feat: add PostgreSQL tunnel deployment with ConfigMap, HPA, and service

postgres-tunnel/eu-central-1/configmap.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: postgres-tunnel-config
+  namespace: postgres-tunnel
+data:
+  SSH_HOST: "130.61.135.202"
+  SSH_PORT: "22"
+  SSH_USER: "cluster"
+  POSTGRES_REMOTE_HOST: "localhost"
+  POSTGRES_REMOTE_PORT: "5432"

postgres-tunnel/eu-central-1/deployment.yaml

@@ -0,0 +1,64 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: postgres-tunnel
+  namespace: postgres-tunnel
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: postgres-tunnel
+  template:
+    metadata:
+      labels:
+        app: postgres-tunnel
+    spec:
+      containers:
+        - name: tunnel
+          image: alpine:3.21
+          command: [/bin/sh, -c]
+          args:
+            - |
+              apk add --no-cache openssh-client
+              exec ssh -N \
+                -o StrictHostKeyChecking=no \
+                -o ServerAliveInterval=30 \
+                -o ServerAliveCountMax=3 \
+                -o ExitOnForwardFailure=yes \
+                -L 0.0.0.0:5432:$(POSTGRES_REMOTE_HOST):$(POSTGRES_REMOTE_PORT) \
+                -i /ssh-key/id_rsa \
+                -p $(SSH_PORT) \
+                $(SSH_USER)@$(SSH_HOST)
+          envFrom:
+            - configMapRef:
+                name: postgres-tunnel-config
+          ports:
+            - containerPort: 5432
+              name: postgres
+          volumeMounts:
+            - name: ssh-key
+              mountPath: /ssh-key
+              readOnly: true
+          resources:
+            requests:
+              cpu: 10m
+              memory: 16Mi
+            limits:
+              cpu: 50m
+              memory: 32Mi
+          livenessProbe:
+            tcpSocket:
+              port: 5432
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          readinessProbe:
+            tcpSocket:
+              port: 5432
+            initialDelaySeconds: 5
+            periodSeconds: 10
+      volumes:
+        - name: ssh-key
+          secret:
+            secretName: postgres-tunnel-ssh-key
+            defaultMode: 0400
+      restartPolicy: Always

postgres-tunnel/eu-central-1/hpa.yaml

@@ -0,0 +1,22 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: postgres-tunnel
+  namespace: postgres-tunnel
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: postgres-tunnel
+  minReplicas: 1
+  maxReplicas: 5
+  metrics:
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: 70
+  behavior:
+    scaleDown:
+      stabilizationWindowSeconds: 300

postgres-tunnel/eu-central-1/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - configmap.yaml
+  - deployment.yaml
+  - service.yaml
+  - hpa.yaml

postgres-tunnel/eu-central-1/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: postgres-tunnel

postgres-tunnel/eu-central-1/service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres
+  namespace: postgres-tunnel
+spec:
+  type: ClusterIP
+  selector:
+    app: postgres-tunnel
+  ports:
+    - name: postgres
+      port: 5432
+      targetPort: 5432