Disabled cloudnative-pg backup and switched to using the crd directly

2025-02-13 01:37:53 +01:00 · 2025-02-13 01:37:53 +01:00 · c7a6703dfa
commit c7a6703dfa
parent 9db5e65250
8 changed files with 24 additions and 105 deletions
--- a/apps/authelia/release.yaml
+++ b/apps/authelia/release.yaml
@ -27,8 +27,8 @@ spec:
    secret:
      additionalSecrets:
-        authelia-db-cluster-app:
+        authelia-db-app:
-          key: authelia-db-cluster-app
+          key: authelia-db-app
        authelia-lldap:
          key: authelia-lldap
@ -64,11 +64,11 @@ spec:
      storage:
        postgres:
          enabled: true
-          address: tcp://authelia-db-cluster-rw.authelia:5432
+          address: tcp://authelia-db-rw.authelia:5432
          database: app
          username: app
          password:
-            secret_name: authelia-db-cluster-app
+            secret_name: authelia-db-app
            path: password
      notifier:
--- a/apps/grafana/release.yaml
+++ b/apps/grafana/release.yaml
@ -62,8 +62,8 @@ spec:
      existingSecret: grafana-ldap-toml
    extraSecretMounts:
-      - name: grafana-db-cluster-app-mount
+      - name: grafana-db-app-mount
-        secretName: grafana-db-cluster-app
+        secretName: grafana-db-app
        defaultMode: 0440
        mountPath: /etc/secrets/db
        readOnly: true
--- a/apps/lldap/deployment.yaml
+++ b/apps/lldap/deployment.yaml
@ -48,7 +48,7 @@ spec:
            - name: LLDAP_DATABASE_URL
              valueFrom:
                secretKeyRef:
-                  name: lldap-db-cluster-app
+                  name: lldap-db-app
                  key: uri
            - name: TZ
              value: CET
--- a/common/postgres/b2-access-key.yaml
+++ b/common/postgres/b2-access-key.yaml
@ -1,60 +0,0 @@
 apiVersion: v1
 kind: Secret
 metadata:
    name: b2-access-key
 type: Opaque
 data:
    ACCESS_KEY_ID: ENC[AES256_GCM,data:YpYkexRxH4mVyufrS/Blw3PSrU9H1eO3O6urN9tCZvYBenp7,iv:1ka5Otp0u4HJ5WC3yj+YJLAQC0Cy8Y2vWGqxLSaAGfM=,tag:8SKOcUoUuOWLm0Na2r7Hfw==,type:str]
    ACCESS_SECRET_KEY: ENC[AES256_GCM,data:8Q2QsCpe/yiWmETVnIROJe0uiY7gMzQF4e8PiaF2vAgqkNq/oT8ku21bWCQ=,iv:635wzxp/XJ0zoxw9n63km38LdqDcebfU/ltLzN/bHPc=,tag:nGfKtpf8qzNyO3bDbbtn/A==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age: []
    lastmodified: "2024-11-15T01:21:23Z"
    mac: ENC[AES256_GCM,data:K8ATLj5nZfibvMPXR3ls7zXav0IVxSajyeFb/Qs/P3pPfHQ1p5ZRWaWTuNAFST04ynZ5BOcZyZCi9niMSZOGYBnDtOiJQAT1t3RxYS6j2X2HDX+nFTW6e4uDSOZMWk1poLP5lgBRvYxjsaco6X9F0hdvF7T7xvm7IHbHY7HAckg=,iv:C/bCoZKYy8gudmH8D/5R/MWlkC1ORlWZIvntjqt2dRk=,tag:yJsg7jj6p066CDzPXntOzA==,type:str]
    pgp:
        - created_at: "2024-10-10T22:08:04Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----
            hQIMA7pKPTYH5bqOAQ/+MJi/46q5TyjE0mqUfgmx90mYGchNQCvOHOdZJT2E2s2Z
            DbqyrI5Bx+EauTl4eYhlMS9Xza/mL5I99GX/49FRpgvfmCwbM/aeOdq/CPWE771n
            iylxE6uj0VVQGCazcO84Gg8CUxW3+dtNBbIUQYRxmQST6Pbg/lrmlXF5wDUfEueT
            5FkfOZA7py3TyxUB4tcFA13e10CRFC1a7KHvfZm4ISs/1L97tsr0aZNgwCmHZodO
            5fcm6poWtXEo16N/4XC8CI0z7unqNVRSgvpvVBHCvULkq4abznho2abkForNNkvv
            GaN1Zcq8GIclVexMxaSC0M7BFfOdhmCDXuOdkKP/K1etL9UGGBdo7g5WJ7eqAiKN
            Xs43VRijJsltIrTui/0s8zVIRzLfxTYGR2JtSnLuFaMGkKAijR34RsC9hXol+OB1
            OAxGVzGfAR8wdgmShV9SPSOl3CtT6317YGuzjzkSbryJ2oYqR4zjV9jXgIEtuDZF
            r6RITshhvata0w+e6tHSMYmnsF9YD4LbpGQmLm7r/A5ibBsE/2ZoUGBxNrb68YW1
            vQmD2Ywv/Soe4f2Vj7vXJewrrJ1F0NPV/43sxl9lZB9JVMC6c8pMv7hndVq7dofn
            dbqVXXeGd+Os/5X0P2yjlJYBjrMpFsg2tNi5dA5gUJ9uXqzNtSFx7ma9uJ4sX3zU
            ZgEJAhDRzwccDHXa3D3+FBVJFbwN80G30Z6hS225mpIrBXqkElDH8hGs7KGkdIP5
            O6CcZKt+j2R+40J0iJIcy1s211qgkzzDgtUaM1yAlVM8t3JpnykjhLp8mMzytOC1
            rag4GdeG4Q==
            =9TAG
            -----END PGP MESSAGE-----
          fp: 1E0CF38FF7C9ADAED58B436ABA4A3D3607E5BA8E
        - created_at: "2024-10-10T22:08:04Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----
            hQIMA51kG++kLewoAQ//fPw1ZgguXCZSLBnl4J/d4IZok6l4TdnbySDOKTOnZUi0
            xyDusr9kdrEdDb4nYUT3PBrxEC2DsKDIJJSwUgLTZB6moIJgHPa51qermyGgqhKU
            c4vyYCMKAJyS6rOoU5fsPb+kJS52ltBLEmyO7JndM32CFmfyq4iwphNcheJE7qFW
            xBmEtsJBPh4P1ysFQtG0DH8iroAYvsI4HLJw6+pdy/rI3zu3LDmiOnEidGz685BB
            gbYj+bJV2gIBGdSWqsjuAJh37dfP9143Hwvz57raA+uqVPtaTaywGuEyDE7E8B7U
            LdxATRKDdRp9+ytdn+UBeZQPYolKhv2bOgm4tzBq/VGmm/11nZbXyv69vgooOqnf
            YYPg3VGnqpaGmxy94EFuLCWvD0ZO7rMQMOoz0vZRHGNYsye2tUOF/F6eIzhehh3+
            AhGSrGDZa5HM41dLsTrNnb8YbzGKqljVJyWvORfIniW6RONIuFrz3/Pe4jjnM+Dm
            Y8z033SmAm5JT2Jhc/tb9LvYbVQzfrUWImh9qcVGOU5RqvB13VOCaNHmt33crMjg
            KFMhBJ5F3ftqe3JiK+6KOuS9g2wd3M5VM5qLHBLr7qTDb5q/JKsBIY7AcLsVyYNx
            T3OynFuAkiYVTe4CuXCSrbVPXd9XkV/dDdQh+5ZR8nxo0/TkpnAwwGdh9hFsOtLS
            XAEXagTFsM3Cl3T45ehYSPt6oyfx5dwKkQ8wxaqSWIkrvTla/ofOD9xemsBfYNku
            b9vLFfbry8J+p5H9fEtS9/co4xYmajP/Mzq54JflEHqt/ej0MTxnNB5m+a45
            =CFmy
            -----END PGP MESSAGE-----
          fp: 49F10679C425233EFB4B1B6F9D641BEFA42DEC28
    encrypted_regex: ^(data|stringData)$
    version: 3.9.0
--- a/common/postgres/cluster.yaml
+++ b/common/postgres/cluster.yaml
@ -0,0 +1,14 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
  name: -db
 spec:
  instances: 2
  storage:
    size: 8Gi
    storageClass: topolvm-provisioner
  affinity:
    topologyKey: kubernetes.io/hostname
    podAntiAffinityType: required
--- a/common/postgres/database.yaml
+++ b/common/postgres/database.yaml
@ -1,35 +0,0 @@
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: -db
 spec:
  chart:
    spec:
      chart: cluster
      reconcileStrategy: ChartVersion
      sourceRef:
        kind: HelmRepository
        name: cnpg
        namespace: cnpg-system
      version: 0.0.11
  interval: 1m0s
  values:
    type: postgresql
    mode: standalone
    cluster:
      instances: 2
      affinity:
        topologyKey: kubernetes.io/hostname
        podAntiAffinityType: required
      storage:
        storageClass: topolvm-provisioner
    backups:
      enabled: true
      provider: s3
      endpointURL: https://s3.us-west-002.backblazeb2.com
      s3:
        bucket: titan-k3s-backup
        path: /postgres
      secret:
        create: false
        name: b2-access-key
--- a/common/postgres/kustomization.yaml
+++ b/common/postgres/kustomization.yaml
@ -1,7 +1,7 @@
 apiVersion: kustomize.config.k8s.io/v1alpha1
 kind: Component
 resources:
-  - ./database.yaml
+  - ./cluster.yaml
-  - ./b2-access-key.yaml
+
 replacements:
  - path: replacement.yaml
--- a/common/postgres/replacement.yaml
+++ b/common/postgres/replacement.yaml
@ -3,7 +3,7 @@ source:
  fieldPath: metadata.name
 targets:
  - select:
-      kind: HelmRelease
+      kind: Cluster
      name: -db
    fieldPaths:
      - metadata.name