MichaelFisher1997
9d601dc77c
- Add Local Path Provisioner for storage - Add CloudNativePG operator (v1.27.0) via Flux - Create PostgreSQL cluster with B2 (Backblaze) auto-backup/restore - Update Rancher to use external PostgreSQL via CATTLE_DB_CATTLE_* env vars - Add weekly pg_dump CronJob to B2 (Sundays 2AM) - Add pre-destroy backup hook to destroy workflow - Add B2 credentials to Doppler (B2_ACCOUNT_ID, B2_APPLICATION_KEY) - Generate RANCHER_DB_PASSWORD in Doppler Backup location: HetznerTerra/rancher-backups/ Retention: 14 backups
70 lines
1.6 KiB
YAML
70 lines
1.6 KiB
YAML
apiVersion: postgresql.cnpg.io/v1
|
|
kind: Cluster
|
|
metadata:
|
|
name: rancher-db
|
|
namespace: cnpg-cluster
|
|
spec:
|
|
description: "Rancher external database cluster"
|
|
imageName: ghcr.io/cloudnative-pg/postgresql:17.4
|
|
imagePullPolicy: IfNotPresent
|
|
|
|
instances: 1
|
|
primaryUpdateStrategy: unsupervised
|
|
|
|
storage:
|
|
storageClass: local-path
|
|
size: 50Gi
|
|
resizeStorageStorageClassName: local-path
|
|
|
|
resources:
|
|
requests:
|
|
cpu: 250m
|
|
memory: 512Mi
|
|
limits:
|
|
cpu: 1000m
|
|
memory: 2Gi
|
|
|
|
bootstrap:
|
|
recovery:
|
|
externalClusters:
|
|
- name: b2-backup
|
|
s3Compatible:
|
|
bucket: HetznerTerra
|
|
region: us-east-005
|
|
endpoint: s3.us-east-005.backblazeb2.com
|
|
prefix: rancher-backups/
|
|
credentials:
|
|
name: b2-credentials
|
|
accessKey: B2_ACCOUNT_ID
|
|
secretKey: B2_APPLICATION_KEY
|
|
|
|
backup:
|
|
b2:
|
|
bucket: HetznerTerra
|
|
region: us-east-005
|
|
endpoint: s3.us-east-005.backblazeb2.com
|
|
prefix: rancher-backups/
|
|
credentials:
|
|
name: b2-credentials
|
|
accessKey: B2_ACCOUNT_ID
|
|
secretKey: B2_APPLICATION_KEY
|
|
retentionPolicy: keep14
|
|
|
|
serviceAccountTemplate:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: rancher-db
|
|
|
|
superuserSecret:
|
|
name: rancher-db-password
|
|
|
|
monitoring:
|
|
enablePodMonitor: true
|
|
|
|
affinity:
|
|
nodeSelector:
|
|
kubernetes.io/hostname: k8s-cluster-cp-1
|
|
tolerations:
|
|
- key: node-role.kubernetes.io/control-plane
|
|
operator: Exists
|
|
effect: NoSchedule |