- Added PgAdmin4 tool to the cluster setup.

scaleway/manifests/base/infrastructure/00-namespaces.yaml

@@ -13,4 +13,13 @@ metadata:
   name: monitoring
   labels:
     environment: staging
-    app: monitoring
+    app: monitoring
+
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: tools
+  labels:
+    environment: staging
+    app: tools

scaleway/manifests/base/secrets/clustersecretstore-scaleway.yaml

@@ -0,0 +1,19 @@
+apiVersion: external-secrets.io/v1
+kind: ClusterSecretStore
+metadata:
+  name: scaleway-cluster-secret-store
+spec:
+  provider:
+    scaleway:
+      region: "fr-par"
+      projectId: "ad7d2ed9-252b-4b2a-9f4c-daca3edc4c4b"
+      accessKey:
+        secretRef:
+          name: scaleway-credentials
+          namespace: eveai-staging
+          key: access-key
+      secretKey:
+        secretRef:
+          name: scaleway-credentials
+          namespace: eveai-staging
+          key: secret-key

scaleway/manifests/base/secrets/eveai-external-secrets.yaml

@@ -7,8 +7,8 @@ metadata:
 spec:
   refreshInterval: 300s
   secretStoreRef:
-    name: scaleway-secret-store
-    kind: SecretStore
+    name: scaleway-cluster-secret-store
+    kind: ClusterSecretStore
   target:
     name: eveai-secrets
     creationPolicy: Owner

scaleway/manifests/base/tools/pgadmin/externalsecrets.yaml

@@ -0,0 +1,57 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: pgadmin-admin
+  namespace: tools
+spec:
+  refreshInterval: 300s
+  secretStoreRef:
+    name: scaleway-cluster-secret-store
+    kind: ClusterSecretStore
+  target:
+    name: pgadmin-admin
+    creationPolicy: Owner
+  data:
+    - secretKey: PGADMIN_DEFAULT_EMAIL
+      remoteRef:
+        key: name:eveai-pgadmin-admin
+        property: PGADMIN_DEFAULT_EMAIL
+    - secretKey: PGADMIN_DEFAULT_PASSWORD
+      remoteRef:
+        key: name:eveai-pgadmin-admin
+        property: PGADMIN_DEFAULT_PASSWORD
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: pgadmin-db
+  namespace: tools
+spec:
+  refreshInterval: 300s
+  secretStoreRef:
+    name: scaleway-cluster-secret-store
+    kind: ClusterSecretStore
+  target:
+    name: pgadmin-db
+    creationPolicy: Owner
+  data:
+    - secretKey: DB_HOST
+      remoteRef:
+        key: name:eveai-postgresql
+        property: DB_HOST
+    - secretKey: DB_PORT
+      remoteRef:
+        key: name:eveai-postgresql
+        property: DB_PORT
+    - secretKey: DB_USER
+      remoteRef:
+        key: name:eveai-postgresql
+        property: DB_USER
+    - secretKey: DB_PASS
+      remoteRef:
+        key: name:eveai-postgresql
+        property: DB_PASS
+    - secretKey: DB_NAME
+      remoteRef:
+        key: name:eveai-postgresql
+        property: DB_NAME

scaleway/manifests/base/tools/pgadmin/values.yaml

@@ -0,0 +1,45 @@
+# values.yaml for runix/pgadmin4
+image:
+  repository: dpage/pgadmin4
+  pullPolicy: IfNotPresent
+
+replicaCount: 1
+
+resources:
+  requests:
+    cpu: 100m
+    memory: 128Mi
+  limits:
+    cpu: 500m
+    memory: 512Mi
+
+persistence:
+  enabled: true
+  accessModes:
+    - ReadWriteOnce
+  size: 2Gi
+  # Set your storageClass if needed (Scaleway CSI), leave null to use default
+  storageClass: null
+
+service:
+  type: ClusterIP
+  port: 80
+
+# Use existing secret for admin password; admin email configured via env.email
+existingSecret: pgadmin-admin
+secretKeys:
+  pgadminPasswordKey: PGADMIN_DEFAULT_PASSWORD
+
+# Set admin email used by pgAdmin (not read from secret by this chart)
+env:
+  email: pieter@askeveai.com
+
+# No ingress: we access via kubectl port-forward
+ingress:
+  enabled: false
+
+# SecurityContext defaults are fine; can be tuned later
+securityContext:
+  runAsUser: 5050
+  fsGroup: 5050
+  runAsNonRoot: true