Sienna Meridian Satterwhite
fcb80f1f37
Penpot (designer.sunbeam.pt): - Frontend/backend/exporter deployments with OIDC-only auth via Hydra - VSO-managed DB, S3, and app secrets from OpenBao - PostgreSQL user/db in CNPG postInitSQL - Hydra Maester enabledNamespaces extended to devtools Penpot MCP server (mcp-designer.sunbeam.pt): - Pre-built Node.js image pushed to Gitea registry - Auth-gated via Pingora auth_request → Hydra /userinfo - WebSocket path for browser plugin connection Wildcard TLS: - Switched cert-manager from HTTP-01 (per-SAN) to DNS-01 via Scaleway webhook - Certificate collapsed to *.sunbeam.pt + sunbeam.pt - Added scaleway-certmanager-webhook Helm chart - VSO secret for Scaleway DNS API credentials in cert-manager namespace - Added cert-manager to OpenBao VSO auth role
59 lines
1.8 KiB
YAML
59 lines
1.8 KiB
YAML
apiVersion: postgresql.cnpg.io/v1
|
|
kind: Cluster
|
|
metadata:
|
|
name: postgres
|
|
namespace: data
|
|
spec:
|
|
instances: 1
|
|
|
|
postgresql:
|
|
parameters:
|
|
max_connections: "100"
|
|
shared_buffers: "128MB"
|
|
work_mem: "4MB"
|
|
|
|
bootstrap:
|
|
initdb:
|
|
database: postgres
|
|
owner: postgres
|
|
# No `secret` field — CNPG auto-generates a random superuser password
|
|
# and stores it in the `postgres-superuser` Secret. sunbeam seed reads
|
|
# that Secret to configure the OpenBao database secrets engine.
|
|
postInitSQL:
|
|
# Create all 10 logical databases and their owners.
|
|
# Passwords are set by the seed-secrets script via ALTER USER after init.
|
|
- CREATE USER kratos WITH LOGIN;
|
|
- CREATE DATABASE kratos_db OWNER kratos;
|
|
- CREATE USER hydra WITH LOGIN;
|
|
- CREATE DATABASE hydra_db OWNER hydra;
|
|
- CREATE USER docs WITH LOGIN;
|
|
- CREATE DATABASE docs_db OWNER docs;
|
|
- CREATE USER meet WITH LOGIN;
|
|
- CREATE DATABASE meet_db OWNER meet;
|
|
- CREATE USER drive WITH LOGIN;
|
|
- CREATE DATABASE drive_db OWNER drive;
|
|
- CREATE USER messages WITH LOGIN;
|
|
- CREATE DATABASE messages_db OWNER messages;
|
|
- CREATE USER conversations WITH LOGIN;
|
|
- CREATE DATABASE conversations_db OWNER conversations;
|
|
- CREATE USER people WITH LOGIN;
|
|
- CREATE DATABASE people_db OWNER people;
|
|
- CREATE USER gitea WITH LOGIN;
|
|
- CREATE DATABASE gitea_db OWNER gitea;
|
|
- CREATE USER hive WITH LOGIN;
|
|
- CREATE DATABASE hive_db OWNER hive;
|
|
- CREATE USER find WITH LOGIN;
|
|
- CREATE DATABASE find_db OWNER find;
|
|
- CREATE USER penpot WITH LOGIN;
|
|
- CREATE DATABASE penpot_db OWNER penpot;
|
|
|
|
storage:
|
|
size: 10Gi
|
|
|
|
resources:
|
|
requests:
|
|
memory: 256Mi
|
|
cpu: 250m
|
|
limits:
|
|
memory: 512Mi
|