K8s/PgVector: Difference between revisions
Jump to navigation
Jump to search
| (7 intermediate revisions by the same user not shown) | |||
| Line 109: | Line 109: | ||
|- | |- | ||
|valign='top' colspan='2'| | |valign='top' colspan='2'| | ||
<syntaxhighlight lang=" | <syntaxhighlight lang="sql"> | ||
cat << | cat <<DCL | kubectl -n pgvector create configmap pgvector --from-file=init.sql=/dev/stdin | ||
CREATE SCHEMA IF NOT EXISTS auth; | CREATE SCHEMA IF NOT EXISTS auth; | ||
GRANT USAGE ON SCHEMA auth TO shahed_pgvector; | GRANT USAGE ON SCHEMA auth TO shahed_pgvector; | ||
GRANT CREATE ON SCHEMA auth TO shahed_pgvector; | GRANT CREATE ON SCHEMA auth TO shahed_pgvector; | ||
CREATE ROLE anon NOLOGIN; | |||
GRANT USAGE ON SCHEMA public TO anon; | |||
GRANT SELECT ON ALL TABLES IN SCHEMA public TO anon; | |||
DCL | |||
</syntaxhighlight> | </syntaxhighlight> | ||
---- | ---- | ||
| Line 169: | Line 173: | ||
acl host-is-pgvector-shahed-biz hdr(host) -i pgvector.shahed.biz | acl host-is-pgvector-shahed-biz hdr(host) -i pgvector.shahed.biz | ||
acl path-is-auth-api path_beg /auth/ | acl path-is-auth-api path_beg /auth/ | ||
acl path-is-rest-api path_beg /rest/ | acl path-is-rest-api path_beg /rest/ | ||
acl path-is-root path -i / | |||
http-request redirect location /auth/v1 if host-is-pgvector-shahed-biz path-is-root | |||
use_backend bck_shahed_biz_postgrest if host-is-pgvector-shahed-biz path-is-rest-api | use_backend bck_shahed_biz_postgrest if host-is-pgvector-shahed-biz path-is-rest-api | ||
use_backend bck_shahed_biz_gotrue if host-is-pgvector-shahed-biz path-is-auth-api | use_backend bck_shahed_biz_gotrue if host-is-pgvector-shahed-biz path-is-auth-api | ||
| Line 177: | Line 183: | ||
backend bck_shahed_biz_postgrest | backend bck_shahed_biz_postgrest | ||
http-request set-path "%[path,regsub(^/rest/,/)]" | |||
server pgvector_postgrest postgrest:3000 | server pgvector_postgrest postgrest:3000 | ||
mode http | mode http | ||
backend bck_shahed_biz_gotrue | backend bck_shahed_biz_gotrue | ||
http-request set-path "%[path,regsub(^/auth/,/)]" | |||
server pgvector_gotrue gotrue:9999 | server pgvector_gotrue gotrue:9999 | ||
mode http | mode http | ||
| Line 507: | Line 515: | ||
image: supabase/gotrue:v2.66.0 | image: supabase/gotrue:v2.66.0 | ||
ports: | ports: | ||
- containerPort: | - containerPort: 9999 | ||
name: gotrue | name: gotrue | ||
protocol: TCP | protocol: TCP | ||
| Line 535: | Line 543: | ||
app.kubernetes.io/name: haproxy | app.kubernetes.io/name: haproxy | ||
app.kubernetes.io/version: 1.0.0 | app.kubernetes.io/version: 1.0.0 | ||
app.kubernetes.io/instance: | app.kubernetes.io/instance: haproxy | ||
app.kubernetes.io/managed-by: kubectl | app.kubernetes.io/managed-by: kubectl | ||
spec: | spec: | ||
replicas: 1 | replicas: 1 | ||
| Line 852: | Line 859: | ||
|valign='top'| | |valign='top'| | ||
* [https://github.com/supabase/supabase/ K8s » Supabase » GitHub] | |||
* [https://supabase.com/docs/guides/self-hosting/docker K8s » Supabase » Docker] | |||
* [https://github.com/supabase/supabase/blob/master/docker/docker-compose.yml K8s » Supabase » Studio] | |||
* [https://github.com/supabase-community/supabase-kubernetes K8s » Supabase » Helm] | |||
* [[K8s/PgBouncer|K8s » PgBouncer]] | * [[K8s/PgBouncer|K8s » PgBouncer]] | ||
* [https://hub.docker.com/u/supabase K8s » Supabase] | * [https://hub.docker.com/u/supabase K8s » Supabase] | ||
| Line 858: | Line 869: | ||
|valign='top'| | |valign='top'| | ||
* [[Security/Password|Security » Password]] | * [[Security/Password|Security » Password]] | ||
* [https://supabase.com/ Supabase] | |||
|- | |- | ||
Latest revision as of 12:42, 25 July 2025
K8s » Config
|
K8s » Config | |
|---|---|
export KUBECONFIG=${HOME}/.kube/aws-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/dev-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/gcp-kubeconfig.yaml
|
export KUBECONFIG=${HOME}/.kube/shahed-aa-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/shahed-ab-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/shahed-ac-kubeconfig.yaml
|
export KUBECONFIG=${HOME}/.kube/shahed-ae-kubeconfig.yaml
kubectl config get-contexts
kubectl config view
| |
K8s » Storage
|
K8s » Storage | |
|---|---|
cat <<'EXE'| sudo bash
mkdir -p /var/minikube/pvc/pgvector/data-pgvector-0/
chown -R 999:999 /var/minikube/pvc/pgvector/
chmod -R 750 /var/minikube/pvc/pgvector/
EXE
| |
cat <<'YML'| kubectl apply -f -
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: pgvector-data-pgvector-0
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: hostpath
hostPath:
path: /var/hostpath_pv/pgvector/data-pgvector-0
type: DirectoryOrCreate
YML
|
|
K8s » Database
|
K8s » Database |
|---|
echo -n 'Password: ';read -s PGPASSWORD; export PGPASSWORD; echo
# Password: sadaqah!
psql -U shahed_pgvector -d pgvector_postgres -p5432 -h 192.168.49.103
psql -U shahed_pgvector -d postgres -p5432 -h 192.168.49.105
psql -U shahed_pgvector -d postgres -p5432 -h localhost
psql -U bouncer -d bouncer -p5432 -h 192.168.49.103
psql -U bouncer -d bouncer -p5432 -h localhost
|
K8s » Deploy
|
K8s » Deploy | |
|---|---|
kubectl config get-contexts
kubectl config view
|
kubectl create ns pgvector
kubectl get ns|grep pgvector
|
cat <<DCL | kubectl -n pgvector create configmap pgvector --from-file=init.sql=/dev/stdin
CREATE SCHEMA IF NOT EXISTS auth;
GRANT USAGE ON SCHEMA auth TO shahed_pgvector;
GRANT CREATE ON SCHEMA auth TO shahed_pgvector;
CREATE ROLE anon NOLOGIN;
GRANT USAGE ON SCHEMA public TO anon;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO anon;
DCL
cat <<ENV | kubectl -n pgvector create secret generic pgvector --from-env-file=/dev/stdin
POSTGRES_USER=shahed_pgvector
POSTGRES_PASSWORD=sadaqah!
POSTGRES_DB=postgres
ENV
cat <<ENV | kubectl -n pgvector create secret generic postgrest --from-env-file=/dev/stdin
PGRST_DB_URI=postgres://shahed_pgvector:sadaqah!@pgvector:5432/postgres
DB_USERNAME=shahed_pgvector
PGRST_DB_ANON_ROLE=anon
PGRST_DB_SCHEMA=public
ENV
cat <<ENV | kubectl -n pgvector create secret generic gotrue --from-env-file=/dev/stdin
GOTRUE_DB_DATABASE_URL=postgres://shahed_pgvector:sadaqah!@pgvector:5432/postgres
GOTRUE_SITE_URL=https://pgvector.shahed.biz/rest/v1/
GOTRUE_JWT_SECRET=super-secret-jwt
GOTRUE_DB_DRIVER=postgres
GOTRUE_API_HOST=0.0.0.0
GOTRUE_API_PORT=9999
ENV
cat <<'CFG'| kubectl -n pgvector create configmap haproxy --from-file=haproxy.cfg=/dev/stdin
global
log stdout format raw local0
maxconn 3000
defaults
log global
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
# ##############################################################################
# http frontend config for pgvector.shahed.biz
# this config added by chorke academia, inc
frontend fnt_shahed_biz
bind *:80
mode http
acl host-is-pgvector-shahed-biz hdr(host) -i pgvector.shahed.biz
acl path-is-auth-api path_beg /auth/
acl path-is-rest-api path_beg /rest/
acl path-is-root path -i /
http-request redirect location /auth/v1 if host-is-pgvector-shahed-biz path-is-root
use_backend bck_shahed_biz_postgrest if host-is-pgvector-shahed-biz path-is-rest-api
use_backend bck_shahed_biz_gotrue if host-is-pgvector-shahed-biz path-is-auth-api
default_backend bck_shahed_biz_gotrue
backend bck_shahed_biz_postgrest
http-request set-path "%[path,regsub(^/rest/,/)]"
server pgvector_postgrest postgrest:3000
mode http
backend bck_shahed_biz_gotrue
http-request set-path "%[path,regsub(^/auth/,/)]"
server pgvector_gotrue gotrue:9999
mode http
CFG
| |
cat <<'YML'| kubectl apply -n pgvector -f -
---
apiVersion: v1
kind: Service
metadata:
name: pgvector
namespace: pgvector
labels:
app.kubernetes.io/name: pgvector
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: pgvector
app.kubernetes.io/managed-by: kubectl
spec:
selector:
app: pgvector
ports:
- targetPort: 5432
name: pgvector
protocol: TCP
port: 5432
type: ClusterIP
YML
|
cat << YML | kubectl -n pgvector apply -f -
---
apiVersion: v1
kind: Service
metadata:
name: pgvector-lb
namespace: pgvector
labels:
app.kubernetes.io/name: pgvector
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: pgvector
app.kubernetes.io/managed-by: kubectl
spec:
selector:
app: pgvector
ports:
- targetPort: 5432
name: pgvector
protocol: TCP
port: 5432
type: LoadBalancer
loadBalancerIP: 192.168.49.105
YML
|
cat <<'YML'| kubectl apply -n pgvector -f -
---
apiVersion: v1
kind: Service
metadata:
name: postgrest
namespace: pgvector
labels:
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/name: postgrest
app.kubernetes.io/instance: postgrest
app.kubernetes.io/managed-by: kubectl
spec:
selector:
app: postgrest
ports:
- targetPort: 3000
name: postgrest
protocol: TCP
port: 3000
type: ClusterIP
YML
|
cat <<'YML'| kubectl apply -n pgvector -f -
---
apiVersion: v1
kind: Service
metadata:
name: gotrue
namespace: pgvector
labels:
app.kubernetes.io/name: gotrue
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: gotrue
app.kubernetes.io/managed-by: kubectl
spec:
selector:
app: gotrue
ports:
- targetPort: 9999
protocol: TCP
name: gotrue
port: 9999
type: ClusterIP
YML
|
cat <<'YML'| kubectl apply -n pgvector -f -
---
apiVersion: v1
kind: Service
metadata:
name: haproxy
namespace: pgvector
labels:
app.kubernetes.io/name: haproxy
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: haproxy
app.kubernetes.io/managed-by: kubectl
spec:
selector:
app: haproxy
ports:
- targetPort: 80
name: haproxy
protocol: TCP
port: 80
type: ClusterIP
YML
|
|
cat <<'YML'| kubectl apply -n pgvector -f -
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data-pgvector-0
namespace: pgvector
labels:
app.kubernetes.io/name: pgvector
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: pgvector
app.kubernetes.io/managed-by: kubectl
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: hostpath
volumeName: pgvector-data-pgvector-0
YML
|
|
cat <<'YML'| kubectl apply -n pgvector -f -
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: pgvector
namespace: pgvector
labels:
app: pgvector
app.kubernetes.io/name: pgvector
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: pgvector
app.kubernetes.io/managed-by: kubectl
annotations:
kubernetes.io/change-cause: "CKI-1| Initial Deployment"
spec:
replicas: 1
selector:
matchLabels:
app: pgvector
template:
metadata:
labels:
app: pgvector
spec:
securityContext:
runAsNonRoot: true
runAsGroup: 999
runAsUser: 999
fsGroup: 999
containers:
- name: pgvector
image: supabase/postgres:15.1.0.82
args:
- "-c"
- "max_connections=100"
ports:
- containerPort: 5432
name: pgvector
protocol: TCP
resources:
limits:
cpu: 1000m
memory: 2Gi
requests:
cpu: 500m
memory: 1Gi
envFrom:
- secretRef:
name: pgvector
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: data-pgvector-0
- mountPath: /docker-entrypoint-initdb.d
name: pgvector
volumes:
- name: data-pgvector-0
persistentVolumeClaim:
claimName: data-pgvector-0
- name: pgvector
configMap:
name: pgvector
YML
cat <<'YML'| kubectl apply -n pgvector -f -
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgrest
namespace: pgvector
labels:
app: postgrest
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/name: postgrest
app.kubernetes.io/instance: postgrest
app.kubernetes.io/managed-by: kubectl
annotations:
kubernetes.io/change-cause: "CKI-1| Initial Deployment"
spec:
replicas: 1
selector:
matchLabels:
app: postgrest
template:
metadata:
labels:
app: postgrest
spec:
securityContext:
runAsNonRoot: true
runAsGroup: 65532
runAsUser: 65532
containers:
- name: postgrest
image: postgrest/postgrest:v10.1.2
ports:
- containerPort: 3000
name: postgrest
protocol: TCP
resources:
limits:
cpu: 250m
memory: 256Mi
requests:
cpu: 100m
memory: 128Mi
envFrom:
- secretRef:
name: postgrest
YML
cat <<'YML'| kubectl apply -n pgvector -f -
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gotrue
namespace: pgvector
labels:
app: gotrue
app.kubernetes.io/name: gotrue
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: gotrue
app.kubernetes.io/managed-by: kubectl
annotations:
kubernetes.io/change-cause: "CKI-1| Initial Deployment"
spec:
replicas: 1
selector:
matchLabels:
app: gotrue
template:
metadata:
labels:
app: gotrue
spec:
securityContext:
runAsNonRoot: true
runAsGroup: 1001
runAsUser: 1001
containers:
- name: gotrue
image: supabase/gotrue:v2.66.0
ports:
- containerPort: 9999
name: gotrue
protocol: TCP
resources:
limits:
cpu: 250m
memory: 256Mi
requests:
cpu: 100m
memory: 128Mi
envFrom:
- secretRef:
name: gotrue
YML
cat <<'YML'| kubectl apply -n pgvector -f -
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: haproxy
namespace: pgvector
labels:
app: haproxy
app.kubernetes.io/name: haproxy
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: haproxy
app.kubernetes.io/managed-by: kubectl
spec:
replicas: 1
selector:
matchLabels:
app: haproxy
template:
metadata:
labels:
app: haproxy
spec:
securityContext:
runAsNonRoot: true
runAsGroup: 99
runAsUser: 99
containers:
- name: haproxy
image: haproxy:2.8-alpine
ports:
- containerPort: 80
name: haproxy
protocol: TCP
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 50m
memory: 64Mi
volumeMounts:
- mountPath: /usr/local/etc/haproxy
name: haproxy
volumes:
- name: haproxy
configMap:
name: haproxy
YML
| |
K8s » Ingress
|
K8s » Ingress |
|---|
cat << YML | kubectl apply -n pgvector -f -
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: pgvector
namespace: pgvector
labels:
app.kubernetes.io/name: haproxy
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: haproxy
app.kubernetes.io/managed-by: kubectl
spec:
ingressClassName: nginx
rules:
- host: pgvector.shahed.biz
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: haproxy
port:
number: 80
YML
|
K8s » Verify
|
K8s » Verify | |
|---|---|
xdg-open https://www.cdn77.com/tls-test/result?domain=pgvector.shahed.biz
xdg-open https://pgvector.shahed.biz
| |
kubectl -n pgvector exec -it svc/pgvector -c pgvector -- bash
kubectl -n pgvector exec -it svc/pgvector -- bash
kubectl -n pgvector exec -it svc/pgvector -- id
kubectl -n pgvector logs -f svc/pgvector
|
---
Page: https://pgvector.shahed.biz
user: tool.tech@shahed.biz
pass: sadaqah!
|
K8s » Scaling
|
K8s » Scaling |
|---|
cat <<YML | kubectl -n pgvector patch deploy/pgvector --patch-file=/dev/stdin
---
spec:
replicas: 0
YML
cat <<YML | kubectl -n pgvector patch deploy/pgvector --patch-file=/dev/stdin
---
spec:
replicas: 1
YML
cat <<YML | kubectl -n pgvector patch deploy/pgvector --patch-file=/dev/stdin
---
metadata:
annotations:
kubernetes.io/change-cause: "CKI-2| Resources Updated"
spec:
template:
spec:
containers:
- name: pgvector
resources:
limits:
cpu: 2000m
memory: 4Gi
requests:
cpu: 1000m
memory: 2Gi
YML
|
K8s » Rolling
|
K8s » Rollout |
|---|
kubectl -n pgvector rollout history deploy/pgvector
kubectl -n pgvector rollout pause deploy/pgvector
cat <<YML | kubectl -n pgvector patch deploy/pgvector --patch-file=/dev/stdin
---
metadata:
annotations:
kubernetes.io/change-cause: "CKI-2| Container Updated"
spec:
template:
spec:
containers:
- name: pgvector
resources:
limits:
cpu: 2000m
memory: 4Gi
requests:
cpu: 1000m
memory: 2Gi
YML
kubectl -n pgvector annotate deploy/pgvector --overwrite \
kubernetes.io/change-cause="CKI-2| Resources Updated"
kubectl -n pgvector rollout resume deploy/pgvector
kubectl -n pgvector rollout history deploy/pgvector
|
kubectl -n pgvector rollout undo deploy/pgvector --to-revision=1
kubectl -n pgvector rollout history deploy/pgvector
kubectl -n pgvector annotate deploy/pgvector --overwrite \
kubernetes.io/change-cause="CKI-3| Revert Back to CKI-1"
kubectl -n pgvector rollout history deploy/pgvector
|
K8s » Delete
|
K8s » Delete | |
|---|---|
kubectl delete svc --all -n pgvector
kubectl delete deploy --all -n pgvector
kubectl delete pvc --all -n pgvector
|
kubectl delete pv pgvector-data-pgvector-0
kubectl delete all --all -n pgvector
kubectl delete ns pgvector
|
Playground
|
Playground | |
|---|---|
kubectl -n pgvector get secret pgvector -o json|jq -r '.data."POSTGRES_PASSWORD"'|base64 -d;echo
kubectl -n pgvector get secret pgvector -o json|jq -r '.data."POSTGRES_USER"' |base64 -d;echo
kubectl -n pgvector get secret pgvector -o json|jq -r '.data."POSTGRES_DB"' |base64 -d;echo
kubectl -n pgvector get secret postgrest -o json|jq -r '.data."DB_USERNAME"'|base64 -d;echo
kubectl -n pgvector get secret postgrest -o json|jq -r '.data."DB_PASSWORD"'|base64 -d;echo
kubectl -n pgvector get secret postgrest -o json|jq -r '.data."DB_NAME"' |base64 -d;echo
kubectl -n pgvector get secret gotrue -o json|jq -r '.data."DB_USERNAME"'|base64 -d;echo
kubectl -n pgvector get secret gotrue -o json|jq -r '.data."DB_PASSWORD"'|base64 -d;echo
kubectl -n pgvector get secret gotrue -o json|jq -r '.data."DB_NAME"' |base64 -d;echo
kubectl -n pgvector exec -it svc/postgrest -c postgrest -- cat /etc/postgrest/postgrest.conf
kubectl -n pgvector exec -it svc/gotrue -c gotrue -- cat /etc/gotrue/.env
kubectl -n pgvector logs -f svc/postgrest -c postgrest
kubectl -n pgvector logs -f svc/pgvector -c pgvector
kubectl -n pgvector logs -f svc/gotrue -c gotrue
| |
kubectl -n pgvector rollout history deploy/pgvector
kubectl -n pgvector rollout restart deploy/pgvector
kubectl -n pgvector rollout undo deploy/pgvector
|
kubectl -n pgvector rollout pause deploy/pgvector
kubectl -n pgvector rollout resume deploy/pgvector
kubectl -n pgvector rollout status deploy/pgvector
|
kubectl delete svc --all -n pgvector
kubectl delete deploy --all -n pgvector
kubectl delete pvc --all -n pgvector
|
kubectl delete pv pgvector-data-pgvector-0
kubectl delete all --all -n pgvector
kubectl delete ns pgvector
|
kubectl -n pgvector exec -it svc/pgvector -c pgvector -- ash
kubectl -n pgvector exec -it svc/pgvector -- bash
kubectl -n pgvector exec -it svc/pgvector -- id
kubectl -n pgvector logs -f svc/pgvector -c pgvector
kubectl -n pgvector logs -f svc/pgvector
| |
References
|
References | ||
|---|---|---|