---
apiVersion: codemowers.cloud/v1beta1
kind: OIDCClient
metadata:
  name: harbor
  namespace: harbor-operator
spec:
  displayName: Harbor
  uri: https://harbor.k-space.ee
  redirectUris:
    - https://harbor.k-space.ee/c/oidc/callback
  allowedGroups:
    - k-space:floor
  grantTypes:
    - authorization_code
    - refresh_token
  responseTypes:
    - code
  availableScopes:
    - openid
    - profile
  pkce: false
---
apiVersion: codemowers.cloud/v1beta1
kind: SecretClaim
metadata:
  name: dragonfly-auth
spec:
  size: 32
  mapping:
    - key: REDIS_PASSWORD
      value: "%(plaintext)s"
    - key: REDIS_URI
      value: "redis://:%(plaintext)s@dragonfly"
---
apiVersion: dragonflydb.io/v1alpha1
kind: Dragonfly
metadata:
  name: dragonfly
spec:
  authentication:
    passwordFromSecret:
      key: REDIS_PASSWORD
      name: dragonfly-auth
  replicas: 1
  resources:
    limits:
      memory: 5Gi
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: postgres
spec:
  revisionHistoryLimit: 0
  serviceName: postgres
  selector:
    matchLabels:
      app: postgres
  replicas: 1
  template:
    metadata:
      labels:
        app: postgres
      annotations:
        prometheus.io/port: '9187'
        prometheus.io/scrape: 'true'
    spec:
      containers:
      - name: postgres
        image: mirror.gcr.io/library/postgres:15
        imagePullPolicy: Always
        env:
        - name: POSTGRES_APPUSER
          value: "kspace_harbor"
        - name: POSTGRES_APP_DB
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: POSTGRES_PASSWORD
          valueFrom:
            secretKeyRef:
              name: postgres-password
              key: POSTGRES_PASSWORD
        - name: POSTGRES_APPUSER_PASSWORD
          valueFrom:
            secretKeyRef:
              name: postgres-appuser-password
              key: password # required by harbor
        - name: EXPORTER_PASSWORD
          valueFrom:
            secretKeyRef:
              name: postgres-expoter-password
              key: EXPORTER_PASSWORD
        volumeMounts:
        - name: postgres-data
          mountPath: /var/lib/postgresql
        - name: postgres-init
          mountPath: /docker-entrypoint-initdb.d
      volumes:
        - name: postgres-init
          configMap:
            name: postgres-init-config
  volumeClaimTemplates:
  - metadata:
      name: postgres-data
    spec:
      storageClassName: ceph-rbd
      accessModes:
        - ReadWriteOnce
      resources:
        requests:
          storage: 2Gi
---
apiVersion: codemowers.cloud/v1beta1
kind: SecretClaim
metadata:
  name: postgres-password
spec:
  size: 32
  mapping:
    - key: POSTGRES_PASSWORD
      value: "%(plaintext)s"
---
apiVersion: codemowers.cloud/v1beta1
kind: SecretClaim
metadata:
  name: postgres-appuser-password
spec:
  size: 32
  mapping:
    - key: password
      value: "%(plaintext)s"
---
apiVersion: codemowers.cloud/v1beta1
kind: SecretClaim
metadata:
  name: postgres-expoter-password
spec:
  size: 32
  mapping:   
    - key: EXPORTER_PASSWORD
      value: "%(plaintext)s"
---
apiVersion: v1
kind: Service
metadata:
  name: postgres
spec:
  ports:
    - protocol: TCP
      port: 5432
  selector:
    app: postgres
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: postgres-init-config
data:
  initdb.sh: |
    #!/usr/bin/env bash
    set -e

    psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
      CREATE USER exporter WITH PASSWORD '$EXPORTER_PASSWORD';
      GRANT pg_read_all_stats TO exporter;
      GRANT SELECT ON pg_catalog.pg_replication_slots TO exporter;
      GRANT CONNECT ON DATABASE postgres TO exporter;

      CREATE DATABASE "$POSTGRES_APP_DB";
      CREATE USER "$POSTGRES_APPUSER" WITH PASSWORD '$POSTGRES_APPUSER_PASSWORD';
      GRANT ALL PRIVILEGES ON database "$POSTGRES_APP_DB" TO "$POSTGRES_APPUSER";
    EOSQL