diff --git a/infrastructure/databases/cnpg-clusters/backup-secret.yaml b/infrastructure/databases/cnpg-clusters/backup-secret.yaml new file mode 100644 index 0000000..f106232 --- /dev/null +++ b/infrastructure/databases/cnpg-clusters/backup-secret.yaml @@ -0,0 +1,27 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: backup-creds + namespace: pg-databases +spec: + refreshInterval: 1h + secretStoreRef: + name: bitwarden + kind: ClusterSecretStore + target: + name: backup-creds + creationPolicy: Owner + template: + engineVersion: v2 + mergePolicy: Merge + data: + ACCESS_KEY_ID: '{{ .accessKeyId }}' + ACCESS_SECRET_KEY: '{{ .accessSecretKey }}' + data: + - secretKey: accessKeyId + remoteRef: + key: contabo-client-id + + - secretKey: accessSecretKey + remoteRef: + key: contabo-client-secret \ No newline at end of file diff --git a/infrastructure/databases/cnpg-clusters/kustomization.yaml b/infrastructure/databases/cnpg-clusters/kustomization.yaml index 09e46fe..e710269 100644 --- a/infrastructure/databases/cnpg-clusters/kustomization.yaml +++ b/infrastructure/databases/cnpg-clusters/kustomization.yaml @@ -4,3 +4,4 @@ resources: - pg-cluster.yaml - namespace.yaml - secret.yaml +- backup-secret.yaml diff --git a/infrastructure/databases/cnpg-clusters/pg-cluster.yaml b/infrastructure/databases/cnpg-clusters/pg-cluster.yaml index 40055ab..f23d0a2 100644 --- a/infrastructure/databases/cnpg-clusters/pg-cluster.yaml +++ b/infrastructure/databases/cnpg-clusters/pg-cluster.yaml @@ -13,3 +13,24 @@ spec: superuserSecret: name: pg-cluster-root-password + + backup: + barmanObjectStore: + destinationPath: s3://databases/pg-cluster/ + endpointURL: https://eu2.contabostorage.com + s3Credentials: + accessKeyId: + name: backup-creds + key: ACCESS_KEY_ID + secretAccessKey: + name: backup-creds + key: ACCESS_SECRET_KEY + wal: + compression: gzip + encryption: AES256 + data: + compression: gzip + encryption: AES256 + immediateCheckpoint: false + jobs: 2 + retentionPolicy: "30d"