initial commit

2025-11-23 18:58:51 +01:00
commit 376a944abc
1553 changed files with 314731 additions and 0 deletions
--- a/odroid/postgres-operator-percona/helm/pmm/ingressroute.yaml
+++ b/odroid/postgres-operator-percona/helm/pmm/ingressroute.yaml
@@ -0,0 +1,15 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: percona-pmm-tls
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`percona.alldcs.nl`)
+    kind: Rule
+    services:
+    - name: percona-pmm
+      port: 443
+  tls:
+    certResolver: letsencrypt
--- a/odroid/postgres-operator-percona/helm/pmm/ingressrouteTCP.yaml
+++ b/odroid/postgres-operator-percona/helm/pmm/ingressrouteTCP.yaml
@@ -0,0 +1,28 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRouteTCP
+metadata:
+  name: percona-route-tcp-tls
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: HostSNI(`percona.alldcs.nl`)
+    services:
+    - name: percona-pmm
+      port: 443
+  tls:
+    passthrough: true
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRouteTCP
+metadata:
+  name: percona-route-tcp-http
+spec:
+  entryPoints:
+    - web
+  routes:
+  - match: HostSNI(`percona.alldcs.nl`) 
+    services:
+    - name: percona-pmm
+      port: 80
+
--- a/odroid/postgres-operator-percona/helm/pmm/secret.yaml
+++ b/odroid/postgres-operator-percona/helm/pmm/secret.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: pmm-secret
+  labels:
+    app.kubernetes.io/name: pmm
+type: Opaque
+data:
+# base64 encoded password
+# encode some password: `echo -n "admin" | base64`
+  PMM_ADMIN_PASSWORD: YWRtaW4=
--- a/odroid/postgres-operator-percona/helm/pmm/values.yaml
+++ b/odroid/postgres-operator-percona/helm/pmm/values.yaml
@@ -0,0 +1,258 @@
+## @section Percona Monitoring and Management (PMM) parameters
+## Default values for PMM.
+## This is a YAML-formatted file.
+## Declare variables to be passed into your templates.
+
+## PMM image version
+## ref: https://hub.docker.com/r/percona/pmm-server/tags
+## @param image.repository PMM image repository
+## @param image.pullPolicy PMM image pull policy
+## @param image.tag PMM image tag (immutable tags are recommended)
+## @param image.imagePullSecrets Global Docker registry secret names as an array
+##
+image:
+  repository: percona/pmm-server
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: "2.39.0"
+  imagePullSecrets: []
+
+## PMM environment variables
+## ref: https://docs.percona.com/percona-monitoring-and-management/setting-up/server/docker.html#environment-variables
+##
+pmmEnv:
+  ## @param pmmEnv.DISABLE_UPDATES Disables a periodic check for new PMM versions as well as ability to apply upgrades using the UI (need to be disabled in k8s environment as updates rolled with helm/container update)
+  ##
+  DISABLE_UPDATES: "1"
+#  ENABLE_DBAAS: "1"
+#  optional variables to integrate Grafana with internal iDP, see also secret part
+#  GF_AUTH_GENERIC_OAUTH_ENABLED: 'true'
+#  GF_AUTH_GENERIC_OAUTH_SCOPES: ''
+#  GF_AUTH_GENERIC_OAUTH_AUTH_URL: ''
+#  GF_AUTH_GENERIC_OAUTH_TOKEN_URL: ''
+#  GF_AUTH_GENERIC_OAUTH_API_URL: ''
+#  GF_AUTH_GENERIC_OAUTH_ALLOWED_DOMAINS: ''
+
+## @param pmmResources optional [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) requested for [PMM container](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/index.html#set-up-pmm-server)
+    ##  pmmResources:
+    ##    requests:
+    ##      memory: "32Gi"
+    ##      cpu: "8"
+    ##    limits:
+    ##      memory: "64Gi"
+    ##      cpu: "32"
+pmmResources: {}
+
+## Readiness probe Config
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
+## @param readyProbeConf.initialDelaySeconds  Number of seconds after the container has started before readiness probes is initiated
+## @param readyProbeConf.periodSeconds How often (in seconds) to perform the probe
+## @param readyProbeConf.failureThreshold When a probe fails, Kubernetes will try failureThreshold times before giving up
+##
+readyProbeConf:
+  initialDelaySeconds: 1
+  periodSeconds: 5
+  failureThreshold: 6
+
+## @section PMM secrets
+##
+secret:
+  ## @param secret.name Defines the name of the k8s secret that holds passwords and other secrets
+  ##
+  name: pmm-secret
+  ## @param secret.create If true then secret will be generated by Helm chart. Otherwise it is expected to be created by user.
+  ##
+  create: true
+  ## @param secret.pmm_password Initial PMM password - it changes only on the first deployment, ignored if PMM was already provisioned and just restarted. If PMM admin password is not set, it will be generated.
+  ## E.g.
+  ## pmm_password: admin
+  ##
+  ## To get password execute `kubectl get secret pmm-secret -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode`
+  ##
+  pmm_password: ""
+  ##
+  # GF_AUTH_GENERIC_OAUTH_CLIENT_ID optional client ID to integrate Grafana with internal iDP, requires other env defined as well under pmmEnv
+  # GF_AUTH_GENERIC_OAUTH_CLIENT_ID:
+  # GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET optional secret to integrate Grafana with internal iDP, requires other env defined as well under pmmEnv
+  # GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET:
+
+## @param certs Optional certificates, if not provided PMM would use generated self-signed certificates,
+##   please provide your own signed ssl certificates like this:
+## certs:
+  ## name: pmm-certs
+  ## files:
+  ##  certificate.crt:
+  ##  certificate.key:
+  ##  ca-certs.pem:
+  ##  dhparam.pem:
+certs: {}
+
+## @section PMM network configuration
+## Service configuration
+##
+service:
+  ## @param service.name Service name that is dns name monitoring services would send data to. `monitoring-service` used by default by pmm-client in Percona operators.
+  ##
+  name: percona-pmm
+  ## @param service.type Kubernetes Service type
+  ##
+  type: NodePort
+
+  ## Ports 443 and/or 80
+  ##
+  ports:
+    ## @param service.ports[0].port https port number
+    - port: 443
+      ## @param service.ports[0].targetPort target port to map for statefulset and ingress
+      targetPort: https
+      ## @param service.ports[0].protocol protocol for https
+      protocol: TCP
+      ## @param service.ports[0].name port name
+      name: https
+    ## @param service.ports[1].port http port number
+    - port: 80
+      ## @param service.ports[1].targetPort target port to map for statefulset and ingress
+      targetPort: http
+      ## @param service.ports[1].protocol protocol for http
+      protocol: TCP
+      ## @param service.ports[1].name port name
+      name: http
+
+## Ingress controller configuration
+##
+ingress:
+  ## @param ingress.enabled -- Enable ingress controller resource
+  enabled: false
+  ## @param ingress.nginxInc -- Using ingress controller from NGINX Inc
+  nginxInc: false
+  ## @param ingress.annotations -- Ingress annotations configuration
+  annotations: {}
+    ## kubernetes.io/ingress.class: nginx
+    ## kubernetes.io/tls-acme: "true"
+    ###  nginx proxy to https
+    ## nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+  ## @param ingress.community.annotations -- Ingress annotations configuration for community managed ingress (nginxInc = false)
+  community:
+    annotations: {}
+      ## kubernetes.io/ingress.class: nginx
+      ## kubernetes.io/tls-acme: "true"
+  ## @param ingress.ingressClassName -- Sets the ingress controller class name to use.
+  ingressClassName: ""
+
+  ## Ingress resource hostnames and path mappings
+  hosts:
+    ## @param ingress.hosts[0].host hostname
+    - host: chart-example.local
+    ## @param ingress.hosts[0].paths path mapping
+      paths: []
+
+  ## @param ingress.pathType -- How ingress paths should be treated.
+  pathType: Prefix
+
+  ## @param ingress.tls -- Ingress TLS configuration
+  tls: []
+  ##  - secretName: chart-example-tls
+  ##    hosts:
+  ##      - chart-example.local
+
+## @section PMM storage configuration
+## Claiming storage for PMM using Persistent Volume Claims (PVC)
+## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
+##
+storage:
+  ## @param storage.name name of PVC
+  name: pmm-storage
+  ## @param storage.storageClassName optional PMM data Persistent Volume Storage Class
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is
+  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+  ##   GKE, AWS & OpenStack)
+  ##
+  storageClassName: ""
+  ##
+  ## @param storage.size size of storage [depends](https://docs.percona.com/percona-monitoring-and-management/setting-up/server/index.html#set-up-pmm-server) on number of monitored services and data retention
+  ##
+  size: 10Gi
+  ##
+  ## @param storage.dataSource VolumeSnapshot to start from
+  ##
+  dataSource: {}
+    ## name: before-vX.Y.Z-upgrade
+    ## kind: VolumeSnapshot
+    ## apiGroup: snapshot.storage.k8s.io
+  ##
+  ## @param storage.selector select existing PersistentVolume
+  ##
+  selector: {}
+  ##   matchLabels:
+  ##     release: "stable"
+  ##   matchExpressions:
+  ##     - key: environment
+  ##       operator: In
+  ##       values:
+  ##         - dev
+
+## @section PMM kubernetes configurations
+## @param nameOverride String to partially override common.names.fullname template with a string (will prepend the release name)
+##
+nameOverride: ""
+
+## @param extraLabels Labels to add to all deployed objects
+##
+extraLabels: {}
+
+## Pods Service Account
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+## @param serviceAccount.create Specifies whether a ServiceAccount should be created
+## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
+## @param serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
+##
+serviceAccount:
+  create: true
+  annotations: {}
+  name: "pmm-service-account"
+
+## @param podAnnotations Pod annotations
+## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+##
+podAnnotations: {}
+
+## @param podSecurityContext Configure Pods Security Context
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+## E.g
+## podSecurityContext:
+  ## fsGroup: 2000
+##
+podSecurityContext: {}
+
+## @param securityContext Configure Container Security Context
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+## securityContext.capabilities The capabilities to add/drop when running containers
+## securityContext.runAsUser Set pmm containers' Security Context runAsUser
+## securityContext.runAsNonRoot Set pmm container's Security Context runAsNonRoot
+## E.g.
+## securityContext:
+  ## capabilities:
+  ##   drop:
+  ##   - ALL
+  ## readOnlyRootFilesystem: true
+  ## runAsNonRoot: true
+  ## runAsUser: 1000
+securityContext: {}
+
+
+## @param nodeSelector Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+
+## @param tolerations Tolerations for pod assignment
+## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
+
+## @param affinity Affinity for pod assignment
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}