chore(oncall): use CNPG instead of RDS

Smana · Nov 24, 2024 · 19fdea7 · 19fdea7
1 parent 6cbe537
commit 19fdea7
Show file tree

Hide file tree

Showing 6 changed files with 20 additions and 28 deletions.
diff --git a/.../externalsecret-sqlinstance-password.yaml → ...na-oncall/externalsecret-cnpg-oncall.yaml b/.../externalsecret-sqlinstance-password.yaml → ...na-oncall/externalsecret-cnpg-oncall.yaml
@@ -1,17 +1,17 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
-  name: oncall-sqlinstance-password
+  name: xplane-oncall-cnpg-oncall
 spec:
   dataFrom:
     - extract:
         conversionStrategy: Default
-        key: observability/grafana/oncall-sqlinstance
+        key: cnpg/xplane-oncall/oncall
   refreshInterval: 20m
   secretStoreRef:
     kind: ClusterSecretStore
     name: clustersecretstore
   target:
     creationPolicy: Owner
     deletionPolicy: Retain
-    name: oncall-pg-masterpassword
+    name: xplane-oncall-cnpg-oncall
diff --git a/observability/base/grafana-oncall/helmrelease-oncall.yaml b/observability/base/grafana-oncall/helmrelease-oncall.yaml
@@ -14,7 +14,7 @@ spec:
         kind: HelmRepository
         name: grafana
         namespace: observability
-      version: "1.11.5"
+      version: "1.13.3"
   interval: 5m0s
   timeout: 15m
   install:
@@ -66,14 +66,12 @@ spec:
       enabled: false
 
     externalPostgresql:
-      host: xplane-oncall-rds-service
+      host: xplane-oncall-cnpg-cluster-rw
       port: 5432
       db_name: "oncall"
       user: "oncall"
-      existingSecret: "xplane-oncall-owner-oncall"
+      existingSecret: "xplane-oncall-cnpg-oncall"
       passwordKey: "password"
-      options: >-
-        sslmode=require
 
     rabbitmq:
       enabled: false

diff --git a/observability/base/grafana-oncall/helmrelease-rabbitmq.yaml b/observability/base/grafana-oncall/helmrelease-rabbitmq.yaml
@@ -14,7 +14,7 @@ spec:
         kind: HelmRepository
         name: bitnami
         namespace: flux-system
-      version: "15.0.3"
+      version: "15.0.6"
   interval: 5m0s
   timeout: 15m
   install:

diff --git a/observability/base/grafana-oncall/kustomization.yaml b/observability/base/grafana-oncall/kustomization.yaml
@@ -4,9 +4,9 @@ namespace: observability
 
 resources:
   - externalsecret-admin.yaml
+  - externalsecret-cnpg-oncall.yaml
   - externalsecret-rabbitmq.yaml
   - externalsecret-slackapp.yaml
-  - externalsecret-sqlinstance-password.yaml
   - externalsecret-valkey.yaml
   - helmrelease-oncall.yaml
   - helmrelease-rabbitmq.yaml

diff --git a/observability/base/grafana-oncall/sqlinstance.yaml b/observability/base/grafana-oncall/sqlinstance.yaml
@@ -2,21 +2,15 @@ apiVersion: cloud.ogenki.io/v1alpha1
 kind: SQLInstance
 metadata:
   name: xplane-oncall
-  namespace: tooling
+  namespace: "observability"
 spec:
-  parameters:
-    engine: postgres
-    engineVersion: "16"
-    size: small
-    storageGB: 20
-    databases:
-      - owner: oncall
-        name: oncall
-    passwordSecretRef:
-      namespace: tooling
-      name: oncall-pg-masterpassword
-      key: password
-  compositionRef:
-    name: xsqlinstances.cloud.ogenki.io
-  writeConnectionSecretToRef:
-    name: xplane-oncall-rds
+  size: "small"
+  storageGB: 20
+  databases:
+    - owner: "oncall"
+      name: "oncall"
+  cnpg:
+    instances: 1
+    backup:
+      schedule: "0 0 * * *"
+      bucketName: "oncall-rds-instance-backups"
diff --git a/security/base/cert-manager/openbao-clusterissuer.yaml b/security/base/cert-manager/openbao-clusterissuer.yaml
@@ -11,7 +11,7 @@ spec:
     auth:
       appRole:
         path: approle
-        roleId: f52c783d-0259-86a4-c80d-2380a9cc443f # !! This value changes each time I recreate the whole platform
+        roleId: 4b20b17b-705d-80d9-18b0-7cb8a1a0b560 # !! This value changes each time I recreate the whole platform
         secretRef:
           name: cert-manager-openbao-approle
           key: secret_id