HomeInfra/HetznerTerra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: Replace CNPG external DB with rancher-backup operator
All checks were successful
Deploy Cluster / Terraform (push) Successful in 48s
Details
Deploy Cluster / Ansible (push) Successful in 6m5s
Details

Browse Source 
Rancher 2.x uses embedded etcd, not an external PostgreSQL database.
The CATTLE_DB_CATTLE_* env vars are Rancher v1 only and were ignored.

- Remove all CNPG (CloudNativePG) cluster, operator, and related configs
- Remove external DB env vars from Rancher HelmRelease
- Remove rancher-db-password ExternalSecret
- Add rancher-backup operator HelmRelease (v106.0.2+up8.1.0)
- Add B2 credentials ExternalSecret for backup storage
- Add recurring Backup CR (daily at 03:00, 7 day retention)
- Add commented-out Restore CR for rebuild recovery
- Update Flux dependency graph accordingly
This commit is contained in:
MichaelFisher1997
2026-03-29 21:53:16 +00:00
parent efdf13976a
commit f2c506b350
22 changed files with 66 additions and 245 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
infrastructure/addons/rancher/helmrelease-rancher.yaml
View File

@@ -26,19 +26,6 @@ spec:
tls: external
replicas: 1
extraEnv:
- name: CATTLE_DB_CATTLE_HOST
value: cnpg-cluster-rw.cnpg-cluster.svc
- name: CATTLE_DB_CATTLE_PORT
value: "5432"
- name: CATTLE_DB_CATTLE_DATABASE
value: postgres
- name: CATTLE_DB_CATTLE_USERNAME
value: postgres
- name: CATTLE_DB_CATTLE_PASSWORD
valueFrom:
secretKeyRef:
name: rancher-db-password
key: password
- name: CATTLE_PROMETHEUS_METRICS
value: "true"
resources:

1
infrastructure/addons/rancher/kustomization.yaml
View File

@@ -6,5 +6,4 @@ resources:
- helmrelease-rancher.yaml
- rancher-bootstrap-password-flux-externalsecret.yaml
- rancher-bootstrap-password-externalsecret.yaml
- rancher-db-password-externalsecret.yaml
- rancher-tailscale-service.yaml

21
infrastructure/addons/rancher/rancher-db-password-externalsecret.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: rancher-db-password
namespace: cattle-system
spec:
refreshInterval: 1h
secretStoreRef:
name: doppler-hetznerterra
kind: ClusterSecretStore
target:
name: rancher-db-password
creationPolicy: Owner
template:
type: Opaque
data:
password: "{{ .RANCHER_DB_PASSWORD }}"
data:
- secretKey: RANCHER_DB_PASSWORD
remoteRef:
key: RANCHER_DB_PASSWORD