mirror of
https://github.com/zoriya/Kyoo.git
synced 2025-07-09 03:04:20 -04:00
prepare multi-tenant postgres
This commit is contained in:
Arlan Lloyd
parent
79d586dfca
commit
9657648e0d
@ -47,7 +47,7 @@ extraObjects:
|
|||||||
#RESOURCES
|
#RESOURCES
|
||||||
# meilisearch does not allow mapping their key in yet.
|
# meilisearch does not allow mapping their key in yet.
|
||||||
MEILI_MASTER_KEY: barkLike8SuperDucks
|
MEILI_MASTER_KEY: barkLike8SuperDucks
|
||||||
postgres_user: kyoo_back
|
postgres_user: kyoo_all
|
||||||
postgres_password: watchSomething4me
|
postgres_password: watchSomething4me
|
||||||
rabbitmq_user: kyoo_all
|
rabbitmq_user: kyoo_all
|
||||||
rabbitmq_password: youAreAmazing2
|
rabbitmq_password: youAreAmazing2
|
||||||
|
|||||||
@ -50,19 +50,19 @@ spec:
|
|||||||
- name: POSTGRES_USER
|
- name: POSTGRES_USER
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
key: {{ .Values.global.postgres.kyoo_migrations.userKey }}
|
key: {{ .Values.global.postgres.kyoo_back.kyoo_migrations.userKey }}
|
||||||
name: {{ .Values.global.postgres.kyoo_migrations.existingSecret }}
|
name: {{ .Values.global.postgres.kyoo_back.kyoo_migrations.existingSecret }}
|
||||||
- name: POSTGRES_PASSWORD
|
- name: POSTGRES_PASSWORD
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
key: {{ .Values.global.postgres.kyoo_migrations.passwordKey }}
|
key: {{ .Values.global.postgres.kyoo_back.kyoo_migrations.passwordKey }}
|
||||||
name: {{ .Values.global.postgres.kyoo_migrations.existingSecret }}
|
name: {{ .Values.global.postgres.kyoo_back.kyoo_migrations.existingSecret }}
|
||||||
- name: POSTGRES_DB
|
- name: POSTGRES_DB
|
||||||
value: {{ .Values.global.postgres.database }}
|
value: {{ .Values.global.postgres.kyoo_back.database }}
|
||||||
- name: POSTGRES_SERVER
|
- name: POSTGRES_SERVER
|
||||||
value: {{ .Values.global.postgres.host }}
|
value: {{ .Values.global.postgres.kyoo_back.host }}
|
||||||
- name: POSTGRES_PORT
|
- name: POSTGRES_PORT
|
||||||
value: "{{ .Values.global.postgres.port }}"
|
value: "{{ .Values.global.postgres.kyoo_back.port }}"
|
||||||
{{- with .Values.back.extraInitContainers }}
|
{{- with .Values.back.extraInitContainers }}
|
||||||
{{- tpl (toYaml .) $ | nindent 6 }}
|
{{- tpl (toYaml .) $ | nindent 6 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
@ -89,19 +89,19 @@ spec:
|
|||||||
- name: POSTGRES_USER
|
- name: POSTGRES_USER
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
key: {{ .Values.global.postgres.kyoo_back.userKey }}
|
key: {{ .Values.global.postgres.kyoo_back.kyoo_back.userKey }}
|
||||||
name: {{ .Values.global.postgres.kyoo_back.existingSecret }}
|
name: {{ .Values.global.postgres.kyoo_back.kyoo_back.existingSecret }}
|
||||||
- name: POSTGRES_PASSWORD
|
- name: POSTGRES_PASSWORD
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
key: {{ .Values.global.postgres.kyoo_back.passwordKey }}
|
key: {{ .Values.global.postgres.kyoo_back.kyoo_back.passwordKey }}
|
||||||
name: {{ .Values.global.postgres.kyoo_back.existingSecret }}
|
name: {{ .Values.global.postgres.kyoo_back.kyoo_back.existingSecret }}
|
||||||
- name: POSTGRES_DB
|
- name: POSTGRES_DB
|
||||||
value: {{ .Values.global.postgres.database }}
|
value: {{ .Values.global.postgres.kyoo_back.database }}
|
||||||
- name: POSTGRES_SERVER
|
- name: POSTGRES_SERVER
|
||||||
value: {{ .Values.global.postgres.host }}
|
value: {{ .Values.global.postgres.kyoo_back.host }}
|
||||||
- name: POSTGRES_PORT
|
- name: POSTGRES_PORT
|
||||||
value: "{{ .Values.global.postgres.port }}"
|
value: "{{ .Values.global.postgres.kyoo_back.port }}"
|
||||||
- name: RABBITMQ_DEFAULT_USER
|
- name: RABBITMQ_DEFAULT_USER
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
|
|||||||
@ -22,23 +22,31 @@ global:
|
|||||||
masterkeyKey: MEILI_MASTER_KEY
|
masterkeyKey: MEILI_MASTER_KEY
|
||||||
existingSecret: bigsecret
|
existingSecret: bigsecret
|
||||||
postgres:
|
postgres:
|
||||||
host: kyoo-postgresql
|
|
||||||
port: 5432
|
|
||||||
database: kyoo_back
|
|
||||||
#infra is only used by subchart deployment
|
#infra is only used by subchart deployment
|
||||||
infra:
|
infra:
|
||||||
# admin user is postgres
|
user: kyoo_all
|
||||||
# default user is the database name
|
|
||||||
passwordKey: postgres_password
|
|
||||||
existingSecret: bigsecret
|
|
||||||
kyoo_migrations:
|
|
||||||
userKey: postgres_user
|
|
||||||
passwordKey: postgres_password
|
passwordKey: postgres_password
|
||||||
existingSecret: bigsecret
|
existingSecret: bigsecret
|
||||||
kyoo_back:
|
kyoo_back:
|
||||||
userKey: postgres_user
|
host: kyoo-postgresql
|
||||||
passwordKey: postgres_password
|
port: 5432
|
||||||
existingSecret: bigsecret
|
database: kyoo_back
|
||||||
|
kyoo_migrations:
|
||||||
|
userKey: postgres_user
|
||||||
|
passwordKey: postgres_password
|
||||||
|
existingSecret: bigsecret
|
||||||
|
kyoo_back:
|
||||||
|
userKey: postgres_user
|
||||||
|
passwordKey: postgres_password
|
||||||
|
existingSecret: bigsecret
|
||||||
|
kyoo_transcoder:
|
||||||
|
host: kyoo-postgresql
|
||||||
|
port: 5432
|
||||||
|
database: kyoo_transcoder
|
||||||
|
kyoo_transcoder:
|
||||||
|
userKey: postgres_user
|
||||||
|
passwordKey: postgres_password
|
||||||
|
existingSecret: bigsecret
|
||||||
rabbitmq:
|
rabbitmq:
|
||||||
host: kyoo-rabbitmq
|
host: kyoo-rabbitmq
|
||||||
port: 5672
|
port: 5672
|
||||||
@ -319,15 +327,31 @@ meilisearch:
|
|||||||
postgresql:
|
postgresql:
|
||||||
enabled: false
|
enabled: false
|
||||||
auth:
|
auth:
|
||||||
# this does not read from a secret. not sure how to map
|
# create a user
|
||||||
# just manually make the same
|
username: "{{ .Values.global.postgres.infra.user }}"
|
||||||
username: "kyoo_back"
|
|
||||||
database: "{{ .Values.global.postgres.database }}"
|
|
||||||
existingSecret: "{{ .Values.global.postgres.infra.existingSecret }}"
|
existingSecret: "{{ .Values.global.postgres.infra.existingSecret }}"
|
||||||
secretKeys:
|
secretKeys:
|
||||||
|
# set the postgres user password to the same as our user
|
||||||
adminPasswordKey: "{{ .Values.global.postgres.infra.passwordKey }}"
|
adminPasswordKey: "{{ .Values.global.postgres.infra.passwordKey }}"
|
||||||
userPasswordKey: "{{ .Values.global.postgres.infra.passwordKey }}"
|
userPasswordKey: "{{ .Values.global.postgres.infra.passwordKey }}"
|
||||||
primary:
|
primary:
|
||||||
|
# create databases, schemas, and set search_path
|
||||||
|
initdb:
|
||||||
|
scripts:
|
||||||
|
# kyoo_back still requires public schema
|
||||||
|
# https://github.com/zoriya/Kyoo/issues/536
|
||||||
|
kyoo_back.sql: |
|
||||||
|
CREATE DATABASE {{ .Values.global.postgres.kyoo_back.database }} WITH OWNER {{ .Values.global.postgres.infra.user }};
|
||||||
|
\connect {{ .Values.global.postgres.kyoo_back.database }};
|
||||||
|
CREATE SCHEMA IF NOT EXISTS data AUTHORIZATION {{ .Values.global.postgres.infra.user }};
|
||||||
|
kyoo_transcoder.sql: |
|
||||||
|
CREATE DATABASE {{ .Values.global.postgres.kyoo_transcoder.database }} WITH OWNER {{ .Values.global.postgres.infra.user }};
|
||||||
|
\connect {{ .Values.global.postgres.kyoo_transcoder.database }};
|
||||||
|
REVOKE ALL ON SCHEMA public FROM PUBLIC;
|
||||||
|
CREATE SCHEMA IF NOT EXISTS data AUTHORIZATION {{ .Values.global.postgres.infra.user }};
|
||||||
|
user.sql: |
|
||||||
|
ALTER ROLE {{ .Values.global.postgres.infra.user }} IN DATABASE {{ .Values.global.postgres.kyoo_back.database }} SET search_path TO "$user", public;
|
||||||
|
ALTER ROLE {{ .Values.global.postgres.infra.user }} IN DATABASE {{ .Values.global.postgres.kyoo_transcoder.database }} SET search_path TO "$user", data;
|
||||||
persistence:
|
persistence:
|
||||||
size: 3Gi
|
size: 3Gi
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user