apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
  name: rancher-db
  namespace: cnpg-cluster
spec:
  description: "Rancher external database cluster"
  imageName: ghcr.io/cloudnative-pg/postgresql:17.4
  imagePullPolicy: IfNotPresent

  instances: 1
  primaryUpdateStrategy: unsupervised

  storage:
    storageClass: local-path
    size: 50Gi

  resources:
    requests:
      cpu: 250m
      memory: 512Mi
    limits:
      cpu: 1000m
      memory: 2Gi

  bootstrap:
    recovery:
      source: b2-backup

  externalClusters:
    - name: b2-backup
      barmanObjectStore:
        bucketName: HetznerTerra
        region: us-east-005
        endpoint: https://s3.us-east-005.backblazeb2.com
        s3Compatible:
          enabled: true
        credentials:
          accessKeyIdSecret:
            name: b2-credentials
            key: B2_ACCOUNT_ID
          secretAccessKeySecret:
            name: b2-credentials
            key: B2_APPLICATION_KEY
        backupPath: rancher-backups/

  backup:
    barmanObjectStore:
      bucketName: HetznerTerra
      region: us-east-005
      endpoint: https://s3.us-east-005.backblazeb2.com
      s3Compatible:
        enabled: true
      credentials:
        accessKeyIdSecret:
          name: b2-credentials
          key: B2_ACCOUNT_ID
        secretAccessKeySecret:
          name: b2-credentials
          key: B2_APPLICATION_KEY
      backupPath: rancher-backups/
      walPath: rancher-backups/wals
    retentionPolicy: keep14

  serviceAccountTemplate:
    metadata:
      labels:
        app.kubernetes.io/name: rancher-db

  superuserSecret:
    name: rancher-db-password

  monitoring:
    enablePodMonitor: true

  affinity:
    nodeSelector:
      kubernetes.io/hostname: k8s-cluster-cp-1
    tolerations:
      - key: node-role.kubernetes.io/control-plane
        operator: Exists
        effect: NoSchedule