feat(postgres): Rework zalando-postgres-operator integration

7215ded5 · Sheogorath · f41e5658 · 7215ded5 · 7215ded5 · 7215ded5
Verified Commit 7215ded5 authored 3 years ago by Sheogorath
--- a/infrastructure/kustomization.yaml
+++ b/infrastructure/kustomization.yaml
@@ -12,3 +12,4 @@ resources:
  - longhorn
  - monitoring
  - k8up
+  - postgres
--- a/infrastructure/postgres/kustomization.yaml
+++ b/infrastructure/postgres/kustomization.yaml
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-namespace: zalando-postgres
+namespace: postgres-system
 resources:
  - namespace.yaml
+  - repository.yaml
  - release.yaml
-  - user-namespace-network-policy.yaml
--- a/infrastructure/postgres/namespace.yaml
+++ b/infrastructure/postgres/namespace.yaml
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: zalando-postgres
+  name: postgres-system
  labels:
-    name: zalando-postgres
+    name: postgres-system
    kyverno.shivering-isles.com/class: "system"
+    database.shivering-isles.com/network-access-required: "true"
--- a/infrastructure/postgres/release.yaml
+++ b/infrastructure/postgres/release.yaml
@@ -2,7 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: zalando-postgres-operator
-  namespace: zalando-postgres
+  namespace: postgres-system
 spec:
  releaseName: zalando-postgres-operator
  chart:
@@ -11,9 +11,9 @@ spec:
      sourceRef:
        kind: HelmRepository
        name: zalando-postgres-operator
+        namespace: postgres-system
      valuesFiles:
        - values.yaml
-      # renovate: helmRepo=https://opensource.zalando.com/postgres-operator/charts/postgres-operator/ depName=postgres-operator
      version: 1.7.1
  interval: 5m
  values:

--- a/infrastructure/postgres/repository.yaml
+++ b/infrastructure/postgres/repository.yaml
@@ -2,6 +2,7 @@ apiVersion: source.toolkit.fluxcd.io/v1beta1
 kind: HelmRepository
 metadata:
  name: zalando-postgres-operator
+  namespace: postgres-system
 spec:
  interval: 30m
  url: https://opensource.zalando.com/postgres-operator/charts/postgres-operator/
--- a/infrastructure/postgres/user-namespace-network-policy.yaml
+++ b/infrastructure/postgres/user-namespace-network-policy.yaml
-apiVersion: kyverno.io/v1
-kind: ClusterPolicy
-metadata:
-  name: default
-spec:
-  rules:
-  - name: allow-from-zalando-postgres
-    match:
-      resources:
-        kinds:
-        - Namespace
-    exclude:
-      resources:
-        namespaces:
-        - *-system
-        - default
-        - kube-public
-        - kyverno
-    generate:
-      apiVersion: networking.k8s.io/v1
-      kind: NetworkPolicy
-      metadata:
-        name: allow-from-zalando-postgres-managed
-        namespace: "{{request.object.metadata.name}}"
-      spec:
-        ingress:
-        - from:
-          - namespaceSelector:
-              matchLabels:
-                name: zalando-postgres
-          ports:
-          - port: 8008
-            protocol: TCP
-          - port: 5432
-            protocol: TCP
-          - port: 8080
-            protocol: TCP
-        podSelector:
-          matchLabels:
-            application: spilo
-        policyTypes:
-        - Ingress
--- a/shared/networkpolicies/allow-from-database.yaml
+++ b/shared/networkpolicies/allow-from-database.yaml
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-from-database
+  namespace: "{{request.object.metadata.name}}"
+spec:
+  policyTypes:
+  - Ingress
+  ingress:
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          database.shivering-isles.com/network-access-required: "true"
+    ports:
+    - port: 8008
+      protocol: TCP
+    - port: 5432
+      protocol: TCP
+    - port: 8080
+      protocol: TCP
+  podSelector:
+    matchLabels:
+      application: spilo