tactile/python-oauth2-proxy-k8s
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
python-oauth2-proxy-k8s/k8s/postgres.yaml
tactile b526a80e1f init
2025-10-01 15:04:07 +05:00

200 lines
6.5 KiB
YAML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

apiVersion: v1
kind: Secret
metadata:
name: postgres-secret
namespace: python-navigator-demo
type: Opaque
stringData:
POSTGRES_DB: python-navigator-demo
POSTGRES_USER: python-navigator-demo
POSTGRES_PASSWORD: python-navigator-demo
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgres-pvc
namespace: python-navigator-demo
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: ConfigMap
metadata:
name: postgres-init
namespace: python-navigator-demo
data:
init.sql: |
-- Создание таблиц для демо-приложения
-- Организации
CREATE TABLE IF NOT EXISTS organizations (
id SERIAL PRIMARY KEY,
name VARCHAR(255) NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
-- Пользователи
CREATE TABLE IF NOT EXISTS users (
id SERIAL PRIMARY KEY,
email VARCHAR(255) UNIQUE NOT NULL,
full_name VARCHAR(255) NOT NULL,
organization_id INTEGER REFERENCES organizations(id),
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
-- Роли
CREATE TABLE IF NOT EXISTS roles (
id SERIAL PRIMARY KEY,
name VARCHAR(100) UNIQUE NOT NULL,
description TEXT,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
-- Связь пользователей и ролей
CREATE TABLE IF NOT EXISTS user_roles (
user_id INTEGER REFERENCES users(id) ON DELETE CASCADE,
role_id INTEGER REFERENCES roles(id) ON DELETE CASCADE,
assigned_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (user_id, role_id)
);
-- Доступные ссылки
CREATE TABLE IF NOT EXISTS links (
id SERIAL PRIMARY KEY,
title VARCHAR(255) NOT NULL,
url VARCHAR(512) NOT NULL,
description TEXT,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
-- Связь ролей и доступных ссылок
CREATE TABLE IF NOT EXISTS role_links (
role_id INTEGER REFERENCES roles(id) ON DELETE CASCADE,
link_id INTEGER REFERENCES links(id) ON DELETE CASCADE,
PRIMARY KEY (role_id, link_id)
);
-- Заполнение тестовыми данными
-- Организации
INSERT INTO organizations (name) VALUES
('Acme Corporation'),
('Tech Innovators Inc'),
('Global Solutions Ltd');
-- Роли
INSERT INTO roles (name, description) VALUES
('admin', 'Администратор с полным доступом'),
('developer', 'Разработчик с доступом к техническим ресурсам'),
('user', 'Обычный пользователь с базовым доступом'),
('manager', 'Менеджер с доступом к управленческим ресурсам');
-- Пользователи (используйте реальные email из Dex)
INSERT INTO users (email, full_name, organization_id) VALUES
('egor.muratov@gmail.com', 'Иван Администраторов', 1),
('developer@example.com', 'Мария Разработчикова', 2),
('user@example.com', 'Петр Пользователев', 3),
('manager@example.com', 'Анна Менеджерова', 1);
-- Назначение ролей пользователям
-- admin@example.com - admin + developer
INSERT INTO user_roles (user_id, role_id) VALUES
(1, 1), -- admin role
(1, 2); -- developer role
-- developer@example.com - developer + user
INSERT INTO user_roles (user_id, role_id) VALUES
(2, 2), -- developer role
(2, 3); -- user role
-- user@example.com - user
INSERT INTO user_roles (user_id, role_id) VALUES
(3, 3); -- user role
-- manager@example.com - manager + user
INSERT INTO user_roles (user_id, role_id) VALUES
(4, 4), -- manager role
(4, 3); -- user role
-- Ссылки
INSERT INTO links (title, url, description) VALUES
('Панель администрирования', 'https://admin.example.com', 'Управление системой'),
('Мониторинг', 'https://monitoring.example.com', 'Grafana и Prometheus'),
('CI/CD', 'https://ci.example.com', 'Jenkins/GitLab CI'),
('Документация API', 'https://docs.example.com', 'Swagger документация'),
('Git Repository', 'https://git.example.com', 'Репозиторий проекта'),
('Дашборд проектов', 'https://projects.example.com', 'Управление проектами'),
('Отчеты', 'https://reports.example.com', 'Аналитика и отчеты'),
('База знаний', 'https://wiki.example.com', 'Корпоративная wiki');
-- Связь ролей и ссылок
-- admin - доступ ко всему
INSERT INTO role_links (role_id, link_id) VALUES
(1, 1), (1, 2), (1, 3), (1, 4), (1, 5), (1, 6), (1, 7), (1, 8);
-- developer - технические ресурсы
INSERT INTO role_links (role_id, link_id) VALUES
(2, 2), (2, 3), (2, 4), (2, 5), (2, 8);
-- user - базовые ресурсы
INSERT INTO role_links (role_id, link_id) VALUES
(3, 8);
-- manager - управленческие ресурсы
INSERT INTO role_links (role_id, link_id) VALUES
(4, 6), (4, 7), (4, 8);
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres
namespace: python-navigator-demo
spec:
replicas: 1
selector:
matchLabels:
app: postgres
template:
metadata:
labels:
app: postgres
spec:
containers:
- name: postgres
image: postgres:15-alpine
ports:
- containerPort: 5432
envFrom:
- secretRef:
name: postgres-secret
volumeMounts:
- name: postgres-storage
mountPath: /var/lib/postgresql/data
- name: init-script
mountPath: /docker-entrypoint-initdb.d
volumes:
- name: postgres-storage
persistentVolumeClaim:
claimName: postgres-pvc
- name: init-script
configMap:
name: postgres-init
---
apiVersion: v1
kind: Service
metadata:
name: postgres
namespace: python-navigator-demo
spec:
selector:
app: postgres
ports:
- port: 5432
targetPort: 5432
type: ClusterIP
Reference in New Issue View Git Blame Copy Permalink