backups for cnpg cluster

infrastructure/databases/cnpg-clusters/backup-secret.yaml

@@ -0,0 +1,27 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: backup-creds
+  namespace: pg-databases
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: bitwarden
+    kind: ClusterSecretStore
+  target:
+    name: backup-creds
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      mergePolicy: Merge
+      data:
+        ACCESS_KEY_ID: '{{ .accessKeyId }}'
+        ACCESS_SECRET_KEY: '{{ .accessSecretKey }}'
+  data:
+    - secretKey: accessKeyId
+      remoteRef:
+        key: contabo-client-id
+
+    - secretKey: accessSecretKey
+      remoteRef:
+        key: contabo-client-secret

infrastructure/databases/cnpg-clusters/kustomization.yaml

@@ -4,3 +4,4 @@ resources:
 - pg-cluster.yaml
 - namespace.yaml
 - secret.yaml
+- backup-secret.yaml

infrastructure/databases/cnpg-clusters/pg-cluster.yaml

@@ -13,3 +13,24 @@ spec:
 
   superuserSecret:
     name: pg-cluster-root-password
+
+  backup:
+    barmanObjectStore:
+      destinationPath: s3://databases/pg-cluster/
+      endpointURL: https://eu2.contabostorage.com
+      s3Credentials:
+        accessKeyId:
+          name: backup-creds
+          key: ACCESS_KEY_ID
+        secretAccessKey:
+          name: backup-creds
+          key: ACCESS_SECRET_KEY
+      wal:
+        compression: gzip
+        encryption: AES256
+      data:
+        compression: gzip
+        encryption: AES256
+        immediateCheckpoint: false
+        jobs: 2
+    retentionPolicy: "30d"