Configure Postgres for Infisical

kubernetes/apps/security/infisical/app/helmrelease.yaml

@@ -35,6 +35,10 @@ spec:
       name: infisical-secret
       valuesKey: authSecret
       targetPath: backendEnvironmentVariables.JWT_AUTH_SECRET
+    - kind: Secret
+      name: infisical-db-pguser-infisical
+      valuesKey: uri
+      targetPath: backendEnvironmentVariables.DB_CONNECTION_URI
   values:
     fullnameOverride: *name
     backend:
@@ -46,9 +50,17 @@ spec:
       SITE_URL: https://infisical.laurivan.com
     mongodb:
       enabled: true
+      image:
+        registry: docker.io
+        repository: bitnami/mongodb
+        tag: "6.0"
       auth:
         enabled: false
     redis:
       enabled: true
+      image:
+        registry: docker.io
+        repository: bitnami/redis
+        tag: "7.0"
       auth:
         enabled: false

kubernetes/apps/security/infisical/app/kustomization.yaml

@@ -7,3 +7,4 @@ resources:
   - ./helmrepository.yaml
   - ./httproute.yaml
   - ./secret.sops.yaml
+  - ./postgres-cluster.yaml

kubernetes/apps/security/infisical/app/postgres-cluster.yaml

@@ -0,0 +1,32 @@
+apiVersion: postgres-operator.crunchydata.com/v1beta1
+kind: PostgresCluster
+metadata:
+  name: infisical-db
+  namespace: security
+spec:
+  image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:centos8-15.0-0
+  postgresVersion: 15
+  instances:
+    - name: instance1
+      dataVolumeClaimSpec:
+        accessModes:
+          - "ReadWriteOnce"
+        resources:
+          requests:
+            storage: 5Gi
+  backups:
+    pgbackrest:
+      image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:centos8-2.41-0
+      repos:
+        - name: repo1
+          volume:
+            volumeClaimSpec:
+              accessModes:
+                - "ReadWriteOnce"
+              resources:
+                requests:
+                  storage: 5Gi
+  users:
+    - name: infisical
+      databases:
+        - infisical