Merge pull request 'Refactored pgadmin k3s template' (#23) from dev into main

Reviewed-on: #23

kubernetes-templates/pgadmin.yml

@@ -1,95 +1,46 @@
+---
 apiVersion: v1
 kind: Namespace
 metadata:
   name: pgadmin
 ---
 apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pgadmin-data-pvc
+  namespace: pgadmin
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: nfs-storage
+  resources:
+    requests:
+      storage: 5Gi
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: pgadmin-auth
+  namespace: pgadmin
+type: Opaque
+data:
+  pgadmin-password: QmxhY2tzdGFyMkBob21l
+---
+apiVersion: v1
 kind: ConfigMap
 metadata:
   name: pgadmin-config
   namespace: pgadmin
 data:
-  server.email: "khwezi@mngoma.lab"
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: pgadmin-secret
-  namespace: pgadmin
-type: Opaque
-data:
-  server.password: M3pDQTQz
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: pgadmin-sa
-  namespace: pgadmin
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: pgadmin-role
-  namespace: pgadmin
-rules:
-- apiGroups: [""]
-  resources: ["pods", "services", "persistentvolumeclaims", "configmaps", "secrets"]
-  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: pgadmin-rolebinding
-  namespace: pgadmin
-subjects:
-- kind: ServiceAccount
-  name: pgadmin-sa
-  namespace: pgadmin
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: pgadmin-role
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: pgadmin-pv
-spec:
-  capacity:
-    storage: 2Gi
-  accessModes:
-    - ReadWriteOnce
-  storageClassName: local-pvs
-  local:
-    path: /home/ansible/k3s/makhiwane/pgadmin
-  nodeAffinity:
-    required:
-      nodeSelectorTerms:
-        - matchExpressions:
-            - key: kubernetes.io/hostname
-              operator: In
-              values:
-                - lead
-  persistentVolumeReclaimPolicy: Retain
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: pgadmin-pvc
-  namespace: pgadmin
-spec:
-  accessModes:
-    - ReadWriteOnce
-  storageClassName: local-pvs
-  resources:
-    requests:
-      storage: 2Gi
+  PGADMIN_DEFAULT_EMAIL: "khwezi@litecharms.co.za"
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: pgadmin
   namespace: pgadmin
+  labels:
+    app: pgadmin
 spec:
   replicas: 1
   selector:
@@ -100,60 +51,64 @@ spec:
       labels:
         app: pgadmin
     spec:
-      serviceAccountName: pgadmin-sa
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: node-role.kubernetes.io/control-plane
+                    operator: DoesNotExist
+                  - key: node-role.kubernetes.io/master
+                    operator: DoesNotExist
       securityContext:
         runAsUser: 5050
-        runAsGroup: 5050
         fsGroup: 5050
       containers:
-      - name: pgadmin
-        image: dpage/pgadmin4:latest        
-        ports:
-        - containerPort: 80
-        volumeMounts:
-        - name: pgadmin-data
-          mountPath: /var/lib/pgadmin
-        env:
-        - name: PGADMIN_DEFAULT_EMAIL
-          valueFrom:
-            configMapKeyRef:
-              name: pgadmin-config
-              key: server.email
-        - name: PGADMIN_DEFAULT_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: pgadmin-secret
-              key: server.password
+        - name: pgadmin
+          image: dpage/pgadmin4:latest
+          ports:
+            - containerPort: 80
+              name: http
+          env:
+            - name: PGADMIN_DEFAULT_EMAIL
+              valueFrom:
+                configMapKeyRef:
+                  name: pgadmin-config
+                  key: PGADMIN_DEFAULT_EMAIL
+            - name: PGADMIN_DEFAULT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: pgadmin-auth
+                  key: pgadmin-password
+            - name: PGADMIN_CONFIG_UPGRADE_CHECK_ENABLED
+              value: "False"
+          resources:
+            requests:
+              cpu: "100m"
+              memory: "256Mi"
+            limits:
+              cpu: "500m"
+              memory: "512Mi"
+          volumeMounts:
+            - name: pgadmin-storage
+              mountPath: /var/lib/pgadmin
       volumes:
-      - name: pgadmin-data
-        persistentVolumeClaim:
-          claimName: pgadmin-pvc
+        - name: pgadmin-storage
+          persistentVolumeClaim:
+            claimName: pgadmin-data-pvc
 ---
 apiVersion: v1
 kind: Service
 metadata:
-  name: pgadmin
+  name: pgadmin-service
   namespace: pgadmin
 spec:
-  type: ClusterIP
+  type: NodePort
   selector:
     app: pgadmin
   ports:
-    - port: 80
+    - name: http
+      protocol: TCP
+      port: 80
       targetPort: 80
----
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: pgadmin-ingress
-  namespace: pgadmin
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`pgadmin.apps.mngoma.lab`)
-      kind: Rule
-      services:
-        - name: pgadmin
-          port: 80
-  tls: {}
+      nodePort: 32080