Dreaded_X/flux-infra
1
0
Fork 0
Code Issues 11 Pull Requests Actions Packages Projects Releases Wiki Activity

Disabled cloudnative-pg backup and switched to using the crd directly

Browse Source
This commit is contained in:
Dreaded_X 2025-02-13 01:37:53 +01:00
parent 9db5e65250
commit c7a6703dfa
Signed by: Dreaded_X
GPG Key ID: FA5F485356B0D2D4
8 changed files with 24 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
apps/authelia/release.yaml
View File

@ -27,8 +27,8 @@ spec:
secret:
additionalSecrets:
authelia-db-cluster-app:
key: authelia-db-cluster-app
authelia-db-app:
key: authelia-db-app
authelia-lldap:
key: authelia-lldap
@ -64,11 +64,11 @@ spec:
storage:
postgres:
enabled: true
address: tcp://authelia-db-cluster-rw.authelia:5432
address: tcp://authelia-db-rw.authelia:5432
database: app
username: app
password:
secret_name: authelia-db-cluster-app
secret_name: authelia-db-app
path: password
notifier:

4
apps/grafana/release.yaml
View File

@ -62,8 +62,8 @@ spec:
existingSecret: grafana-ldap-toml
extraSecretMounts:
- name: grafana-db-cluster-app-mount
secretName: grafana-db-cluster-app
- name: grafana-db-app-mount
secretName: grafana-db-app
defaultMode: 0440
mountPath: /etc/secrets/db
readOnly: true

2
apps/lldap/deployment.yaml
View File

@ -48,7 +48,7 @@ spec:
- name: LLDAP_DATABASE_URL
valueFrom:
secretKeyRef:
name: lldap-db-cluster-app
name: lldap-db-app
key: uri
- name: TZ
value: CET

60
common/postgres/b2-access-key.yaml
View File

@ -1,60 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: b2-access-key
type: Opaque
data:
ACCESS_KEY_ID: ENC[AES256_GCM,data:YpYkexRxH4mVyufrS/Blw3PSrU9H1eO3O6urN9tCZvYBenp7,iv:1ka5Otp0u4HJ5WC3yj+YJLAQC0Cy8Y2vWGqxLSaAGfM=,tag:8SKOcUoUuOWLm0Na2r7Hfw==,type:str]
ACCESS_SECRET_KEY: ENC[AES256_GCM,data:8Q2QsCpe/yiWmETVnIROJe0uiY7gMzQF4e8PiaF2vAgqkNq/oT8ku21bWCQ=,iv:635wzxp/XJ0zoxw9n63km38LdqDcebfU/ltLzN/bHPc=,tag:nGfKtpf8qzNyO3bDbbtn/A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-11-15T01:21:23Z"
mac: ENC[AES256_GCM,data:K8ATLj5nZfibvMPXR3ls7zXav0IVxSajyeFb/Qs/P3pPfHQ1p5ZRWaWTuNAFST04ynZ5BOcZyZCi9niMSZOGYBnDtOiJQAT1t3RxYS6j2X2HDX+nFTW6e4uDSOZMWk1poLP5lgBRvYxjsaco6X9F0hdvF7T7xvm7IHbHY7HAckg=,iv:C/bCoZKYy8gudmH8D/5R/MWlkC1ORlWZIvntjqt2dRk=,tag:yJsg7jj6p066CDzPXntOzA==,type:str]
pgp:
- created_at: "2024-10-10T22:08:04Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA7pKPTYH5bqOAQ/+MJi/46q5TyjE0mqUfgmx90mYGchNQCvOHOdZJT2E2s2Z
DbqyrI5Bx+EauTl4eYhlMS9Xza/mL5I99GX/49FRpgvfmCwbM/aeOdq/CPWE771n
iylxE6uj0VVQGCazcO84Gg8CUxW3+dtNBbIUQYRxmQST6Pbg/lrmlXF5wDUfEueT
5FkfOZA7py3TyxUB4tcFA13e10CRFC1a7KHvfZm4ISs/1L97tsr0aZNgwCmHZodO
5fcm6poWtXEo16N/4XC8CI0z7unqNVRSgvpvVBHCvULkq4abznho2abkForNNkvv
GaN1Zcq8GIclVexMxaSC0M7BFfOdhmCDXuOdkKP/K1etL9UGGBdo7g5WJ7eqAiKN
Xs43VRijJsltIrTui/0s8zVIRzLfxTYGR2JtSnLuFaMGkKAijR34RsC9hXol+OB1
OAxGVzGfAR8wdgmShV9SPSOl3CtT6317YGuzjzkSbryJ2oYqR4zjV9jXgIEtuDZF
r6RITshhvata0w+e6tHSMYmnsF9YD4LbpGQmLm7r/A5ibBsE/2ZoUGBxNrb68YW1
vQmD2Ywv/Soe4f2Vj7vXJewrrJ1F0NPV/43sxl9lZB9JVMC6c8pMv7hndVq7dofn
dbqVXXeGd+Os/5X0P2yjlJYBjrMpFsg2tNi5dA5gUJ9uXqzNtSFx7ma9uJ4sX3zU
ZgEJAhDRzwccDHXa3D3+FBVJFbwN80G30Z6hS225mpIrBXqkElDH8hGs7KGkdIP5
O6CcZKt+j2R+40J0iJIcy1s211qgkzzDgtUaM1yAlVM8t3JpnykjhLp8mMzytOC1
rag4GdeG4Q==
=9TAG
-----END PGP MESSAGE-----
fp: 1E0CF38FF7C9ADAED58B436ABA4A3D3607E5BA8E
- created_at: "2024-10-10T22:08:04Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA51kG++kLewoAQ//fPw1ZgguXCZSLBnl4J/d4IZok6l4TdnbySDOKTOnZUi0
xyDusr9kdrEdDb4nYUT3PBrxEC2DsKDIJJSwUgLTZB6moIJgHPa51qermyGgqhKU
c4vyYCMKAJyS6rOoU5fsPb+kJS52ltBLEmyO7JndM32CFmfyq4iwphNcheJE7qFW
xBmEtsJBPh4P1ysFQtG0DH8iroAYvsI4HLJw6+pdy/rI3zu3LDmiOnEidGz685BB
gbYj+bJV2gIBGdSWqsjuAJh37dfP9143Hwvz57raA+uqVPtaTaywGuEyDE7E8B7U
LdxATRKDdRp9+ytdn+UBeZQPYolKhv2bOgm4tzBq/VGmm/11nZbXyv69vgooOqnf
YYPg3VGnqpaGmxy94EFuLCWvD0ZO7rMQMOoz0vZRHGNYsye2tUOF/F6eIzhehh3+
AhGSrGDZa5HM41dLsTrNnb8YbzGKqljVJyWvORfIniW6RONIuFrz3/Pe4jjnM+Dm
Y8z033SmAm5JT2Jhc/tb9LvYbVQzfrUWImh9qcVGOU5RqvB13VOCaNHmt33crMjg
KFMhBJ5F3ftqe3JiK+6KOuS9g2wd3M5VM5qLHBLr7qTDb5q/JKsBIY7AcLsVyYNx
T3OynFuAkiYVTe4CuXCSrbVPXd9XkV/dDdQh+5ZR8nxo0/TkpnAwwGdh9hFsOtLS
XAEXagTFsM3Cl3T45ehYSPt6oyfx5dwKkQ8wxaqSWIkrvTla/ofOD9xemsBfYNku
b9vLFfbry8J+p5H9fEtS9/co4xYmajP/Mzq54JflEHqt/ej0MTxnNB5m+a45
=CFmy
-----END PGP MESSAGE-----
fp: 49F10679C425233EFB4B1B6F9D641BEFA42DEC28
encrypted_regex: ^(data|stringData)$
version: 3.9.0

14
common/postgres/cluster.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: -db
spec:
instances: 2
storage:
size: 8Gi
storageClass: topolvm-provisioner
affinity:
topologyKey: kubernetes.io/hostname
podAntiAffinityType: required

35
common/postgres/database.yaml
View File

@ -1,35 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: -db
spec:
chart:
spec:
chart: cluster
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
name: cnpg
namespace: cnpg-system
version: 0.0.11
interval: 1m0s
values:
type: postgresql
mode: standalone
cluster:
instances: 2
affinity:
topologyKey: kubernetes.io/hostname
podAntiAffinityType: required
storage:
storageClass: topolvm-provisioner
backups:
enabled: true
provider: s3
endpointURL: https://s3.us-west-002.backblazeb2.com
s3:
bucket: titan-k3s-backup
path: /postgres
secret:
create: false
name: b2-access-key

4
common/postgres/kustomization.yaml
View File

@ -1,7 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- ./database.yaml
- ./b2-access-key.yaml
- ./cluster.yaml
replacements:
- path: replacement.yaml

2
common/postgres/replacement.yaml
View File

@ -3,7 +3,7 @@ source:
fieldPath: metadata.name
targets:
- select:
kind: HelmRelease
kind: Cluster
name: -db
fieldPaths:
- metadata.name