pieced/pieced-threema-gateway-public
Public Access
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
342f5728f4ffb7f54c1404a1ce15853b63151520
pieced-threema-gateway-public/deploy/helm/pieced-threema-gateway/templates/database-backup.yaml

60 lines
2.3 KiB
YAML
Raw Blame History

{{- if and .Values.postgres.enabled .Values.postgres.backup.enabled }}
# =============================================================================
# S3 credentials for the CNPG Cluster's barmanObjectStore.
#
# Projects the in-cluster MinIO root credentials out of OpenBao
# (.Values.postgres.backup.s3.credentialsPath) into a Secret in this
# namespace. Referenced by spec.backup.barmanObjectStore.s3Credentials
# on the Cluster CR (see templates/database.yaml).
#
# Same shape and convention as the chart's other ExternalSecrets
# (templates/externalsecret.yaml) — KV v2 path without /data/ segment.
# =============================================================================
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: cnpg-s3-credentials
namespace: {{ .Values.namespace }}
spec:
refreshInterval: 1h
secretStoreRef:
name: openbao-backend
kind: ClusterSecretStore
target:
name: cnpg-s3-credentials
creationPolicy: Owner
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
key: {{ .Values.postgres.backup.s3.credentialsPath }}
property: {{ .Values.postgres.backup.s3.accessKeyProperty }}
- secretKey: ACCESS_SECRET_KEY
remoteRef:
key: {{ .Values.postgres.backup.s3.credentialsPath }}
property: {{ .Values.postgres.backup.s3.secretKeyProperty }}
---
# =============================================================================
# Daily backup of the pieced-threema-gateway-db CNPG cluster.
#
# IMPORTANT — cron format:
# CNPG ScheduledBackup uses a SIX-field Go-style cron expression
# (sec min hour dom mon dow), NOT the 5-field Unix crontab format. The
# CNPG controller silently accepts 5-field expressions but reinterprets
# them — see https://github.com/cloudnative-pg/cloudnative-pg/issues/5380
# Default schedule (.Values.postgres.backup.schedule.cron) is set
# accordingly.
# =============================================================================
apiVersion: postgresql.cnpg.io/v1
kind: ScheduledBackup
metadata:
name: pieced-threema-gateway-db-daily
namespace: {{ .Values.namespace }}
spec:
schedule: {{ .Values.postgres.backup.schedule.cron | quote }}
backupOwnerReference: self
cluster:
name: pieced-threema-gateway-db
method: barmanObjectStore
immediate: {{ .Values.postgres.backup.schedule.immediate }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink