Add so-postgres Salt states and integration wiring

Phase 1 of the PostgreSQL central data platform: - Salt states: init, enabled, disabled, config, ssl, auth, sostatus - TLS via SO CA-signed certs with postgresql.conf template - Two-tier auth: postgres superuser + so_postgres application user - Firewall restricts port 5432 to manager-only (HA-ready) - Wired into top.sls, pillar/top.sls, allowed_states, firewall containers map, docker defaults, CA signing policies, and setup scripts for all manager-type roles
2026-06-15 06:38:40 +02:00 · 2026-04-08 10:58:52 -04:00
parent 88de246ce3
commit 868cd11874
20 changed files with 422 additions and 2 deletions
@@ -11,6 +11,7 @@
     'so-kratos',
     'so-hydra',
     'so-nginx',
+     'so-postgres',
     'so-redis',
     'so-soc',
     'so-strelka-coordinator',
@@ -34,6 +35,7 @@
     'so-hydra',
     'so-logstash',
     'so-nginx',
+     'so-postgres',
     'so-redis',
     'so-soc',
     'so-strelka-coordinator',
@@ -77,6 +79,7 @@
     'so-kratos',
     'so-hydra',
     'so-nginx',
+     'so-postgres',
     'so-soc'
 ] %}

@@ -98,6 +98,10 @@ firewall:
      tcp:
        - 8086
      udp: []
+    postgres:
+      tcp:
+        - 5432
+      udp: []
    kafka_controller:
      tcp:
        - 9093
@@ -193,6 +197,7 @@ firewall:
                - kibana
                - redis
                - influxdb
+                - postgres
                - elasticsearch_rest
                - elasticsearch_node
                - localrules
@@ -379,6 +384,7 @@ firewall:
                - kibana
                - redis
                - influxdb
+                - postgres
                - elasticsearch_rest
                - elasticsearch_node
                - docker_registry
@@ -590,6 +596,7 @@ firewall:
                - kibana
                - redis
                - influxdb
+                - postgres
                - elasticsearch_rest
                - elasticsearch_node
                - docker_registry
@@ -799,6 +806,7 @@ firewall:
                - kibana
                - redis
                - influxdb
+                - postgres
                - elasticsearch_rest
                - elasticsearch_node
                - docker_registry
@@ -1011,6 +1019,7 @@ firewall:
                - kibana
                - redis
                - influxdb
+                - postgres
                - elasticsearch_rest
                - elasticsearch_node
                - docker_registry