Erich Blume
272ddb213b
## Summary - Add TeslaMate k8s deployment with Tailscale ingress at tesla.tail8d86e.ts.net - Add teslamate user to CloudNativePG blumeops-pg cluster - Add TeslaMate PostgreSQL datasource to Grafana - Import 18 TeslaMate Grafana dashboards for charging, drives, efficiency, etc. - Add teslamate database to borgmatic backup configuration ## Deployment and Testing - [ ] Create 1Password items: "TeslaMate DB Password" and "TeslaMate Encryption Key" - [ ] Apply database user secret: `op inject -i argocd/manifests/databases/secret-teslamate.yaml.tpl | kubectl apply -f -` - [ ] Sync blumeops-pg: `argocd app sync blumeops-pg` - [ ] Create teslamate database - [ ] Apply teslamate secrets (encryption key, db connection) - [ ] Apply Grafana datasource secret: `op inject -i argocd/manifests/grafana-config/secret-teslamate-datasource.yaml.tpl | kubectl apply -f -` - [ ] Sync apps and teslamate: `argocd app sync apps teslamate grafana grafana-config` - [ ] Complete Tesla API OAuth flow at https://tesla.tail8d86e.ts.net - [ ] Verify data collection starts - [ ] Verify Grafana dashboards show data 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.tail8d86e.ts.net/eblume/blumeops/pulls/47
78 lines
2 KiB
YAML
78 lines
2 KiB
YAML
# PostgreSQL Cluster for blumeops services
|
|
# Managed by CloudNativePG operator
|
|
apiVersion: postgresql.cnpg.io/v1
|
|
kind: Cluster
|
|
metadata:
|
|
name: blumeops-pg
|
|
namespace: databases
|
|
spec:
|
|
instances: 1
|
|
imageName: ghcr.io/cloudnative-pg/postgresql:18
|
|
|
|
storage:
|
|
size: 10Gi
|
|
storageClass: standard
|
|
|
|
# Bootstrap creates initial database and owner
|
|
bootstrap:
|
|
initdb:
|
|
database: miniflux
|
|
owner: miniflux
|
|
|
|
# Managed roles - additional users beyond the bootstrap owner
|
|
# Note: connectionLimit, ensure, inherit are CNPG defaults added to prevent ArgoCD drift
|
|
managed:
|
|
roles:
|
|
# eblume superuser for admin access (matches current brew pg setup)
|
|
- name: eblume
|
|
login: true
|
|
superuser: true
|
|
createdb: true
|
|
createrole: true
|
|
connectionLimit: -1
|
|
ensure: present
|
|
inherit: true
|
|
passwordSecret:
|
|
name: blumeops-pg-eblume
|
|
# borgmatic read-only user for backups
|
|
- name: borgmatic
|
|
login: true
|
|
connectionLimit: -1
|
|
ensure: present
|
|
inherit: true
|
|
inRoles:
|
|
- pg_read_all_data
|
|
passwordSecret:
|
|
name: blumeops-pg-borgmatic
|
|
# teslamate user for TeslaMate Tesla data logger
|
|
# Note: superuser required for extension management during migrations
|
|
- name: teslamate
|
|
login: true
|
|
superuser: true
|
|
connectionLimit: -1
|
|
ensure: present
|
|
inherit: true
|
|
createdb: true
|
|
passwordSecret:
|
|
name: blumeops-pg-teslamate
|
|
|
|
# Resource limits for minikube environment
|
|
resources:
|
|
requests:
|
|
memory: "256Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1Gi"
|
|
cpu: "500m"
|
|
|
|
# PostgreSQL configuration
|
|
postgresql:
|
|
parameters:
|
|
max_connections: "50"
|
|
shared_buffers: "128MB"
|
|
password_encryption: "scram-sha-256"
|
|
pg_hba:
|
|
# Allow all users to connect from any IP with password auth
|
|
# Network security is handled by Tailscale
|
|
- host all all 0.0.0.0/0 scram-sha-256
|
|
- host all all ::/0 scram-sha-256
|