---
apiVersion: codemowers.cloud/v1beta1
kind: OIDCClient
metadata:
  name: harbor
  namespace: harbor-operator
spec:
  displayName: Harbor
  uri: https://harbor.k-space.ee
  redirectUris:
    - https://harbor.k-space.ee/c/oidc/callback
  allowedGroups:
    - k-space:floor
  grantTypes:
    - authorization_code
    - refresh_token
  responseTypes:
    - code
  availableScopes:
    - openid
    - profile
  pkce: false
---
apiVersion: codemowers.cloud/v1beta1
kind: MinioBucketClaim
metadata:
  name: harbor
  namespace: harbor-operator
spec:
  capacity: 1Ti
  class: external
---
apiVersion: codemowers.cloud/v1beta1
kind: SecretClaim
metadata:
  name: dragonfly-auth
spec:
  size: 32
  mapping:
    - key: REDIS_PASSWORD
      value: "%(plaintext)s"
    - key: REDIS_URI
      value: "redis://:%(plaintext)s@dragonfly"
---
apiVersion: dragonflydb.io/v1alpha1
kind: Dragonfly
metadata:
  name: dragonfly
spec:
  authentication:
    passwordFromSecret:
      key: REDIS_PASSWORD
      name: dragonfly-auth
  replicas: 1
  resources:
    limits:
      memory: 5Gi
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: postgres
spec:
  revisionHistoryLimit: 0
  serviceName: postgres
  selector:
    matchLabels:
      app: postgres
  replicas: 1
  template:
    metadata:
      labels:
        app: postgres
      annotations:
        prometheus.io/port: '9187'
        prometheus.io/scrape: 'true'
    spec:
      containers:
      - name: postgres
        image: mirror.gcr.io/library/postgres:15
        imagePullPolicy: Always
        env:
        - name: POSTGRES_PASSWORD
          valueFrom:
            secretKeyRef:
              name: postgres-secrets
              key: POSTGRES_PASSWORD
        - name: POSTGRES_USER
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: POSTGRES_DB
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        volumeMounts:
        - name: postgres-data
          mountPath: /var/lib/postgresql/data
  volumeClaimTemplates:
  - metadata:
      name: postgres-data
    spec:
      storageClassName: ceph-rbd
      accessModes:
        - ReadWriteOnce
      resources:
        requests:
          storage: 2Gi
---
apiVersion: codemowers.cloud/v1beta1
kind: SecretClaim
metadata:
  name: postgres-secrets
spec:
  size: 32
  mapping:
    - key: POSTGRES_PASSWORD
      value: "%(plaintext)s"
    - key: EXPORTER_PASSWORD
      value: "%(plaintext)s"
---
apiVersion: v1
kind: Service
metadata:
  name: postgres
spec:
  ports:
    - protocol: TCP
      port: 5432
  selector:
    app: postgres
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: postgres-init-config
data:
  initdb.sql: |
    -- create a read-only monitoring user for exporters
    CREATE USER exporter WITH PASSWORD 'exporter';
    -- grant metrics/monitoring related permissions
    GRANT pg_read_all_stats TO exporter;
    GRANT SELECT ON pg_catalog.pg_replication_slots TO exporter;
    GRANT CONNECT ON DATABASE "${POSTGRES_DB:-postgres}" TO exporter;