Adding external secret.

kubernetes/apps/database/cloudnative-pg/cluster/cluster.yaml

@@ -33,7 +33,11 @@ spec:
         compression: bzip2
         maxParallel: 8
       destinationPath: s3://valinor-cnpg/
-      endpointURL: https://${SECRET_CLOUDFLARE_ACCOUNT_ID}.r2.cloudflarestorage.com
+      endpointURL:
+        valueFrom:
+          secretKeyRef:
+            name: cnpg-secret
+            key: CLOUDFLARE_R2_ENDPOINT
       serverName: postgres-v3
       s3Credentials:
         accessKeyId:
@@ -45,7 +49,11 @@ spec:
   externalClusters:
     - name: clusterBackup
       barmanObjectStore:
-        destinationPath: https://${SECRET_CLOUDFLARE_ACCOUNT_ID}.r2.cloudflarestorage.com
+        destinationPath:
+          valueFrom:
+            secretKeyRef:
+              name: cnpg-secret
+              key: CLOUDFLARE_R2_ENDPOINT
         s3Credentials:
         accessKeyId:
           name: cloudnative-pg-secret

kubernetes/apps/database/cloudnative-pg/cluster/externalsecret.yaml

@@ -0,0 +1,22 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: cnpg
+  namespace: database
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: cnpg-secret
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      data:
+        CLOUDFLARE_R2_ENDPOINT: "https://{{ .cloudflare_account_id }}.r2.cloudflarestorage.com"
+  data:
+    - secretKey: cloudflare_account_id
+      remoteRef:
+        key: cloudflare
+        property: account_id

kubernetes/apps/database/cloudnative-pg/cluster/kustomization.yaml

@@ -4,6 +4,7 @@ kind: Kustomization
 namespace: fediverse
 resources:
   - ./cluster.yaml
+  - ./externalsecret.yaml
   - ./scheduledbackup.yaml
   - ./prometheusrule.yaml
   # - ./service.yaml