fix pg db

chart/templates/deployment.yaml

@@ -31,69 +31,16 @@ spec:
             {{- toYaml .Values.securityContext | nindent 12 }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
-          env:
-            # PostgreSQL Host
-            - name: POSTGRES_HOST
-              {{- if .Values.config.postgres.host.fromSecret.enabled }}
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Values.config.postgres.host.fromSecret.secretName }}
-                  key: {{ .Values.config.postgres.host.fromSecret.key }}
-              {{- else }}
-              value: {{ .Values.config.postgres.host.value | quote }}
-              {{- end }}
-            # PostgreSQL Port
-            - name: POSTGRES_PORT
-              {{- if .Values.config.postgres.port.fromSecret.enabled }}
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Values.config.postgres.port.fromSecret.secretName }}
-                  key: {{ .Values.config.postgres.port.fromSecret.key }}
-              {{- else }}
-              value: {{ .Values.config.postgres.port.value | quote }}
-              {{- end }}
-            # PostgreSQL User
-            - name: POSTGRES_USER
-              {{- if .Values.config.postgres.user.fromSecret.enabled }}
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Values.config.postgres.user.fromSecret.secretName }}
-                  key: {{ .Values.config.postgres.user.fromSecret.key }}
-              {{- else }}
-              value: {{ .Values.config.postgres.user.value | quote }}
-              {{- end }}
-            # PostgreSQL Password
-            - name: POSTGRES_PASSWORD
-              {{- if .Values.config.postgres.password.fromSecret.enabled }}
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Values.config.postgres.password.fromSecret.secretName }}
-                  key: {{ .Values.config.postgres.password.fromSecret.key }}
-              {{- else }}
-              value: {{ .Values.config.postgres.password.value | quote }}
-              {{- end }}
-            # Certificate Manager
-            - name: CERT_MANAGER
-              {{- if .Values.config.certManager.fromSecret.enabled }}
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Values.config.certManager.fromSecret.secretName }}
-                  key: {{ .Values.config.certManager.fromSecret.key }}
-              {{- else }}
-              value: {{ .Values.config.certManager.value | quote }}
-              {{- end }}
-            # Istio Gateway
-            - name: ISTIO_GATEWAY
-              {{- if .Values.config.istioGateway.fromSecret.enabled }}
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Values.config.istioGateway.fromSecret.secretName }}
-                  key: {{ .Values.config.istioGateway.fromSecret.key }}
-              {{- else }}
-              value: {{ .Values.config.istioGateway.value | quote }}
-              {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - name: data-volumes
+              mountPath: {{ .Values.storage.path }}
+      volumes:
+        - name: data-volumes
+          hostPath:
+            path: {{ .Values.storage.path }}
+            type: DirectoryOrCreate
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

chart/values.yaml

@@ -9,8 +9,11 @@ image:
   tag: main
 
 imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
+nameOverride: ''
+fullnameOverride: ''
+
+storage:
+  path: /data/volumes
 
 serviceAccount:
   # Specifies whether a service account should be created
@@ -19,7 +22,7 @@ serviceAccount:
   annotations: {}
   # The name of the service account to use.
   # If not set and create is true, a name is generated using the fullname template
-  name: ""
+  name: ''
 
 podAnnotations: {}
 
@@ -51,53 +54,3 @@ nodeSelector: {}
 tolerations: []
 
 affinity: {}
-
-# Configuration for the homelab operator
-config:
-  # PostgreSQL database configuration
-  postgres:
-    host:
-      # Direct value (used when fromSecret.enabled is false)
-      value: "127.0.0.1"
-      # Secret reference (used when fromSecret.enabled is true)
-      fromSecret:
-        enabled: false
-        secretName: ""
-        key: "POSTGRES_HOST"
-    
-    port:
-      value: "5432"
-      fromSecret:
-        enabled: false
-        secretName: ""
-        key: "POSTGRES_PORT"
-    
-    user:
-      value: "postgres"
-      fromSecret:
-        enabled: false
-        secretName: ""
-        key: "POSTGRES_USER"
-    
-    password:
-      value: ""
-      fromSecret:
-        enabled: true  # Default to secret for sensitive data
-        secretName: "postgres-secret"
-        key: "POSTGRES_PASSWORD"
-  
-  # Certificate manager configuration
-  certManager:
-    value: "letsencrypt-prod"
-    fromSecret:
-      enabled: false
-      secretName: ""
-      key: "CERT_MANAGER"
-  
-  # Istio gateway configuration
-  istioGateway:
-    value: "istio-ingress"
-    fromSecret:
-      enabled: false
-      secretName: ""
-      key: "ISTIO_GATEWAY"

scripts/list-manifests.ts

@@ -0,0 +1,15 @@
+#!/usr/bin/env node
+
+import { K8sService } from '../src/services/k8s/k8s.ts';
+import { Services } from '../src/utils/service.ts';
+
+const services = new Services();
+const k8s = services.get(K8sService);
+
+const manifests = await k8s.extensionsApi.listCustomResourceDefinition();
+
+for (const manifest of manifests.items) {
+  for (const version of manifest.spec.versions) {
+    console.log(`group: ${manifest.spec.group}, plural: ${manifest.spec.names.plural}, version: ${version.name}`);
+  }
+}

src/custom-resouces/generate-secret/generate-secret.resource.ts

@@ -37,8 +37,8 @@ class GenerateSecretResource extends CustomResource<typeof generateSecretSpecSch
     const current = decodeSecret(this.#secretResource.data) || {};
 
     const expected = {
-      ...current,
       ...secrets,
+      ...current,
     };
 
     if (!isDeepSubset(current, expected)) {

src/custom-resouces/postgres-database/postgres-database.resource.ts

@@ -95,6 +95,7 @@ class PostgresDatabaseResource extends CustomResource<typeof postgresDatabaseSpe
       port: serverSecretData.data.port,
       user: this.#userName,
       database: this.#dbName,
+      ...databaseSecretData.data,
     };
 
     if (!isDeepSubset(databaseSecretData.data, expectedSecret)) {
@@ -132,7 +133,7 @@ class PostgresDatabaseResource extends CustomResource<typeof postgresDatabaseSpe
       };
     }
 
-    const secretData = postgresDatabaseConnectionSecretSchema.safeParse(decodeSecret(this.#serverSecret.current?.data));
+    const secretData = postgresDatabaseConnectionSecretSchema.safeParse(decodeSecret(this.#databaseSecret.data));
     if (!secretData.success || !secretData.data) {
       return {
         ready: false,

src/index.ts

@@ -5,6 +5,7 @@ import { Services } from './utils/service.ts';
 import { CustomResourceService } from './services/custom-resources/custom-resources.ts';
 import { WatcherService } from './services/watchers/watchers.ts';
 import { customResources } from './custom-resouces/custom-resources.ts';
+import { StorageProvider } from './storage-provider/storage-provider.ts';
 
 process.on('uncaughtException', (error) => {
   console.log('UNCAUGHT EXCEPTION');
@@ -29,6 +30,8 @@ process.on('unhandledRejection', (error) => {
 
 const services = new Services();
 const watcherService = services.get(WatcherService);
+const storageProvider = services.get(StorageProvider);
+await storageProvider.start();
 await watcherService
   .create({
     path: '/apis/apiextensions.k8s.io/v1/customresourcedefinitions',

src/storage-provider/storage-provider.ts

@@ -0,0 +1,82 @@
+import { mkdir } from 'fs/promises';
+
+import { V1PersistentVolume, type V1PersistentVolumeClaim } from '@kubernetes/client-node';
+
+import { Watcher, WatcherService } from '../services/watchers/watchers.ts';
+import type { Services } from '../utils/service.ts';
+import { ResourceService, type Resource } from '../services/resources/resources.ts';
+
+const PROVISIONER = 'reuse-local-path-provisioner';
+
+class StorageProvider {
+  #watcher: Watcher<V1PersistentVolumeClaim>;
+  #services: Services;
+
+  constructor(services: Services) {
+    this.#services = services;
+    const watchService = this.#services.get(WatcherService);
+    this.#watcher = watchService.create({
+      path: '/api/v1/persistentvolumeclaims',
+      transform: (manifest) => ({
+        apiVersion: 'v1',
+        kind: 'PersistentVolumeClaim',
+        ...manifest,
+      }),
+      list: async (k8s) => {
+        const current = await k8s.api.listPersistentVolumeClaimForAllNamespaces();
+        return current;
+      },
+      verbs: ['add', 'update', 'delete'],
+    });
+    this.#watcher.on('changed', this.#handleChange);
+  }
+
+  #handleChange = async (pvc: Resource<V1PersistentVolumeClaim>) => {
+    if (pvc.metadata?.annotations?.['volume.kubernetes.io/storage-provisioner'] !== PROVISIONER) {
+      return;
+    }
+    const target = `/data/volumes/${pvc.namespace}/${pvc.name}`;
+    try {
+      await mkdir(target, { recursive: true });
+    } catch (err) {
+      console.error(err);
+    }
+    const resourceService = this.#services.get(ResourceService);
+    const pv = resourceService.get<V1PersistentVolume>({
+      apiVersion: 'v1',
+      kind: 'PersistentVolume',
+      name: `${pvc.namespace}-${pvc.name}`,
+    });
+    await pv.load();
+    await pv.patch({
+      metadata: {
+        labels: {
+          provisioner: PROVISIONER,
+        },
+      },
+      spec: {
+        hostPath: {
+          path: target,
+        },
+        capacity: {
+          storage: pvc.spec?.resources?.requests?.storage ?? '1Gi',
+        },
+        persistentVolumeReclaimPolicy: 'Retain',
+        accessModes: pvc.spec?.accessModes,
+        claimRef: {
+          uid: pvc.metadata?.uid,
+          resourceVersion: pvc.metadata?.resourceVersion,
+          apiVersion: pvc.apiVersion,
+          name: pvc.name,
+          namespace: pvc.namespace,
+        },
+      },
+    });
+  };
+
+  public start = async () => {
+    await this.#watcher.start();
+  };
+}
+
+export { StorageProvider };