feat(postgres): Add cluster-wide automatic backup for all databases

This patch should provide an automated backup for all postgresql clusters in the cluster. This implementation is less than ideal, due to technical sharing of backups among all namespaces, but for now, it's better than no backup. There will be further work on separating these backups, but it is what it is for now.

feat(postgres): Add cluster-wide automatic backup for all databases
6cf1dce0 · Sheogorath · e5078974 · 6cf1dce0 · 6cf1dce0 · 6cf1dce0
Verified Commit 6cf1dce0 authored 2 years ago by Sheogorath
--- a/clusters/k8s01/postgres/kustomization.yaml
+++ b/clusters/k8s01/postgres/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- release-override.yaml
--- a/clusters/k8s01/postgres/release-override.yaml
+++ b/clusters/k8s01/postgres/release-override.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+    name: postgres-pod-secrets
+    namespace: postgres-system
+stringData:
+    WAL_S3_BUCKET: ENC[AES256_GCM,data:o1NAN2pZZJiLvWDIFB88nqgDCA==,iv:fy7rIGirmSsGBPBq7OQSvTP6xXk8yS581YXlcTRLSJc=,tag:h2s3KINtNYX5EjU4eEmZDg==,type:str]
+    WAL_BUCKET_SCOPE_PREFIX: ""
+    WAL_BUCKET_SCOPE_SUFFIX: ""
+    USE_WALG_BACKUP: ENC[AES256_GCM,data:PyNMfA==,iv:BnrwkRcRpkj531kvY9N7oICW/TR5P6LvMhLnvjFppe4=,tag:CWKkLMMhoadY1O0uT0J0bA==,type:str]
+    USE_WALG_RESTORE: ENC[AES256_GCM,data:VeuAVw==,iv:j/LU6x8KJ6FjO+t+Kt+fT7rLz/n2kZpmfMT05WCeDfI=,tag:3EdagLildyD0084PAYM5Fw==,type:str]
+    BACKUP_SCHEDULE: ENC[AES256_GCM,data:UzMpPBMdALoW9go=,iv:qJA3R9Da3KIhKk1PEH93+44jQOuKVzg1IpujZrTJLFM=,tag:U6hw1YDRM5OvRZEA2tqECQ==,type:str]
+    AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:AOXUF+nyBwOrTgRzuM3oKuGloA==,iv:Lwd8A7jQM/TdTNYgku5mQoe6zmU2Tjvo5TnkR302jnU=,tag:SB3c40iyzq2nhnqEV+0nvg==,type:str]
+    AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:j4XDQPiUyiEEAjjRgCQavAdzVlLsXi3YcIJ/vaPtZD75zqzu0OtD1g==,iv:ktOmQOSSb9yYcQRzrPl7D52N2j+fGUOOnAHHi1H/Tf8=,tag:NHSuLFdnWSxbOcdT+6D54g==,type:str]
+    AWS_S3_FORCE_PATH_STYLE: ENC[AES256_GCM,data:xa9kOA==,iv:Nk9rihseIhCPyIK5kj/bjTcVqBLvv9sLpZim4LjFPA0=,tag:aEFgtjnJ1VhnYod5pKO6Tw==,type:str]
+    AWS_ENDPOINT: ENC[AES256_GCM,data:Vbob6Ya/XeG+dt/hPSJUxMhwCgf1q+F1NKC4KASIDEI=,iv:iXpcbMX6A2kFq5ENSsZfE26nweqFcevgokctTaUh8lo=,tag:QEnoqWU8Z8c/e0ACGQ1ygw==,type:str]
+    AWS_REGION: ENC[AES256_GCM,data:vPgLt82m+iXvvoQ=,iv:7ubMxH1Cs7gAoMI5y8VuE33Xk1mHBq978dEMWp7DGpw=,tag:Y2ReeS9gq7WRzm2Z+jwjwA==,type:str]
+    WALG_DISABLE_S3_SSE: ENC[AES256_GCM,data:8IJzgQ==,iv:Eg3rnD67NkIMBVECg0vIRwCEfaZb/tnTkpQyEtnXyug=,tag:cxb0EXHJ4seXxgB0qTOjLQ==,type:str]
+    BACKUP_NUM_TO_RETAIN: ENC[AES256_GCM,data:hw==,iv:7b9Jr+w0Z4PFzD3RP0I6m71KsMS4t+HWxq1gMhYdobs=,tag:UvZ469j8MMqFom13Ghfmfw==,type:str]
+    CLONE_USE_WALG_RESTORE: ENC[AES256_GCM,data:mB3A5A==,iv:WyLeYBR1VlrFsSdyMSa2vmtQa7FyH+1HpGy2LHaCPSc=,tag:e7gn82aQtsmVmJLbcbJiEA==,type:str]
+    CLONE_AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:dexZESvwalmC8tHvQe0qyJoZBg==,iv:NXv5yGtK2/kzT+FYJ2wGsAJb8AyAJIUJmD0hyfmPYF4=,tag:YL3KIybviHdQ9nmN2g9wbw==,type:str]
+    CLONE_AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:lrkKwuQqo/zxLl/ju2vsj0FDadcK2CJqErAtOKpGIqetzXLKVYVM2A==,iv:qsaGFQFycXrPuqahyOUseuUQgDro22PpCgVH+tCjuYQ=,tag:CRwozvXl798tOz0Ds8kqeQ==,type:str]
+    CLONE_AWS_ENDPOINT: ENC[AES256_GCM,data:rGuVCT/I+hRfbqZKgfZSKJAh0eX04qfNYxB27xN2EIA=,iv:YzNGZwVvsMPrfgJd5UHLzsaPj6l4ds7TOXDIQEreZe4=,tag:FWnT992L2vOvgWjYJdC4kg==,type:str]
+    CLONE_AWS_REGION: ENC[AES256_GCM,data:Zr7YU1sAbuP4TjY=,iv:x7rGSePSxYLMCUZF2xW/h6N4GVXQhsGKY2HjMGgTUwQ=,tag:7Sv8FpKDbFhVIkOJ89Z84w==,type:str]
+    CLONE_METHOD: ENC[AES256_GCM,data:kRs92XaJ4K+wtEt19GTM,iv:y1FHLks5v4o5+aMs+c9v4sVnzCcSNIw/IKJxL8nvzPw=,tag:4Z1zl+aLIgKJQ9WjKsvWDw==,type:str]
+    CLONE_WAL_BUCKET_SCOPE_PREFIX: ""
+    CLONE_WAL_S3_BUCKET: ENC[AES256_GCM,data:DBU+K5HJon9LdP/ACIO5zXH95Q==,iv:+O9ViNU4Wggb+g0WaLzbNiEDQFhebcvXTwUW61qHtT8=,tag:CvkGGc8py6wIaUrJGFUyDA==,type:str]
+    CLONE_AWS_S3_FORCE_PATH_STYLE: ENC[AES256_GCM,data:JFJT1g==,iv:WL0/GJhVI73EP95tYXqSXxszaHK11eMKQicPzLcImwQ=,tag:0YWoYW3aNv/hG1jQ0qiDmw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2023-02-09T00:27:42Z"
+    mac: ENC[AES256_GCM,data:pxzkVfeszdWLHtQoo9noq2FJkgt3hBc/UvAnAoVr1NPFW0nNjEZUNmmiAT+7o6xcivdDeiz9sm9XicgqIrUWOAB7VeKdy1kLQym5B98qapAv4sg3Cm9LVMj4vlTeuk/0PiDqDiABLsmivnoUgrq4NaXub4KgUuGn16K8FWAnbd0=,iv:woypK9DsJcOh1BYtd+ic5Saz7TfXQkHBfn5jS8GqF0M=,tag:3QjT8UUE3rVAtZN+a6A7eQ==,type:str]
+    pgp:
+        - created_at: "2023-02-09T00:27:41Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+            wcFMA7kpg2bgzVHcAQ/+OSnICTyuWPM5cuutkJjMUSXjGhsSjc/ty2BEOTb5DjfZ
+            EFKrIQCKGFvxOUEKTwxSUqhN0oCrMMXWnqwMjOONoAjLloezs2E5wy8E0j/v+j6g
+            kAWIfYsoHKmqoeldLspG7bnnr42bY9n+BvLNSBsoGRo9gNOiQqFT2mv8S8Lg49Is
+            omb1/TLSRUq90U5Zwoc9tHbZnP4+85nvzwi092zfDLD5VK4SgbK8qIaiQUeuELto
+            2z/OKSAB77AAxOzh7U5YjtjyJBiBxQ7w3tnjXR08D3NUHu3THu+jevjTPRsxgqWl
+            cTlkdnl9iw8eQDS8yycjfcuQoY5oxK8KqQRMYurSEra2h0f7ccRPaCndbEKkUEWL
+            4I0EsVEeAgQOm9iTNrEpIyVcoio2HrUFqqtipeKnei5hVdGvKcjc/q3Jz2DAgxrB
+            48RzGXGXCPc9xpbatw7o9qFsu64n/6Un+/A3lvxeZp3d+wUY/WiYZyBVZ6bC7J/P
+            Wjm7IaVhGlhzYbep27LGJxIFmbMKuWx5cPMIi+4lteoWgEeVOQy6hHQIEtWWy9VY
+            R44blwSyANtTml8PRBGByjZBfrFKf6bbt6Xri/Gu0qJM/O1G8ZPtcDaIzcvbWqGg
+            Tz5D6dq/1AIiCx9Yatwd7ty2ZJdUhaFYSIn2NAFNqGXxGzvCywujdPvejbl8cQjS
+            UQEZL4BqHYUw20c0GnLtEiHVXxO2f1oPJVcooz76kMtXnfEpVCrzrhwYLdx9vTnd
+            6rb12yU6x5q4kjMfm+m4wdjxdRHznM48rUC1E0vbO7Hc/Q==
+            =IfCm
+            -----END PGP MESSAGE-----
+          fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+        - created_at: "2023-02-09T00:27:41Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+            hQIMA4oYbIHZIrAPARAAlX+ciacOvXP5l2XVeXjKO1hWKnr7YLETntVdqRFf28SE
+            0P7uHujIeWbubJYimjJ5MOGA6CCE6q5KUmuCs1zFJv5Ot7pnx3z5uo3a0tq56QFU
+            Mn90r4QywVzYYRdiLqbSFhXWB9NRKdvER3NKaRmTNGubecd+rioVrkUF80UQ04o8
+            oXqv2zbT2lx/VcwNsQBJn4vI56kKR1OdKrTH6rZ4y87/MzR24JBn+y6ou6ZmslsT
+            c7jliyfCJcJvlIuwAgaY0gk7OF69l5+uDuE9mh3CkR9f7dEeA0GfGF/ULV7Y5PcO
+            90NrgAYDiNYPHQRYXu/v5VYEjz7vcSYL1Y6CvqEJlJNKmzxevKk6T3GCqmOI1lKU
+            Eql+R2LW9lif0yKYedhD2xyjD55nWeOAnXk9OVRruL+ocdDk8IOsL9PbwDIi/RKD
+            f7B1C9+34qPlMjTvxuOg8o9PnNHmFgzAXX4JQqnHcvH+mxDK+DmeQgFy5EzoSD62
+            fR8SaeZL+08r3i4WqupuwrybD4woTVw+8fCzXgXOECstFyQFmXUiIHkeXemIrEcF
+            rd9jfyfvuKvcZp10DghpUzwXV5SP6q5h2K39iC+dZjPmhfZX9w2TfyYeej3mqICj
+            TD5ZOkq0XCOqTLHWTW+ONTkmpSMW2/bdr+k4vjjLHqcEpRBuNQX1xGFRR+Zl//XU
+            aAEJAhDOPr+VRM+7QxAcfbOyG6qF6uX61emfvsmCeI/Frp8ZIN29/EuX3TZQ6ukj
+            HHO9t5XAoIquJQK6I35ffozOp1acmyYMbXZK0xmzjLPJagutcRtDP37k+5DWebhP
+            DfwF09j4hAyb
+            =mlgh
+            -----END PGP MESSAGE-----
+          fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+    encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|.*(H|h)osts?|tang|externalURL|.*-secret|.*-url|.*Secrets?|.*-domain|password|subjects|node|apiURL|.*(S|s)erverNames?|.*SecretKey|externalName)$
+    version: 3.7.3
+---
+apiVersion: v1
+kind: Secret
+metadata:
+    name: postgres-override-values
+    namespace: postgres-system
+type: Opaque
+stringData:
+    values-overrides.yaml: ENC[AES256_GCM,data:5ykJ1trxTuzKaVFEm/VbRibMdw/GhokGcFwgTlaqOR1zcg4hOnKQMA6cYBBgPGRhw7ub3aS2MgHBS7w+LyS6cw==,iv:2DXF4wm0A99Vry0xkeIfhE904+Zo6h+RgHkHP3QxS3s=,tag:ei5fl8tTr19WEstaalK3CQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2023-02-09T00:27:42Z"
+    mac: ENC[AES256_GCM,data:pxzkVfeszdWLHtQoo9noq2FJkgt3hBc/UvAnAoVr1NPFW0nNjEZUNmmiAT+7o6xcivdDeiz9sm9XicgqIrUWOAB7VeKdy1kLQym5B98qapAv4sg3Cm9LVMj4vlTeuk/0PiDqDiABLsmivnoUgrq4NaXub4KgUuGn16K8FWAnbd0=,iv:woypK9DsJcOh1BYtd+ic5Saz7TfXQkHBfn5jS8GqF0M=,tag:3QjT8UUE3rVAtZN+a6A7eQ==,type:str]
+    pgp:
+        - created_at: "2023-02-09T00:27:41Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+            wcFMA7kpg2bgzVHcAQ/+OSnICTyuWPM5cuutkJjMUSXjGhsSjc/ty2BEOTb5DjfZ
+            EFKrIQCKGFvxOUEKTwxSUqhN0oCrMMXWnqwMjOONoAjLloezs2E5wy8E0j/v+j6g
+            kAWIfYsoHKmqoeldLspG7bnnr42bY9n+BvLNSBsoGRo9gNOiQqFT2mv8S8Lg49Is
+            omb1/TLSRUq90U5Zwoc9tHbZnP4+85nvzwi092zfDLD5VK4SgbK8qIaiQUeuELto
+            2z/OKSAB77AAxOzh7U5YjtjyJBiBxQ7w3tnjXR08D3NUHu3THu+jevjTPRsxgqWl
+            cTlkdnl9iw8eQDS8yycjfcuQoY5oxK8KqQRMYurSEra2h0f7ccRPaCndbEKkUEWL
+            4I0EsVEeAgQOm9iTNrEpIyVcoio2HrUFqqtipeKnei5hVdGvKcjc/q3Jz2DAgxrB
+            48RzGXGXCPc9xpbatw7o9qFsu64n/6Un+/A3lvxeZp3d+wUY/WiYZyBVZ6bC7J/P
+            Wjm7IaVhGlhzYbep27LGJxIFmbMKuWx5cPMIi+4lteoWgEeVOQy6hHQIEtWWy9VY
+            R44blwSyANtTml8PRBGByjZBfrFKf6bbt6Xri/Gu0qJM/O1G8ZPtcDaIzcvbWqGg
+            Tz5D6dq/1AIiCx9Yatwd7ty2ZJdUhaFYSIn2NAFNqGXxGzvCywujdPvejbl8cQjS
+            UQEZL4BqHYUw20c0GnLtEiHVXxO2f1oPJVcooz76kMtXnfEpVCrzrhwYLdx9vTnd
+            6rb12yU6x5q4kjMfm+m4wdjxdRHznM48rUC1E0vbO7Hc/Q==
+            =IfCm
+            -----END PGP MESSAGE-----
+          fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+        - created_at: "2023-02-09T00:27:41Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+            hQIMA4oYbIHZIrAPARAAlX+ciacOvXP5l2XVeXjKO1hWKnr7YLETntVdqRFf28SE
+            0P7uHujIeWbubJYimjJ5MOGA6CCE6q5KUmuCs1zFJv5Ot7pnx3z5uo3a0tq56QFU
+            Mn90r4QywVzYYRdiLqbSFhXWB9NRKdvER3NKaRmTNGubecd+rioVrkUF80UQ04o8
+            oXqv2zbT2lx/VcwNsQBJn4vI56kKR1OdKrTH6rZ4y87/MzR24JBn+y6ou6ZmslsT
+            c7jliyfCJcJvlIuwAgaY0gk7OF69l5+uDuE9mh3CkR9f7dEeA0GfGF/ULV7Y5PcO
+            90NrgAYDiNYPHQRYXu/v5VYEjz7vcSYL1Y6CvqEJlJNKmzxevKk6T3GCqmOI1lKU
+            Eql+R2LW9lif0yKYedhD2xyjD55nWeOAnXk9OVRruL+ocdDk8IOsL9PbwDIi/RKD
+            f7B1C9+34qPlMjTvxuOg8o9PnNHmFgzAXX4JQqnHcvH+mxDK+DmeQgFy5EzoSD62
+            fR8SaeZL+08r3i4WqupuwrybD4woTVw+8fCzXgXOECstFyQFmXUiIHkeXemIrEcF
+            rd9jfyfvuKvcZp10DghpUzwXV5SP6q5h2K39iC+dZjPmhfZX9w2TfyYeej3mqICj
+            TD5ZOkq0XCOqTLHWTW+ONTkmpSMW2/bdr+k4vjjLHqcEpRBuNQX1xGFRR+Zl//XU
+            aAEJAhDOPr+VRM+7QxAcfbOyG6qF6uX61emfvsmCeI/Frp8ZIN29/EuX3TZQ6ukj
+            HHO9t5XAoIquJQK6I35ffozOp1acmyYMbXZK0xmzjLPJagutcRtDP37k+5DWebhP
+            DfwF09j4hAyb
+            =mlgh
+            -----END PGP MESSAGE-----
+          fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+    encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|.*(H|h)osts?|tang|externalURL|.*-secret|.*-url|.*Secrets?|.*-domain|password|subjects|node|apiURL|.*(S|s)erverNames?|.*SecretKey|externalName)$
+    version: 3.7.3
--- a/infrastructure/postgres/release.yaml
+++ b/infrastructure/postgres/release.yaml
@@ -12,15 +12,28 @@ spec:
        kind: HelmRepository
        name: zalando-postgres-operator
        namespace: postgres-system
-      valuesFiles:
-        - values.yaml
      version: 1.9.0
  interval: 5m
  install:
    crds: CreateReplace
  upgrade:
    crds: CreateReplace
-  values:
+  valuesFrom:
+  - kind: ConfigMap
+    name: postgres-base-values
+    valuesKey: values.yaml
+  - kind: Secret
+    name: postgres-override-values
+    valuesKey: values-overrides.yaml
+    optional: true
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: postgres-base-values
+  namespace: postgres-system
+data:
+  values.yaml: |
    rbac:
      createAggregateClusterRoles: true
    configPostgresPodResources: