0eda43e930
UAT is down (503) because sealed secrets were encrypted with the wrong
key. This commit:
- Adds groombook/overlays/uat/ with fresh postgres and auth sealed
secrets sealed with the correct UAT cluster certificate
- Adds kustomization.yaml that:
- Uses correct image tags (2026.04.03-90be1be)
- Injects all auth env vars from groombook-auth-uat
- Points to groombook-postgres-credentials-uat
- Uses UAT hostname (groombook.uat.farh.net)
- Deletes the base component's postgres-credentials SealedSecret
(namespace-scoped, not namespace-wide, causes noise in UAT)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
34 lines
3.5 KiB
YAML
34 lines
3.5 KiB
YAML
# =============================================================================
|
|
# GroomBook Postgres Credentials — SealedSecret (groombook-uat namespace)
|
|
# =============================================================================
|
|
# Fresh credentials generated 2026-04-04. Encrypted with UAT cluster sealing
|
|
# certificate via kubeseal --scope namespace-wide.
|
|
# CloudNativePG reads this secret at bootstrap time (postgres-cluster.yaml
|
|
# bootstrap.initdb.secret).
|
|
# =============================================================================
|
|
|
|
apiVersion: bitnami.com/v1alpha1
|
|
kind: SealedSecret
|
|
metadata:
|
|
annotations:
|
|
sealedsecrets.bitnami.com/namespace-wide: "true"
|
|
name: groombook-postgres-credentials-uat
|
|
namespace: groombook-uat
|
|
labels:
|
|
app.kubernetes.io/name: postgres
|
|
app.kubernetes.io/part-of: groombook
|
|
spec:
|
|
encryptedData:
|
|
# yamllint disable rule:line-length
|
|
password: AgB6lhWPCCCKvlxbQyupxhidg2rgPv1McRm3c2VPVhpyw9S0vdGL2VJhlhyr01ya2tOFJZOqhgYPi2Q0kTmd8bfMy83ygCBcvk0D1XfMXazVq1VOJmu7zBMWyRLjjDHQfV0ASKqk07wRP6TiY37BQwKtdHj+e0oHoh9D08oo3SuZXs+DkjuoP8tgU2MAMLj3PxXp5nDrOY/BYh9MEsUVC37PduGZXsTKCD/7uOHZRMj3NrheSc9ZyVSGLGsfW6dHeULFblW93NSQM03G9I/G8NhoGrZy3SaLfajZrm1TB7X+4qI4yCYTk0QqBxIBpEfR29TdSaYX1NNbgKgI1ebRVTQBQ9Kq1fYXL9saFVwcMmHT8zKjPSFYXDAJvRMqSOPCgntp/w8nnhVoFNaQLkwRI/unSFLgZ3yu+9eV6bixN3gUIrLvzJNjF5uV6mAyFJ8phLEFJJ50la+tdKu8QEMT00//PFqidNNe43inxKTSNtFUcfeC6dKKDzHkj99DMTVHbMSUe0TzwX/aDw8YsxN147Q8vuANm5PuaX8DZFkMcL92tppulZwdclER9+tLfcRWFfd52WX+u5Me0WbF9qAVcS1CJI7CMjKvNS5uYm7ZIKwmHHTHROZAHL4RsFZeUoE4Asuep4b+EjU9V/LDYYJdo9kW+RkKUVdtrurY6SL/NhtqyzHLtbvSWFBRsLT+UADpoFXa3z38tJLQD+kFbA/8ifHRKcEfzF3SflodLiAlNjRTMfLjWCU5a/bipR3U
|
|
uri: AgBM/6mX5eUTTok8dYECF7zR3aKuPHcloWMAfSVESnyNdZnEO1TgPCpcgp47dCy5C2bLPshxyMCZlwiQux2336qHHQyXv08rlF6duiUr26zJC92/Izvaj2YNmWYAnUA8bC/3N9Dk5+/tKbDwVwYSH+s4hAN1V+B2fH7k9/hFYv38Iih38fMqbQG4XZpYsNrJLthds/ox3DdJNLh4mjrDKLYHkWlGfg8qUxDqgVnFGozTuSrAMIqTvpxLFnM87GO9mILyP+ccFo53ikGLqQ0fniZSl9s+xF1b3jaqQZSL5gYf77Yt0uKFBurmBaw6Vpe56q2WDeFJJBYUd0PqyOK41RX6NnoPJF8KbmDC7qJYxgZMP2ghWh3xP+zpBozuoS1qMu470InaZNIBetnhxtFWF42tKv9UbZ2H6GQbnMWBaPeVra3foRqUn9oCvAWMThPSicaNJMLK0pGfjoAR9lurFa9aAMGqcWVJPuEbKJ5LfC6oHWTqMe2NnCaDg7RG787ntF/KK1VUnWVPQKn9sff/vQPi0pftq7bVQaMELMy0vclFOtxvVfsuKDyvEFUzJKuegPjiTZ3uISW5s6m/68bgTchSPjXKY40oFKnAu/l18DGX/LX7QkTfBEo7wlUrYhF3gwjWJoNk0KCydNodRyglPkyrbvc44fCCofmA1x/YRj0RerxhL+tUzp+pMNO+lsKTvocuewMNfWuDUsUZCxYJAPh3FtC2dYqjFECsdzpBurAeLLopEgK5XyKSyjhW60rDp5SEhd46Pcui5Pf4xgf0YfaZcHYUu72yikIf26EMZjIDjRGOZB25l/TAtcQNAlwYdZu51AOS7DEjfw8RhZNhQSEn6L+ieRew+17i
|
|
username: AgCxwdyCROIRBHmewuxmWlcPe3Ngj1EvXRi7xyZMw6iHO7YQGcX5IQbXSsWvy/hcPcRj3rGpj0O9qn602QEcgeSeNlTye4NmTU8ExWEC6ObvMRP2j+rPdWdGUp2eIGA846rE9/OUiCb3GkoRwKWbYI9QISBAc4IzoaBSvi/pscCeKWuWqx/EJQqasUcaTeA+HcvKUB3eo7gMMBYDC+cds50iiDD4UmG8ZM9m6t9yfYFKdjgoiU47REUancrJHDs1umR3zuYFAKVVr84xGSplAIHk0Cc1iuxmzXMR/o4dBqZJzJUseBHCS2KLptNqIM02yIKQtMT0QgQzXUY3Ox+8fhDLWABxDmDKw6a6dUVuBACG4FkLFx5gksmXXsmsc0882L6q3k1AcZPakemD3j2ESPxVkcxbRNxjLf2bt8V1pUbOh5TgCwhM4YOu0MiXRWr5VhVJZ0hKTiW6JUEuW8zjEzHQp48PM6THNiWyxK89pMdeqPo4vaQfeJxeFs6y/xWyDnNNTJ/95fYCMG69I5cP5pA8XcUwu5p+mUuspmpfx/O5jFz2ksRxzUWP0vBdJXE4bg0lmqhL/8/OMGMX/MGFFY9wRD8hnEJeDQ5R27mEmqUKB0IlbMvhIrWS3Ro3KEetdndOFzN2ALOEUQIhgUEM7uH1vrDivcMX/W89oDlz0fFeqBRK8q69dygY+PXKS8qyhoaO2ER++Xw55tU=
|
|
# yamllint enable rule:line-length
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
sealedsecrets.bitnami.com/namespace-wide: "true"
|
|
name: groombook-postgres-credentials-uat
|
|
namespace: groombook-uat
|
|
type: kubernetes.io/basic-auth
|