work getting pg cluster root pass in place

2026-04-27 10:13:26 +12:00 · 2026-04-27 10:13:26 +12:00 · 4ff30eff67
parent d049799ae3
commit 4ff30eff67
3 changed files with 27 additions and 0 deletions
--- a/infrastructure/databases/cnpg-clusters/kustomization.yaml
+++ b/infrastructure/databases/cnpg-clusters/kustomization.yaml
@ -3,3 +3,4 @@ kind: Kustomization
 resources:
 - pg-cluster.yaml
 - namespace.yaml
+- secret.yaml
--- a/infrastructure/databases/cnpg-clusters/pg-cluster.yaml
+++ b/infrastructure/databases/cnpg-clusters/pg-cluster.yaml
@ -8,3 +8,6 @@ spec:

  storage:
    size: 20Gi
+
+  superuserSecret:
+    name: pg-cluster-root-password
--- a/infrastructure/databases/cnpg-clusters/secret.yaml
+++ b/infrastructure/databases/cnpg-clusters/secret.yaml
@ -0,0 +1,23 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: pg-cluster-secrets
+  namespace: pg-databases
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: bitwarden
+    kind: ClusterSecretStore
+  target:
+    name: pg-cluster-secrets
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      mergePolicy: Merge
+      data:
+        password: '{{ index . "pg-cluster-root-password" }}'
+  data:
+    - secretKey: pg-cluster-root-password
+      remoteRef:
+        key: pg-cluster-root-password
+        property: password