apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
  name: rancher-db
  namespace: cnpg-cluster
spec:
  description: "Rancher external database cluster"
  imageName: ghcr.io/cloudnative-pg/postgresql:17.4
  imagePullPolicy: IfNotPresent

  instances: 1
  primaryUpdateStrategy: unsupervised

  storage:
    storageClass: local-path
    size: 50Gi

  resources:
    requests:
      cpu: 250m
      memory: 512Mi
    limits:
      cpu: 1000m
      memory: 2Gi

  serviceAccountTemplate:
    metadata:
      labels:
        app.kubernetes.io/name: rancher-db

  superuserSecret:
    name: rancher-db-password

  bootstrap:
    recovery:
      source: b2-backup

  externalClusters:
    - name: b2-backup
      barmanObjectStore:
        destinationPath: "s3://HetznerTerra/rancher-backups/"
        endpointURL: "https://s3.us-east-005.backblazeb2.com"
        s3Credentials:
          accessKeyId:
            name: b2-credentials
            key: B2_ACCOUNT_ID
          secretAccessKey:
            name: b2-credentials
            key: B2_APPLICATION_KEY

  monitoring:
    enablePodMonitor: false

  affinity:
    nodeSelector:
      kubernetes.io/hostname: k8s-cluster-cp-1
    tolerations:
      - key: node-role.kubernetes.io/control-plane
        operator: Exists
        effect: NoSchedule

  backup:
    barmanObjectStore:
      destinationPath: "s3://HetznerTerra/rancher-backups/"
      endpointURL: "https://s3.us-east-005.backblazeb2.com"
      s3Credentials:
        accessKeyId:
          name: b2-credentials
          key: B2_ACCOUNT_ID
        secretAccessKey:
          name: b2-credentials
          key: B2_APPLICATION_KEY
      wal:
        compression: gzip
      data:
        compression: gzip