apiVersion: v1 kind: ServiceAccount metadata: name: pgo-deployer-sa namespace: pgo --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: pgo-deployer-cr rules: - apiGroups: - '' resources: - namespaces verbs: - get - list - create - patch - delete - apiGroups: - '' resources: - pods verbs: - list - apiGroups: - '' resources: - secrets verbs: - list - get - create - delete - apiGroups: - '' resources: - configmaps - services - persistentvolumeclaims verbs: - get - create - delete - list - apiGroups: - '' resources: - serviceaccounts verbs: - get - create - delete - patch - list - apiGroups: - apps - extensions resources: - deployments verbs: - get - list - watch - create - delete - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - get - create - delete - apiGroups: - rbac.authorization.k8s.io resources: - clusterroles - clusterrolebindings - roles - rolebindings verbs: - get - create - delete - bind - escalate - apiGroups: - rbac.authorization.k8s.io resources: - roles verbs: - create - delete - apiGroups: - batch resources: - jobs verbs: - delete - list - apiGroups: - crunchydata.com resources: - pgclusters - pgreplicas - pgpolicies - pgtasks verbs: - delete - list --- apiVersion: v1 kind: ConfigMap metadata: name: pgo-deployer-cm namespace: pgo data: values.yaml: |+ --- archive_mode: "true" archive_timeout: "60" backrest_aws_s3_bucket: "" backrest_aws_s3_endpoint: "" backrest_aws_s3_key: "" backrest_aws_s3_region: "" backrest_aws_s3_secret: "" backrest_aws_s3_uri_style: "" backrest_aws_s3_verify_tls: "true" backrest_port: "2022" badger: "false" ccp_image_prefix: "registry.developers.crunchydata.com/crunchydata" ccp_image_pull_secret: "" ccp_image_pull_secret_manifest: "" ccp_image_tag: "centos7-12.3-4.4.0" create_rbac: "true" crunchy_debug: "false" db_name: "" db_password_age_days: "0" db_password_length: "24" db_port: "5432" db_replicas: "0" db_user: "testuser" default_instance_memory: "128Mi" default_pgbackrest_memory: "48Mi" default_pgbouncer_memory: "24Mi" delete_metrics_namespace: "false" delete_operator_namespace: "false" delete_watched_namespaces: "false" disable_auto_failover: "false" disable_fsgroup: "false" reconcile_rbac: "true" exporterport: "9187" grafana_admin_password: "" grafana_admin_username: "admin" grafana_install: "false" grafana_storage_access_mode: "ReadWriteOnce" grafana_storage_class_name: "fast" grafana_supplemental_groups: "65534" grafana_volume_size: "1G" metrics: "false" metrics_namespace: "pgo" namespace: "pgo" namespace_mode: "dynamic" pgbadgerport: "10000" pgo_add_os_ca_store: "false" pgo_admin_password: "examplepassword" pgo_admin_perms: "*" pgo_admin_role_name: "pgoadmin" pgo_admin_username: "admin" pgo_apiserver_port: "8443" pgo_apiserver_url: "https://postgres-operator" pgo_client_cert_secret: "pgo.tls" pgo_client_container_install: "false" pgo_client_version: "4.4.0" pgo_cluster_admin: "false" pgo_disable_eventing: "false" pgo_disable_tls: "false" pgo_image_prefix: "registry.developers.crunchydata.com/crunchydata" pgo_image_pull_secret: "" pgo_image_pull_secret_manifest: "" pgo_image_tag: "centos7-4.4.0" pgo_installation_name: "devtest" pgo_noauth_routes: "" pgo_operator_namespace: "pgo" pgo_tls_ca_store: "" pgo_tls_no_verify: "false" pod_anti_affinity: "preferred" pod_anti_affinity_pgbackrest: "" pod_anti_affinity_pgbouncer: "" prometheus_install: "false" prometheus_storage_access_mode: "ReadWriteOnce" prometheus_storage_class_name: "fast" prometheus_supplemental_groups: "65534" prometheus_volume_size: "1G" scheduler_timeout: "3600" service_type: "ClusterIP" sync_replication: "false" backrest_storage: "hostpathstorage" backup_storage: "hostpathstorage" primary_storage: "hostpathstorage" replica_storage: "hostpathstorage" wal_storage: "" storage1_name: "hostpathstorage" storage1_access_mode: "ReadWriteMany" storage1_size: "1G" storage1_type: "create" storage2_name: "replicastorage" storage2_access_mode: "ReadWriteMany" storage2_size: "1G" storage2_type: "create" storage3_name: "nfsstorage" storage3_access_mode: "ReadWriteMany" storage3_size: "1G" storage3_type: "create" storage3_supplemental_groups: "65534" storage4_name: "nfsstoragered" storage4_access_mode: "ReadWriteMany" storage4_size: "1G" storage4_match_labels: "crunchyzone=red" storage4_type: "create" storage4_supplemental_groups: "65534" storage5_name: "storageos" storage5_access_mode: "ReadWriteOnce" storage5_size: "5Gi" storage5_type: "dynamic" storage5_class: "fast" storage6_name: "primarysite" storage6_access_mode: "ReadWriteOnce" storage6_size: "4G" storage6_type: "dynamic" storage6_class: "primarysite" storage7_name: "alternatesite" storage7_access_mode: "ReadWriteOnce" storage7_size: "4G" storage7_type: "dynamic" storage7_class: "alternatesite" storage8_name: "gce" storage8_access_mode: "ReadWriteOnce" storage8_size: "300M" storage8_type: "dynamic" storage8_class: "standard" storage9_name: "rook" storage9_access_mode: "ReadWriteOnce" storage9_size: "1Gi" storage9_type: "dynamic" storage9_class: "rook-ceph-block" --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: pgo-deployer-crb roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: pgo-deployer-cr subjects: - kind: ServiceAccount name: pgo-deployer-sa namespace: pgo --- apiVersion: batch/v1 kind: Job metadata: name: pgo-deploy namespace: pgo spec: backoffLimit: 0 template: metadata: name: pgo-deploy spec: serviceAccountName: pgo-deployer-sa restartPolicy: Never containers: - name: pgo-deploy image: registry.developers.crunchydata.com/crunchydata/pgo-deployer:centos7-4.4.0 imagePullPolicy: IfNotPresent env: - name: DEPLOY_ACTION value: install volumeMounts: - name: deployer-conf mountPath: "/conf" volumes: - name: deployer-conf configMap: name: pgo-deployer-cm