open-cluster-management.io/governance-policy-propagator@v0.13.0/build/kind/postgres.yaml (about) 1 apiVersion: cert-manager.io/v1 2 kind: Issuer 3 metadata: 4 name: postgres-selfsigned-issuer 5 namespace: open-cluster-management 6 spec: 7 selfSigned: {} 8 --- 9 apiVersion: v1 10 kind: Service 11 metadata: 12 name: postgres-external 13 namespace: open-cluster-management 14 labels: 15 app: postgres 16 spec: 17 selector: 18 app: postgres 19 ports: 20 - name: postgres-external 21 port: 5432 22 targetPort: 5432 23 nodePort: 30543 24 type: NodePort 25 --- 26 apiVersion: v1 27 kind: Service 28 metadata: 29 name: postgres 30 namespace: open-cluster-management 31 labels: 32 app: postgres 33 spec: 34 selector: 35 app: postgres 36 ports: 37 - name: postgres 38 port: 5432 39 targetPort: 5432 40 --- 41 apiVersion: cert-manager.io/v1 42 kind: Certificate 43 metadata: 44 name: postgres-cert 45 namespace: open-cluster-management 46 spec: 47 dnsNames: 48 - postgres-external.open-cluster-management.svc 49 - postgres-external.open-cluster-management.svc.cluster.local 50 - postgres 51 - localhost 52 issuerRef: 53 kind: Issuer 54 name: postgres-selfsigned-issuer 55 secretName: postgres-cert 56 --- 57 apiVersion: apps/v1 58 kind: Deployment 59 metadata: 60 name: postgres 61 namespace: open-cluster-management 62 spec: 63 replicas: 1 64 selector: 65 matchLabels: 66 app: postgres 67 template: 68 metadata: 69 labels: 70 app: postgres 71 spec: 72 securityContext: 73 # This is the postgres group. 74 fsGroup: 999 75 containers: 76 - name: postgres 77 command: 78 - docker-entrypoint.sh 79 - -c 80 - ssl=on 81 - -c 82 - ssl_cert_file=/var/lib/postgresql/tls/tls.crt 83 - -c 84 - ssl_key_file=/var/lib/postgresql/tls/tls.key 85 - -c 86 - ssl_ca_file=/var/lib/postgresql/tls/ca.crt 87 - -c 88 - log_statement=all 89 - -c 90 - log_destination=stderr 91 # This is a mirror of postgres:13 on Docker Hub to avoid rate limits. 92 image: quay.io/stolostron/grc-ci-postgres:13 93 imagePullPolicy: "IfNotPresent" 94 ports: 95 - containerPort: 5432 96 env: 97 - name: POSTGRES_PASSWORD 98 value: grc 99 - name: POSTGRES_USER 100 value: grc 101 - name: POSTGRES_DB 102 value: ocm-compliance-history 103 volumeMounts: 104 - mountPath: /var/lib/postgresql/data 105 name: postgres-db 106 subPath: data 107 - mountPath: /var/lib/postgresql/tls 108 name: postgres-cert 109 readOnly: true 110 volumes: 111 - name: postgres-cert 112 secret: 113 secretName: postgres-cert 114 # Postgres requires limited permissions on the private key. 115 defaultMode: 0o440 116 - name: postgres-db 117 emptyDir: 118 sizeLimit: 250Mi 119 --- 120 apiVersion: v1 121 kind: Service 122 metadata: 123 name: compliance-api-external 124 namespace: open-cluster-management 125 labels: 126 app: compliance-api 127 spec: 128 selector: 129 name: governance-policy-propagator 130 ports: 131 - name: compliance-api-external 132 port: 8384 133 targetPort: 8384 134 nodePort: 30838 135 type: NodePort 136 --- 137 apiVersion: cert-manager.io/v1 138 kind: Issuer 139 metadata: 140 name: compliance-api-selfsigned-issuer 141 namespace: open-cluster-management 142 spec: 143 selfSigned: {} 144 --- 145 apiVersion: cert-manager.io/v1 146 kind: Certificate 147 metadata: 148 name: compliance-api-cert 149 namespace: open-cluster-management 150 spec: 151 dnsNames: 152 - compliance-api-external.open-cluster-management.svc 153 - compliance-api-external.open-cluster-management.svc.cluster.local 154 - localhost 155 issuerRef: 156 kind: Issuer 157 name: compliance-api-selfsigned-issuer 158 secretName: compliance-api-cert