diff --git a/controllers/cnpg/base/kustomization.yaml b/controllers/cnpg/base/kustomization.yaml index 0003ced..23b477a 100644 --- a/controllers/cnpg/base/kustomization.yaml +++ b/controllers/cnpg/base/kustomization.yaml @@ -4,6 +4,7 @@ resources: - namespace.yaml - helm-repository.yaml - helm-release.yaml + - https://github.com/cloudnative-pg/plugin-barman-cloud/releases/download/v0.9.0/manifest.yaml configurations: - name-reference.yaml diff --git a/controllers/cnpg/cnpg.yaml b/controllers/cnpg/cnpg.yaml index ce2594b..ffd5dfd 100644 --- a/controllers/cnpg/cnpg.yaml +++ b/controllers/cnpg/cnpg.yaml @@ -7,6 +7,12 @@ spec: interval: 1h retryInterval: 2m timeout: 5m + decryption: + provider: sops + secretRef: + name: sops-gpg + dependsOn: + - name: cert-manager sourceRef: kind: ExternalArtifact name: cnpg diff --git a/controllers/cnpg/staging/kustomization.yaml b/controllers/cnpg/staging/kustomization.yaml index 1c527eb..98ded8b 100644 --- a/controllers/cnpg/staging/kustomization.yaml +++ b/controllers/cnpg/staging/kustomization.yaml @@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ../base + - secret-s3-garage.enc.yaml configMapGenerator: - name: values-overlay diff --git a/controllers/cnpg/staging/secret-s3-garage.enc.yaml b/controllers/cnpg/staging/secret-s3-garage.enc.yaml new file mode 100644 index 0000000..db8ece9 --- /dev/null +++ b/controllers/cnpg/staging/secret-s3-garage.enc.yaml @@ -0,0 +1,54 @@ +apiVersion: v1 +kind: Secret +metadata: + name: s3-garage + namespace: cnpg-system +type: Opaque +stringData: + ACCESS_KEY_ID: ENC[AES256_GCM,data:TOEQMG/kHs5XUk77ijyV089ZTq1dKsoZUas=,iv:mVDOkl5qOxGdvCvdcXUuUjX85oKqbd+n5maHsKwCiFg=,tag:pho0oWPTwtM6lGQ2vA1d5A==,type:str] + ACCESS_SECRET_KEY: ENC[AES256_GCM,data:INipEOcpPSij6TDu+bCuMOdsGm58nEBC4UJfEGRqeMmXZ9A+EBrMiRL6z3s29uz4qdqwZ3C8E4PVz01/41bMEA==,iv:x+gku8q7efHaaMpD/dc19IrwmK2gDp04bjH8WN/xhkc=,tag:QiSF6B8IqMrCsOUCe8c0bw==,type:str] +sops: + age: + - recipient: age1860txadrlqrjwnqh0g466re2nt8jk7xhj640pq9gpsddpg23uynqsp2hul + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3cmd2NkxFOVB0a1R3MHVN + RWRwbFVVaHF6Mlo4UElIZ1ROd1pyV1czSEYwCmFQMGM3Nkw0U0hzcWdyQVpnZTZL + eFNLWW5iNWpZVU9BQm9KakV4dEJzaGsKLS0tIGZ0ajdRZjZIUnNRSElzeENYRG4r + eUJHQVAzeWJSUDZTYy8zbTJIQ3pscjAKERe7k/VVNqMhqe2rLLRA9dO71bjieffX + YMIzJ0/UNMo2el4bcefwRnqwl0oyPG+pMXZ3F6UXyEoZw3ZIc4Nzvg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1hktythzvsnth6u5en2lvag0tftnj9r03w7rpnzfgzgf5w95qxycq2azufj + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhakxrQ1Zrd3FRekZwZkU4 + MVBpdloxeTJWQm1GZjA4M2NFVk1IYWtrTG1RCnpaRGh1WDZ4dCtzeFhkK1YzczYz + dmFNSWQ1bXgwQjJ1VlkrQnFhMXJ3bGcKLS0tIDhpcWx0MklNazJ0SjUzRmlyV0Er + K09tZGI0Z2w0eXh5eHcvcEttMy82aU0K2fnCDfYIShzw2Zipof+C8zf9pcOmiDg9 + 2SCiIfAJs9MB3n078P068z77KpvdlJYOi9pUTKSBhNw+mBI24y6X6A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-12-18T02:27:07Z" + mac: ENC[AES256_GCM,data:uuEvSPHpLpXRZBzYYEVvXsgODnOzVJwx3tAjuioGyNKC1arunjNKbcYFMgdL7icilf0PUy0llkMqFGKyiUFdN1zai7WLfa2jgK5XU3LdsL3euKNSqpWp6dGfKDixe9Wqo8+F7hckdIDJgvE6bJ1DHZz0bjqXgUEoJ43CcJGOhNY=,iv:+kd93pKLtm+1FJ7QxZGG8cZ7IZAHS96lAw1eNFAgwCk=,tag:QxsNKCtIpYtR7EI4oQ9MJA==,type:str] + pgp: + - created_at: "2025-12-11T23:56:15Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA51kG++kLewoARAA2+TLPMKYQFUjyuER+HZgY5Zl4qcF94sYcZuTdcvl/Pam + l//PcgU80DLb/3IZ1K12EYyuZ+QVdJxmUQt1OvBUWv2p0/5mU7zbkxc8YJ/vc46b + yMX7mmDnzuyU2Lss0hUl5dDDk3pdC4SgjrBz15g9TvS2jOWDTOwKCb1DEghfzB07 + /9Yfj6Rfds2gqsUgfyxVCzHXzC0SNpuqqPLmnzNmjYiQGNFOCOdyxP6c2ehCI6Bq + Lu38n6rjTj2QWJZvtr57a2IVqmFVcD9wcy7ITUk8u9+ncYemLmx1LTQKD6n0WDHm + DwjRjziqdJRpHo70Q6TUanFppqTB2q1CReS4yk9sc3CINq9fRJrKtOeJxW8x81yZ + o3X++3gYbsRIrApVAFECJyKA4H6eK1gp4djNV7K0MmbQcR/7wSqaYrE6vTPml7jG + Ribd7eGvF2FnH5P/z3ckh6HH2Ln+i+iVy+ZeY+lgWuIrVNDWwR8mDH8AkjXuGTu4 + K6ra+kCna6v7CAKwlGd31rk9i0CTNTqyHEQeqYuto/HTEC0Jj/lRyFPq+KuuvoAq + vxQlmP6VnYR0gTfkneBAny4neu3zrbYMuIMWoA9pAhZBNOLPuPXZtUwhAStHBS1V + Sdc6AI9CXSPFIP2WDn6iwjwXElkG5+iYyngf3tXrJUVXs0SQeFH05j3r5zVNT0zS + XgFAiWuLAOyWWvP+Jlre5dgKnbiaSs3wIVL9Qw9MuHIWdlXmTyuQ5SQKErQLSQ2j + b5ogtCcgcbVd+OsZCHWQbPtLI2yk/n0afA9D6cRvLHbNZGrWRZjdTYUHU2Drp0w= + =/yAN + -----END PGP MESSAGE----- + fp: CD17A34CBFB21DE9A73D47EB76BDEC4E165D8AD9 + encrypted_regex: ^(data|stringData)$ + version: 3.11.0