This repository has been archived on 2026-05-24. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
app/apps/groombook/overlays/uat/postgres-sealed-secret.yaml
T
Paperclip 0eda43e930 fix(GRO-451): re-seal UAT secrets with correct cluster certificate
UAT is down (503) because sealed secrets were encrypted with the wrong
key. This commit:

- Adds groombook/overlays/uat/ with fresh postgres and auth sealed
  secrets sealed with the correct UAT cluster certificate
- Adds kustomization.yaml that:
  - Uses correct image tags (2026.04.03-90be1be)
  - Injects all auth env vars from groombook-auth-uat
  - Points to groombook-postgres-credentials-uat
  - Uses UAT hostname (groombook.uat.farh.net)
  - Deletes the base component's postgres-credentials SealedSecret
    (namespace-scoped, not namespace-wide, causes noise in UAT)

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-04 12:27:23 +00:00

34 lines
3.5 KiB
YAML

# =============================================================================
# GroomBook Postgres Credentials — SealedSecret (groombook-uat namespace)
# =============================================================================
# Fresh credentials generated 2026-04-04. Encrypted with UAT cluster sealing
# certificate via kubeseal --scope namespace-wide.
# CloudNativePG reads this secret at bootstrap time (postgres-cluster.yaml
# bootstrap.initdb.secret).
# =============================================================================
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
annotations:
sealedsecrets.bitnami.com/namespace-wide: "true"
name: groombook-postgres-credentials-uat
namespace: groombook-uat
labels:
app.kubernetes.io/name: postgres
app.kubernetes.io/part-of: groombook
spec:
encryptedData:
# yamllint disable rule:line-length
password: AgB6lhWPCCCKvlxbQyupxhidg2rgPv1McRm3c2VPVhpyw9S0vdGL2VJhlhyr01ya2tOFJZOqhgYPi2Q0kTmd8bfMy83ygCBcvk0D1XfMXazVq1VOJmu7zBMWyRLjjDHQfV0ASKqk07wRP6TiY37BQwKtdHj+e0oHoh9D08oo3SuZXs+DkjuoP8tgU2MAMLj3PxXp5nDrOY/BYh9MEsUVC37PduGZXsTKCD/7uOHZRMj3NrheSc9ZyVSGLGsfW6dHeULFblW93NSQM03G9I/G8NhoGrZy3SaLfajZrm1TB7X+4qI4yCYTk0QqBxIBpEfR29TdSaYX1NNbgKgI1ebRVTQBQ9Kq1fYXL9saFVwcMmHT8zKjPSFYXDAJvRMqSOPCgntp/w8nnhVoFNaQLkwRI/unSFLgZ3yu+9eV6bixN3gUIrLvzJNjF5uV6mAyFJ8phLEFJJ50la+tdKu8QEMT00//PFqidNNe43inxKTSNtFUcfeC6dKKDzHkj99DMTVHbMSUe0TzwX/aDw8YsxN147Q8vuANm5PuaX8DZFkMcL92tppulZwdclER9+tLfcRWFfd52WX+u5Me0WbF9qAVcS1CJI7CMjKvNS5uYm7ZIKwmHHTHROZAHL4RsFZeUoE4Asuep4b+EjU9V/LDYYJdo9kW+RkKUVdtrurY6SL/NhtqyzHLtbvSWFBRsLT+UADpoFXa3z38tJLQD+kFbA/8ifHRKcEfzF3SflodLiAlNjRTMfLjWCU5a/bipR3U
uri: AgBM/6mX5eUTTok8dYECF7zR3aKuPHcloWMAfSVESnyNdZnEO1TgPCpcgp47dCy5C2bLPshxyMCZlwiQux2336qHHQyXv08rlF6duiUr26zJC92/Izvaj2YNmWYAnUA8bC/3N9Dk5+/tKbDwVwYSH+s4hAN1V+B2fH7k9/hFYv38Iih38fMqbQG4XZpYsNrJLthds/ox3DdJNLh4mjrDKLYHkWlGfg8qUxDqgVnFGozTuSrAMIqTvpxLFnM87GO9mILyP+ccFo53ikGLqQ0fniZSl9s+xF1b3jaqQZSL5gYf77Yt0uKFBurmBaw6Vpe56q2WDeFJJBYUd0PqyOK41RX6NnoPJF8KbmDC7qJYxgZMP2ghWh3xP+zpBozuoS1qMu470InaZNIBetnhxtFWF42tKv9UbZ2H6GQbnMWBaPeVra3foRqUn9oCvAWMThPSicaNJMLK0pGfjoAR9lurFa9aAMGqcWVJPuEbKJ5LfC6oHWTqMe2NnCaDg7RG787ntF/KK1VUnWVPQKn9sff/vQPi0pftq7bVQaMELMy0vclFOtxvVfsuKDyvEFUzJKuegPjiTZ3uISW5s6m/68bgTchSPjXKY40oFKnAu/l18DGX/LX7QkTfBEo7wlUrYhF3gwjWJoNk0KCydNodRyglPkyrbvc44fCCofmA1x/YRj0RerxhL+tUzp+pMNO+lsKTvocuewMNfWuDUsUZCxYJAPh3FtC2dYqjFECsdzpBurAeLLopEgK5XyKSyjhW60rDp5SEhd46Pcui5Pf4xgf0YfaZcHYUu72yikIf26EMZjIDjRGOZB25l/TAtcQNAlwYdZu51AOS7DEjfw8RhZNhQSEn6L+ieRew+17i
username: AgCxwdyCROIRBHmewuxmWlcPe3Ngj1EvXRi7xyZMw6iHO7YQGcX5IQbXSsWvy/hcPcRj3rGpj0O9qn602QEcgeSeNlTye4NmTU8ExWEC6ObvMRP2j+rPdWdGUp2eIGA846rE9/OUiCb3GkoRwKWbYI9QISBAc4IzoaBSvi/pscCeKWuWqx/EJQqasUcaTeA+HcvKUB3eo7gMMBYDC+cds50iiDD4UmG8ZM9m6t9yfYFKdjgoiU47REUancrJHDs1umR3zuYFAKVVr84xGSplAIHk0Cc1iuxmzXMR/o4dBqZJzJUseBHCS2KLptNqIM02yIKQtMT0QgQzXUY3Ox+8fhDLWABxDmDKw6a6dUVuBACG4FkLFx5gksmXXsmsc0882L6q3k1AcZPakemD3j2ESPxVkcxbRNxjLf2bt8V1pUbOh5TgCwhM4YOu0MiXRWr5VhVJZ0hKTiW6JUEuW8zjEzHQp48PM6THNiWyxK89pMdeqPo4vaQfeJxeFs6y/xWyDnNNTJ/95fYCMG69I5cP5pA8XcUwu5p+mUuspmpfx/O5jFz2ksRxzUWP0vBdJXE4bg0lmqhL/8/OMGMX/MGFFY9wRD8hnEJeDQ5R27mEmqUKB0IlbMvhIrWS3Ro3KEetdndOFzN2ALOEUQIhgUEM7uH1vrDivcMX/W89oDlz0fFeqBRK8q69dygY+PXKS8qyhoaO2ER++Xw55tU=
# yamllint enable rule:line-length
template:
metadata:
annotations:
sealedsecrets.bitnami.com/namespace-wide: "true"
name: groombook-postgres-credentials-uat
namespace: groombook-uat
type: kubernetes.io/basic-auth