generated from coulomb/repo-seed
feat(sso-mfa): T03 PostgreSQL manifests (NK-WP-0001-T03)
CloudNativePG Cluster CR (net-kingdom-pg, PostgreSQL 16) with two application databases: keycloak_db (owner: keycloak) and privacyidea_db (owner: privacyidea). Passwords managed continuously via managed.roles. WAL archiving section stubbed and commented; activate when object storage is available. ScheduledBackup CR included (daily 02:00 UTC, 7d retention). Also: sync workplan status for T01 (Phase 0a done), T02 (manifests done), T03 (manifests done, restore drill pending); close NK-WP-0002. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
26
sso-mfa/k8s/postgresql/scheduled-backup.yaml
Normal file
26
sso-mfa/k8s/postgresql/scheduled-backup.yaml
Normal file
@@ -0,0 +1,26 @@
|
||||
# CloudNativePG ScheduledBackup — net-kingdom-pg
|
||||
#
|
||||
# PREREQUISITE: WAL archiving must be enabled in cluster.yaml (backup.barmanObjectStore
|
||||
# section) before this ScheduledBackup will succeed. Uncomment cluster.yaml backup
|
||||
# block first, apply it, confirm WAL archiving is healthy, then apply this file.
|
||||
#
|
||||
# Schedule: daily at 02:00 UTC, keeping 7 daily backups.
|
||||
# Adjust schedule and retentionPolicy to match your RPO/RTO requirements.
|
||||
#
|
||||
# See T03 restore drill procedure in README.md before marking T03 done.
|
||||
apiVersion: postgresql.cnpg.io/v1
|
||||
kind: ScheduledBackup
|
||||
metadata:
|
||||
name: net-kingdom-pg-daily
|
||||
namespace: databases
|
||||
labels:
|
||||
app.kubernetes.io/part-of: net-kingdom-sso-mfa
|
||||
net-kingdom/component: databases
|
||||
spec:
|
||||
# Daily at 02:00 UTC
|
||||
schedule: "0 0 2 * * *" # CloudNativePG uses Go cron format: seconds minutes hours dom month dow
|
||||
backupOwnerReference: self
|
||||
cluster:
|
||||
name: net-kingdom-pg
|
||||
# Immediate: if the schedule is missed (e.g. pod restart), take a backup immediately
|
||||
immediate: true
|
||||
Reference in New Issue
Block a user