alexlebens/helm-charts
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Releases 449 Activity

bundle external secret for recovery

Browse Source
This commit is contained in:
Alex Lebens
2025-12-22 21:40:58 -06:00
parent 45ddc3fdf3
commit 27caefbd86
6 changed files with 105 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
charts/postgres-cluster/values.yaml
View File

@@ -4,6 +4,9 @@ nameOverride: ""
# -- Override the namespace of the chart
namespaceOverride: ""
# -- Kubernetes cluster name
kubernetesClusterName: cl01tl
# -- Type of the CNPG database. Available types:
# * `postgresql`
type: postgresql
@@ -259,19 +262,19 @@ recovery:
# -- Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key.
owner: ""
# -- Object store backup name
name: recovery
# -- Desitination bucket
destinationBucket: postgres-backups
# -- Overrides the provider specific default path. Defaults to:
# S3: s3://<bucket><path>
# Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path>
# Google: gs://<bucket><path>
destinationPath: ""
destinationPathOverride: ""
# -- Overrides the provider specific default endpoint. Defaults to:
# S3: https://s3.<region>.amazonaws.com"
# Leave empty if using the default S3 endpoint
endpointURL: "https://nyc3.digitaloceanspaces.com"
endpointURL: "http://garage-main.garage:3900"
# -- Specifies a CA bundle to validate a privately signed certificate.
endpointCA:
@@ -287,9 +290,18 @@ recovery:
# -- Override the name of the backup cluster, defaults to "cluster.name"
clusterName: ""
# -- Use generated External Secrets, credentialPath points at path in cluster store that contains the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
externalSecret:
enabled: true
credentialPath: /garage/home-infra/postgres-backups
# -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
# -- Defaults to <cluster name>-recovery-secret for the existing secret
endpointCredentials: ""
# -- If the S3 endpoint require the ACCESS_REGION variable set in credentials
endpointCredentialsIncludeRegion: true
# -- Storage
wal: