diff --git a/clusters/testing/kustomization.yaml b/clusters/testing/kustomization.yaml index 1fff725..e692835 100644 --- a/clusters/testing/kustomization.yaml +++ b/clusters/testing/kustomization.yaml @@ -17,3 +17,4 @@ resources: - ../../configs/certificates/certificates.yaml - ../../configs/alerts/alerts.yaml - ../../configs/longhorn-jobs/longhorn-jobs.yaml + - ../../configs/barman-config/barman-config.yaml diff --git a/configs/artifacts.yaml b/configs/artifacts.yaml index b7f5f5c..f5e6069 100644 --- a/configs/artifacts.yaml +++ b/configs/artifacts.yaml @@ -29,3 +29,8 @@ spec: copy: - from: "@foundation/configs/longhorn-jobs/**" to: "@artifact/" + - name: barman-config + originRevision: "@foundation" + copy: + - from: "@foundation/configs/barman-config/**" + to: "@artifact/" diff --git a/configs/barman-config/barman-config.yaml b/configs/barman-config/barman-config.yaml new file mode 100644 index 0000000..3cba4b0 --- /dev/null +++ b/configs/barman-config/barman-config.yaml @@ -0,0 +1,21 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: barman-config + namespace: flux-system +spec: + interval: 1h + retryInterval: 2m + timeout: 5m + decryption: + provider: sops + secretRef: + name: sops-gpg + dependsOn: + - name: barman-cloud-plugin + sourceRef: + kind: ExternalArtifact + name: barman-config + path: . + prune: true + wait: true diff --git a/configs/barman-config/kustomization.yaml b/configs/barman-config/kustomization.yaml new file mode 100644 index 0000000..7c33c79 --- /dev/null +++ b/configs/barman-config/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - object-store.yaml + - secret-s3-garage.enc.yaml diff --git a/configs/barman-config/object-store.yaml b/configs/barman-config/object-store.yaml new file mode 100644 index 0000000..b51e6f5 --- /dev/null +++ b/configs/barman-config/object-store.yaml @@ -0,0 +1,18 @@ +apiVersion: barmancloud.cnpg.io/v1 +kind: ObjectStore +metadata: + name: garage-store + namespace: cnpg-system +spec: + configuration: + destinationPath: s3://cnpg-backup/ + endpointURL: http://192.178.1.1:3900 + s3Credentials: + accessKeyId: + name: s3-garage + key: ACCESS_KEY_ID + secretAccessKey: + name: s3-garage + key: ACCESS_SECRET_KEY + wal: + compression: gzip diff --git a/configs/barman-config/secret-s3-garage.enc.yaml b/configs/barman-config/secret-s3-garage.enc.yaml new file mode 100644 index 0000000..fe4239f --- /dev/null +++ b/configs/barman-config/secret-s3-garage.enc.yaml @@ -0,0 +1,54 @@ +apiVersion: v1 +kind: Secret +metadata: + name: s3-garage + namespace: cnpg-system +type: Opaque +stringData: + ACCESS_KEY_ID: ENC[AES256_GCM,data:TOEQMG/kHs5XUk77ijyV089ZTq1dKsoZUas=,iv:mVDOkl5qOxGdvCvdcXUuUjX85oKqbd+n5maHsKwCiFg=,tag:pho0oWPTwtM6lGQ2vA1d5A==,type:str] + SECRET_ACCESS_KEY: ENC[AES256_GCM,data:mc42T/AQ8NRi32SzvwGJA6LEq1x0Yz3Tu+CPDYPf+E2+C00zQcGRk6tACPvRoMxRzU4ZZpK346e2K/8ajU77hg==,iv:Isxe81aQEbI5xd1dRjXDKj/2Jp9eTHdv0/XVBBHoRyE=,tag:gtcmKmfUIfIy977Df11P4g==,type:str] +sops: + age: + - recipient: age1860txadrlqrjwnqh0g466re2nt8jk7xhj640pq9gpsddpg23uynqsp2hul + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3cmd2NkxFOVB0a1R3MHVN + RWRwbFVVaHF6Mlo4UElIZ1ROd1pyV1czSEYwCmFQMGM3Nkw0U0hzcWdyQVpnZTZL + eFNLWW5iNWpZVU9BQm9KakV4dEJzaGsKLS0tIGZ0ajdRZjZIUnNRSElzeENYRG4r + eUJHQVAzeWJSUDZTYy8zbTJIQ3pscjAKERe7k/VVNqMhqe2rLLRA9dO71bjieffX + YMIzJ0/UNMo2el4bcefwRnqwl0oyPG+pMXZ3F6UXyEoZw3ZIc4Nzvg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1hktythzvsnth6u5en2lvag0tftnj9r03w7rpnzfgzgf5w95qxycq2azufj + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhakxrQ1Zrd3FRekZwZkU4 + MVBpdloxeTJWQm1GZjA4M2NFVk1IYWtrTG1RCnpaRGh1WDZ4dCtzeFhkK1YzczYz + dmFNSWQ1bXgwQjJ1VlkrQnFhMXJ3bGcKLS0tIDhpcWx0MklNazJ0SjUzRmlyV0Er + K09tZGI0Z2w0eXh5eHcvcEttMy82aU0K2fnCDfYIShzw2Zipof+C8zf9pcOmiDg9 + 2SCiIfAJs9MB3n078P068z77KpvdlJYOi9pUTKSBhNw+mBI24y6X6A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-12-15T03:46:42Z" + mac: ENC[AES256_GCM,data:UG9rSQ4ep7Ln4g5QCtvD6U90Oc8iWpni+kypMpJ+AQM8LC0TTs9zFQgcxmo2wjZn38Fp+br/5KC172SqBNG4Q1yXhlRiqiIeyx9ynrZeceRSqHaaruB1hj83/0FwahqjB/t6yutWIfnp00UC92mMKGlef48UNZ8IW17e5uHE0m4=,iv:LvR4BEkgAr6PJ8fYATFois4j8/rgztn/Jggj/mFgCIk=,tag:W38qDd1RkCdK3bVMqOVnjA==,type:str] + pgp: + - created_at: "2025-12-11T23:56:15Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA51kG++kLewoARAA2+TLPMKYQFUjyuER+HZgY5Zl4qcF94sYcZuTdcvl/Pam + l//PcgU80DLb/3IZ1K12EYyuZ+QVdJxmUQt1OvBUWv2p0/5mU7zbkxc8YJ/vc46b + yMX7mmDnzuyU2Lss0hUl5dDDk3pdC4SgjrBz15g9TvS2jOWDTOwKCb1DEghfzB07 + /9Yfj6Rfds2gqsUgfyxVCzHXzC0SNpuqqPLmnzNmjYiQGNFOCOdyxP6c2ehCI6Bq + Lu38n6rjTj2QWJZvtr57a2IVqmFVcD9wcy7ITUk8u9+ncYemLmx1LTQKD6n0WDHm + DwjRjziqdJRpHo70Q6TUanFppqTB2q1CReS4yk9sc3CINq9fRJrKtOeJxW8x81yZ + o3X++3gYbsRIrApVAFECJyKA4H6eK1gp4djNV7K0MmbQcR/7wSqaYrE6vTPml7jG + Ribd7eGvF2FnH5P/z3ckh6HH2Ln+i+iVy+ZeY+lgWuIrVNDWwR8mDH8AkjXuGTu4 + K6ra+kCna6v7CAKwlGd31rk9i0CTNTqyHEQeqYuto/HTEC0Jj/lRyFPq+KuuvoAq + vxQlmP6VnYR0gTfkneBAny4neu3zrbYMuIMWoA9pAhZBNOLPuPXZtUwhAStHBS1V + Sdc6AI9CXSPFIP2WDn6iwjwXElkG5+iYyngf3tXrJUVXs0SQeFH05j3r5zVNT0zS + XgFAiWuLAOyWWvP+Jlre5dgKnbiaSs3wIVL9Qw9MuHIWdlXmTyuQ5SQKErQLSQ2j + b5ogtCcgcbVd+OsZCHWQbPtLI2yk/n0afA9D6cRvLHbNZGrWRZjdTYUHU2Drp0w= + =/yAN + -----END PGP MESSAGE----- + fp: CD17A34CBFB21DE9A73D47EB76BDEC4E165D8AD9 + encrypted_regex: ^(data|stringData)$ + version: 3.11.0