From 4ff30eff6784fb9fb0b2c7bcb25dad89b0f9c253 Mon Sep 17 00:00:00 2001 From: j37hr0 Date: Mon, 27 Apr 2026 10:13:26 +1200 Subject: [PATCH] work getting pg cluster root pass in place --- .../cnpg-clusters/kustomization.yaml | 1 + .../databases/cnpg-clusters/pg-cluster.yaml | 3 +++ .../databases/cnpg-clusters/secret.yaml | 23 +++++++++++++++++++ 3 files changed, 27 insertions(+) create mode 100644 infrastructure/databases/cnpg-clusters/secret.yaml diff --git a/infrastructure/databases/cnpg-clusters/kustomization.yaml b/infrastructure/databases/cnpg-clusters/kustomization.yaml index 3f559b7..09e46fe 100644 --- a/infrastructure/databases/cnpg-clusters/kustomization.yaml +++ b/infrastructure/databases/cnpg-clusters/kustomization.yaml @@ -3,3 +3,4 @@ kind: Kustomization resources: - pg-cluster.yaml - namespace.yaml +- secret.yaml diff --git a/infrastructure/databases/cnpg-clusters/pg-cluster.yaml b/infrastructure/databases/cnpg-clusters/pg-cluster.yaml index 16c95e6..9f150f8 100644 --- a/infrastructure/databases/cnpg-clusters/pg-cluster.yaml +++ b/infrastructure/databases/cnpg-clusters/pg-cluster.yaml @@ -8,3 +8,6 @@ spec: storage: size: 20Gi + + superuserSecret: + name: pg-cluster-root-password diff --git a/infrastructure/databases/cnpg-clusters/secret.yaml b/infrastructure/databases/cnpg-clusters/secret.yaml new file mode 100644 index 0000000..e6538c5 --- /dev/null +++ b/infrastructure/databases/cnpg-clusters/secret.yaml @@ -0,0 +1,23 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: pg-cluster-secrets + namespace: pg-databases +spec: + refreshInterval: 1h + secretStoreRef: + name: bitwarden + kind: ClusterSecretStore + target: + name: pg-cluster-secrets + creationPolicy: Owner + template: + engineVersion: v2 + mergePolicy: Merge + data: + password: '{{ index . "pg-cluster-root-password" }}' + data: + - secretKey: pg-cluster-root-password + remoteRef: + key: pg-cluster-root-password + property: password