postgres: configure backups

2025-05-22 10:27:27 -04:00
parent 616895c0d1
commit 351a733338
3 changed files with 46 additions and 0 deletions
--- a/postgres/config/cluster.yaml
+++ b/postgres/config/cluster.yaml
@@ -11,6 +11,18 @@ spec:
    size: 20Gi
    storageClass: rook-ceph-block

+  backup:
+    barmanObjectStore:
+      destinationPath: "s3://weyma-talos-shared-pgsql-backup/"
+      endpointURL: http://10.105.15.20:9000
+      s3Credentials:
+        accessKeyId:
+          key: s3AccessKey
+          name: s3-backup-creds
+        secretAccessKey:
+          key: s3SecretKey
+          name: s3-backup-creds
+
  inheritedMetadata:
    labels:
      metrics_enabled: "true"
--- a/postgres/config/s3-backup-auth.yaml
+++ b/postgres/config/s3-backup-auth.yaml
@@ -0,0 +1,25 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: s3-backup-creds
+spec:
+  data:
+  - remoteRef:
+      conversionStrategy: Default
+      decodingStrategy: None
+      key: cloudnativepg
+      metadataPolicy: None
+      property: s3_backup_key
+    secretKey: s3SecretKey
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: weyma-vault
+  target:
+    template:
+      data:
+        s3AccessKey: fmRuq5b96EKqQOGR1prs
+        s3SecretKey: "{{ .s3SecretKey }}"
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: s3-backup-creds
--- a/postgres/config/scheduled_backup.yaml
+++ b/postgres/config/scheduled_backup.yaml
@@ -0,0 +1,9 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: ScheduledBackup
+metadata:
+  name: postgres-nightly
+spec:
+  schedule: "0 4 * * *"
+  backupOwnerReference: self
+  cluster:
+    name: weyma-pgsql