diff --git a/apps/children/postgresql.yaml b/apps/children/postgresql.yaml index fcba772..795a56d 100644 --- a/apps/children/postgresql.yaml +++ b/apps/children/postgresql.yaml @@ -3,7 +3,9 @@ kind: Application metadata: { name: postgresql, namespace: ai } spec: project: ai-stack - destination: { server: https://kubernetes.default.svc, namespace: ai } + destination: + server: https://kubernetes.default.svc + namespace: ai source: repoURL: https://charts.bitnami.com/bitnami chart: postgresql @@ -12,4 +14,7 @@ spec: valueFiles: - apps/values/postgresql.yaml - syncPolicy: { automated: { prune: true, selfHeal: true } } + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/apps/values/airflow.yaml b/apps/values/airflow.yaml index aa60d4c..c5d2582 100644 --- a/apps/values/airflow.yaml +++ b/apps/values/airflow.yaml @@ -2,16 +2,44 @@ useStandardNaming: true executor: KubernetesExecutor airflow: - extraPipPackages: - - "apache-airflow-providers-cncf-kubernetes>=7.4.0" + extraPipPackages: [] # metastore (postgres) env: - name: AIRFLOW__DATABASE__SQL_ALCHEMY_CONN value: "postgresql+psycopg2://postgres:mypassword@postgresql-primary.ai.svc.cluster.local:5432/openwebui" +# using external postgres and not the subchart +postgresql: + enabled: false; + +data: + metadataConnection: + user: postgres; + pass: mypassword; + protocol: postgresql; + host: postgresql-primary.ai.svc.cluster.local; + port: 5432; + db: airflow; # better to keep airflow separate from other apps + sslmode: disable; + +# enable pgbouncer and sync with extraIni pgbouncer: - enabled: true + enabled: true; + # official default is scram-sha-256, but bitnami uses md5 so... + auth_type: md5; + maxClientConn: 200; + metadataPoolSize: 20; # server connections to metadata db + resultBackendPoolSize: 5; + # general pgbouncer section stuffs + extraIni: | + pool_mode = transaction + listen_port = 6543 + listen_addr = * + ignore_startup_parameters = extra_float_digits + server_tls_sslmode = prefer + metricsExporterSidecar: + enabled: true; logs: persistence: @@ -26,7 +54,7 @@ scheduler: limits: { cpu: "1", memory: "1Gi" } webserver: - secretKeySecretName: airflow-webserver-secret + webserverSecretKeySecretName: airflow-webserver-secret service: type: NodePort nodePort: 30082 # 30000–32767 diff --git a/scripts/setup.sh b/scripts/setup.sh index 707aaa2..423ef18 100644 --- a/scripts/setup.sh +++ b/scripts/setup.sh @@ -29,7 +29,19 @@ kubectl apply -n argocd -f apps/0-project-and-root.yaml; # service! # SEE???? I CAN USE DASHES AND NOT JUST CAMELCASE!!! kubectl -n ai create secret generic airflow-fernet-key-secret --from-literal=fernet-key=$(python3 -c 'import secrets;print(secrets.token_urlsafe(32))') -kubectl -n ai create secret generic airflow-webserver-secret --from-literal=webserver-secret-key=$(python3 -c 'import secrets;print(secrets.token_hex(16))') +kubectl -n ai create secret generic airflow-webserver-secret --from-literal="webserver-secret-key=$(python3 -c 'import secrets;print(secrets.token_hex(16))')"; + +# airflow stuffs +kubectl -n ai exec -it svc/postgresql-primary -- bash -lc "psql -U postgres -c 'CREATE DATABASE airflow;'"; +set -l PGBOUNCER_SVC (kubectl -n ai get svc -l tier=airflow,component=pgbouncer -o jsonpath='{.items[0].metadata.name}'); +echo $PGBOUNCER_SVC; + +# stats (used by the metrics sidecar and also points to pgbouncer itself on 127.0.0.1:6543) +kubectl -n ai create secret generic airflow-pgbouncer-stats \ + --from-literal=connection="postgresql://postgres:mypassword@127.0.0.1:6543/pgbouncer?sslmode=disable"; + +kubectl -n ai create secret generic airflow-metadata \ + --from-literal=connection="postgresql+psycopg2://postgres:mypassword@$PGBOUNCER_SVC:6543/airflow"; minikube service -n ai airflow-webserver --url || echo "FAILED TO FIND SERVICE"