },\n \"network\": {\n \"name\": \"${CERAMIC_NETWORK}\",\n \"pubsub-topic\": \"${CERAMIC_NETWORK_TOPIC}\"\n },\n \"node\": {\n \"privateSeedUrl\": \"inplace:ed25519#${CERAMIC_ADMIN_PRIVATE_KEY}\"\n },\n \"state-store\": {\n \"mode\": \"fs\",\n \"local-directory\": \"${CERAMIC_STATE_STORE_PATH}\"\n },\n \"indexing\": {\n \"db\": \"sqlite://${CERAMIC_SQLITE_PATH}\",\n \"allow-queries-before-historical-sync\": true,\n \"disable-composedb\": false,\n \"enable-historical-sync\": false\n }\n}" + "daemon-config.json": "{\n \"anchor\": {\n \"auth-method\": \"did\",\n \"anchor-service-url\": \"${CAS_API_URL}\",\n \"ethereum-rpc-url\": \"${ETH_RPC_URL}\"\n },\n \"http-api\": {\n \"cors-allowed-origins\": [\n \"${CERAMIC_CORS_ALLOWED_ORIGINS}\"\n ],\n \"admin-dids\": [\n \"${CERAMIC_ADMIN_DID}\"\n ]\n },\n \"ipfs\": {\n \"mode\": \"remote\",\n \"host\": \"${CERAMIC_IPFS_HOST}\"\n },\n \"logger\": {\n \"log-level\": ${CERAMIC_LOG_LEVEL},\n \"log-to-files\": false\n },\n \"metrics\": {\n \"metrics-exporter-enabled\": false,\n \"prometheus-exporter-enabled\": true,\n \"prometheus-exporter-port\": 9464\n },\n \"network\": {\n \"name\": \"${CERAMIC_NETWORK}\",\n \"pubsub-topic\": \"${CERAMIC_NETWORK_TOPIC}\"\n },\n \"node\": {\n \"privateSeedUrl\": \"inplace:ed25519#${CERAMIC_ADMIN_PRIVATE_KEY}\"\n },\n \"state-store\": {\n \"mode\": \"fs\",\n \"local-directory\": \"${CERAMIC_STATE_STORE_PATH}\"\n },\n \"indexing\": {\n \"db\": \"postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@localhost/${POSTGRES_DB}\",\n \"allow-queries-before-historical-sync\": true,\n \"disable-composedb\": false,\n \"enable-historical-sync\": false\n }\n}" }, "kind": "ConfigMap", "metadata": { diff --git a/operator/src/network/testdata/default_stubs/ceramic_stateful_set b/operator/src/network/testdata/default_stubs/ceramic_stateful_set index a9d2bf70..90e6a210 100644 --- a/operator/src/network/testdata/default_stubs/ceramic_stateful_set +++ b/operator/src/network/testdata/default_stubs/ceramic_stateful_set @@ -77,6 +77,28 @@ Request { "name": "CERAMIC_LOG_LEVEL", "value": "2" }, + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -137,6 +159,64 @@ Request { } ] }, + { + "env": [ + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + } + ], + "image": "postgres:15-alpine", + "imagePullPolicy": "IfNotPresent", + "name": "postgres", + "ports": [ + { + "containerPort": 5432, + "name": "postgres" + } + ], + "resources": { + "limits": { + "cpu": "250m", + "ephemeral-storage": "1Gi", + "memory": "1Gi" + }, + "requests": { + "cpu": "250m", + "ephemeral-storage": "1Gi", + "memory": "1Gi" + } + }, + "securityContext": { + "runAsGroup": 70, + "runAsUser": 70 + }, + "volumeMounts": [ + { + "mountPath": "/var/lib/postgresql", + "name": "postgres-data", + "subPath": "ceramic_data" + } + ] + }, { "env": [ { @@ -265,6 +345,28 @@ Request { "name": "CERAMIC_LOG_LEVEL", "value": "2" }, + { + "name": "POSTGRES_DB", + "value": "ceramic" + }, + { + "name": "POSTGRES_USER", + "valueFrom": { + "secretKeyRef": { + "key": "username", + "name": "postgres-auth" + } + } + }, + { + "name": "POSTGRES_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "key": "password", + "name": "postgres-auth" + } + } + }, { "name": "CERAMIC_NETWORK_TOPIC", "value": "/ceramic/local-0" @@ -297,6 +399,9 @@ Request { ] } ], + "securityContext": { + "fsGroup": 70 + }, "volumes": [ { "emptyDir": {}, @@ -320,6 +425,12 @@ Request { "persistentVolumeClaim": { "claimName": "ipfs-data" } + }, + { + "name": "postgres-data", + "persistentVolumeClaim": { + "claimName": "postgres-data" + } } ] } @@ -363,6 +474,23 @@ Request { } } } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "postgres-data" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "10Gi" + } + } + } } ] }