HomeInfra/HetznerTerra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6a593fd559bfa339904146d96e3f79ce4d062eee
HetznerTerra/infrastructure/addons/cnpg/rancher-db-password-externalsecret.yaml
MichaelFisher1997 9d601dc77c
Some checks failed
Deploy Cluster / Terraform (push) Successful in 4m16s
Details
Deploy Cluster / Ansible (push) Failing after 12m27s
Details
feat: Add CloudNativePG with B2 backups for persistent Rancher database 
- Add Local Path Provisioner for storage
- Add CloudNativePG operator (v1.27.0) via Flux
- Create PostgreSQL cluster with B2 (Backblaze) auto-backup/restore
- Update Rancher to use external PostgreSQL via CATTLE_DB_CATTLE_* env vars
- Add weekly pg_dump CronJob to B2 (Sundays 2AM)
- Add pre-destroy backup hook to destroy workflow
- Add B2 credentials to Doppler (B2_ACCOUNT_ID, B2_APPLICATION_KEY)
- Generate RANCHER_DB_PASSWORD in Doppler

Backup location: HetznerTerra/rancher-backups/
Retention: 14 backups
2026-03-25 23:06:45 +00:00

21 lines
478 B
YAML
Raw Blame History

apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: rancher-db-password
namespace: cnpg-cluster
spec:
refreshInterval: 1h
secretStoreRef:
name: doppler-hetznerterra
kind: ClusterSecretStore
target:
name: rancher-db-password
creationPolicy: Owner
template:
type: Opaque
data:
password: "{{ .RANCHER_DB_PASSWORD }}"
data:
- secretKey: RANCHER_DB_PASSWORD
remoteRef:
key: RANCHER_DB_PASSWORD
Reference in New Issue View Git Blame Copy Permalink