Update Helm release postgres-cluster to v6

clusters/cl01tl/services/talos/templates/external-secret.yaml

@@ -49,3 +49,28 @@ spec:
         key: /cl01tl/talos/etcd-backup
         metadataPolicy: None
         property: AGE_X25519_PUBLIC_KEY
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: talos-etcd-defrag-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: talos-etcd-defrag-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+  annotations:
+    kubernetes.io/service-account.name: talos-defrag-secrets
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: config
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/talos/etcd-defrag
+        metadataPolicy: None
+        property: config

clusters/cl01tl/services/talos/templates/secret.yaml

@@ -9,16 +9,3 @@ metadata:
     app.kubernetes.io/part-of: {{ .Release.Name }}
   annotations:
     kubernetes.io/service-account.name: talos-backup-secrets
-
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: talos-etcd-secrets
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: talos-etcd-secrets
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-  annotations:
-    kubernetes.io/service-account.name: talos-etcd-secrets

clusters/cl01tl/services/talos/templates/service-account.yaml

@@ -10,17 +10,3 @@ metadata:
 spec:
   roles:
     - os:etcd:backup
-
----
-apiVersion: talos.dev/v1alpha1
-kind: ServiceAccount
-metadata:
-  name: talos-etcd-secrets
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: talos-etcd-secrets
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  roles:
-    - os:etcd:backup

clusters/cl01tl/services/talos/values.yaml

@@ -168,27 +168,17 @@ etcd-defrag:
       containers:
         main:
           image:
-            repository: alpine
+            repository: ghcr.io/siderolabs/talosctl
-            tag: 3.22.1
+            tag: v1.10.4
             pullPolicy: IfNotPresent
-          command:
+          args:
-            - sh
+              - etcd
-            - -c
+              - defrag
-            - |
+              - -n 10.232.1.13
-              wget -O /usr/local/bin/talosctl https://github.com/siderolabs/talos/releases/download/v1.10.4/talosctl-linux-amd64
+          env:
-              chmod +x /usr/local/bin/talosctl
+            - name: TALOSCONFIG
-              while true; talosctl -n 10.232.1.11 version; do sleep 1; done
+              value: /tmp/.talos/config
           workingDir: /tmp
-          securityContext:
-            runAsUser: 1000
-            runAsGroup: 1000
-            allowPrivilegeEscalation: false
-            runAsNonRoot: true
-            capabilities:
-              drop:
-                - ALL
-            seccompProfile:
-              type: RuntimeDefault
           resources:
             requests:
               cpu: 100m
@@ -205,10 +195,11 @@ etcd-defrag:
     secret:
       enabled: true
       type: secret
-      name: talos-etcd-secrets
+      name: talos-etcd-defrag-secret
       advancedMounts:
         defrag:
           main:
-            - path: /var/run/secrets/talos.dev
+            - path: /tmp/.talos/config
               readOnly: true
               mountPropagation: None
+              subPath: config