apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
  name: rancher-db
  namespace: cnpg-cluster
spec:
  description: "Rancher external database cluster"
  imageName: ghcr.io/cloudnative-pg/postgresql:17.4
  imagePullPolicy: IfNotPresent

  instances: 1
  primaryUpdateStrategy: unsupervised

  storage:
    storageClass: local-path
    size: 50Gi
    resizeStorageStorageClassName: local-path

  resources:
    requests:
      cpu: 250m
      memory: 512Mi
    limits:
      cpu: 1000m
      memory: 2Gi

  bootstrap:
    recovery:
      externalClusters:
        - name: b2-backup
          s3Compatible:
            bucket: HetznerTerra
            region: us-east-005
            endpoint: s3.us-east-005.backblazeb2.com
            prefix: rancher-backups/
            credentials:
              name: b2-credentials
              accessKey: B2_ACCOUNT_ID
              secretKey: B2_APPLICATION_KEY

  backup:
    b2:
      bucket: HetznerTerra
      region: us-east-005
      endpoint: s3.us-east-005.backblazeb2.com
      prefix: rancher-backups/
      credentials:
        name: b2-credentials
        accessKey: B2_ACCOUNT_ID
        secretKey: B2_APPLICATION_KEY
    retentionPolicy: keep14

  serviceAccountTemplate:
    metadata:
      labels:
        app.kubernetes.io/name: rancher-db

  superuserSecret:
    name: rancher-db-password

  monitoring:
    enablePodMonitor: true

  affinity:
    nodeSelector:
      kubernetes.io/hostname: k8s-cluster-cp-1
    tolerations:
      - key: node-role.kubernetes.io/control-plane
        operator: Exists
        effect: NoSchedule