diff --git a/k8s/apps/storage/cloudnative-pg/cluster/cluster.yaml b/k8s/apps/storage/cloudnative-pg/cluster/cluster.yaml index 368fc612..6ddec6a3 100644 --- a/k8s/apps/storage/cloudnative-pg/cluster/cluster.yaml +++ b/k8s/apps/storage/cloudnative-pg/cluster/cluster.yaml @@ -7,7 +7,7 @@ spec: instances: 3 primaryUpdateStrategy: unsupervised storage: - size: 20Gi + size: 10Gi storageClass: longhorn monitoring: enablePodMonitor: false @@ -19,7 +19,7 @@ spec: maxParallel: 8 destinationPath: s3://db-backups/ endpointURL: https://${CLOUDFLARE_ACCOUNT_ID}.r2.cloudflarestorage.com - serverName: postgres-v2 + serverName: postgres-v3 s3Credentials: accessKeyId: name: r2-secrets diff --git a/k8s/apps/storage/cloudnative-pg/cluster/secret.yaml b/k8s/apps/storage/cloudnative-pg/cluster/secret.yaml index b9e98d9e..fcc628d6 100644 --- a/k8s/apps/storage/cloudnative-pg/cluster/secret.yaml +++ b/k8s/apps/storage/cloudnative-pg/cluster/secret.yaml @@ -1,28 +1,24 @@ -apiVersion: v1 -kind: Secret +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret metadata: + name: cloudnative-pg-secret +spec: + secretStoreRef: + kind: ClusterSecretStore + name: akeyless-secret-store + target: name: r2-secrets - namespace: storage -stringData: - CLIENT_SECRET: ENC[AES256_GCM,data:dLedEbpV2E36y9KSo0yEqeAr/69IpYfBQItiBBgI3/mFFEegSrIXr/nGFtBvWQONY9/Uj9gOm0aP+FOhLwo7wA==,iv:p+Jy+X7OJ14cZBYogEhk2/r+KqVHf6Y8wMegvZZkGCk=,tag:yzWcGF1F7pzgFUPVQxzmUA==,type:str] - CLIENT_ID: ENC[AES256_GCM,data:Ae9w+JBPl34BHrmVXbQBCEA2tOeQ31i2eDt6JwfEzhg=,iv:QdS81MM/9gZWAGayIGfvJYCE3hlHKPCMc8Us5eWja30=,tag:2JO6gTRU2rwnhFNzMsvjUg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1ygtvf2uaevyhpsdwya27qhmjkjxd9vvyn0ajephhjwthmeeryseqx4munk - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpeWVjT2VmRVlUbWNNRWR3 - OVJ3cSs5K2txTGJ5Q1hsWTV1NlRENXN4SUg4CjRZZjYrdTZ4YXpCRnZZbDJPOVp0 - RkYxdkFGY1N6Q21CT3hkenlTbmlSN2MKLS0tIGVqa1RzNmVEUVhBVjZ5MmphaDZo - ZjRFaG1zV04yOGJRM1hLVlVzWGxvMU0KU0MlMY8uu6RA2yMPA8thvycfNEyPXC9N - ySmWPGFTvWY3Z6W0PjRUbgact3CCl/DUBElN/y1PFC+rb1fGUbOI6g== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-08-14T15:59:49Z" - mac: ENC[AES256_GCM,data:pDACrnBqfelLA6eU+uexZZ1F111X1hL5WRO1MFMC6a7/IYf27W1iISH3axSuRoVWldS5fnkQIJNmgm/YKWGcCYLsUH7E1wd67Lu59LlLjCFeRo/I01rECxaChVOnlJKgwfzWoz69d3E0DzkvvSCzO4o+9L3wPcJ4et6nbBplzsc=,iv:j0f3Dlb1OIspDsiIE+eGVqHlkzWyXwDeZw2WFewH8eY=,tag:aSPamcxSJbv1lWTJaWVBvw==,type:str] - pgp: [] - encrypted_regex: ^(data|stringData)$ - version: 3.7.3 + template: + engineVersion: v2 + metadata: + labels: + cnpg.io/reload: "true" + data: + - secretKey: CLIENT_ID + remoteRef: + key: /cnpg/CLIENT_ID + - secretKey: CLIENT_SECRET + remoteRef: + key: /cnpg/CLIENT_SECRET diff --git a/k8s/apps/storage/cloudnative-pg/ks.yaml b/k8s/apps/storage/cloudnative-pg/ks.yaml index 47ff01a8..67c61840 100644 --- a/k8s/apps/storage/cloudnative-pg/ks.yaml +++ b/k8s/apps/storage/cloudnative-pg/ks.yaml @@ -26,6 +26,7 @@ spec: path: ./k8s/apps/storage/cloudnative-pg/cluster dependsOn: - name: cloudnative-pg + - name: external-secrets prune: true sourceRef: kind: GitRepository diff --git a/k8s/apps/storage/kustomization.yaml b/k8s/apps/storage/kustomization.yaml index e512b44d..230b2ba4 100644 --- a/k8s/apps/storage/kustomization.yaml +++ b/k8s/apps/storage/kustomization.yaml @@ -3,7 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./namespace.yaml - # - ./cloudnative-pg/ks.yaml + - ./cloudnative-pg/ks.yaml # - ./minio/ks.yaml # - ./csi-driver-nfs/ks.yaml