postgresql: Migrate to Sealed Secrets

postgresql/kustomization.yaml

@@ -5,6 +5,7 @@ namespace: postgresql
 
 resources:
 - namespace.yaml
+- secrets.yaml
 - operatorconfiguration.crd.yaml
 - postgresteam.crd.yaml
 - postgresql-operator-configuration.yaml
@@ -13,18 +14,6 @@ resources:
 - api-service.yaml
 - default-cluster.yaml
 
-secretGenerator:
-- name: ssh-auth
-  files:
-  - ssh-backup.key
-  options:
-    disableNameSuffixHash: true
-- name: pod-secrets
-  envs:
-  - pod.secrets
-  options:
-    disableNameSuffixHash: true
-
 configMapGenerator:
 - name: pod-env
   envs:

postgresql/secrets.yaml

@@ -0,0 +1,45 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: ssh-auth
+  namespace: postgresql
+  labels:
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/component: postgresql
+    app.kubernetes.io/instance: postgresql
+    app.kubernetes.io/part-of: postgresql
+spec:
+  encryptedData:
+    ssh-backup.key: AgCCfWJXzgJOem21xF6/acHZlHrM6oP6f1o48Ub/B0DVn+F8ShDMBBUajivjl3bCE/aFm0Gtnexv3Kgw5QbCRMj8Hidjj1t046qboZ6DOKU6N8Z2QK4LdMWDztGBHqcokjkuU3bvCTRzkLf4+51KJDYfq3zXbJjBdt5j1wgpiQ5gV0EDXukihG2yuJ1xG53joFVve/GrOQ87anMAqJXKLQZ3r2fVM+A0GbJXyXPiUF6+8zgFXskPb2FOceZmNprHSRLPJTuRfO6N90g3ypXC3ewsamNqNfMxRfDM6lH/50KXfBfZsTHL/UHlcWEfAmL/Tw1MxYqZ43hOE7ZPIyKdl1xGHaQNRopGWuDnYaCVcuRN3nFzVicvQXNqSUnG+aRFemuc/N60MZxtG6eTnJ6Cihvcx6OFkJoT41CZWO2y3gFA4oUWWfBQeyLTTYe0Y/2Za8T9gwSUddMG7Ly4e/l78uqD2gY7iBLBCiH5NZ9vy3mm0Wuk28Sk0TGn3IZBJcTOeGoOhUPqHuy67f9uKffYSpoX5CD18olB0vZyCyFPJW11Js5ASmrJwT/tU4g3kgQpICVaJkrLBYnPweI0jmfUqx5GeAEvz2jfFadghGSRip1CNZ7DKTriEpO7sUkWIYl6piVDZUpDbT8y2blIbrMbonvr1IQ2HJrtG8ZSBC+x9gFMbZNjKnWAaYgzUTtVLBNIorcdrA1u7UgQzdgTtMsTqCnx1/AnYwAG6U5P1xDtww9GC+xDGYppHIux6hl5re8aUhDpi1SktryZnST+qzLfll/8867dgK4Pj4JJ/uPGtRbD4vfiMGnsnj56DOh8WJpYAWuaAOYpZvT8o9MpdLzV0KM0E69v8NfSLWYWmrofaQIxEx6ta5YospN8dEaeduWMNAFFbQ+vLx+K4cTL6puopdHp/krVbygzd8Oea1yRRWQ1QbpaQW7Lm2Wad9X0sskg33PRG2PI17ctlf9O/3Vyn+NAZaaRaWJObdtTWWZCy/5+6q6UGmM3hNxXhuHW9Si46oGKtyJtLGlJN8CNyOjjSbUCCUqmk5H90pw+iI5bYiQRnS8mdyul7PACCA+2JJPZ3Bcbz2KHt/GZx9AOgQaffp4zpy86GLWuQ50250asHN1T2+XYa773joi/ShPIGrxREfrrVxi6LGvFJMn32f7/WvVZpeF/AG5rlLHurrWkNty7jfvNb5dW5WxhBFPcfkipyb4lDAGe4MKfoFjQZ7RqjniL4hd96w5cb9Gn4ks=
+  template:
+    metadata:
+      name: ssh-auth
+      namespace: postgresql
+      labels:
+        app.kubernetes.io/name: postgresql
+        app.kubernetes.io/component: postgresql
+        app.kubernetes.io/part-of: postgresql
+
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: pod-secrets
+  namespace: postgresql
+  labels:
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/component: postgresql
+    app.kubernetes.io/instance: postgresql
+    app.kubernetes.io/part-of: postgresql
+spec:
+  encryptedData:
+    pod.secrets: AgBbimCXtzoWjx7OJipclzaHjZ6KS2QUoZMLE/74ktdex6yuzYytKsb03Te3+FzhXxB3YO4vfV+QL/ZaAXPRGwBJm3Zd4Ya7fC5yb70qBZRov2WdteouujTqcDzXGGTN+Vpbq+oY1tk52Kxg9XtLKWj5Q/UZkVZvRgGZDriDHYuthesFON4Fgqv/cszsrRz+cdtpLXwixEsMAOuw6waDA9LiVeOlsQohyakR4YRCbXEUQtt4xvQU/yCbVAatOcjcir7ie17zt+RKUM7EAkP1WJITrRpajNNLhMvhJSCno2Hq8XrecCQ97ekwCYuY+Za1x8MT4H+AkYwrQGahKgTll0u2/G5hyvY0Gr+E0v2uB/tUfLgYWaE3jb9lmCz8XpP3gB26ccugLYHhDEupLnBLo9zQuNeOOZfXg+NLaZ8FyP0McEDQiZTWEXp6tXU4rjV05fmBvUUj66IJFOIeo8K3IWvIZHgrczWm0WauF9101GgJ6KAss1zZ3t9VBsAqJzSqbTbRZ7AJ+eOGHTJeyDddkq7NRL6xnbPvGTIBo5zrVNF2RpD8IPdGyf2Ll9ChMUWVmieic3t+haqAVXPhTD41zHl/BT4JXLjMxDw0EceeeTA09m3jNrDmJ56znrTsknvUIV5/DXAJPzv7vAnLk3p28R0fGGRLk3Gz9yT3uOpUOxRQ0cQLsda1XEW82soGyMl+Ow08v2nJRNWAtzOLHadF38sMlIBHCx3IZtf+PyeoF+2IS6sGX4OE5Y++py/OGpAcngixRsHD0SOeoIH6pRhjvpKarbdDkS/04SEL4/jQl3MPQmAfNzPJ8JqI+Ho=
+  template:
+    metadata:
+      name: pod-secrets
+      namespace: postgresql
+      labels:
+        app.kubernetes.io/name: postgresql
+        app.kubernetes.io/component: postgresql
+        app.kubernetes.io/part-of: postgresql