fix: add s3 creds

kubernetes/apps/databases/crunchy-postgres-operator/database/externalsecret.yaml

@@ -0,0 +1,40 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ClusterSecretStore
+metadata:
+  name: &name crunchy-postgres
+spec:
+  provider:
+    doppler:
+      project: *name
+      config: prd
+      auth:
+        secretRef:
+          dopplerToken:
+            name: doppler-token-auth-api
+            key: dopplerToken
+            namespace: flux-system
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: &name crunchy-postgres
+  namespace: services
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: *name
+  target:
+    name: pgo-s3-creds
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      data:
+        s3.conf: |
+          [global]
+          repo1-s3-key={{ .S3_KEY }}
+          repo1-s3-key-secret={{ .S3_KEY_SECRET }}
+  dataFrom:
+    - find:
+        name:
+          regexp: .*

kubernetes/apps/databases/crunchy-postgres-operator/database/kustomization.yaml

@@ -4,3 +4,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ./postgrescluster.yaml
+  - ./externalsecret.yaml

kubernetes/apps/databases/crunchy-postgres-operator/database/postgrescluster.yaml

@@ -11,7 +11,7 @@ spec:
   #     stanza: db
   #     configuration:
   #       - secret:
-  #           name: crunchy-postgres-s3-creds
+  #           name: crunchy-postgres
   #     global:
   #       repo1-path: "/crunchy-postgres/repo1"
   #       repo1-s3-uri-style: path
@@ -60,7 +60,7 @@ spec:
     pgbackrest:
       configuration:
         - secret:
-            name: crunchy-postgres-s3-creds
+            name: crunchy-postgres
       global:
         archive-push-queue-max: 4GiB
         repo1-retention-full: "14"