refactor: ♻️ utilization of Helm Chart for CNPG

Author: Falltrades

gitops/envs/conf-dso/apps/keycloak/Chart.yaml

@@ -1,5 +1,9 @@
 apiVersion: v2
 dependencies:
+- alias: cpn-cnpg
+  name: cpn-cnpg
+  repository: https://cloud-pi-native.github.io/helm-charts
+  version: 2.0.0
 - alias: keycloak
   name: keycloak
   repository: oci://registry-1.docker.io/bitnamicharts

gitops/envs/conf-dso/apps/keycloak/templates/pg-cluster-keycloak-backup.yaml

@@ -1,3 +1,35 @@
+cpn-cnpg:
+  backup:
+    compression: gzip
+    destinationPath: <path:forge-dso/data/env/conf-dso/apps/keycloak/values#externalClusters
+      | jsonPath {.pgClusterKeycloak.barmanObjectStore.destinationPath}>
+    enabled: true
+    endpointURL: <path:forge-dso/data/env/conf-dso/apps/keycloak/values#externalClusters
+      | jsonPath {.pgClusterKeycloak.barmanObjectStore.endpointURL}>
+    retentionPolicy: 14d
+    s3Credentials:
+      accessKeyId:
+        key: accessKeyId
+        value: <path:forge-dso/data/env/conf-dso/apps/keycloak/values#externalClusters
+          | jsonPath {.pgClusterKeycloak.barmanObjectStore.s3Credentials.accessKeyId.value}>
+      create: true
+      secretAccessKey:
+        key: secretAccessKey
+        value: <path:forge-dso/data/env/conf-dso/apps/keycloak/values#externalClusters
+          | jsonPath {.pgClusterKeycloak.barmanObjectStore.s3Credentials.secretAccessKey.value}>
+  dbName: keycloak
+  imageName: <path:forge-dso/data/env/conf-dso/apps/common/values#image | jsonPath
+    {.repository.ghcr}>/cloudnative-pg/postgresql:16.1
+  monitoring:
+    enabled: false
+  nameOverride: pg-cluster-keycloak
+  parameters:
+    max_slot_wal_keep_size: 14GB
+    max_worker_processes: '60'
+  pvcSize:
+    data: 15Gi
+    wal: 15Gi
+  username: keycloak
 keycloak:
   args: []
   auth:

gitops/envs/conf-dso/apps/keycloak/templates/pg-cluster-keycloak-nodeport.yaml

@@ -11,59 +11,6 @@
   retries: 45
   delay: 5
 
-# Setup CNPG s3 secret
-
-- name: CNPG s3 CA (secret)
-  when: >
-    dsc.global.backup.cnpg.enabled and
-    dsc.global.backup.s3.endpointCA.namespace is defined and
-    dsc.global.backup.s3.endpointCA.name is defined and
-    dsc.global.backup.s3.endpointCA.key is defined
-  block:
-    - name: Get secret
-      kubernetes.core.k8s_info:
-        name: "{{ dsc.global.backup.s3.endpointCA.name }}"
-        namespace: "{{ dsc.global.backup.s3.endpointCA.namespace }}"
-        kind: Secret
-      register: cnpg_s3_ca_resource
-
-    - name: Extract key
-      ansible.builtin.set_fact:
-        cnpg_s3_ca_pem: "{{ cnpg_s3_ca_resource.resources[0].data[dsc.global.backup.s3.endpointCA.key] }}"
-
-    - name: Set cnpg bundle-ca secret
-      kubernetes.core.k8s:
-        name: "bundle-cnpg-s3"
-        namespace: "{{ dsc.keycloak.namespace }}"
-        kind: Secret
-        api_version: v1
-        definition:
-          data:
-            ca.pem: "{{ cnpg_s3_ca_pem }}"
-
-# Setup CNPG backup
-
-- name: Set cnpg backup secret
-  when: dsc.global.backup.cnpg.enabled
-  kubernetes.core.k8s:
-    name: "{{ dsc.global.backup.s3.credentials.name }}"
-    namespace: "{{ dsc.keycloak.namespace }}"
-    kind: Secret
-    api_version: v1
-    definition:
-      data:
-        accessKeyId: "{{ dsc.global.backup.s3.credentials.accessKeyId.value | b64encode }}"
-        secretAccessKey: "{{ dsc.global.backup.s3.credentials.secretAccessKey.value | b64encode }}"
-
-- name: Remove cnpg scheduled backup
-  kubernetes.core.k8s:
-    api_version: v1
-    kind: ScheduledBackup
-    namespace: "{{ dsc.keycloak.namespace }}"
-    name: pg-cluster-keycloak
-    state: absent
-  when: not dsc.global.backup.cnpg.enabled
-
 # Set admin facts and check access to Keycloak API
 
 - name: Get Keycloak admin password

gitops/envs/conf-dso/apps/keycloak/templates/pg-cluster-keycloak.yaml

@@ -4,6 +4,10 @@ name: keycloak
 type: application
 version: {{ dsc.keycloak.chartVersion }}
 dependencies:
+- name: cpn-cnpg
+  alias: cpn-cnpg
+  version: {{ dsc.cpnCnpg.chartVersion }}
+  repository: {{ dsc.cpnCnpg.helmRepoUrl }}
 - name: keycloak
   alias: keycloak
   version: {{ dsc.keycloak.chartVersion }}